#1  
Old 28th November 2006, 06:05
HackerJL HackerJL is offline
Junior Member
 
Join Date: Mar 2006
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default Spam...but why

Recently I started to get a good number of emails that have troubled me why they get through any of the postfix reject controls.

An example. I get an email from "Mac Johnson" and the subject is "Mac Wrote:"

I get about 15-20 a day....here is a post of the header:

Code:
Received: from so3 (p4241-ipad42hodogaya.kanagawa.ocn.ne.jp [221.189.152.241])
	by MYSERVER (Postfix) with ESMTP id 5C6F7E8057
	for <MY@EMAILADDRE.SS>; Mon, 27 Nov 2006 20:03:51 -0600 (CST)
Received: from 212.145.147.238 (HELO pegasus.hospedando.com)
     by hjl.ca with esmtp (9O205@U: (X4K)
     id 36+YUA-31V@F1-U(
     for MY@EMAILADDRE.SS;
My question may be out of line, but shouldnt the helo verify the IP address and match their server?

This is what SA is doing:
Code:
X-Spam-Status: No, score=1.8 required=5.0 tests=BAYES_40,DATE_IN_FUTURE_03_06 
	autolearn=no version=3.1.5

Last edited by HackerJL; 28th November 2006 at 06:08.
Reply With Quote
Sponsored Links
  #2  
Old 28th November 2006, 10:07
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,034
Thanks: 265
Thanked 152 Times in 132 Posts
Default

I'm having the same problem: http://www.howtoforge.com/forums/showthread.php?t=8551

Let me know when you find a fix :/
Reply With Quote
  #3  
Old 28th November 2006, 11:20
Hans Hans is offline
Moderator
 
Join Date: Dec 2005
Location: Montfoort, The Netherlands
Posts: 2,256
Thanks: 212
Thanked 648 Times in 294 Posts
Default

Edge,

I do not have the spam problems as you descibe but maybe you can find some useful info here, which might help you to configure Postfix and add some extra rules to prevent spam:

http://www.postfix.org/big-picture.html
__________________
Hans

MrHostman | Master in managed hosting

Last edited by Hans; 28th November 2006 at 18:27.
Reply With Quote
  #4  
Old 30th November 2006, 00:59
HackerJL HackerJL is offline
Junior Member
 
Join Date: Mar 2006
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

My questions is...isnt the helo supposed to match the IP address of the server it received it by? It would stop the above email wouldnt it?

Falko?

I was told by a friend to use sa-learn. I dont have a command of sa-learn anywhere in my machine (perfect setup suse 10.0) and in the yast manager, I search for 'sa-learn' and find nothing even in the summaries....is it in a folder somewhere?

10min later....hmm...in the yast manager...spamassasin isnt even selected as being installed...normal? is this why sa-learn isnt anywhere?

Last edited by HackerJL; 30th November 2006 at 01:28.
Reply With Quote
  #5  
Old 1st December 2006, 15:23
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by HackerJL
I was told by a friend to use sa-learn. I dont have a command of sa-learn anywhere in my machine (perfect setup suse 10.0) and in the yast manager, I search for 'sa-learn' and find nothing even in the summaries....is it in a folder somewhere?

10min later....hmm...in the yast manager...spamassasin isnt even selected as being installed...normal? is this why sa-learn isnt anywhere?
Did you install ISPConfig? Because ISPConfig comes with its own SpamAssassin.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #6  
Old 1st December 2006, 16:53
HackerJL HackerJL is offline
Junior Member
 
Join Date: Mar 2006
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Ya I found it....
Reply With Quote
  #7  
Old 5th December 2006, 18:28
HackerJL HackerJL is offline
Junior Member
 
Join Date: Mar 2006
Posts: 28
Thanks: 0
Thanked 0 Times in 0 Posts
Default

sa-learn seems to be working great, but it still isnt catching all the "Mark Wrote" and "Its me Reba" BS email. Googling finds others (a few) having the same problems, but no word of a fix for them or anything.
Reply With Quote
  #8  
Old 6th December 2006, 17:41
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

You must feed at least 200 spam and also 200 ham mails before it starts to work.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 6th December 2006, 19:15
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,034
Thanks: 265
Thanked 152 Times in 132 Posts
 
Default

Quote:
Originally Posted by HackerJL
sa-learn seems to be working great, but it still isnt catching all the "Mark Wrote" and "Its me Reba" BS email. Googling finds others (a few) having the same problems, but no word of a fix for them or anything.
HackerJL,

Could you please explain / show to me how you are using the sa-learn thing?

Last edited by edge; 6th December 2006 at 19:18.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Slicker spam handling with Maildirs IntnsRed Feature Requests 9 30th March 2008 06:02
How to kill spam when spamassassin marks it spam kpimichael Suggest HOWTO 15 6th August 2007 16:44
Filtering SPAM MvincM Installation/Configuration 28 3rd October 2006 17:33
complete spam protection with postfix - howto alexnz Server Operation 1 22nd June 2006 14:06
Spam vpns2000 Installation/Configuration 7 3rd May 2006 18:07


All times are GMT +2. The time now is 20:21.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.