Spam assassin problem

Hi all,

Anybody know how to update Spam assassin in Virtualmin?

Currently my spam assassin showing SpamAssassin 3.1.9 (2007-02-13). But I checked

where it is showing that 2011-06-16: SpamAssassin 3.3.2 has been released

This is the old version. This is the cause why I am receiving thousands of spams every day…


I suspect there’s another issue going on with your system there.

You had mentioned in another post that you had hundreds of emails in your mail queue, and that’s not common no matter which SpamAssassin version you have. My suspicion is that a web app or email account on your server had been compromised. Though that’s just a guess :slight_smile:

However, the version of SpamAssassin that you have is specific to your Linux distribution.

That is, each Linux distribution ships with a particular SpamAssassin version.

Which distribution/version is it that you’re using there?


Hi Eric,

My version is CentOS release 5.0 (Final). Do my system capable to update the version of spamassassin?

If my mailserver had been compromised, which security measures I have to take?

Well, CentOS 5.0 is older – if you run a “yum update”, are you able to update that to the more recent CentOS 5.8?

As far as determining the source of all the spam you’re seeing – that’s the hard part! It’s a matter of studying the emails and email headers, and determining their source.

You should rarely end up with hundreds of emails in your queue – spam doesn’t typically work that way, spammers don’t tend to send that sort of volume to one user.

We typically only see that when something unusual is going on with an account.

My suggestion is to study the spam you’re seeing, and try to understand where it’s coming from. The email headers can often provide clues there.

You can usually tell from the email headers if it’s being locally generated. And if it is, you can also tell which account is generating it.

If it’s being generated on your own server, that often means a web app had been compromised.

It’s also possible that a password of one of your email accounts had been guessed.

The email headers can assist you in figuring all that out though.


Hi Eric,

Thank you very much for your help. Really appreciate it. After check some mails, I found that some spam mails came from the same domain.

Example where I received from:>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

And Im frequently receiving from, and

Is there any way to blacklist the domain name?

Well, the root issue here isn’t likely that some of the domain names appear more than once – it’s that it’s likely there’s some sort of compromise on your system that’s allowing so many emails to be sent via your server.

I wouldn’t be looking at how to block some addresses, I’d instead suggest reviewing how they’re getting onto your system at all.

I’ve never heard of spam being sent by the thousands to a single account (not that it couldn’t happen, but it’s certainly not the most common problem).

Using the email headers, you should be able to tell how those emails are getting to your server.

If you like, you could always open up one of those emails, and post the full email headers here.

Also, while I don’t suspect this is related, it certainly can’t hurt – if you haven’t enabled Email Greylisting yet, you may want to try that. It’s excellent at reducing spam. You can enable that in Email Messages -> Email Greylisting.


Hi Eric,

This is one the mail header

X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on domU-12-31-38-00-2D-84.compute-1.internal
X-Spam-Level: **
Delivered-To: carrie.mof@localdomain
Received: from (unknown []) by domU-12-31-38-00-2D-84.localdomain (Postfix) with ESMTP id DA136F5023 for; Tue, 5 Jun 2012 04:22:37 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default;; h=Message-ID:From:To:Subject:Date:Content-Type:Content-Transfer-Encoding;; bh=VHzbcecvPQescB4VdHvU9Y6SFuA=; b=ONJUHew1Dk3OPyI2MtUDBAM7j2uBr4o6sgMeG8uWePD3KWv7/wHVu2uDaebUbmmp90Ytxa2kXiuU kFsH3iHuD9G/KMK/z21qP8rL+dYMnCRNjz/pSa5iOFrLSXYL16t5
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default;; b=D4c2SZSGlRxW7o6mTa/heeXATE/Z/EKq6xSemr5xw4IaCNQCe84GLzOlXvFT5gb1GJnAkooLVINb tCZNzUr0HI2szGvwK/9OMs2vBgwC5wqNHaER5w4uVPuEkLrJfb5l;
From: “CableService”
Subject: Cable deals for low, low prices
Date: Tue, 05 Jun 2012 02:22:21 -0600
Content-Type: text/html; charset=“us-ascii”
Content-Transfer-Encoding: 7bit

And one more thing I noticed in AWS Console. There is a Security Group which allowing 0-65535 port.
Is this can be one of the cause? For mailserver what are the necessary port to be allowed?

Spam issues like that aren’t typically related to the ports that are being allowed.

Did you by chance enable Email Greylisting? I’d be curious if that assisted with the issue you’re seeing at all.

It looks like that email is being delivered to the user “” – but so far as I can tell, your server isn’t actually hosting that domain name.

Is that correct? The domain “” isn’t hosted at your server?

If so – the domain that this email is being delivered to, does it by chance have catch-all email enabled for it? A catch-all address would be configured in “Edit Mail Aliases”.


For Mailserver Im using Virtualmin GPL. So that option not available there. I only can see that option in my Virtual Host server where using Virtualmin PRO. Actually it is “”. I just dont want to paste over here so I changed the domain to mof. Avoiding spam as I can.

I am receiving a numerous amount of emails from some of the same ones in your full list. I do realize this is a year later and you most likely have this cleared up. However, I am very curious to know if they have completely stopped coming to you? This is over a year later and some of the same: company, group, machine or people, continue to get away with this. One which I received 12:39 A.M. Listed in Subject: Where the He** Are You??? I would rather not state the name of the company this is linked to as I do not want it to pop up and show in web search (that is how I was lead here, search results showing issues) Second if you have received more, I researched for a few hours - paths, names, etc… In one I was able to track the IP address to a company. In email, they put an address at the bottom, it listed address: Michigan in Search they are in California. I will report to as I just recvd another at 7:50 PM . I will be glad to share the info I found if needed.