Koozali.org: home of the SME Server

Spam still getting through

Offline mheymann

  • *
  • 24
  • +0/-0
Spam still getting through
« on: December 20, 2006, 05:31:34 PM »
Hello all

I have an SME 6.1 server which has been running for few years now
I have also installed Swerts-Knudsen's Antivirus and Spamassassin addons
I initially had some problems with identified spam mail not being sorted to the junkmail but using tips from Swerts site I was able to get that fixed.

My problem now is that I am still getting a lot of spam getting through to the users inboxes

These are the RBL lists I have setup
RBL Entry     
abuse.rfc-ignorant.org    Remove
dnsbl.njabl.org    Remove
dnsbl.sorbs.net    Remove
dsn.rfc-ignorant.org    Remove
list.dsbl.org    Remove
postmaster.rfc-ignorant.org    Remove
relays.ordb.org    Remove
sbl-xbl.spamhaus.org    Remove
whois.rfc-ignorant.org    Remove

And this is the Spam report for the most recent 24 hr period
Total spam rejected   :     2162 ( 79.28%)
       RBL rejected   :     1991 ( 73.01%)
     Score above 15   :       66 (  3.05%)
Total ham accepted    :      565 ( 20.72%)
                        -------------------
Total emails processed:     2727 (  114/hr)

Average spam threshold :        1.89
Average spam score     :        1.14
Average ham score      :       -1.93

Since I have my e-mail address setp as the admin address I get a lot
of junk dumped into my inbox and about 100 of the 565 ham accepted
messages will be in my inbox and all are spam.
I am lokking for a way for the system to get better at blocking this spam
I have read about Bayesian Filters and other options but most of
this is fairly new to me and I could really use some help

Offline mike_mattos

  • *
  • 313
  • +0/-0
Spam still getting through
« Reply #1 on: December 20, 2006, 07:54:04 PM »
Just a thought, are you rejecting mail for unknown users or sending it to admin?  I used to redirect mail for my accounts but it is out of control now!
...

Offline mheymann

  • *
  • 24
  • +0/-0
Spam still getting through
« Reply #2 on: December 20, 2006, 08:20:47 PM »
I am redirecting the mail to unknown users to my account and I do realize that this will and is causing a overly large volume of mail dumped into my account.  However some of the users are complaining about the amount of spam they are still getting in their accounts.
If I am correct in my understanding of SA with Razor there is a way for the program to learn what is spam via Bayesian (Learning) and there are a few messages that I would like to make sure that the system starts to block that it does not currently if I can

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Spam still getting through
« Reply #3 on: December 21, 2006, 09:43:27 AM »
mheymann

> I have an SME 6.1 server
> My problem now is that I am still getting a lot of spam getting through to the users inboxes
> I am lokking for a way for the system to get better at blocking this spam
> I have read about Bayesian Filters

If you are serious about dealing with spam, then your first step is to upgrade to sme7.0.
It has better mail handling than sme6 and will reject spam more effectively.
There is also a nice contrib to utilise Bayesian filtering and allow users to move undetected spam to a folder for "learning", which will in time reduce the incidence of undetected spam, search on LearnAsSpam.
I would also enable various settings relating to RBL's etc & enable & set custom settings for spamassassin in server manager.
...

Offline Knuddi

  • *
  • 540
  • +0/-0
    • http://www.scanmailx.com
Spam still getting through
« Reply #4 on: December 23, 2006, 09:15:46 PM »
My recent learnings are that all the image spam is what comes through the filters - I have for my home server added/created a method to extract the text from the images and then send these through SA - that takes many of these away. Also simply detecting that the email contains a GIF image does the job. Secondly I have created a script that can learn based on false positives (spam that gets through the filter) if you run IMAP. The latter also requires that all users have a shell on the mail server (they would be able to login via SSH). These two thing together bring my spam down to a bareable amount.