Back to Community Threads
new spam wave.
Problem reported by Eric Bourland - 2/24/2015 at 12:43 PM
Submitted
SmarterMail 13.2

I'm getting demolished by Rachael and Dr. Oz. For example:
 
Return-Path: <charlespage@midstatelumber.jensennutralogics.com>
Received: from midstatelumber.jensennutralogics.com (midstatelumber.jensennutralogics.com [94.73.23.249]) by tarsier.viviotech.net with SMTP;
   Tue, 24 Feb 2015 14:35:15 -0500
To: <eb@hwaet.com>
Date: Tue, 24 Feb 2015 11:35:07 -0800
From: Rachael Lost Without Trying
	<CharlesPagee@jensennutralogics.com>
Reply-to: <PageCharlesg@jensennutralogics.com>
Subject: Oz and Rachael team up, show of the year
Message-ID: <sYBPpETFCsYfYNeSMQXAN.20150224110550708@midstatelumber.jensennutralogics.com>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="windows-1252"
X-SmarterMail-Spam: SPF_Pass, DK_None, DKIM_None
X-SmarterMail-TotalSpamWeight: 0
 
Is anybody else experiencing this? Some of my clients are complaining about this renewed spam incursion. I use Bruce's updated antispam settings as set forth in his Smartermail document.
 
Spam detection and deflection seem to be the hobgoblin that continually, repeatedly affects my SmarterMail server. I and other folks have brought up this topic more than a few times. I'm going to go back and review as many AntiSpam threads as I can find. There have been more than a few.
 
What am I missing? What can I say to clients who indicate that they want to remove their email from my SmarterMail server and go with a corporate solution like Google?
 
Thanks, as always, for advice or ideas.
 
Eric
David Fisher Replied
2/24/2015 at 1:21 PM
Hi Eric, I am having same issue here too, I recently updated my Mail Server w/ Bruce's updated version of Antispam doc, and now seem to be flooded with spam. So it might of been a coincidence, as all I did was add new RBL's. But if we use your header as an example, the ip address 94.73.23.249 is not on many RBL's, as indicated with MXToolbox : http://mxtoolbox.com/SuperTool.aspx?action=blacklist%3a94.73.23.249 But it is listed as Poor here : http://www.senderbase.org/lookup/?search_string=94.73.23.249 But we have to have Cisco antispam gear to use that to block. I think it is just normal mail sites that are getting password hacked, it actually happened to be recently, 5 email accounts got their password used by spammers all within a day or two. I am thinking there are old password lists out there from prior exploits/hacks, and they are just now using them. -dave
David Fisher Replied
2/24/2015 at 1:23 PM
Oh, and all these seem to be listed with ivmSIP24 and/or ivmSIP and I think this is a paid RBL, does anyone else know much about these two?
Eric Bourland Replied
2/25/2015 at 5:49 AM
Dave, thanks for these very helpful notes. That search string you used shows incoming from Bulgaria. Another search string -- pulled at random from the pile of spam -- shows incoming spam from an ISP in LA: http://www.senderbase.org/lookup/?search_string=23.228.103.133 Also with reputation Poor. Is there a way to use the tools in SmarterMail to block mail from these ISPs? I don't want to start playing the game of blocking individual IP addresses, of course. That never works for long. I am in am embarrassing position, again, with some clients who are ready to desert me. Thanks again for your advice. Eric
David Fisher Replied
2/25/2015 at 11:40 AM
Hi Eric,
 
  Yea I don't have any solution yet, I am still diving into this, but so far others haven't been complaining, so I wonder if it is just something we are both doing wrong?
 
Thanks!
-dave
Joe Wolf Replied
2/25/2015 at 9:56 PM
What people are doing wrong is listening to someone that knows nothing about what he's doing. Illogical, and wrong. You could simply use the Wizard and get far superior results. Few really understand spam filtering and it's unfortunate that there's so much bad, inaccurate and flat out wrong information here. It's totally ridiculous.
Thanks, -Joe
Eric Bourland Replied
2/26/2015 at 5:59 AM
David, I don't think it's us. I follow the recommended spam settings: http://portal.smartertools.com/kb/a2734/recommended-spam-settings.aspx And I carefully follow every iteration of Bruce Barnes's document. The spam problem has persistent and pernicious even so. I have c,lients who are fed up. I've been considering other options besides SmarterMail -- after many years of using SmarterMail. Eric
Steve Reid Replied
2/26/2015 at 6:30 AM
I'm not sure exactly what you are ranting about Joe, but the wizard is absolutely terrible and should never be suggested. Also If you know of wrong information and all you do is complain without pointing it out specifically then you are not helping at all.
Steve Reid Replied
2/26/2015 at 6:33 AM
I use SpamAssassin in a box to supplement the antispam built into Smartermail. We have great results and very few spam gets through. As with any email server though, due diligence needs to be spent to fine tune it all.
Eric Bourland Replied
2/26/2015 at 6:35 AM
I have a lot of respect for Bruce Barnes's document. It seems like a lot of thought and research went into that document. It's also pretty clear that spam control continues to be a big problem in SmarterMail -- whether or not folks are currently mentioning it. I think what we really need is a decisive (and convincing) statement from SmarterMail about this situation.
Eric Bourland Replied
2/26/2015 at 7:53 AM
Steve, thanks for that ... and I have been wondering about Spam Assassin. Can you point us to a HOW-TO set configure Spam Assassin for SmarterMail 13.2 on a Windows / IIS server? I really appreciate your input. Eric
Steve Reid Replied
2/26/2015 at 8:01 AM
Since Smartermail has built in support for SpamAssassin it's as easy as adding your installation to the security advanced. Then you enable the actual Spamassassin spam check.
Joe Wolf Replied
2/26/2015 at 9:12 AM
Steve you're correct about the Wizard... I really have no idea what it uses and I've never used it. As far as I know it's completely undocumented so my remarks about using the Wizard were wrong. For the rest of it I have not mentioned any names, but the bottom line is that there is no one spam solution for everybody. Some people here use SM as a 1 or 2 person SMTP server, others use it for thousands of users. Some have the philosophy that it's OK to block many valid messages as long as they block the most spam, but I don't feel that way. I provide email services to many different clients and our primary obligation is to deliver EVERY SINGLE VALID MESSAGE, block over 99% of all spam, and be able to account for every single message (either the send or recipient knows a message was identified as spam) which means that the "Delete" action should NEVER be used unless specified by the end user. There are no perfect spam filters out there and a message should NEVER be considered as spam as the result of a single failure. Additionally many don't use one of the most effective spam filters available... SpamAssassin. RBL's, URIBL's, SPF, DKIM, rDNS, do nothing to determine if the message is properly formatted or uses a variety of malformed or improper user agents, etc. Follow-up is also important... spam filtering is not a set it and forget it system. For example I have a spam account that I use to monitor the effectiveness of our filters daily... I actively advertise that account to be picked up by just about every junk list, newsgroup, etc. that I can find. That account should never get a valid message and I can use that account to verify our filtering effectiveness (which could not be done if any messages were given the Delete action). That account currently gets about 200 messages per day (and grows all the time) and maybe 1 or 2 messages are not identified as spam by our system. Usually those were delivered thru one of the major providers (gmail, yahoo, AOL, etc.) which eliminates the effectiveness of RBL's. They'll all pass SPF, DKIM, DMARC, rDNS, etc. The only shot you have at them is URIBL's and good content filtering such as SpamAssassin. In summary, everyone has different needs, but I can assure you that the tools available to use in SmarterMail to fight spam are as good (or better in some cases) as any other server I know of (and I use several). The big weakness in SmarterMail right now is virus filtering. Over the last 60 days ClamAV (Windows) has been 62.3185% effective at catching known infections. That's pretty bad. Compare this to Avira (Windows) which caught 85.7915% (source: https://www.shadowserver.org/wiki/pmwiki.php/AV/Virus60-DayStats )
Thanks, -Joe
Eric Bourland Replied
2/26/2015 at 5:32 PM
Hi, Steve, Thanks for this. I went into Admin ---> Security ---> AntiSpam Administration and selected Enable For Filtering Remote SpamAssassin (0 - 30) Spam Assassin Based Pattern Matching (0 - 30) So far, so good. Do I need to go into Advanced Settings ---> SpamAssassin Servers and specify some SpamAssassin servers? At present, none are specified. Thank you again for your help. best from Eric
Eric Bourland Replied
2/26/2015 at 5:32 PM
Joe, that's great information. Thank you. Eric
Steve Reid Replied
2/26/2015 at 6:16 PM
You should ensure you have already setup a SpamAssassin server outside of smartermail. That needs to happen and be added to the SA servers section within smartermail
Eric Bourland Replied
2/26/2015 at 6:22 PM
Dear Steve, Interesting! OK, this is making more sense. Can you tell me how you set up your SpamAssassin server? Did you dedicate an entire VPS to the SpamAssassin program? Are there public SpamAssassin servers that one can use? I am very grateful for any details. Thanks so much for your patient help. Eric
Steve Reid Replied
2/26/2015 at 6:23 PM
I am using spam assassin in a box, it's not free but very cheap. Runs as a low overhead service in windows.
Eric Bourland Replied
2/26/2015 at 6:27 PM
Steve, Understood. Do you use SpamAssassin in a box on the same server as your SmarterMail server? After you set up SAIAB, do you simply point SmarterMail / SpamAssassin servers at the IP address of the SAIAB server? Eric
Steve Reid Replied
2/26/2015 at 6:29 PM
Yeah its on the same server so i use 127.0.0.1
Eric Bourland Replied
2/26/2015 at 6:32 PM
This makes a lot of sense. Steve, I'm going to try this. Thanks again for your help. Eric
Eric Bourland Replied
2/28/2015 at 10:46 AM
Steve, I purchased and set up SpamAssassin. I installed in on my mail server. It seems like -- this is subjective -- that I am getting fewer spam hits. I read the SpamAssassin HELP file thoroughly (after setup, the HELP file opens). I'm continuing to explore this program. I am cautiously optimistic. I have a couple of more questions -- if you have time to consider them. Where do you go to see SpamAssassin results? How can you tell if SpamAssassin is receiving updates? Thank you again for this helpful feedback. Hope you are great. Eric
Steve Reid Replied
2/28/2015 at 9:19 PM
The default has negative scoring which affects thing poorly, check this thread: http://portal.smartertools.com/community/a2008/spamassassin-in-a-box-local_cf-customization.aspx
Steve Reid Replied
2/28/2015 at 10:03 PM
Spamassassin score should be in your header like the rest of the spam tests
Howell Dell Replied
3/3/2015 at 11:36 AM
Yes, I've noticed a huge increase lately too... Woodworking (SCAM imho), Rachael, Oz and Ellen are all popular... SpamAssasin has not been to be filtering these out at all. However, I also have Cyren Premium Antispam but it seems not to be filtering these out as well... Most of these messages are coming in with a score of Zero! I turned on the newer URIBL in the AntiSPAM Admin (V12), however, the round trip is +8000ms which is going to gum up the works! Any other good URIBL suggestions?
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Send User Spam Feedback Options in SmarterMailSmarterMail > Antispam and Antivirus
Untangle Spam Filtering and SmarterMail TLS IssuesGeneral Topics
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Messages from Trusted Senders are going to my Junk folderSmarterMail > Troubleshooting
Legal Holds and LitigationSmarterMail > Installation and Configuration