SO MUCH SPAM!!!
Problem reported by capbrown50 - October 28 at 4:02 PM
Submitted
All of our domain emails are receiving HUGE amounts of spam every day.  How can we stop this.  Our clients are very unhappy with all this spam.

11 Replies

Reply to Thread
0
Derek Curtis Replied
Employee Post
Have you checked the headers of any messages to see what they're scored? IF so, you can then adjust the spam weights in your ruleset to take care of them messages: append to the subject line, move to a junk folder or outright delete. Have you tried a trial of Message Sniffer and/or Cyren? 
Derek Curtis
COO
SmarterTools Inc.
(877) 357-6278
1
Richard Frank Replied
Spam checking is something that is dynamic. You have to regularly adjust spam checks and dnsbl checks.

some possibilities
Lookup the senders IP in the header, then check that IP on blacklist sites like http://www.mxtoolboxcom or http://multirbl.valli.org/
You might add those lists to your dnsbl checks.
You can also skip all dnsblacklist checks but just use one, https://www.invaluement.com/

@Derek, never advise to delete messages. If messages get deleted that shouldn't be deleted it's because of your advise. Allways advise to quarantaine. If someone chooses to delete messages with a high spam value it's on his own.


1
Derek Curtis Replied
Employee Post
Thanks for the reply, Richard. You're spot on about spam checking being dynamic. And just to clarify, I wasn't advising that they delete them, just pointing out that it's an option as some customers prefer that when spam weights are very high compared to others.
Derek Curtis
COO
SmarterTools Inc.
(877) 357-6278
1
Linda Pagillo Replied
Hi Capbrown! Can you post the headers from a few of the spam messages you are seeing? I am positive that I can help. Thanks.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
0
Paul Blank Replied
@Richard Frank: Agreed. For example, I see "ham" being afforded very high spam scores in many cases from some political action groups (on all sides of the spectrum), and I'm not talking about "hate" email. Some folk actually want to receive those messages. 

So yes; generally a good idea to quarantine emails unless they are clearly going to cause malicious damage.
0
capbrown50 Replied
Thanks, everyone.  @Linda - here are some of the headers:
1.
Return-Path: <Qatar@info.qatar.com>
Received: from o-bb.net (www4.o-bb.net [219.109.143.249]) by mikewbrown.com with SMTP;
   Thu, 1 Nov 2018 21:21:34 -0500
Received: (qmail 25461 invoked from network); 2 Nov 2018 04:33:22 +0900
Received: from unknown (HELO ?103.207.38.154?) (monma@aworks.co.jp@103.207.38.154)
  by www2.o-bb.net with SMTP; 2 Nov 2018 04:33:22 +0900
Content-Type: multipart/alternative; boundary="===============1415410609=="
MIME-Version: 1.0
Subject: *SPAM* =?utf-8?b?KOKCrDk1MCwwMDAuMDAgRXVyb3M=?=
To: Recipients <Qatar@info.qatar.com>
From: "Qatar Foundation" <Qatar@info.qatar.com>
Date: Fri, 02 Nov 2018 00:25:05 -1100
Reply-To: qatarcharity21@gmail.com
X-Rcpt-To: <a.brown@tttransports.com>
Message-ID: <7e61e9a64c8d4b779e5716207d8afa2d@com>
X-SmarterMail-Spam: SPF_None, Bayesian Filtering, ISpamAssassin 0 [raw: 0], DK_None, DKIM_None
X-SmarterMail-SpamDetail: 0.6 MISSING_MID Missing Message-Id: header
X-SmarterMail-TotalSpamWeight: 10
2.
Return-Path: <noreply@magicneuron.com>
Received: from magicneuron.com (magicneuron.com [188.225.27.175]) by mikewbrown.com with SMTP;
   Thu, 1 Nov 2018 16:32:44 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=key1; d=magicneuron.com;
 h=Date:From:Message-ID:To:Subject:MIME-Version:Content-Type:
 Content-Transfer-Encoding; i=noreply@magicneuron.com;
 bh=ctejU0BEWNnXrGkxNp2RMUMgW2tIu3S02SU05BoLaWw=;
 b=aCSS95Cz10yCkf/OZnZ7iEcPhyZ1JFkaSPZ9bs2ofjoVP6ryDggnOpAYPJJPdRuJ45e4oGOJvWrz
   x8BHdEQajg+DwdS8BTpGLM0+uXvjQo7hpKqgAXmkN7PFVJTLAPKUY48yirLa1uKYseQjp511UYBR
   yxmR38f0nP8y/HzRqTo=
Date: Fri, 2 Nov 2018 4:32:44 +0700
From: "=?utf-8?Q?Lineberry_Fahy?=" <noreply@magicneuron.com>
Organization: qhphc
X-Priority: 3 (Normal)
Message-ID: <7398783092.20181102043244@magicneuron.com>
To: a.brown@tttransports.com
Subject: =?utf-8?Q?Tic=D0=BAet=2394296905_=3Cchristine=40lionet-technologies.com=3E_01-11-2018_11=3A32=3A33_I_highly_recommend_you_to_study_that_letter=2C_just_to_be_sure_nothing_may_happen_?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-SmarterMail-Spam: SPF_Pass, ISpamAssassin 0 [raw: 0], DK_None, DKIM_Pass
X-SmarterMail-TotalSpamWeight: 0
3.
Return-Path: <riel@synd-fire.info>
Received: from synd-fire.info (nwy170.numerousways.com [188.214.192.170]) by mikewbrown.com with SMTP;
   Sat, 27 Oct 2018 08:00:57 -0500
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mail; d=synd-fire.info;
 h=From:Date:MIME-Version:Subject:To:Message-ID:Content-Type; i=riel@synd-fire.info;
 bh=RHpaa1qE8brHqTyxzQfnUD/OGqE=;
 b=jyqRBHLYU+JxLKuk8lSpjG2YGYFQccwzcszwhtx1dVIKm+CzRhtV0Fb4WLVtftvQWC4nUY81mqyp
   RvLVlmevv9+Hn6q6tu3G7aE1BMsRm625hUozQ/zP0yQPbQ+g7qTbAc/7yCaRPS9hcrrZIkAlyHpW
   yGAChoE0ysbLCEB1E/s=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mail; d=synd-fire.info;
 b=K4/6RACv2eUxOPAcdPfy/dmXahkOKPPUVi8PQ6yUQWCINnfqutq0YxopBlc7tkT38x29JuyIx85e
   eOSPl/qP30vCiJBQ14fAjmJAOs4iA/IHjhT2fLYouqEWOXLLKSLfmhqCQaZ0+83JLPp6v03iCAMs
   hiWj6qfVpyGSfQgLBRI=;
From: " Alan Moore" <riel@synd-fire.info>
Date: Sat, 27 Oct 2018 00:07:14 -0500
MIME-Version: 1.0
Subject: Im now down 30 this month and still going
To: <a.brown@tttransports.com>
Message-ID: <uPNJRAJ4w10srDMUEAsgA3DeV3IcVD5wP89fpz3wkt4.1wKCZHI1ZQ87baA7GhV6tW4vVtFJtiVXZmn8pQFDCcs@synd-fire.info>
Content-Type: multipart/alternative;
 boundary="------------102692239128694586469662"
X-SmarterMail-Spam: SPF_Pass, ISpamAssassin 0 [raw: 0], DK_Pass, DKIM_Pass
X-SmarterMail-TotalSpamWeight: 0

@Linda, let me know if you need more.  I have hundreds.
Thanks, George Anne Brown


0
capbrown50 Replied
@Richard Frank, "You might add those lists to your dnsbl checks "  I don't know how to do this.  Can you explain to me?  Is Invaluement a program I add to our mail server that will help stop all of our client's spam?
0
Richard Frank Replied
Invaluement is a dns blacklist service https://www.invaluement.com/
When you don't know how to add dnsbl to spam checks you should learn more about adding RBL in the knowledge base.
0
Linda Pagillo Replied
Thanks for the headers Cap. It looks like you may want to add Declude (it is free of charge and you can get it from our website here: http://mailsbestfriend.com/downloads/) and you may want to also think about an add-on product like Message Sniffer which will make a huge difference in the amount of spam you receive. If you have any questions about either of these programs, please let me know and I will be happy to assist further.
Linda Pagillo
Mail's Best Friend
Email: linda.pagillo@mailsbestfriend.com
Web: www.mailsbestfriend.com
Authorized SmarterTools Reseller
Authorized Message Sniffer Reseller
 
2
Juan Lai Replied
providing a link to download SpamAssassin Virtual Appliance created by SmaterTools. Though it's a pretty old 
version: 
        CentOS 4.6 (Linux kernel 2.6.9-67.0.1.EL) 
        Webmin 1.390  
        SpamAssassin 3.2.4 
        ClamAV 0.92 
        Razor 2.84 
        DCC 1.3.80
    
    And I also quickly installed a standalone Ubuntu and enabled SpamAssassin yesterday. It's quite easy, you 
need to allow remote access to spamd service.  You will need to edit /etc/default/spamassassin  file, and 
change the following options to something like :

OPTIONS="-d -i 0.0.0.0 -A 192.168. --create-prefs --max-children 5 --max-conn-per-child=128 --username spamd --helper-home-dir -s /var/log/spamassassin/spamd.log"

    Then go to admin page to enable remote SpamAssassin. Hope this does help.

rds
Juan Lai
0
Damir Matešić Replied
Also at my side. Spam detection is inaccurate.

Reply to Thread