Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 8th November 2010, 09:12
itsnedkeren itsnedkeren is offline
Senior Member
 
Join Date: May 2009
Location: Denmark
Posts: 128
Thanks: 32
Thanked 10 Times in 10 Posts
Angry Spam filter behaving strange :(

Hi all,

I just moved my ISPConfig installation from Ubuntu to Debian, as per this thread: http://www.howtoforge.com/forums/showthread.php?t=42579

But for some odd reason, after the move I'm getting loads of spam mails!!

With the old installation I never ever had a single one

System is running with the same spam scores as the old server(see picture). And I have not added any other domains to the server, so basically it a complete replica of my Ubuntu server, just now running Debian.

What can I do about this? The obvious would be to tighten the scores even more, but I just don't want to do that, when the old server ran perfect with these numbers.

I have also followed the guide on Spam Learning (sa_learn) here on Howtoforge.

Thanks for any assistance.
/Jim
Attached Images
 

Last edited by itsnedkeren; 8th November 2010 at 09:14.
Reply With Quote
Sponsored Links
  #2  
Old 9th November 2010, 15:52
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Please update your SpamAssassin rules:
Code:
sa-update --no-gpg
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
itsnedkeren (9th November 2010)
  #3  
Old 9th November 2010, 17:24
itsnedkeren itsnedkeren is offline
Senior Member
 
Join Date: May 2009
Location: Denmark
Posts: 128
Thanks: 32
Thanked 10 Times in 10 Posts
Default

Quote:
Originally Posted by falko View Post
Please update your SpamAssassin rules:
Code:
sa-update --no-gpg
Thanks Falko, now should I just wait a couple days to see if things are better or is there any way to check if this helped?
Reply With Quote
  #4  
Old 10th November 2010, 08:48
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Wait a few days.

You can run
Code:
spamassassin --lint
to find out if there are any problems with your SpamAssassin configuration. If it just returns to the command prompt, everything's fine.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
itsnedkeren (11th November 2010)
  #5  
Old 11th November 2010, 19:45
itsnedkeren itsnedkeren is offline
Senior Member
 
Join Date: May 2009
Location: Denmark
Posts: 128
Thanks: 32
Thanked 10 Times in 10 Posts
Default

Quote:
Originally Posted by falko View Post
Wait a few days.

You can run
Code:
spamassassin --lint
to find out if there are any problems with your SpamAssassin configuration. If it just returns to the command prompt, everything's fine.
It all seems to be good, at least on the command prompt. I am still getting more spam than usual. I also have more mails caught in the spamfilter, which is not spam

Is this just a matter of time or is there something I can do about it?

Thanks for your help!
Reply With Quote
  #6  
Old 12th November 2010, 15:17
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Can you restart amavisd and at the same time take a look at the mail log? Does amavisd report any errors there?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 12th November 2010, 20:50
itsnedkeren itsnedkeren is offline
Senior Member
 
Join Date: May 2009
Location: Denmark
Posts: 128
Thanks: 32
Thanked 10 Times in 10 Posts
Default

Quote:
Originally Posted by falko View Post
Can you restart amavisd and at the same time take a look at the mail log? Does amavisd report any errors there?
This is the output from "mail.log", when restarting Amavis:

Code:
Nov 12 20:48:06 node01 amavis[20347]: starting.  /usr/sbin/amavisd-new at node01.domain.com amavisd-new-2.6.1 (20080629), Unicode aware, LANG="en_DK.UTF-8"
Nov 12 20:48:06 node01 amavis[20347]: Perl version               5.010000
Nov 12 20:48:06 node01 amavis[20352]: Net::Server: Group Not Defined.  Defaulting to EGID '113 113'
Nov 12 20:48:06 node01 amavis[20352]: Net::Server: User Not Defined.  Defaulting to EUID '109'
Nov 12 20:48:06 node01 amavis[20352]: Module Amavis::Conf        2.103
Nov 12 20:48:06 node01 amavis[20352]: Module Archive::Zip        1.18
Nov 12 20:48:06 node01 amavis[20352]: Module BerkeleyDB          0.34
Nov 12 20:48:06 node01 amavis[20352]: Module Compress::Zlib      2.012
Nov 12 20:48:06 node01 amavis[20352]: Module Convert::TNEF       0.17
Nov 12 20:48:06 node01 amavis[20352]: Module Convert::UUlib      1.11
Nov 12 20:48:06 node01 amavis[20352]: Module DBD::mysql          4.007
Nov 12 20:48:06 node01 amavis[20352]: Module DBI                 1.605
Nov 12 20:48:06 node01 amavis[20352]: Module DB_File             1.816_1
Nov 12 20:48:06 node01 amavis[20352]: Module Digest::MD5         2.36_01
Nov 12 20:48:06 node01 amavis[20352]: Module Digest::SHA         5.45
Nov 12 20:48:06 node01 amavis[20352]: Module Digest::SHA1        2.11
Nov 12 20:48:06 node01 amavis[20352]: Module IO::Socket::INET6   2.54
Nov 12 20:48:06 node01 amavis[20352]: Module MIME::Entity        5.427
Nov 12 20:48:06 node01 amavis[20352]: Module MIME::Parser        5.427
Nov 12 20:48:06 node01 amavis[20352]: Module MIME::Tools         5.427
Nov 12 20:48:06 node01 amavis[20352]: Module Mail::Header        2.03
Nov 12 20:48:06 node01 amavis[20352]: Module Mail::Internet      2.03
Nov 12 20:48:06 node01 amavis[20352]: Module Mail::SPF           v2.005
Nov 12 20:48:06 node01 amavis[20352]: Module Mail::SpamAssassin  3.002005
Nov 12 20:48:06 node01 amavis[20352]: Module Net::DNS            0.63
Nov 12 20:48:06 node01 amavis[20352]: Module Net::Server         0.97
Nov 12 20:48:06 node01 amavis[20352]: Module NetAddr::IP         4.007
Nov 12 20:48:06 node01 amavis[20352]: Module Socket6             0.20
Nov 12 20:48:06 node01 amavis[20352]: Module Time::HiRes         1.9711
Nov 12 20:48:06 node01 amavis[20352]: Module URI                 1.35
Nov 12 20:48:06 node01 amavis[20352]: Module Unix::Syslog        1.1
Nov 12 20:48:06 node01 amavis[20352]: Amavis::DB code      loaded
Nov 12 20:48:06 node01 amavis[20352]: Amavis::Cache code   loaded
Nov 12 20:48:06 node01 amavis[20352]: SQL base code        loaded
Nov 12 20:48:06 node01 amavis[20352]: SQL::Log code        NOT loaded
Nov 12 20:48:06 node01 amavis[20352]: SQL::Quarantine      NOT loaded
Nov 12 20:48:06 node01 amavis[20352]: Lookup::SQL code     loaded
Nov 12 20:48:06 node01 amavis[20352]: Lookup::LDAP code    NOT loaded
Nov 12 20:48:06 node01 amavis[20352]: AM.PDP-in proto code loaded
Nov 12 20:48:06 node01 amavis[20352]: SMTP-in proto code   loaded
Nov 12 20:48:06 node01 amavis[20352]: Courier proto code   NOT loaded
Nov 12 20:48:06 node01 amavis[20352]: SMTP-out proto code  loaded
Nov 12 20:48:06 node01 amavis[20352]: Pipe-out proto code  NOT loaded
Nov 12 20:48:06 node01 amavis[20352]: BSMTP-out proto code NOT loaded
Nov 12 20:48:06 node01 amavis[20352]: Local-out proto code loaded
Nov 12 20:48:06 node01 amavis[20352]: OS_Fingerprint code  NOT loaded
Nov 12 20:48:06 node01 amavis[20352]: ANTI-VIRUS code      loaded
Nov 12 20:48:06 node01 amavis[20352]: ANTI-SPAM code       loaded
Nov 12 20:48:06 node01 amavis[20352]: ANTI-SPAM-SA code    loaded
Nov 12 20:48:06 node01 amavis[20352]: Unpackers code       loaded
Nov 12 20:48:06 node01 amavis[20352]: DKIM code            NOT loaded
Nov 12 20:48:06 node01 amavis[20352]: Tools code           NOT loaded
Nov 12 20:48:06 node01 amavis[20352]: Found $file            at /usr/bin/file
Nov 12 20:48:06 node01 amavis[20352]: No $dspam,             not using it
Nov 12 20:48:06 node01 amavis[20352]: No $altermime,         not using it
Nov 12 20:48:06 node01 amavis[20352]: Internal decoder for .mail
Nov 12 20:48:06 node01 amavis[20352]: No decoder for       .F   
Nov 12 20:48:06 node01 amavis[20352]: Found decoder for    .Z    at /bin/uncompress
Nov 12 20:48:06 node01 amavis[20352]: Internal decoder for .gz  
Nov 12 20:48:06 node01 amavis[20352]: Found decoder for    .bz2  at /bin/bzip2 -d
Nov 12 20:48:06 node01 amavis[20352]: Found decoder for    .lzo  at /usr/bin/lzop -d
Nov 12 20:48:06 node01 amavis[20352]: No decoder for       .rpm  tried: rpm2cpio.pl, rpm2cpio
Nov 12 20:48:06 node01 amavis[20352]: No decoder for       .cpio tried: pax
Nov 12 20:48:06 node01 amavis[20352]: Found decoder for    .cpio at /bin/cpio
Nov 12 20:48:06 node01 amavis[20352]: No decoder for       .tar  tried: pax
Nov 12 20:48:06 node01 amavis[20352]: Found decoder for    .tar  at /bin/cpio
Nov 12 20:48:06 node01 amavis[20352]: Found decoder for    .deb  at /usr/bin/ar
Nov 12 20:48:06 node01 amavis[20352]: Internal decoder for .zip 
Nov 12 20:48:06 node01 amavis[20352]: No decoder for       .7z   tried: 7zr, 7za, 7z
Nov 12 20:48:06 node01 amavis[20352]: No decoder for       .rar 
Nov 12 20:48:06 node01 amavis[20352]: Found decoder for    .arj  at /usr/bin/arj
Nov 12 20:48:06 node01 amavis[20352]: Found decoder for    .arc  at /usr/bin/nomarch
Nov 12 20:48:06 node01 amavis[20352]: Found decoder for    .zoo  at /usr/bin/zoo
Nov 12 20:48:06 node01 amavis[20352]: No decoder for       .lha 
Nov 12 20:48:06 node01 amavis[20352]: No decoder for       .doc  tried: ripole
Nov 12 20:48:06 node01 amavis[20352]: Found decoder for    .cab  at /usr/bin/cabextract
Nov 12 20:48:06 node01 amavis[20352]: No decoder for       .tnef
Nov 12 20:48:06 node01 amavis[20352]: Internal decoder for .tnef
Nov 12 20:48:06 node01 amavis[20352]: Found decoder for    .exe  at /usr/bin/arj
Nov 12 20:48:06 node01 amavis[20352]: Using primary internal av scanner code for ClamAV-clamd
Nov 12 20:48:06 node01 amavis[20352]: Using primary internal av scanner code for check-jpeg
Nov 12 20:48:06 node01 amavis[20352]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Nov 12 20:48:06 node01 amavis[20352]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.34, libdb 4.6
Thanks for your help!!
Reply With Quote
  #8  
Old 13th November 2010, 13:13
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Hm, amavisd looks good.

Can you post an excerpt of your mail log when a spam mail arrives and is not categorized as spam?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
itsnedkeren (13th November 2010)
  #9  
Old 13th November 2010, 15:40
itsnedkeren itsnedkeren is offline
Senior Member
 
Join Date: May 2009
Location: Denmark
Posts: 128
Thanks: 32
Thanked 10 Times in 10 Posts
Default

Quote:
Originally Posted by falko View Post
Hm, amavisd looks good.

Can you post an excerpt of your mail log when a spam mail arrives and is not categorized as spam?
Yes here is the output from "mail.log" this morning 9.20.

Code:
Nov 13 09:20:22 node01 postfix/smtpd[27533]: connect from bay0-omc1-s27.bay0.hotmail.com[65.54.190.38]
Nov 13 09:20:23 node01 postfix/smtpd[27533]: 5C0A4202C8: client=bay0-omc1-s27.bay0.hotmail.com[65.54.190.38]
Nov 13 09:20:23 node01 postfix/cleanup[30871]: 5C0A4202C8: message-id=<BAY149-w5633F922D7C49B16E2E0CDDA340@phx.gbl>
Nov 13 09:20:23 node01 postfix/qmgr[3556]: 5C0A4202C8: from=<bama.boi_dk@hotmail.com>, size=3060, nrcpt=1 (queue active)
Nov 13 09:20:23 node01 postfix/smtpd[27533]: disconnect from bay0-omc1-s27.bay0.hotmail.com[65.54.190.38]
Nov 13 09:20:24 node01 postfix/smtpd[30875]: connect from localhost.localdomain[127.0.0.1]
Nov 13 09:20:24 node01 postfix/smtpd[30875]: 2B1C3202C9: client=localhost.localdomain[127.0.0.1]
Nov 13 09:20:24 node01 postfix/cleanup[30871]: 2B1C3202C9: message-id=<BAY149-w5633F922D7C49B16E2E0CDDA340@phx.gbl>
Nov 13 09:20:24 node01 postfix/smtpd[30875]: disconnect from localhost.localdomain[127.0.0.1]
Nov 13 09:20:24 node01 postfix/qmgr[3556]: 2B1C3202C9: from=<bama.boi_dk@hotmail.com>, size=3548, nrcpt=1 (queue active)
Nov 13 09:20:24 node01 amavis[27413]: (27413-20) Passed CLEAN, [65.54.190.38] [65.54.190.61] <bama.boi_dk@hotmail.com> -> <webmaster@domain.dk>, Message-ID: <BAY149-w5633F922D7C49B16E2E0CDDA340@phx.gbl>, mail_id: mP2yYDn345tO, Hits: -2.599, size: 3060, queued_as: 2B1C3202C9, 472 ms
Nov 13 09:20:24 node01 postfix/smtp[30872]: 5C0A4202C8: to=<webmaster@domain.dk>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.99, delays=0.52/0/0/0.47, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=27413-20, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 2B1C3202C9)
Nov 13 09:20:24 node01 postfix/qmgr[3556]: 5C0A4202C8: removed
Nov 13 09:20:24 node01 postfix/pipe[30877]: 2B1C3202C9: to=<webmaster@domain.dk>, relay=maildrop, delay=0.06, delays=0.01/0/0/0.04, dsn=2.0.0, status=sent (delivered via maildrop service)
Nov 13 09:20:24 node01 postfix/qmgr[3556]: 2B1C3202C9: removed
This is the mail that landed in my inbox. Subject was NOT modifed with "SPAM".

SUBJECT OF MAIL = RE:Friend: g y i 3
Code:
en god nyhed til dig: b g Z Q

Jeg finder en hjemmeside, s? fantastisk! alle navn m?rke,  5 P 5 5  som telefoner mv
s? l?nge der er registreret, Win $ 10 kupon let. glade for at anbefale jer, H n Y n  
Jeg tror, du kan lide det. Kig-www.happyshopping68.com-, overraskende gave venter p? dig!
det accepterer paypal betaling, er det meget sikkert.

 b 1 o u
 D g H Q

a good news for you: 5 f P 3

I find a website, so amazing! all name brand, as phones etc. g o w T  
as long as registered, Win $10 coupon easy. happy to recommend to you, 
I believe you like it . T K 7 H  please look -www.happyshopping68.com- , surprising gift waiting for you! 
it accept the paypal payment, it's very safe.

 i A 7 j
 o M u S
Also, here are the headers from Outlook:
Code:
Return-Path: <bama.boi_dk@hotmail.com>
Delivered-To: webmaster@domain.dk
Received: from localhost (localhost.localdomain [127.0.0.1])
	by node01.domain.dk (Postfix) with ESMTP id 2B1C3202C9
	for <webmaster@domain.dk>; Sat, 13 Nov 2010 09:20:24 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at node01.domain.dk
Received: from node01.domain.dk ([127.0.0.1])
	by localhost (node01.domain.dk [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id mP2yYDn345tO for <webmaster@domain.dk>;
	Sat, 13 Nov 2010 09:20:23 +0100 (CET)
Received: from bay0-omc1-s27.bay0.hotmail.com (bay0-omc1-s27.bay0.hotmail.com [65.54.190.38])
	by node01.domain.dk (Postfix) with ESMTP id 5C0A4202C8
	for <webmaster@domain.dk>; Sat, 13 Nov 2010 09:20:23 +0100 (CET)
Received: from BAY149-W56 ([65.54.190.61]) by bay0-omc1-s27.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
	 Sat, 13 Nov 2010 00:20:22 -0800
Message-ID: <BAY149-w5633F922D7C49B16E2E0CDDA340@phx.gbl>
Content-Type: multipart/alternative;
	boundary="_3509b800-4135-48df-9327-af9cc3b7d8cf_"
X-Originating-IP: [115.49.105.37]
From: Hao To <bama.boi_dk@hotmail.com>
To: <webmaster@foreningenfar.dk>
Subject: RE:Friend: g y i 3
Date: Sat, 13 Nov 2010 18:50:22 +1030
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 13 Nov 2010 08:20:22.0084 (UTC) FILETIME=[9D857840:01CB830B]
NB!! The "TO:" address above is NOT my email.

Thanks for your help, it is much appreciated!

Last edited by itsnedkeren; 13th November 2010 at 15:44.
Reply With Quote
  #10  
Old 14th November 2010, 19:47
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
 
Default

Did you whitelist hotmail.com?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISP Config hesitation when opening web pages frankb Installation/Configuration 7 15th December 2008 13:06
Ubuntu 8.04 Spamsnake - all SA scores 0.00 Thomas_Powers HOWTO-Related Questions 23 24th June 2008 17:37
network issues now it says "401 The web site is blocked by administrator" Check General 3 26th February 2008 14:22
Apache2 Freezes celtic Server Operation 31 28th May 2007 17:18
php script injections Grizzly General 21 18th July 2006 08:55


All times are GMT +2. The time now is 03:02.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.