ConfigServer Community Forum

I have MailScanner Front-End and all the accoutrements installed on a cPanel/WHM server.

Everything is, so far as I can tell, configured correctly.

I have gone through your FAQ to make sure all the settings are correct, that DCC and Razor are functioning properly, the Bayesian database is current and updating, and I have added the KAM rules file to identify more spam.

Yet in the the past week, the number of uncaught messages has doubled or tripled. I have reduced the spam threshold on some accounts to 2, and judiciously added exceptions for false positives.

Just flagging the new spam in the blacklist isn't workable, since the email addresses always change. Some of these messages are all-so-obvious, such as "Labor Day Dog Product Coupons - September 3, 2014*"

MailScanner reported the following in the header of a typical message:

Message-Id: <0.0.0.2F.1CFC79F6ABE73B2.3489F4@doggylootcoupons34.us>
X-Paracast-Mailscanner-Information: Please contact the ISP for more information
X-Paracast-Mailscanner-Id: 1XPF46-0000EN-0W
X-Paracast-Mailscanner: Found to be clean
X-Paracast-Mailscanner-Spamcheck: not spam, SpamAssassin (not cached, score=1.199, required 2, BAYES_50 0.80, DKIM_SIGNED 0.10, DKIM_VALID -0.10, DKIM_VALID_AU -0.10, KAM_INFOUSME 0.50, SPF_HELO_PASS -0.00, SPF_PASS -0.00, URIBL_BLOCKED 0.00)
X-Paracast-Mailscanner-Spamscore: s
X-Paracast-Mailscanner-From: dogcoupons@doggylootcoupons34.us
X-Spam-Status: No
Labor Day Dog Product Coupons - September 3, 2014*

So what do you suggest I do to block this stuff?

Peace,
Gene

I came here today to ask the very same questions. There are a number of these spammers who use a multitude of ever changing domains, and cleverly craft their spam to skirt the typical spam traps.

Very frustrating, and users are complaining.

I too am seeing the same thing across all of our servers. Tons of messages coming through that are coming through. Mostly things like survey winning, coupons, and gift cards. And they all are only getting spam ratings of around 1.7-2.0

I want to stick with this solution. I've run MailScanner for several years on different servers, but I may have to look for something else if there is no way to reduce the spam clutter.

Peace,
Gene

I came here to ask the same as well. It seems as if in the last week or two, the amount of spam getting through has increased 3 or 4 times over. I've checked all of my settings over and over. Everything is configured correctly. I've been using this software for a couple of years now and I've been pretty happy with it, however, it's gotten to the point where my customers are starting to complain. I can't have this go on much longer.

The spam scores are determined by SpamAssassin, not MailScanner. All we can suggest is that you go through all the steps in the faq below:
http://www.configserver.com/techfaq/index.php?faqid=51

Beyond that , you might have a look at the spamassassin newsgroup:
http://www.gossamer-threads.com/lists/s ... sin/users/

Unfortunately if spammers are somehow getting past spamassassin, there is not much that can be done to correct this in MailScanner itself at this point.

Regards,
Sarah

Sarah, as I stated, I already consulted that FAQ to make sure everything was properly configured.

Peace,
Gene

Gene Steinberg wrote:Sarah, as I stated, I already consulted that FAQ to make sure everything was properly configured.

I realise that, but I wanted to provide the link to the FAQ for those who were not already aware of it, and also point to the spamassassin newsgroup where there are a few threads that seem related to the problems that are being reported here.

What I see on the group is that the spammers are playing tricks with headers that are bypassing SpamAssassin, so it's up to the developers to devise workarounds for this. It has actually gotten a bit better as of today.

Peace,
Gene

One more thing: Sarah: Are you folks going to upgrade to newer SpamAssassin versions in the near future? Wouldn't that improve protection?

Specifically: 2014-02-11: SpamAssassin 3.4.0 has been released adding native support for IPv6, improved DNS Blocklist technology and support for massively-scalable Bayesian filtering using the Redis backend.

Peace,
Gene