Jump to content

Did Something Change?


Recommended Posts

I was doing really well with keeping spam in check and suddenly about 2 days ago I started getting floods of 50 at a time (several times a day), most with Netsky.


I havent used the email from my site for much of anything so it can't be that I gave it to someone who harvested it. I have only two specific names I was getting mail for and I have spam assain set.


On my machine I also run virus software but Netsky is a slippery one. It got so bad I had to fully shut down my incoming email.


I'm wondering if you guys changed anything in the past week or so? Much of the email was also addressed to my server name rather than my site name. ;)


Any insight is appreciated



Link to comment
Share on other sites

I've been having the same problem, and did a little investigating.


In my headers, the BAYES_99 rule is showing up a lot, yet the spam scores are still very low (in the 2's)


[NOTE: the following all implies that you have spamassassin 3 installed]


Looking at the spamassassin defaults, BAYES_99 is set to "0 0 4.070 1.886" which means:


local = 0

net = 0

with bayes = 4.070

with bayes+net = 1.886


Now take an example email I just got:

X-Spam-Status: No, score=2.7 required=4.1 tests=BAYES_99,HTML_80_90,




BAYES_99: 0 0 4.070 1.886

HTML_80_90: 0.027 0 0.036 0.146

HTML_IMAGE_ONLY_20: 1.567 0.843 1.023 0.446

HTML_IMAGE_RATIO_06: 0.072 0 0.342 0.131


HTML_TEXT_AFTER_BODY: 0.263 0.151 0.752 0.061

HTML_TEXT_AFTER_HTML: 0.312 0.205 0.032 0.031

TO_ADDRESS_EQ_REAL: 0 0.470 0.131 0.026


If you add them up, the "local" scores = 2.7


Based on this, it is clear that Bayes is turned off (at least for me) and I am going to re-enable it by adding "use_bayes 1" to my config file.


I'll report back on how it goes....

Link to comment
Share on other sites

By your Server Name, you are talking about "user@serverxx.totalchoicehosting.com", correct?

If this is the case, then it would appear to me that someone on your server has possibly been infected.

Since it costs you nothing but a couple of minutes of time, maybe you should open a service ticket to make sure the techs check it out, as they will have access to the email logs and be able to see if my hunch is correct. And possibly save a major problem in the near future.

Link to comment
Share on other sites

I don't have a tutorial handy, but can tell you how to change at least that field.


Go into cpanel and run File Manager. Navigate to the .spamassassin directory and you will see a file called user_prefs


You will see that it has info in it such as your current required hits, etc...


Simplay add the line:

score BAYES_99 3


and save it. Of course, you can alter the "3" to whatever you want. My threshold is currently 4.1 and I found 3 to be right for me.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...