LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-21-2005, 11:51 PM   #1
coolamit78
Member
 
Registered: Aug 2003
Location: New Delhi, India
Distribution: RHEL AS 3/4, Windows XP
Posts: 546

Rep: Reputation: 31
Spam Filtering - need help


Hi..

I've got spamassassin and clamav doing their respective jobs on our mailserver....Of late, my users have been getting spam mails....the contents are not too vulgar, but spamassassin and qmail-scanner are not able to detect and filter them....i dont know if posting a sample spam is against forum rules, but i'll still paste one such e-mail so that i can get better assistance..

this is one such mail
--------------------------------------------

----- Original Message -----
From: Clinkers A. Firths
To: Rupab
Sent: Sunday, March 20, 2005 6:16 PM
Subject: Hello, playmates!


How do you do?



Sangke bedait

The nation will find it very hard to look up to the leaders who are keeping their ears to the ground.
A broken heart is a very pleasant complaint for a man in London if he has a comfortable income.

When it becomes more difficult to suffer than change -- then you will change.
The eyes indicate the antiquity of the soul.

Every great mistake has a halfway moment, a split second when it can be recalled and perhaps remedied.
People blame their environment. There is only one person to blame -- and only one -- themselves.
Show me a friend in need and I'll show you a pest.
If this is coffee, please bring me some tea but if this is tea, please bring me some coffee.
There is no rule more invariable than that we are paid for our suspicions by finding what we suspect. We are discreet sheep we wait to see how the drove is going, and then go with the drove.

A wounded deer leaps the highest. Happiness is a journey: not a destination.
If you are not very clever, you should be conciliatory.

What will not woman, gentle woman dare when strong affection stirs her spirit up?
Enthusiasm... the sustaining power of all great action.Others have seen what is and asked why. I have seen what could be and asked why not.

Make good habits and they will make you.

I do not believe that any man fears to be dead, but only the stroke of death.
-----------------------------------------------------------------------------------

I want all such mails to be filtered right away....how to do that...any suggestions?

Thanx and Regards,

--amit
 
Old 03-22-2005, 12:42 AM   #2
rgawenda
LQ Newbie
 
Registered: Mar 2005
Location: Ourense, Spain, EU
Distribution: Gentoo, Debian, Kubuntu
Posts: 29

Rep: Reputation: 15
Re: Spam Filtering - need help

Quote:
Originally posted by coolamit78

this is one such mail
I can't identify that sample as spam clearly. Where's the URL it wants you to check?

Last edited by rgawenda; 03-22-2005 at 11:55 AM.
 
Old 03-22-2005, 04:39 AM   #3
coolamit78
Member
 
Registered: Aug 2003
Location: New Delhi, India
Distribution: RHEL AS 3/4, Windows XP
Posts: 546

Original Poster
Rep: Reputation: 31
Hi rgawenda

Exactly, If you are not able to make out if that mail is spam or not, how will the anti-spam software check the same ???

I'm sure many of u guys would be receiving junk/spam like these above-mentioned.....I'd like to find out how you guys are dealing with this kindda stuff

Regards

--amit
 
Old 03-22-2005, 08:20 AM   #4
ScooterB
Member
 
Registered: Sep 2003
Location: NW Arkansas
Distribution: Linux Redhat 9.0, Fedora Core 2,Debian 3.0, Win 2K, Win95, Win98, WinXp Pro
Posts: 344

Rep: Reputation: 31
I know that it isn't the "open source" way, but I have handled this kind of mail, as well as viruses and the like by using a commercial anti-virus, anti-spam, anti-anything you don't want software. It is called Vexira. And no, this isn't a commercial. It's just that I have been running this stuff for about two years now and I haven't had any issues (knock on wood). It's produced by a company called Central Command. URL = http://www.centralcommand.com/index.html

The latest version which just came out is very good about filtering out spam and the like. Also, the extra step I take is that I watch my firewall. If I get mail from a source that appears like the one that you showed, they get the axe. If it ends up becoming too limited (i.e., you put someone on the DROP list that shouldn't be) you can always take them off. I watch for sources that probed the servers, etc. and they immediately get the boot. It becomes a full time job and yes that is what I do so it makes it very convenient.


If your clients are running XP or the like they can always add this kind of spam to their blocked senders list. If they are running something else, then you will have to find a comparable application. My inital gut instinct on this kind of email is that they are phishing. Their either trying to see if in fact they can get something past your server or testing your firewall. Maybe both. The simple solution is to axe them at the firewall and then the server doesn't have to deal with it.
 
Old 03-22-2005, 10:33 AM   #5
coolamit78
Member
 
Registered: Aug 2003
Location: New Delhi, India
Distribution: RHEL AS 3/4, Windows XP
Posts: 546

Original Poster
Rep: Reputation: 31
Hello ScooterB,

First of all for a long reply .....secondly, yes, u r right...my clients run WinXP professional...with and without SP2....

However, my ISP's mail server runs EXIM as the MTA and spamassassin and clamav....Still, such mails make their way into their system and from there, fetchmail running on our local IMAP server downloads all messages to respective e-mail accounts...which are in process scanned by spamassassin and clamav running on our local mail server too....such mails, however, escape without getting caught and they sometimes contain porn images too..

i'm looking for some kind of global solution which I just implement on my server becos its not possible to block mails for 150 users individually...in fact many of them are just beginners, so its difficult for a client-side solution...

Regards

--amit
 
Old 03-22-2005, 10:59 AM   #6
ogmoid
Member
 
Registered: Jul 2004
Location: Coeur d'Alene Idaho
Distribution: Slackware
Posts: 41

Rep: Reputation: 15
Re: Re: Spam Filtering - need help

Quote:
Originally posted by rgawenda
I can't identify that sample as spam clearly. Where's the URL it want's you to check?
The message, to me, looks like it is intended to poison bayesian spam filters.
 
Old 03-22-2005, 12:57 PM   #7
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
I like to use DNSBL's (DNS Blacklists). My organization will recieve 4000 emails in one week and 40% of them get blocked by using DNSBL's and also a home brewed list of denied IP addresses. There is the occational false positive. I've had about 3 known ones in 2 year. In sendmail you can white list the addresses that are being falsely identified.

Here are the blacklists I use:
combined.njabl.org
bl.spamcop.net
sbl.spamhaus.org
list.dsbl.org
unconfirmed.dsbl.org
cbl.abuseat.org

You'll have to research how to implement them in qmail on your own. I use sendmail and have never used qmail.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SPAM Filtering abridge Linux - Software 2 08-02-2005 09:16 AM
Filtering Spam ? IchBin Linux - Software 2 06-13-2005 11:36 PM
SPAM Filtering Boffy Linux - Software 2 02-07-2005 01:51 PM
Spam Filtering WeNdeL Linux - General 3 06-17-2003 11:13 AM
Sendmail Spam filtering and Virus filtering MrJoshua Linux - General 2 04-03-2003 10:12 AM


All times are GMT -5. The time now is 01:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration