ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

spam being let through

https://mail.forum.configserver.com/viewtopic.php?t=1429

Page 1 of 1

spam being let through

Posted: 25 Jun 2008, 13:04
by derekchambers
Hi

I have MailScanner on three servers, as of the start of the month on one serve ronly spam has been getting through even if I lower the setting to say 4 and 15

This makes me think it is not workiong

any suggestions

Derek

Posted: 25 Jun 2008, 15:50
by Sarah
Have you looked in the FAQ?
http://www.configserver.com/techfaq/index.php?faqid=51

Regards,
Sarah

Posted: 28 Jun 2008, 17:23
by derekchambers
hi

I have followed the instructions in the FAQ and it seems spam is still getting through

de,l

Posted: 29 Jun 2008, 10:41
by Sarah
Is the spam getting through to all domains or just some of them? Can you post examples of the email headers of some of this spam? Perhaps you could upload a few of these in full raw message form somewhere that we can download them and run them through one of our systems.

To ensure that there's not some issue between spamassassin and mailscanner, you could try running one of them through SA alone, using the following command:

spamassassin -t -D < /path/to/spamemail.txt

Regards,
Sarah

spam being let through

Posted: 29 Jun 2008, 23:31
by derekchambers
There are some examples of spam at http://www.aip.co.uk/spam-examples.txt (in a text file). There is still lots more spam getting through, although some is being stopped. It all started on 1 June which just happened to be when the server was rebooted...

Posted: 30 Jun 2008, 10:30
by Sarah
I tried a couple of these on one of our servers and one scored over 20 points and the other over 40 points. Both of them triggered both DCC and Razor, plus a lot of URIBLs.

Are DNS lookups working on your server? Are you running named and a caching nameserver on the server, and if so, is the server's own IP the first one listed in /etc/resolv.conf? When you try a dig on a random domain name, how long does it take to return the result?

Have you done a spamassassin lint test in MailWatch? Are there any errors?

I'd recommend testing one of those emails using the command I gave earlier and see whether the network tests are where it bogs down. Just paste one whole message into a text file, for instance spam.txt in your /root/ directory, then do the following:

Code: Select all

spamassassin -t -D < /root/spam.txt
Make sure you are logged into SSH as root.

Watch the output carefully and see where it pauses. Make sure your screen buffer in your SSH client is big enough to go back through the output and check for any errors.

Regards,
Sarah
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited