spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charles Sprickman <sp...@bway.net>
Subject Missed spam, suggestions?
Date Mon, 29 Feb 2016 05:24:50 GMT
Hi all,

Recently I occasionally get bursts of spam that slips through Postfix (postscreen BL checks,
protocol checks) and SpamAssassin.  I just had another big jump in the last week.  This was
mostly spam touting Oil Changes, SUV sales and Lawyer Finders.

What I just did was go through a collection of missed spam and re-ran it through spamassassin.
All of it jumped from originally scoring around 2-3 to a minimum of 6.5 with most hitting
around 12.  The biggest difference I see is that DNSBL and URIBL services had started hitting.
When originally received, these emails all originated from very clean IPs.

I have TXREP enabled as well, but that doesn’t seem to be having either a positive or negative
impact.

What are my options to try to catch this junk before it hits the various *BLs?

I’ve not had much luck with Bayes - when I had it enabled recently on a per-user basis it
was just hitting the master DB server too hard with udpates.  I’m considering enabling it
again with a shared db for all users, which I hope might work better.  It would only be auto
trained, perhaps with some manual training by me.

Here’s a few samples, hosted elsewhere so as not to trip anyone’s filters:

https://gist.github.com/anonymous/0fcaf481875959c9151f (2.7 on Friday, 14 tonight)

https://gist.github.com/anonymous/a5396f68699392808988 (3.4 earlier tonight, 6.5 just now)

I have more samples, I can dig them up if that’s helpful.

Sometimes I wonder how much this has to do with the age of our domain and the fact that it
begins with “b”. :)

The only thing I’ve been contemplating is a local spamtrap and DNSBL.  We have a site that’s
regularly trawled for email addresses, so seeding it should not be too difficult…

Charles
Mime
View raw message