Page 2 of 4 FirstFirst 1234 LastLast
Results 11 to 20 of 36

Thread: [SOLVED] increase of spam

  1. #11
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    root@mail:/opt/zimbra/data/clamav/db/unofficial-dbs# ls -l
    total 24
    drwxr-xr-x 2 root root 4096 2010-06-16 12:45 add-dbs
    drwxr-xr-x 2 root root 4096 2010-06-16 12:46 configs
    drwx------ 2 root root 4096 2010-06-16 12:45 gpg-key
    drwxr-xr-x 2 root root 4096 2010-06-16 12:45 mbl-dbs
    drwxr-xr-x 2 root root 4096 2010-06-16 12:45 si-dbs
    drwxr-xr-x 2 root root 4096 2010-06-16 12:46 ss-dbs
    root@mail:/opt/zimbra/data/clamav/db/unofficial-dbs#


    is that good?
    so whats next?

  2. #12
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

  3. #13
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    hmm right now its not working but i guess i would have to restart the server right?
    I would have to wait after hours for that...


    Return-Path: prhebert@redballinternet.com
    Received: from mail.redballinternet.com (LHLO mail.redballinternet.com)
    (142.166.48.148) by mail.redballinternet.com with LMTP; Wed, 16 Jun 2010
    13:20:50 -0300 (ADT)
    Received: from localhost (localhost [127.0.0.1])
    by mail.redballinternet.com (Postfix) with ESMTP id D31272DC005
    for <prhebert@redballinternet.com>; Wed, 16 Jun 2010 13:20:50 -0300 (ADT)
    X-Virus-Scanned: amavisd-new at mail.redballinternet.com
    X-Spam-Flag: NO
    X-Spam-Score: 0.608
    X-Spam-Level:
    X-Spam-Status: No, score=0.608 tagged_above=-10 required=6.6
    tests=[AWL=-1.115, BAYES_00=-2.599, RDNS_NONE=0.1, TRACKER_ID=2.003,
    TVD_SPACE_RATIO=2.219] autolearn=no
    Received: from mail.redballinternet.com ([127.0.0.1])
    by localhost (mail.redballinternet.com [127.0.0.1]) (amavisd-new, port 10024)
    with ESMTP id h8-EE863+0IJ for <prhebert@redballinternet.com>;
    Wed, 16 Jun 2010 13:20:50 -0300 (ADT)
    Received: from mail.redballinternet.com (mail.redballinternet.com [142.166.48.148])
    by mail.redballinternet.com (Postfix) with ESMTP id 95FE92DC004
    for <prhebert@redballinternet.com>; Wed, 16 Jun 2010 13:20:50 -0300 (ADT)
    Date: Wed, 16 Jun 2010 13:20:50 -0300 (ADT)
    From: Paul Rene Hebert <prhebert@redballinternet.com>
    To: Paul Rene Hebert <prhebert@redballinternet.com>
    Message-ID: <21676340.20.1276705250581.JavaMail.root@mail>
    Subject: rrg63Uhj2UCyECcruX7D83A4qd5UA5vnlgwJp6b6fmPZpObZJA bftehuhRAXFby
    MIME-Version: 1.0
    Content-Type: text/plain; charset=utf-8
    Content-Transfer-Encoding: 7bit
    X-Originating-IP: [142.166.111.171]
    X-Mailer: Zimbra 6.0.6_GA_2324.UBUNTU8 (ZimbraWebClient - FF3.0 (Win)/6.0.6_GA_2324.UBUNTU8)

  4. #14
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    on a different subject... i don't know if you remember but you sent me a script last month that was called FromNotReturnPath.pm

    its works great and I am very happy
    but right now its score those emails with 1.. how would i change it so its score 2 or 3 any idea how to do that

    thanks in advance
    Last edited by Plurnay; 06-16-2010 at 12:46 PM.

  5. #15
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    I just restarted the server still nothing...:'(
    Last edited by Plurnay; 06-17-2010 at 05:17 AM.

  6. #16
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    do you guys need anything to help troubleshooting
    plz let me know... i am stuck here

  7. #17
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    For the FromNotReturnPath change the score in salocal.cf.in.

  8. #18
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Hmm, okay here is a updated block of code for amavisd.conf.in
    Code:
    @virus_name_to_spam_score_maps =
      (new_RE( [ qr'Sanesecurity'    => 0 ],
               [ qr'MSRBL'           => 0 ],
               [ qr'SecuriteInfo'    => 0 ],
               [ qr'MBL'             => 0 ],
               [ qr'winnow'          => 0 ],
               [ qr'INetMsg'         => 0 ],
               [ qr'Safebrowsing'    => 0 ],
               [ qr'ScamNailer'      => 0 ],
               [ qr'Email'           => 0 ],
               [ qr'HTML'            => 0 ],
               [ qr'JS.Redirect-2'   => 0 ],
      ));
    and the code that will need to go into salocal.cf.in
    Code:
    ################################################################################
    # SaneSecurity & MSRBL Signatures
    ################################################################################
    header CLAM_SS     X-Amavis-AV-Status =~ m{Sanesecurity}
    header CLAM_MSRBL  X-Amavis-AV-Status =~ m{MSRBL}
    header CLAM_MBL    X-Amavis-AV-Status =~ m{MBL}
    header CLAM_SI     X-Amavis-AV-Status =~ m{SecuriteInfo}
    header CLAM_WN     X-Amavis-AV-Status =~ m{winnow}
    header CLAM_IM     X-Amavis-AV-Status =~ m{INetMsg}
    header CLAM_SB     X-Amavis-AV-Status =~ m{Safebrowsing}
    header CLAM_SN     X-Amavis-AV-Status =~ m{ScamNailer}
    header CLAM_CAV    X-Amavis-AV-Status =~ m{Email|HTML|JS.Redirect}
    header CLAM_DS     X-Amavis-AV-Status =~ m{Doppelstern}
    
    score  CLAM_SS     2.5
    score  CLAM_MSRBL  1.5
    score  CLAM_MBL    1.5
    score  CLAM_SI     2.0
    score  CLAM_WN     2.0
    score  CLAM_IM     2.0
    score  CLAM_SB     2.5
    score  CLAM_SN     2.5
    score  CLAM_CAV    1.0
    score  CLAM_DS     1.0
    and while I am at it here are the additional RBLs we use with SpamAssassin
    Code:
    ################################################################################
    # SpamRats RBL (www.spamrats.com)
    ################################################################################
    header     RCVD_IN_SPAMRATS_DYNA  eval:check_rbl('spamratsdyna','dyna.spamrats.com.')
    describe   RCVD_IN_SPAMRATS_DYNA  Sender listed in SpamRats DYNA
    tflags     RCVD_IN_SPAMRATS_DYNA  net
    score      RCVD_IN_SPAMRATS_DYNA  2.0
    
    header     RCVD_IN_SPAMRATS_NOPTR  eval:check_rbl('spamratsnoptr','noptr.spamrats.com.')
    describe   RCVD_IN_SPAMRATS_NOPTR  Sender listed in SpamRats NOPTR
    tflags     RCVD_IN_SPAMRATS_NOPTR  net
    score      RCVD_IN_SPAMRATS_NOPTR  2.0
    
    ################################################################################
    # JunkEMailFilter RBL (www.junkemailfilter.com)
    ################################################################################
    header          __RCVD_IN_JMF         eval:check_rbl('JMF-lastexternal','hostkarma.junkemailfilter.com.')
    describe        __RCVD_IN_JMF         Sender listed in JunkEmailFilter
    tflags          __RCVD_IN_JMF         net
    
    header          RCVD_IN_JMF_W         eval:check_rbl_sub('JMF-lastexternal', '127.0.0.1')
    describe        RCVD_IN_JMF_W         Sender listed in JMF-WHITE
    tflags          RCVD_IN_JMF_W         net nice
    score           RCVD_IN_JMF_W         -1.5
    
    header          RCVD_IN_JMF_BL        eval:check_rbl_sub('JMF-lastexternal', '127.0.0.2')
    describe        RCVD_IN_JMF_BL        Sender listed in JMF-BLACK
    tflags          RCVD_IN_JMF_BL        net
    score           RCVD_IN_JMF_BL        1.5
    
    header          RCVD_IN_JMF_BR        eval:check_rbl_sub('JMF-lastexternal', '127.0.0.4')
    describe        RCVD_IN_JMF_BR        Sender listed in JMF-BROWN
    tflags          RCVD_IN_JMF_BR        net
    score           RCVD_IN_JMF_BR        0.6
    
    ################################################################################
    # SPAMEatingMonkey RBL (www.spameatingmonkey.net)
    ################################################################################
    header          RCVD_IN_SEMBACKSCATTER eval:check_rbl('sembackscatter-lastexternal', 'backscatter.spameatingmonkey.net')
    tflags          RCVD_IN_SEMBACKSCATTER net
    describe        RCVD_IN_SEMBACKSCATTER Received from an IP listed by SEM-BACKSCATTER
    score           RCVD_IN_SEMBACKSCATTER 0.5
    
    header          RCVD_IN_SEMBLACK       eval:check_rbl('semblack-lastexternal', 'bl.spameatingmonkey.net')
    tflags          RCVD_IN_SEMBLACK       net
    describe        RCVD_IN_SEMBLACK       Received from an IP listed by SEM-BLACK
    score           RCVD_IN_SEMBLACK       0.5
    
    urirhssub       SEM_URI                uribl.spameatingmonkey.net. A 2
    body            SEM_URI                eval:check_uridnsbl('SEM_URI')
    describe        SEM_URI                Contains a URI listed by SEM-URI
    tflags          SEM_URI                net
    score           SEM_URI                0.5
    
    urirhssub       SEM_URIRED             urired.spameatingmonkey.net. A 2
    body            SEM_URIRED             eval:check_uridnsbl('SEM_URIRED')
    describe        SEM_URIRED             Contains a URI listed by SEM-URIRED
    tflags          SEM_URIRED             net
    score           SEM_URIRED             0.5
    
    urirhssub       SEM_FRESH              fresh.spameatingmonkey.net. A 2
    body            SEM_FRESH              eval:check_uridnsbl('SEM_FRESH')
    describe        SEM_FRESH              Contains a domain registered less than 5 days ago
    tflags          SEM_FRESH              net
    score           SEM_FRESH              0.5
    
    ################################################################################
    # NIX SPAM RBL (http://www.dnsbl.manitu.net/)
    ################################################################################
    header          RCVD_IN_NIX_SPAM       eval:check_rbl('nix-spam-lastexternal','ix.dnsbl.manitu.net.')
    describe        RCVD_IN_NIX_SPAM       Listed in NIX-SPAM DNSBL (heise.de)
    tflags          RCVD_IN_NIX_SPAM       net
    score           RCVD_IN_NIX_SPAM       0.5
    
    ################################################################################
    # Barracuda RBL (http://www.barracudacentral.org/)
    ################################################################################
    header          RCVD_IN_BRBL          eval:check_rbl('brbl-lastexternal', 'b.barracudacentral.org.', '127.0.0.2')
    describe        RCVD_IN_BRBL          Received via relay listed in Barracuda RBL
    score           RCVD_IN_BRBL          2.0
    tflags          RCVD_IN_BRBL          net
    Certainly with Barracuda you need to sign up (free).

  9. #19
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    for those changes can i just do this
    zmamavisdctl stop; zmamavisdctl start (and will that make some downtime)
    or I have to restart the hole thing...

    and for the FromNotReturnPath ... what should i put in the salocal.in.cf files???

  10. #20
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Yes that is fine, and no it should not cause you a issue. You should have in your file something like
    Code:
    ################################################################################
    # Check for Spoofed From
    ################################################################################
    header      __FROM_COMPANY  From =~ /\@domain\.com/i
    meta        FAKE_COMPANY    (__FROM_COMPANY && FROM_NOT_RETURN_PATH)
    describe    FAKE_COMPANY    Fake mail from domain
    score       FAKE_COMPANY    3
    All you need to do is change the score line to whatever you would like.

Page 2 of 4 FirstFirst 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Huge increase in SPAM
    By padraig in forum Administrators
    Replies: 4
    Last Post: 06-22-2010, 07:12 AM
  2. zen.spamhaus.org SPAM increase
    By andremta in forum Administrators
    Replies: 1
    Last Post: 03-03-2010, 06:02 AM
  3. Major SPAM to one account
    By CarputerTech in forum Administrators
    Replies: 4
    Last Post: 09-04-2008, 10:54 PM
  4. Recent spam increase & greylisting
    By grunty in forum Administrators
    Replies: 0
    Last Post: 04-18-2008, 02:37 AM
  5. Increase spam filtrering
    By timothyalangorman in forum Administrators
    Replies: 0
    Last Post: 11-28-2007, 01:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •