I am running a mail server on CentOS(2.6.18-92.el5PAE) and have been fighting the spam/email spoofing for a while now and it's driving me crazy.
Here is the mail set up:
rpm -qa | grep courier
courier-mlm-0.58.0-1.2
courier-maildrop-0.58.0-1.2
courier-0.58.0-1.2
courier-ldap-0.58.0-1.2
courier-authlib-0.60.2-1.fc2
courier-imapd-0.58.0-1.2
courier-webmail-0.58.0-1.2
courier-pop3d-0.58.0-1.2
rpm -qa | grep spam
spamassassin-3.2.5-1.el5.rf
rpm -qa | grep clam
clamav-0.95.1-2.el5.rf
clamav-db-0.95.1-2.el5.rf
clamd-0.95.1-2.el5.rf
clamav-devel-0.95.1-2.el5.rf
I have tried to feed spam into the baysian filters with the sa-learn command and it doesnt seem to be helping. Another issue I have seen is emails being sent to and from the same address of different individuals in our company: So a spam email would be To:
user@hostname.com From:
user@hostname.com. Also another weird thing is an email would be sent to
user@hostname.com but end up in another users inbox. I've checked aliases/distribution groups and I cant see any real reason why they are getting spam sent to someone else.
I do have an SPF record on our external DNS and I've tested it on various SPF testing websites and they seem to pass. Ive searched around the net and have tried various configurations but nothing seems to stop the spam or the spoofing.
SPF records in DNS:
IN TXT "v=spf1 a mx ~all" ; This is an SPF record (see
http://spf.pobox.com/)
mail IN A *external IP of the mail server
IN TXT "v=spf1 a mx ~all" ; SPF record
*mailserver hostname IN TXT "v=spf1 a mx ~all" ; SPF record
Not sure what configurations for courier/spamassassin to post so if anyone can tell me what I would need to post to help troubleshoot please tell me and I can post it. Thanks!