Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36

Thread: [SOLVED] increase of spam

  1. #21
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    Quote Originally Posted by uxbod View Post
    Yes that is fine, and no it should not cause you a issue. You should have in your file something like
    Code:
    ################################################################################
    # Check for Spoofed From
    ################################################################################
    header      __FROM_COMPANY  From =~ /\@domain\.com/i
    meta        FAKE_COMPANY    (__FROM_COMPANY && FROM_NOT_RETURN_PATH)
    describe    FAKE_COMPANY    Fake mail from domain
    score       FAKE_COMPANY    3
    All you need to do is change the score line to whatever you would like.

    that only change the fake reball score
    here is what I meen

    No, score=-3.6 tagged_above=-10 required=6.6 tests=[BAYES_00=-2.599, FAKE_REDBALL=2, FROM_NOT_RETURN_PATH=1, RCVD_IN_DNSWL_MED=-4, SPF_PASS=-0.001] autolearn=ham


    If its a fake redball email its will be score 2 for fake redball and 1 for FROM_NOT_RETURN_PATH but

    if its come doesnt comes from redballinternet domain but does have a different from/return path its will only score 1 with FROM_NOT_RETURN_PATH ... i would like to bring the FROM_NOT_RETURN_PATH to like 3


    Thanks for all your help ones again!!!!! I really apreciated it
    Paul-Rene

  2. #22
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Add into the config file
    Code:
    score FROM_NOT_RETURN_PATH 3

  3. #23
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    which config file?

  4. #24
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    salocal.cf.in

  5. #25
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    thank uxbod...

    looks like its close to being all done...
    the only thing I don't get is that they do get caught but everything is score with 0

    AV:Sanesecurity.Junk.30066.UNOFFICIAL=0

    like this
    what is doing that???

    thanks ahead
    Paul-Rene

  6. #26
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Did you add this code block into salocal.cf.in ?
    Code:
    ################################################################################
    # SaneSecurity & MSRBL Signatures
    ################################################################################
    header CLAM_SS     X-Amavis-AV-Status =~ m{Sanesecurity}
    header CLAM_MSRBL  X-Amavis-AV-Status =~ m{MSRBL}
    header CLAM_MBL    X-Amavis-AV-Status =~ m{MBL}
    header CLAM_SI     X-Amavis-AV-Status =~ m{SecuriteInfo}
    header CLAM_WN     X-Amavis-AV-Status =~ m{winnow}
    header CLAM_IM     X-Amavis-AV-Status =~ m{INetMsg}
    header CLAM_SB     X-Amavis-AV-Status =~ m{Safebrowsing}
    header CLAM_SN     X-Amavis-AV-Status =~ m{ScamNailer}
    header CLAM_CAV    X-Amavis-AV-Status =~ m{Email|HTML|JS.Redirect}
    header CLAM_DS     X-Amavis-AV-Status =~ m{Doppelstern}
    
    score  CLAM_SS     2.5
    score  CLAM_MSRBL  1.5
    score  CLAM_MBL    1.5
    score  CLAM_SI     2.0
    score  CLAM_WN     2.0
    score  CLAM_IM     2.0
    score  CLAM_SB     2.5
    score  CLAM_SN     2.5
    score  CLAM_CAV    1.0
    score  CLAM_DS     1.0
    And would you check the header from that email to see what X-Amavis-AV-Status has been set to ?

  7. #27
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    Yes I have that exact block of code in my salocal.cf.in
    and i did restart everything after adding the code...

    but I can found any line with "X-Amavis-AV-Status" in the headers....

    for the other RBL like spamrats, junkemailfilter, etc is putting the block of code in the salocal.cf.in file this only thing you have to do to make it worked?
    or i have to download some other config... because i didnt see any email that was block by the extra RBL

    Thank again for everything
    Last edited by Plurnay; 06-22-2010 at 11:05 AM.

  8. #28
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    btw what is the different between having amavis.conf.in adding the score compare to salocal.cf.in??? I am guessing its good to know thanks

  9. #29
    Plurnay is offline Senior Member
    Join Date
    Apr 2010
    Location
    New-Brunswick, Canada
    Posts
    67
    Rep Power
    5

    Default

    I would like to get the sanesecurity working ASAP

  10. #30
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Would you please post the headers from one of the emails; plus update /opt/zimbra/conf/amavisd.conf.in and change $log_level to be 2. Then restart and when you get another one hit send post the details from /var/log/zimbra.log.

Page 3 of 4 FirstFirst 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Huge increase in SPAM
    By padraig in forum Administrators
    Replies: 4
    Last Post: 06-22-2010, 07:12 AM
  2. zen.spamhaus.org SPAM increase
    By andremta in forum Administrators
    Replies: 1
    Last Post: 03-03-2010, 06:02 AM
  3. Major SPAM to one account
    By CarputerTech in forum Administrators
    Replies: 4
    Last Post: 09-04-2008, 10:54 PM
  4. Recent spam increase & greylisting
    By grunty in forum Administrators
    Replies: 0
    Last Post: 04-18-2008, 02:37 AM
  5. Increase spam filtrering
    By timothyalangorman in forum Administrators
    Replies: 0
    Last Post: 11-28-2007, 01:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •