ConfigServer Community Forum

I have a single user that is getting 1-2 thousand SPAM messages a day. I have increased the SPAM score for the domain but fear it will impact the others users.

What can I do to help this user?

I have enabled Spamhaus and RBL but no luck.

Thoughts?

Thanks
Joe

Are the spam emails this domain is getting actually being identified as spam by mailscanner/spamassassin, or not? When you say you have increased the spam score for the domain, do you actually mean you increased the default spam score threshold for email coming into the domain? If so, that's the opposite of what you would normally do if spam is getting through.

Where did you enable spamhaus? In the WHM Exim Configuration Editor settings? Have you checked your exim configuration against our recommended settings?
http://www.configserver.com/techfaq/index.php?faqid=66

Regards,
Sarah

I have turned on Spam in Exim settings.

As for the SPAM the scores varies but in most cases it is a low score

Received: from choresuits.com ([204.11.101.195])
by server.hostboxer.com with smtp (Exim 4.69)
(envelope-from <singlesnet@choresuits.com>)
id 1M92SG-0006ZV-Ff
for linda@renaudco.com; Tue, 26 May 2009 14:36:56 -0500
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=main; d=choresuits.com;
b=QzYGm6m0TKjOnWCS293XKw8TxVmTsNDXldGDR1mDoBtX5vTEbcElVkrmSCDdwuKmHftjQs80H+0V0D4vOWtxGQ==;
h=Received:Message-ID:Date:From:To:Subject:List-Unsubscribe:MIME-Version:Content-Type:Content-Transfer-Encoding;
Received: by 204.11.101.195 with SMTP id 8qxu1dbdcotee1y
for <linda@renaudco.com>; Tue, 26 May 2009 11:33:21 -0800
Message-ID: <grtfpzrswzigo+1243366594@choresuits.com>
Date: Tue, 26 May 2009 11:33:21 -0800
From: "!!!SinglesNet!!!" <singlesnet@choresuits.com>
To: "Linda Midgett" <linda@renaudco.com>
Subject: View Pics Of Hot Local Singles=?UTF8?Q?=21=21=21?=
List-Unsubscribe: <mailto:unsubscribe-880yinpbmwb2i@choresuits.com>
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Score Matching Rule Descriptioncached not
score=3.004
5 required
0.00 BAD_CREDIT Eliminate Bad Credit
0.00 BAYES_50 Bayesian spam probability is 40 to 60%
1.55 HTML_IMAGE_ONLY_20 HTML: images with 1600-2000 bytes of words
0.00 HTML_MESSAGE HTML included in message
1.46 MIME_HTML_ONLY Message only has text/html MIME parts
-0.00 SPF_HELO_PASS SPF: HELO matches SPF record
-0.00 SPF_PASS SPF: sender matches SPF record

She gets about 1-2k a day at times

What do you mean by "I have turned on Spam in Exim settings"?

Assuming your exim configuration settings are in fact optimised as per the FAQ I noted in my previous post, I can only suggest checking your bayes database and trying some Spamassassin custom rulesets and plugins.

You could try training your bayes database with some of this spam since it's not scoring high on bayes.

You could use Justin Mason's SOUGHT rules (auto-generated spamassassin rules). Instructions for that are here:
http://taint.org/2007/08/15/004348a.html

You could add the Botnet plugin, which can be downloaded here with instructions:
http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar

Before anything else, you should should make sure that: (1) you are using RBLs in exim; (2) you have the SARE rules installed and (3) that your bayes database is working.

Joe,
You can create Your custom ruleset file (I would create new file "my_rules.cf" ) and place it in /etc/mail/spamassassin directory, the same where mailscanner.cf file exist.

In this file You can customize weights for every spamassasin rule. In Your case I would put following entries:

score BAD_CREDIT 1.5
score BAYES_50 2.0
score HTML_IMAGE_ONLY_20 1.55
score HTML_MESSAGE 0.5
score MIME_HTML_ONLY 1.46
score SPF_HELO_PASS -0.2
score SPF_PASS -0.2

I leave some wright as default for You to see.
Please be carefull with weights - raise them very slow and analyze the tagged spam messages.
Hope this gives You some hints.
Best,
Piotr