1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

SPAM Assassin Queries

Discussion in 'Plesk for Linux - 8.x and Older' started by teknovision, Mar 21, 2006.

  1. teknovision

    teknovision Guest

    0
     
    Folks,

    We were having some probs whereby emails from domains on our server were been tagged as spam.

    I added *ourdomain1.com ourdomain2.com within the whitelist and it seems that spammers have been sending rather a lot of mails with a from address of name@domain1.com, the message is therefore not processed by spamassassin. Any ideas on how I can stop this from happening?

    Some thoughts although I don't know if this is possible adding IP address whitelist filtering? Any other ideas would be more than appreciated!!

    Many thanks,

    .//phil
     
  2. EBHAUK

    EBHAUK Guest

    0
     
    I am not 100% sure what you are saying, but if I understand correctly, your server IP or reverse DNS address will have been logged on an external blacklist service such as spamhaus or spamcop. This will have happened as a result of your server being reported for spamming.

    The way it works is that when your server sends an email, if it is received by a mailserver running spamassassin or similar software, the mailserver will contact the spam blacklisting services it is subscribed to and compare the mailserver address in the header of the incoming email with those on the blacklist. If there is a match the emails are dealt with as spam. Depending on the setup of the spam software the emails may be assigned a score for further processing or deleted or bounced etc etc.

    To fix this you need to find out who is blacklisting you and ask for your server address to be removed. If you mention that you have located the spammer and removed all traces of their websites / mail accounts from your server, you may be in with a chance.

    If this is the case, changing the spam settings on your server will make no difference at all. This is handled externally to make sure that spammers are deleted immediately.
     
  3. teknovision

    teknovision Guest

    0
     
    Thanks for your reply EBHAUK! We are not blacklisted.

    We are receiving a lot of spam which is using a domain which is hosted on our server i.e.legitimateaccount@hosteddomain.com.

    In order to avoid spamming getting tagged when sending between accounts/domains on our server, we have whitlisted all the domains i.e. I have added *@hosteddomain.com to the whilist, this now means that a lot of spam is coming through untagged.

    Any ideas on how to 1) not process internal emails (between domains hosted on our server) but 2) still process emails coming from the outside which are using a from address which uses one of the domains hosted on our server? Many thanks for any help!!

    .//p
     
  4. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    what spam rules are the good mails hitting? can you post them here?
     
  5. teknovision

    teknovision Guest

    0
     
    There is no one category which good messages hit consistently, a snapshot below:

    No, score=-99.9 required=2.0 tests=RCVD_IN_SORBS_DUL, USER_IN_WHITELIST autolearn=no version=3.0.2
    No, score=0.1 required=2.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.2
    No, score=1.2 required=2.0 tests=HTML_30_40,HTML_MESSAGE, MIME_HTML_ONLY,MSGID_FROM_MTA_HEADER autolearn=no version=3.0.2

    I have noticed though that 'forged' mails often come with a reply-to adddress which is not same as sender. Is there a rule which could help here which I do not have?

    Many thanks for your help!!
     
  6. eilko

    eilko Regular Pleskian

    28
    73%
    Joined:
    Aug 1, 2001
    Messages:
    468
    Likes Received:
    4
    Location:
    Enschede, Netherlands
    these things happens here too. I noticed your thresshold is set at 2. This is quite low, I would recommend to set it to 5.
     
Loading...