-   Linux - Software (
-   -   Spam Filtering - need help (

coolamit78 03-22-2005 12:51 AM

Spam Filtering - need help

I've got spamassassin and clamav doing their respective jobs on our mailserver....Of late, my users have been getting spam mails....the contents are not too vulgar, but spamassassin and qmail-scanner are not able to detect and filter them....i dont know if posting a sample spam is against forum rules, but i'll still paste one such e-mail so that i can get better assistance..

this is one such mail

----- Original Message -----
From: Clinkers A. Firths
To: Rupab
Sent: Sunday, March 20, 2005 6:16 PM
Subject: Hello, playmates! :)

How do you do?

Sangke bedait

The nation will find it very hard to look up to the leaders who are keeping their ears to the ground.
A broken heart is a very pleasant complaint for a man in London if he has a comfortable income.

When it becomes more difficult to suffer than change -- then you will change.
The eyes indicate the antiquity of the soul.

Every great mistake has a halfway moment, a split second when it can be recalled and perhaps remedied.
People blame their environment. There is only one person to blame -- and only one -- themselves.
Show me a friend in need and I'll show you a pest.
If this is coffee, please bring me some tea but if this is tea, please bring me some coffee.
There is no rule more invariable than that we are paid for our suspicions by finding what we suspect. We are discreet sheep we wait to see how the drove is going, and then go with the drove.

A wounded deer leaps the highest. Happiness is a journey: not a destination.
If you are not very clever, you should be conciliatory.

What will not woman, gentle woman dare when strong affection stirs her spirit up?
Enthusiasm... the sustaining power of all great action.Others have seen what is and asked why. I have seen what could be and asked why not.

Make good habits and they will make you.

I do not believe that any man fears to be dead, but only the stroke of death.

I want all such mails to be filtered right to do that...any suggestions?

Thanx and Regards,


rgawenda 03-22-2005 01:42 AM

Re: Spam Filtering - need help

Originally posted by coolamit78

this is one such mail

I can't identify that sample as spam clearly. Where's the URL it wants you to check?

coolamit78 03-22-2005 05:39 AM

Hi rgawenda

Exactly, If you are not able to make out if that mail is spam or not, how will the anti-spam software check the same ???

I'm sure many of u guys would be receiving junk/spam like these above-mentioned.....I'd like to find out how you guys are dealing with this kindda stuff



ScooterB 03-22-2005 09:20 AM

I know that it isn't the "open source" way, but I have handled this kind of mail, as well as viruses and the like by using a commercial anti-virus, anti-spam, anti-anything you don't want software. It is called Vexira. And no, this isn't a commercial. It's just that I have been running this stuff for about two years now and I haven't had any issues (knock on wood). It's produced by a company called Central Command. URL =

The latest version which just came out is very good about filtering out spam and the like. Also, the extra step I take is that I watch my firewall. If I get mail from a source that appears like the one that you showed, they get the axe. If it ends up becoming too limited (i.e., you put someone on the DROP list that shouldn't be) you can always take them off. I watch for sources that probed the servers, etc. and they immediately get the boot. It becomes a full time job and yes that is what I do so it makes it very convenient.

If your clients are running XP or the like they can always add this kind of spam to their blocked senders list. If they are running something else, then you will have to find a comparable application. My inital gut instinct on this kind of email is that they are phishing. Their either trying to see if in fact they can get something past your server or testing your firewall. Maybe both. The simple solution is to axe them at the firewall and then the server doesn't have to deal with it.

coolamit78 03-22-2005 11:33 AM

Hello ScooterB,

First of all for a long reply :) .....secondly, yes, u r clients run WinXP professional...with and without SP2....

However, my ISP's mail server runs EXIM as the MTA and spamassassin and clamav....Still, such mails make their way into their system and from there, fetchmail running on our local IMAP server downloads all messages to respective e-mail accounts...which are in process scanned by spamassassin and clamav running on our local mail server too....such mails, however, escape without getting caught and they sometimes contain porn images too..

i'm looking for some kind of global solution which I just implement on my server becos its not possible to block mails for 150 users fact many of them are just beginners, so its difficult for a client-side solution...



ogmoid 03-22-2005 11:59 AM

Re: Re: Spam Filtering - need help

Originally posted by rgawenda
I can't identify that sample as spam clearly. Where's the URL it want's you to check?
The message, to me, looks like it is intended to poison bayesian spam filters.

benjithegreat98 03-22-2005 01:57 PM

I like to use DNSBL's (DNS Blacklists). My organization will recieve 4000 emails in one week and 40% of them get blocked by using DNSBL's and also a home brewed list of denied IP addresses. There is the occational false positive. I've had about 3 known ones in 2 year. In sendmail you can white list the addresses that are being falsely identified.

Here are the blacklists I use:

You'll have to research how to implement them in qmail on your own. I use sendmail and have never used qmail.

All times are GMT -5. The time now is 05:28 PM.