Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 1st September 2010, 03:55
Turbanator Turbanator is offline
Senior Member
 
Join Date: Jun 2008
Posts: 220
Thanks: 23
Thanked 16 Times in 16 Posts
Default

Those are amavisd-new settings I believe.
Spam DSN cutoff level
Amavis feature: spam_dsn_cutoff_level_maps
Spam score at which not to generate delivery status notifications.

Spam Quarantine Cutoff Level
Amavis feature: spam_quarantine_cutoff_level_maps
Score at which not to quarantine

(I know..not much help).

Here is my postfix smtpd setting I referred to with some rbl's added:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf, reject_unauth_destination, reject_rbl_client zen.spamhaus.org,reject_rbl_client dul.dnsbl.sorbs.net,reject_rbl_client bl.spamcop.net,permit

I don't know anything about the uribl, but now I'm interested in it...a thought, maybe change from multi to the black only or blakc and grey to see if it helps. Multi seems like it'll give false positives.
Reply With Quote
Sponsored Links
  #12  
Old 1st September 2010, 04:31
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

Regarding the good emails today all being filtered out... Each score ranged from -3 to 0.5. However, they ended up in Junk. The only change I made to the NORMAL POLICY was tag level = -1000 as suggested.

Code:
X-Virus-Scanned: Debian amavisd-new at my.derekgordon.com
X-Spam-Flag: NO
X-Spam-Score: -2.307
X-Spam-Level: 
X-Spam-Status: No, score=-2.307 tagged_above=-1000 required=4.5
	tests=[AWL=0.291, BAYES_00=-2.599, HTML_MESSAGE=0.001]
When reviewing this, it seems that this should not have been filtered out.

Why did all of those get marked as ***SPAM*** and filtered out?
Reply With Quote
  #13  
Old 1st September 2010, 04:43
Turbanator Turbanator is offline
Senior Member
 
Join Date: Jun 2008
Posts: 220
Thanks: 23
Thanked 16 Times in 16 Posts
Default

can you post a screenshot of each:
- your policy screen levels (especially tag marking for the 1st subject level)
- the user this went to and the different tabs (in case there is a strange custom rule somewhere)

-what if you remove the uribl code and see what happens.
Reply With Quote
  #14  
Old 1st September 2010, 04:49
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

URIBL was disabled.

HOWTOFORGE notice regarding this last post you made went to Junk immediately.

Code:
X-Virus-Scanned: Debian amavisd-new at my.derekgordon.com
X-Spam-Flag: NO
X-Spam-Score: -2.55
X-Spam-Level: 
X-Spam-Status: No, score=-2.55 tagged_above=-50 required=4.95
	tests=[AWL=0.049, BAYES_00=-2.599]
SPAM tag level = -50
SPAM tag2 level = 4.95
SPAM kill level = 5
SPAM dsn cutoff level = 0
SPAM quarantine cutoff level = 0
SPAM modifies subject = yes
SPAM subject tag = ***SPAM***
SPAM subject tag2 = (blank)

All other pages for the PROFILE are the exact same as the Normal filter.
Reply With Quote
  #15  
Old 1st September 2010, 04:53
Turbanator Turbanator is offline
Senior Member
 
Join Date: Jun 2008
Posts: 220
Thanks: 23
Thanked 16 Times in 16 Posts
Default

compare your settings with mine in the pevious post. you shouldn't be tagging level 1, that shoul dbe blank. only tag level 2.

SPAM subject tag
SPAM subject tag2 ***SPAM***
Reply With Quote
  #16  
Old 1st September 2010, 05:01
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

And that resolves the first problem!!!

I wish there was something helpful to explain each value and how they linked together. Searched Google for one, no luck... So of course I screwed the pooch.

Now, I will at least be able to get the header spam report for those damn emails that slip through.

Must wait for more spam. Will report back when more information is available.

Thanks for that.
Reply With Quote
  #17  
Old 1st September 2010, 05:04
Turbanator Turbanator is offline
Senior Member
 
Join Date: Jun 2008
Posts: 220
Thanks: 23
Thanked 16 Times in 16 Posts
Default

Up to you, but you might want to increase your Kill level too.

for research, I believe all those settings are controls for amavisd-new . So going there will give you the answers.
Reply With Quote
  #18  
Old 1st September 2010, 14:10
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

TONS of spam between 1am and 6am this morning. I'm pasting a few of the headers:

Code:
Return-Path: <DebtGoal@lilleurl.me>
Delivered-To: crypted@mypersonaldomain.tld
Received: from localhost (localhost.localdomain [127.0.0.1])
	by my.mypersonaldomain.tld (Postfix) with ESMTP id 567DA5416E
	for <crypted@mypersonaldomain.tld>; Wed,  1 Sep 2010 07:19:32 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at my.mypersonaldomain.tld
X-Spam-Flag: NO
X-Spam-Score: 1.273
X-Spam-Level: *
X-Spam-Status: No, score=1.273 tagged_above=-100 required=5
	tests=[BAYES_40=-0.185, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457]
Received: from my.mypersonaldomain.tld ([127.0.0.1])
	by localhost (my.mypersonaldomain.tld [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id ZL+VA8P6CGRT for <crypted@mypersonaldomain.tld>;
	Wed,  1 Sep 2010 07:19:24 -0400 (EDT)
Received: from secure.voip-telephony-services.info (secure.voip-telephony-services.info [173.244.178.205])
	by my.mypersonaldomain.tld (Postfix) with SMTP id 677525416A
	for <crypted@mypersonaldomain.tld>; Wed,  1 Sep 2010 07:19:24 -0400 (EDT)
DKIM-Signature: v=1;
	a=rsa-sha1; c=relaxed/relaxed; d=lilleurl.me; s=gamma; t=1283339964;
	bh=ybgWChrDqqU9XsbO50Q55t7oRkc=; h=To:From;
	b=kMbOCRP82/YwhMkqpypsxT3MVr4deEXcWIf+JG3n5qcvxi7sATbT978DAhS6VMNVz
	 ahk7FQGfhv2DVQGRNNv1B9jw5HcGXP8/VWqf4bTUFtsz0loYEqmB5ZVQEZ7TC0c
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=gamma; d=lilleurl.me;
	h=To:From;
	b=KzIudBZ6uYWO0s8DSM9P1+bntKemqvGfvaImd+emC6aOTHF3Q65M7b8PfVtL0UbYS
	WuG0yJgu7Z+XmiIRJm5pUnmP43XuCVPgFHP3xWuDHF2+iOh6nGTPjxHMjkIOrdi;
From: "DebtGoal" <DebtGoal@lilleurl.me>
To: crypted@mypersonaldomain.tld
Reply-To: "DebtGoal" <DebtGoal@lilleurl.me>
Subject: Introducing DebtGoal
Date: 01 Sep 2010 07:19:24 -0400
Message-ID: <1283339964.mngjndynwql@lilleurl.me>
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable




Return-Path: <Payday.Loans@makemechangemymind.com>
Delivered-To: crypted@mypersonaldomain.tld
Received: from localhost (localhost.localdomain [127.0.0.1])
	by my.mypersonaldomain.tld (Postfix) with ESMTP id 5E57B5416E
	for <crypted@mypersonaldomain.tld>; Wed,  1 Sep 2010 07:12:04 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at my.mypersonaldomain.tld
X-Spam-Flag: NO
X-Spam-Score: 4.459
X-Spam-Level: ****
X-Spam-Status: No, score=4.459 tagged_above=-100 required=5
	tests=[BAYES_50=0.001, HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001,
	MIME_HTML_ONLY=1.457, SPF_HELO_PASS=-0.001, URIBL_BLACK=3]
Received: from my.mypersonaldomain.tld ([127.0.0.1])
	by localhost (my.mypersonaldomain.tld [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Gtf+pmVEjFXL for <crypted@mypersonaldomain.tld>;
	Wed,  1 Sep 2010 07:12:03 -0400 (EDT)
Received: from benefitpositions.com (benefitpositions.com [184.107.51.201])
	by my.mypersonaldomain.tld (Postfix) with SMTP id 5B4BF5416A
	for <crypted@mypersonaldomain.tld>; Wed,  1 Sep 2010 07:12:03 -0400 (EDT)
DKIM-Signature: v=1;
	a=rsa-sha1; c=relaxed/relaxed; d=makemechangemymind.com; s=gamma;
	t=1283339522; bh=ItolHEoqpJJLeyKV/1zbY2aIeFw=; h=To:From;
	b=aaNdKew6a45dhdD37r0nsnm45g97B5w9cMZ3xQlUZMheOyCkEmC+d7b9YoM7sDeG8
	 kt2d2RO05qxiGwnYKqy7OflPO8iVm49aWy492s0uQZpTAXO0rzvQtrkicLC9By5
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=gamma; d=makemechangemymind.com;
	h=To:From;
	b=qou0eH7VlqAwOkL9gn0rvT5k9yf8Z0DY1THkx3hpn+NoijyXuw0bqyAbxC5OpB/j8
	snHkgItRKveAel7hxp5EsR9ELXFjIldXx7huWwb+HhfHXUHuf+Ctkm9Gm3W3h/a;
From: "Payday Loans" <Payday.Loans@makemechangemymind.com>
To: crypted@mypersonaldomain.tld
Reply-To: "Payday Loans" <Payday.Loans@makemechangemymind.com>
Subject: Tired of missing bill payments?
Date: 01 Sep 2010 07:12:02 -0400
Message-ID: <1283339522.eqqwhylsnfd@makemechangemymind.com>
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline



Return-Path: <MiloStanton@yahoo.ca>
Delivered-To: crypted@mypersonaldomain.tld
Received: from localhost (localhost.localdomain [127.0.0.1])
	by my.mypersonaldomain.tld (Postfix) with ESMTP id 7B9F554186
	for <crypted@mypersonaldomain.tld>; Wed,  1 Sep 2010 06:31:54 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at my.mypersonaldomain.tld
X-Spam-Flag: NO
X-Spam-Score: 4.04
X-Spam-Level: ****
X-Spam-Status: No, score=4.04 tagged_above=-100 required=5
	tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905,
	RCVD_IN_XBL=3.033, RDNS_NONE=0.1]
Received: from my.mypersonaldomain.tld ([127.0.0.1])
	by localhost (my.mypersonaldomain.tld [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id lXpDjgrlMC8P for <crypted@mypersonaldomain.tld>;
	Wed,  1 Sep 2010 06:31:50 -0400 (EDT)
Received: from microsof-b4bfee (unknown [95.78.92.181])
	by my.mypersonaldomain.tld (Postfix) with ESMTP id 43D525416A
	for <crypted@mypersonaldomain.tld>; Wed,  1 Sep 2010 06:31:49 -0400 (EDT)
Received: from smtprly-de01.mx.aol.com (smtprly-de01.mx.aol.com [205.188.170.1]) by cia-mc03.mx.aol.com (v129.4) with ESMTP id MAILCIAMD063-ceb6a970000000; Wed, 1 Sep 2010 13:31:49 +0300
Received: from webmail-m047 (webmail-m047.sim.aol.com [64.12.101.226]) by smtprly-de01.mx.aol.com (v129.4) with ESMTP id MAILSMTPRLYMB010-ceb6a970000000; Wed, 1 Sep 2010 13:31:49 +0300
To: crypted@mypersonaldomain.tld
Subject: Having your thingy flaccid?
Date: Wed, 1 Sep 2010 13:31:49 +0300
X-MB-Message-Source: WebUI
X-AOL-IP: microsof-b4bfee
X-MB-Message-Type: User
MIME-Version: 1.0
From: KARINGONZALES@aol.com
Content-Type: multipart/alternative; 
 boundary="--------MB_8CD13796E55425B6_8B6_FFF8_webmail-d047.sysops.aol.com"
X-Mailer: AOL Webmail 32447-STANDARD
Received: from microsof-b4bfee by webmail-m047.sysops.aol.com (64.12.101.226) with HTTP (WebMailUI); Wed, 1 Sep 2010 13:31:49 +0300
Message-Id: <8CD13796E5C8409-8B6-9D37@webmail-m047.sysops.aol.com>
X-AOL-SENDER: KARINGONZALES@aol.com



Return-Path: <greendotprepaid@motion.buildingonlineincome.com>
Delivered-To: crypted@mypersonaldomain.tld
Received: from localhost (localhost.localdomain [127.0.0.1])
	by my.mypersonaldomain.tld (Postfix) with ESMTP id 20E305416E
	for <crypted@mypersonaldomain.tld>; Wed,  1 Sep 2010 06:14:11 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at my.mypersonaldomain.tld
X-Spam-Flag: NO
X-Spam-Score: 3.889
X-Spam-Level: ***
X-Spam-Status: No, score=3.889 tagged_above=-100 required=5
	tests=[BAYES_00=-2.599, HTML_IMAGE_RATIO_04=0.172, HTML_MESSAGE=0.001,
	HTML_TAG_BALANCE_BODY=1.263, MIME_HTML_ONLY=1.457,
	SPF_HELO_PASS=-0.001, SPF_SOFTFAIL=0.596, URIBL_BLACK=3]
Received: from my.mypersonaldomain.tld ([127.0.0.1])
	by localhost (my.mypersonaldomain.tld [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id BA5vnulXq0hL for <crypted@mypersonaldomain.tld>;
	Wed,  1 Sep 2010 06:14:06 -0400 (EDT)
Received: from clickaffiliateincome.com (clickaffiliateincome.com [66.207.161.156])
	by my.mypersonaldomain.tld (Postfix) with SMTP id 87E295416A
	for <crypted@mypersonaldomain.tld>; Wed,  1 Sep 2010 06:14:06 -0400 (EDT)
DKIM-Signature: v=1;
	a=rsa-sha1; c=relaxed/relaxed; d=motion.buildingonlineincome.com;
	s=gamma; t=1283336045; bh=/C3Vef27Bvl9Ksbw3Z0HeZPsoh0=; h=To:From;
	b=SS8ncmb/GnvQgnQwlrW2FlfWfpGBF1/vHD1PwezbNRgXhCBc/gxW/ecDhi9xz44st
	 9BNs0kolpZfoQpuwAtjtEMjh05Rjcuq5NTj6f7tQSal8eNNjKkOhHLqFOhQ2ohQ
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=gamma; d=motion.buildingonlineincome.com;
	h=To:From;
	b=C6XcNk9BsupuCphRMhmHWKV6QuMNR5LwZLeuG1Ty2JVR/r6jvgwD3Yz31jCqq/8km
	8Fu/AEgi7AVK0CWIbhslge9oqNdvgnLTsT82a3CyiiBtrO+zfR3Hscvh+Ce/w1v;
From: "Green Dot Prepaid" <greendotprepaid@motion.buildingonlineincome.com>
To: crypted@mypersonaldomain.tld
Reply-To: "Green Dot Prepaid" <greendotprepaid@motion.buildingonlineincome.com>
Subject: A prepaid card could be what you need  
Date: 01 Sep 2010 06:14:05 -0400
Message-ID: <1283336045.xshxhfrbtgo@motion.buildingonlineincome.com>
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable




Return-Path: <earnfromhome@affiliate-entrepreneur.com>
Delivered-To: crypted@mypersonaldomain.tld
Received: from localhost (localhost.localdomain [127.0.0.1])
	by my.mypersonaldomain.tld (Postfix) with ESMTP id 35BD05416E
	for <crypted@mypersonaldomain.tld>; Wed,  1 Sep 2010 05:53:40 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at my.mypersonaldomain.tld
X-Spam-Flag: NO
X-Spam-Score: 1.795
X-Spam-Level: *
X-Spam-Status: No, score=1.795 tagged_above=-100 required=5
	tests=[BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, SPF_HELO_PASS=-0.001,
	SPF_PASS=-0.001, URIBL_BLACK=3]
Received: from my.mypersonaldomain.tld ([127.0.0.1])
	by localhost (my.mypersonaldomain.tld [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id gmKM-YJGQOWf for <crypted@mypersonaldomain.tld>;
	Wed,  1 Sep 2010 05:53:37 -0400 (EDT)
Received: from affiliate-entrepreneur.com (affiliate-entrepreneur.com [173.244.178.211])
	by my.mypersonaldomain.tld (Postfix) with SMTP id CDAEE5416A
	for <crypted@mypersonaldomain.tld>; Wed,  1 Sep 2010 05:53:37 -0400 (EDT)
DKIM-Signature: v=1;
	a=rsa-sha1; c=relaxed/relaxed; d=affiliate-entrepreneur.com;
	s=gamma; t=1283334817; bh=/7Btram1KhhpzEfwr2u31zvTtCY=; h=To:From;
	b=MJ8ztxevqCkEYQtX31EFh1AHhSRLvP0BpAzpMlBien3SS9r2sqCI0+X9t6hs+tZC3
	 zmIyVcsglzMwFDkxQ50+s2cO7CG8hj8QO8N0P35Fbb7rC3NzjuwdCOr2iD0q6n+
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=gamma; d=affiliate-entrepreneur.com;
	h=To:From;
	b=Esrr2M21JQOA6+snM4tIrgNUrZYxEpEqB8jGdM3ObAFp2cwvONkJ28chp/DuFjlkF
	swcf+OlU7GrRxypoUUeoKP2kBwEAYn4Xk51i8tBlEcXYLY8zhCcRK3mWn1SvvNm;
From: "EarnFromHome" <earnfromhome@affiliate-entrepreneur.com>
To: crypted@mypersonaldomain.tld
Reply-To: "EarnFromHome" <earnfromhome@affiliate-entrepreneur.com>
Subject: Get an extra income from home part time
Date: 01 Sep 2010 05:53:37 -0400
Message-ID: <1283334817.ioiqtihhnsmyi@affiliate-entrepreneur.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
Several had XSpam scores of 1.7 or less. The average was 3.5.

I don't fully understand XSpam scores so I'm worried about setting it too low and throwing tons of mail to Junk.

Thoughts?
Reply With Quote
  #19  
Old 2nd September 2010, 16:18
crypted crypted is offline
Senior Member
 
Join Date: Dec 2006
Location: Oklahoma, USA
Posts: 429
Thanks: 3
Thanked 14 Times in 6 Posts
Default

Almost all spam received the last five hours had a rating between -2.3 to -0.5.
Reply With Quote
  #20  
Old 2nd September 2010, 16:21
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 36,395
Thanks: 833
Thanked 5,490 Times in 4,322 Posts
 
Default

Do you you run sa-update once a day to update the spamassasin rules?
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Spam Filter Policy don't seem to work bmclean Installation/Configuration 4 15th April 2010 23:54
Spam Filter not functioning (revisited) Cracklefish Installation/Configuration 7 8th March 2010 12:16
Stops all spam regardless of settings? Nicke Installation/Configuration 11 10th February 2010 16:09
Spamfilter policy - question about spam actions prisfeo Installation/Configuration 4 2nd February 2010 16:17
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37


All times are GMT +2. The time now is 22:53.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.