I've been getting a lot of spam that has managed to get past my SpamAssassin. I keep training the bayes filter with it, yet spam still comes through. Which parameters should I tweak? Do I need to install more mods since the SARE rules no longer work? Here is a typical report from one of these emails:
X-Spam-DCC: sonic.net: ipcop.localdomain 1117; Body=1 Fuz1=1 Fuz2=3
X-Spam-Report:
* 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
* See http://wiki.apache.org/spamassassin/Dns ... nsbl-block
* for more information.
* [URIs: eyeh.eu]
* 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist
* [URIs: eyeh.eu]
* 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
* [score: 1.0000]
* 0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
* [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=l ... ocaldomain]
* 0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
* [score: 1.0000]
* 0.0 HTML_MESSAGE BODY: HTML included in message
X-Spam-Status: No, score=5.4 required=6.0 tests=BAYES_99,BAYES_999,
HTML_MESSAGE,SPF_FAIL,URIBL_BLOCKED,URIBL_DBL_SPAM autolearn=no version=3.3.1
X-Spam-Level: *****
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on ipcop.localdomain
X-Filtered-With: Copfilter Version 0.85.3beta4 by Markus Madlener @ http://www.copfilter.org
X-Copfilter-Filtered-With: SpamAssassin 3.3.1
X-Copfilter-Virus-Scanned: F-PROT 6.7.10.6267 - Engine 4.6.5.141 - Virus Database 2014-06-25 20:20
Spam getting through... which parameters to tweak?
-
ShelbyGT500
- Posts: 846
- Joined: 13 May 2010 22:37
- Location: FRANCE
Re: Spam getting through... which parameters to tweak?
Hi,
Note you will need to disable MalwarePatrol database, because it 's necessary now to register to download database.
You can use Clamav with 3rd party sigs , version 0.60.6 : viewtopic.php?f=3&t=215#p486
It adds databases to detect spam (spam mails will be detected as virus).
Last but not least, IPCOP 1.4.21 is obsolete and no longer supported. Spamassassin 3.3.1 is obsolete too.
It's higly recommanded to upgrade to IPCOP 2.1.5 (2.1.6 coming soon), and Copfilter 2.1.92beta4
Regards.
ShelbyGT500
EDIT:
Note F-prot database is obsolete too: X-Copfilter-Virus-Scanned: F-PROT 6.7.10.6267 - Engine 4.6.5.141 - Virus Database 2014-06-25 20:20
To solve: viewtopic.php?f=3&t=840#p4405
Yes, see : viewtopic.php?f=3&t=964marcw wrote:Do I need to install more mods since the SARE rules no longer work?
Note you will need to disable MalwarePatrol database, because it 's necessary now to register to download database.
You can use Clamav with 3rd party sigs , version 0.60.6 : viewtopic.php?f=3&t=215#p486
It adds databases to detect spam (spam mails will be detected as virus).
Last but not least, IPCOP 1.4.21 is obsolete and no longer supported. Spamassassin 3.3.1 is obsolete too.
It's higly recommanded to upgrade to IPCOP 2.1.5 (2.1.6 coming soon), and Copfilter 2.1.92beta4
Regards.
ShelbyGT500
EDIT:
Note F-prot database is obsolete too: X-Copfilter-Virus-Scanned: F-PROT 6.7.10.6267 - Engine 4.6.5.141 - Virus Database 2014-06-25 20:20
To solve: viewtopic.php?f=3&t=840#p4405
Re: Spam getting through... which parameters to tweak?
Thanks for the reply. I am running 3rd party clamav signatures. The issue is that my cop is running on REALLY outdated hardware. It only has 1GB of memory with no cheap option to upgrade. In other words I can't just turn on all the 3rd party sigs due to lack of memory. Which ones would you suggest are the best bang for the buck memory footprint wise? I realize my cop is old too, but when it just works it's hard to take it down and replace it with the newer version. I've been thinking about getting a Lenovo ThinkServer TS140 and put the newer 2.x version on it so I can configure it on my leisure and then have a drop in replacement for my old box. I work from home so having internet is essential for me and I can't afford for my cop to be down for a long time. Does the 2.x version have any issues with newer hardware like SATA3, PCIe, SSD etc etc?
-
ShelbyGT500
- Posts: 846
- Joined: 13 May 2010 22:37
- Location: FRANCE
Re: Spam getting through... which parameters to tweak?
Hi Marcw,
-Sanesecurity: junk.ndb, phish.ndb, scam.ndb, spam.ldb, spamimg.hdb, spamattach.hdb
- Bofhland: bofhland_cracked_URL.ndb,bofhland_phishing_URL.ndb
-Porcupine : phishtank.ndb
The common issues are with Ethernet interface.
it should work without any issue, you only have to choose correct NIC.
In my case, I'm running IPCOP with Shuttle ds 61 (and intel pentium 2020) without any issue, high performance and low consumption.
Regards.
ShelbyGT500
if you wanr to be more efficient with spam, have a try with :marcw wrote: Which ones would you suggest are the best bang for the buck memory footprint wise? I
-Sanesecurity: junk.ndb, phish.ndb, scam.ndb, spam.ldb, spamimg.hdb, spamattach.hdb
- Bofhland: bofhland_cracked_URL.ndb,bofhland_phishing_URL.ndb
-Porcupine : phishtank.ndb
You will find more informations on IPCOP website (for hardware: http://www.ipcops.com/phpbb3/viewforum. ... f521103259).marcw wrote: Does the 2.x version have any issues with newer hardware like SATA3, PCIe, SSD etc etc?
The common issues are with Ethernet interface.
Waoouu ! high quality for IPCOP !marcw wrote: I've been thinking about getting a Lenovo ThinkServer TS140 and put the newer 2.x version on it so I can configure it on my leisure and then have a drop in replacement for my old box.
it should work without any issue, you only have to choose correct NIC.
In my case, I'm running IPCOP with Shuttle ds 61 (and intel pentium 2020) without any issue, high performance and low consumption.
Regards.
ShelbyGT500