spam being let through

Discuss our MailScanner install script and MailScanner itself
Post Reply
derekchambers
Junior Member
Posts: 4
Joined: 11 Aug 2007, 12:05
Location: London, UK
Contact:

spam being let through

Post by derekchambers »

Hi

I have MailScanner on three servers, as of the start of the month on one serve ronly spam has been getting through even if I lower the setting to say 4 and 15

This makes me think it is not workiong

any suggestions

Derek
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Post by Sarah »

Have you looked in the FAQ?
http://www.configserver.com/techfaq/index.php?faqid=51

Regards,
Sarah
derekchambers
Junior Member
Posts: 4
Joined: 11 Aug 2007, 12:05
Location: London, UK
Contact:

Post by derekchambers »

hi

I have followed the instructions in the FAQ and it seems spam is still getting through

de,l
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Post by Sarah »

Is the spam getting through to all domains or just some of them? Can you post examples of the email headers of some of this spam? Perhaps you could upload a few of these in full raw message form somewhere that we can download them and run them through one of our systems.

To ensure that there's not some issue between spamassassin and mailscanner, you could try running one of them through SA alone, using the following command:

spamassassin -t -D < /path/to/spamemail.txt

Regards,
Sarah
derekchambers
Junior Member
Posts: 4
Joined: 11 Aug 2007, 12:05
Location: London, UK
Contact:

spam being let through

Post by derekchambers »

There are some examples of spam at http://www.aip.co.uk/spam-examples.txt (in a text file). There is still lots more spam getting through, although some is being stopped. It all started on 1 June which just happened to be when the server was rebooted...
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Post by Sarah »

I tried a couple of these on one of our servers and one scored over 20 points and the other over 40 points. Both of them triggered both DCC and Razor, plus a lot of URIBLs.

Are DNS lookups working on your server? Are you running named and a caching nameserver on the server, and if so, is the server's own IP the first one listed in /etc/resolv.conf? When you try a dig on a random domain name, how long does it take to return the result?

Have you done a spamassassin lint test in MailWatch? Are there any errors?

I'd recommend testing one of those emails using the command I gave earlier and see whether the network tests are where it bogs down. Just paste one whole message into a text file, for instance spam.txt in your /root/ directory, then do the following:

Code: Select all

spamassassin -t -D < /root/spam.txt
Make sure you are logged into SSH as root.

Watch the output carefully and see where it pauses. Make sure your screen buffer in your SSH client is big enough to go back through the output and check for any errors.

Regards,
Sarah
Post Reply