ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

SA rules. Sometimes not applied?

https://mail.forum.configserver.com/viewtopic.php?t=1256

Page 1 of 1

SA rules. Sometimes not applied?

Posted: 25 Apr 2008, 05:13
by BurakUeda
Sometimes I receive spam emails with extremely obvious keywords both in header and the body, with no obfuscation or anything. For example I just received this:
(Sorry for the language)
Subject: Bisexual Boys On Bed Jerking Off Hardcore
Body: Dark Haired Teen Interracial Gives Head Hardcore

And here is the SA rules involved:
spam, SpamAssassin (not cached, score=14.405, required 9, BAYES_99 5.50, DOS_OE_TO_MX 7.00, JM_REACTOR_MAILER 1.00, RCVD_IN_PBL 0.91)
And mind you that I raised the DOS_OE_TO_MX and BAYES_99 score significantly, but still it has only spam score of 14 (with default scores it would be somewhere like 6-8)

I mean come on! How obvious it can be. Do I really need to define a custom rule for this obvious adult spam?

Altough SA filters most of the spam, sometimes obvious spam mails passed like this one. Anyone else expreiencing this?

Posted: 25 Apr 2008, 14:55
by Sarah
SA does not necessarily scan subjects and text for specific keywords. If you want to do this you will have to search for and/or write your own rules. Just because it looks like spam to you (and of course I agree with you that it does) doesn't mean that the SA tests will catch it.

One SA plugin we've found useful is botnet, which you might try installing to help catch those spams that are sent from zombie PCs. If google for botnet you should find it easily.

Regards,
Sarah

Posted: 26 Apr 2008, 09:08
by nabuhonodozor
Hi Sarah,
Can You tell how to install botnet plugin for SA. Ive googled and found information (http://people.ucsc.edu/~jrudd/spamassassin/) but firstly I would like to know Your way which, I hope, will last during updates and wont break whole MS/SA/CSF installation.

Best regards,
Piotr

Posted: 26 Apr 2008, 10:02
by BurakUeda
nabuhonodozor wrote:Hi Sarah,
Can You tell how to install botnet plugin for SA. Ive googled and found information (http://people.ucsc.edu/~jrudd/spamassassin/) but firstly I would like to know Your way which, I hope, will last during updates and wont break whole MS/SA/CSF installation.

Best regards,
Piotr
It's not that difficult really.
First download the .tar file:
# wget http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar

Extract the file:
tar -xvf Botnet.tar

Copy all .pm and .cf files to your spamassassin plugin folder:
cp *.pm /etc/mail/spamassassin
cp *.cf /etc/mail/spamassassin

and restart the spamassassin (or mailscanner)

Posted: 26 Apr 2008, 11:10
by Sarah
The instructions BurakUeda has provided are correct. You can either restart MailScanner at the command line or in the WHM MailScanner front-end if you have it installed. Thanks, BurakUeda!

Regards,
Sarah

Posted: 27 Apr 2008, 07:53
by nabuhonodozor
Thanks alot Sarah and BurakUeda!
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited