Jump to content

Recommended Posts

over the last month or so my spam assassin has become almost totally ineffective. for years, i have averaged maybe 5-10 spams per day getting past SA. but now i'm consistently getting 30 or more per day that SA misses. long ago i set SA to auto delete, so in the past i have no idea just how much spam it was catching, but i seem to recall that when i set it to auto delete it was in fact catching a significant amount. but with this recent uptick in spam, i turned off the auto delete to make sure that SA was indeed still working. well, it is working, but it's only catching maybe 3-4 spams per day, while letting 30+ through.

 

is there any reason why all of a sudden spam assassin is doing such a poor job? has it lost it's general effectiveness?

 

 

lee

Link to post
Share on other sites

Welcome to the forums Lee :)

 

Have you tried setting SA a little lower in score so it catches more? That would be a good place to start.

 

Bruce -- lowering the criteria score wouldn't do much good -- in fact i would have to then come up with extensive white lists to keep valid mail from getting scored as spam. it looks to me like the scoring algorithm just isn't working as well as it used to. with the score criteria set where it is, it was working quite well up until about a month ago. so something isn't working the way it used to. i have no idea how the SA scoring algorithms work, but it appears that the problem might be in how it's dealing with various blacklists which i'm guessing it uses. quite a bit of the spam that it misses comes through with very similar IP addresses, which i would think would be indicative of spam servers, which i would think SA would be able to spot and thus score high. it's almost like it's not using current spam blacklists.

 

 

lee

Link to post
Share on other sites

is there any way to verify the version of Spam Assassin that is running on my server? apparently there have been a couple of recent updates, and i'm wondering if maybe an older version could be part of the problem?

 

also, how often are the rule updates run? any way to see when the last rule update was? according to the documentation, that's something that needs to be done on a regular basis, preferably daily.

 

 

lee

Link to post
Share on other sites

Welcome to the forum, Lee. :)

 

I believe you can see the version by viewing full headers in your email client, but you can also check with the help desk that should also be able to answer the rules updates question (which I think no one here in the forum can answer). Link on top of page and in my signature.

Link to post
Share on other sites

Thomas -- thanks for the suggestion, but i checked and the headers only show the spam score and status -- no indication of the version being run. i'll check with the help desk and see what they have to say.

 

 

lee

Link to post
Share on other sites

the help desk wasn't much help here. they assured me that spam assassin was up to date, but wouldn't tell me exactly what version is installed -- so whether it's really the latest and greatest, who knows.

 

oh well, this isn't all that big of a deal -- right now the amount of spam is not overwhelming, so i can live with it. but i have to believe that something is broken here -- just makes no sense that spam assassin would go from working so well to virtually not working at all.

 

 

lee

Link to post
Share on other sites

We run updates every night, so I can assure you that all our servers are running the very latest and stable releases as provided by CPanel. Spamassassin is installed serverwide and so the default configuration will be very tolerant considering the fact that it has to cater several accounts hosted on the server. It only tags the emails as spam based on keywords, phrases, the mailserver and sender domain etc. Emails coming into each account is different, spam evolve everyday making it more and more difficult to catch and so the best way to counter it is to continuously tweak your spamassassin + spam filter combination according to the emails that you are getting. The sudden explosion of spam can also be attributed to your account being picked up by email harvesters.

Link to post
Share on other sites

Carl -- thanks for the info on the updates. i guess that pretty much leaves "your account being picked up by email harvesters" as the best explanation. i've used this email address for close to ten years, so why all of a sudden it would end up on a bunch of new spam lists that spam assassin is incapable of detecting is somewhat of a mystery.

 

as for "continuously tweak your spamassassin + spam filter combination", a spam filter that has to be continually re-configured by the user is worthless. you might as well spend the time just deleting the spam.

 

anyway, as i said this is not that big of a deal. i'll just delete the stuff and be on my way. i'm just disappointed in spam assassin -- it did such a great job for so long, and now it's useless. i might as well just turn it off.

 

 

lee

Link to post
Share on other sites
  • 2 weeks later...

I finally gave up on Spam Assassin myself and went to www.spamarrest.com ... and gladly pay their annual fee to prevent thousands of emails every month from the bad boys and girls getting into my inbox. I have about ten email addresses I use and this has proven to be one of the best things I've done pertaining to email management.

Link to post
Share on other sites
  • 2 weeks later...

since i started this topic, here's an update on where i netted out -- most of this new spam that i was getting looked like "legitimate" spam, i.e., from email marketers who were just over-zealous. so i spent a couple of weeks diligently going through the various "opt out" options that were in the spams and voila -- my level of spam gradually went back down to what it was before i experienced this big uptick. so my conclusion is that Carl's "your account being picked up by email harvesters" theory was indeed correct. someone somewhere grabbed my email address and sold it to a bunch of marketers, and that's the uptick i was seeing. but they were fortunately all "legitimate" operations, and so i was ultimately able to opt out. somewhat of a PITA but at least my spam is back to a reasonable level.

 

it would be nice, though, if SpamAssassin could help deal with this type of "legitimate" spam. i did do a quick analysis at one point of the spam that was coming in, and it looked like a lot of it could easily be identified by IP address -- which i thought is one of the things that SA was doing. but apparently not. bottom line is that i still think SA is pretty much useless.

 

 

lee

Link to post
Share on other sites

Recently I have noticed that the spam header - X-Spam-Score: - has been running in the negative as -99.99 or -100 etc. I have set SA to kick anything over 3 but how can you set it for negative numbers?

 

Also, I have set up some account wide filters but they don't seem to be working. How many filters can you have? I have almost 400.

Any insight and/or solutions are greatly appreciated!

Edited by cookles
Link to post
Share on other sites

Also, I have set up some account wide filters but they don't seem to be working. How many filters can you have? I have almost 400.

Any insight and/or solutions are greatly appreciated!

 

 

in my experience setting up filters is a waste of time. the problem is that if what you are trying to block is "non-legitimate" spam, then those senders are usually very adept at avoiding filters by always making slight variations to the "from" address or the subject or whatever you are using to filter on. for example, they might substitute a numeric one for a lower case L for one mailing, then next mailing substitute a zero for the letter O, etc. thus the filter you set up last week won't work this week. it's a no-win situation.

 

OTOH, if the spam is from a "legitimate" mailer, then they are not going to play these types of games in order to get around filters, as they really don't want to be pestering people who aren't interested in what they are selling. so for these "legitimate" mailers, your filters will work. but since they are legitimate marketers, they will also honor an opt-out request -- so why not just do that? it will take at most about the same amount of effort on your part -- and probably a lot less effort -- and you will have them permanently out of your inbox.

Link to post
Share on other sites

We have over 300 email accounts. The spam seems to only affect a few - they probably put their email address out their and it got farmed out, but one of those affected is one of my companies administrators. Not sure how to tell her not to do something that she claims she hasn't done. Most of her spam is NOT legitimate, although there is some I'm sure. Over the last weekend she recieved over 450 spam messages. This morning it is down to 70 but that is only 1 days worth.

 

Anyway, there was this filter script I was using that you put the spam in a SPAM folder and put whitelist email in a HAM folder and the script "learned" what was spam and stopped it. I thought I would check and see how to re enable it. It has been a couple of years since I set it up and I can't remember what it was called. Anyone got a clue?

 

As for the from changing, I set it up so that anything ending in the domain name of the sender will not come through (From ends with domain.nam) but some are still coming through hence the question of how many filters can you set up.

 

Thanks for your help. :)

Link to post
Share on other sites

I don't know if there is a limit to the number of filters you can add. I have several hundred.

 

I have found Thunderbird to be quite proficient of detecting junk emails and that's what I use. All the spam goes to a 'junk' folder I can review and delete.

Link to post
Share on other sites

As for the from changing, I set it up so that anything ending in the domain name of the sender will not come through (From ends with domain.nam) but some are still coming through hence the question of how many filters can you set up.

 

the domain name in the FROM field can be just as easily spoofed as the user name part, so most non-legit spammers are going to be doing that as well. have you gone back and checked to see how effective any of these filters really are? i've been faced with the same problem you have here, supporting end users with major spam problems, and as i said in my experience these filters are a dead end. the non-legit spammers know how they work and thus can easily avoid them. all they catch are the legit spammers, who will honor an opt-out. but if you are finding they are in fact effective, then go for it! i don't know about any max number of filters, but would be very surprised if there is a max.

 

as for a client-side script, what email program are you using here? as Bruce mentioned, Thunderbird is pretty good at sorting out spam. Outlook also has that functionality, although it doesn't seem to work as well as TBird. also, both have filtering that will allow you to easily set up a "ham" folder based on the user's address book -- that's pretty simple to add. that might be your best bet here.

 

 

lee

Link to post
Share on other sites

I use Mailwasher which checks all my accounts lists them I select which ones to deleted, add to spam lists, and then they get deleted, and I get only the ones I want to receive. Works well has done for years.

Link to post
Share on other sites
  • 3 weeks later...

The real problem with this is mobile phones, which do not filter spam like computers do (Outlook/Thunderbird/etc.).

 

I am working with a client to route his email through Gmail (forward email hosted at TCH to his Gmail account and just use that) as Gmail's spam filtering is very good.

 

I still don't understanding why Spam Assassin is not stopping more. I set it way down to 1 and still not stopping anything. That doesn't make sense.

Link to post
Share on other sites

I have as well noticed over the past two weeks and increase in spam. I have checked mail headers and these blatant spams are scored as a negative score or less than 1. Here's one that popped in while I was typing this. The message was only a link to a russian domain.

Subject: Re: Buy now Percocet^Adderall^Vicodin!!

MIME-Version: 1.0

X-Spam-Status: No, score=0.0

X-Spam-Score: 0

 

And another

Subject: Rank High in The Search Engines. No Cost Website Analysis Report!

X-Spam-Status: No, score=-0.2

X-Spam-Score: -1

X-Spam-Bar: /

Link to post
Share on other sites

Wow .. this thread sure has a good life and created lots of dialogue! Nice.

 

In a nutshell.. in my experience, Spam Assassin needs to be ignored. All filtering levels are just basically useless. I've gone the route of purchasing a subscription to SpamArrest for $50 a year (there are others out there, too) in order to filter my email accounts and am now one happy camper. Spam Assassin seemed to work fine about a year or so ago and then it began to degrade dramatically till it simply just doesn't do the job. The spammers are gettin' smarter at the same time, too.

Link to post
Share on other sites

There should be a line added to the email you are receiving if you have Spam Assassin active. Viewing the source you should see the header with the score. If you are not seeing it please open a ticket with the help desk.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...