How to Protect my ISPConfig Server from the SPAM Attack

Discussion in 'Installation/Configuration' started by vaio1, Oct 21, 2008.

  1. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Hi guys,

    How can I configure the ISPConfig + Spamassasin to avoid this kind of spam?

    Code:
    From - Tue Oct 21 12:01:02 2008
    X-Account-Key: account8
    X-UIDL: 0000208746d7d9c4
    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 10000000
    X-Mozilla-Keys:                                                                                 
    Return-Path: <>
    X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
    	server1.myserver.com
    X-Spam-Level: *
    X-Spam-Status: No, score=1.4 required=9.0 tests=BAYES_00,FH_FROMEML_NOTLD,
    	INVALID_DATE,RDNS_NONE autolearn=no version=3.2.5
    X-Original-To: [email protected]
    Delivered-To: [email protected]
    Received: from shleedsserver (unknown [61.152.154.158])
    	by server1.mydomain.com (Postfix) with SMTP id 225ED143003E
    	for <[email protected]>; Tue, 21 Oct 2008 11:49:18 +0200 (CEST)
    Date: 2008??10??20?? 23:53:17
    From: [email protected]
    To:  [email protected] 
    MIME-Version: 1.0
    X-Security: MIME headers sanitized on server1.myserver.com
    	See http://www.impsec.org/email-tools/sanitizer-intro.html
    	for details. $Revision: 1.138 $Date: 2003-01-26 11:25:54-08 
    X-Security: The postmaster has not enabled quarantine of poisoned messages.
    Content-Type: multipart/mixed;
     boundary="----=_NextPartTM-000-49e4257d-9999-48ae-ab72-97246cb45a2e"
    Subject: Mail delivery failure
    Message-Id: <[email protected]>
    X-Virus-Status: No
    X-Virus-Checker-Version: clamassassin 1.2.4 with clamscan / ClamAV 0.94/8458/Tue Oct 21 10:39:47 2008
    
    
    ------=_NextPartTM-000-49e4257d-9999-48ae-ab72-97246cb45a2e
    Content-type: text/plain; charset=us-ascii
    
    ****** Message from InterScan VirusWall 6 ******
    
    Sent >>> RCPT TO: <[email protected]>
    Received <<< 550 5.1.1 User unknown
    
    Could not deliver mail to this user.
    [email protected]
    *****************     End of message     ***************
    
    ------=_NextPartTM-000-49e4257d-9999-48ae-ab72-97246cb45a2e
    Content-type: message/rfc822
    
    Received: from 80.72.85.98 by shleedsserver (InterScan VirusWall 6); 2008??10??20?? 23:53:06
    Date: 20 Oct 2008 17:53:04 +0200
    From: "gabbie ryohei" <[email protected]>
    X-Mailer: The Bat! (v3.99.27) UNREG
    X-Priority: 3 (Normal)
    Message-ID: <[email protected]>
    To: <[email protected]>
    Subject: =?koi8-r?B?69XQzMAg2sXNxczYztnKINXewdPUz8s6IDggKDkxNikgNDE1LTA4LQ==?=
    	=?koi8-r?B?NzQ=?=
    MIME-Version: 1.0
    Content-Type: text/plain;
     charset=koi8-r
    Content-Transfer-Encoding: 8bit
    
    ????? ????????? ??????? (200-500 ???. ??????) ?? ???????????. 
    ??????????? ?? ??????: 50-60 ??. 
    ?????????? ??????? ?? ??????????
    
    ------=_NextPartTM-000-49e4257d-9999-48ae-ab72-97246cb45a2e--
    
    The email return this header:

    Code:
    X-Spam-Checker-Version: 
    SpamAssassin 3.2.5 (2008-06-10) on server1.myserver.com
    X-Spam-Level: *
    X-Spam-Status: No, 
    score=1.4 required=9.0 tests=BAYES_00,
    FH_FROMEML_NOTLD,	
    INVALID_DATE,
    RDNS_NONE autolearn=no version=3.2.5
    
    Thanks
     
  2. falko

    falko Super Moderator ISPConfig Developer

    You can configure SpamAssassin to assign higher scores for the tests FH_FROMEML_NOTLD,
    INVALID_DATE,
    RDNS_NONE
    and then I'd lower the score from which emails are considered spam. You're using 9.0 points which is really high. I'd use 5.0 or 4.0 points instead.
     
  3. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

  4. falko

    falko Super Moderator ISPConfig Developer

    You can add something like this to /home/admispconfig/ispconfig/tools/spamassassin/etc/mail/local.cf:

    Code:
    score   FH_FROMEML_NOTLD    2.0
    score   INVALID_DATE               2.0
    score   RDNS_NONEB           2.0
    You can adjust the scores to whatever you like.
     
  5. vaio1

    vaio1 ISPConfig Developer ISPConfig Developer

    Have I restart the ISPConfig?
     
  6. falko

    falko Super Moderator ISPConfig Developer

    No, that's not necessary.
     

Share This Page