OK… panic mode here… i’m getting TONS of spam to my an email address within one of my domains… it’s as if the spam filter is not working… i’ve poked around in the various logs but have not been able find anything…
where should i look?
or better yet…how can i STOP the spam!!!
thanks…
i have same problem from yesterday. All the domains mail quotas blocked with this spam mail. So how can i delete all this spam. And how can change the spam mail saving configuration. what must i do delete all the spam directly?
Please help
issue is that email is not getting scanned by the spam filter so none of the email is getting caught… it’s all being passed to the inbox instead of the mail folder… it’s like spamassisan just stopped working
yes, what must we do ?
at this day we update some packages, and at that moment we are under spam rain
i’ve reviewed a few email headers and noticed that spamassassin was not canning any of the emails… or at least there was no sign on scanning in the email header… maybe Joe from virtualmin will chime in here and help…
Hey guys,
I actually saw this behavior on Virtualmin.com a few days ago–not sure what triggered it, but a restart of the spamassassin daemon fixed it. Of course, if you aren’t using spamd, then this definitely won’t solve the problem.
On most Linux systems, I think this would do it:
/etc/init.d/spamassassin restart
If that doesn’t solve the problem, check the maillog/mail.log to be sure mail is being delivered to procmail-wrapper. If so, look in the procmail.log to see if there are any clues about what’s going wrong. If not, send along your /etc/procmailrc and we’ll see if there are any hints there. Finally, the procmail rules for the domain in question have the final say on delivery–but that’s a little harder to find, as it’s in a numbered file within /etc/webmin/virtual-server/procmail.
ok a restart is now showing the X headers in the email
X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on mysite.com
X-Spam-Level: *
X-Spam-Status: No, score=1.5 required=3.0 tests=BAYES_00,FORGED_RCVD_HELO,
HTML_MESSAGE,KAM_STOCKOTC,URIBL_BLACK autolearn=no version=3.1.9
X-Original-To: me@mysite.com
but the scoring is way off… this email was a huge spam email… viraga content…and such…
so how do i fix the spam level… and i dont mean the user_prefs I’ve change the score to 3.0
emails that are MAJOR spam are being marked really low…
There is no change when ru /etc/init.d/spamassasin.
So now what must we do? This so urgent for my server. Please say clearly again.
another sample
[code:1]
Return-Path: <Cash4Gold@remotenow.info>
X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on mysite.com
X-Spam-Level:
X-Spam-Status: No, score=0.7 required=5.0 tests=BAYES_00,GET_PAID,HTML_MESSAGE,
OPTING_OUT_CAPS,URIBL_BLACK autolearn=no version=3.1.9
X-Original-To: me@mysite.com
[/code:1]
This one scored a bit higher bit still was not blocked…
the score of 4.5 was higher than the 3.o required…
[code:1]
Return-Path: <3f0.4.44416897-6343066@guylikesme.com>
X-Spam-Checker-Version: SpamAssassin 3.1.9 (2007-02-13) on mysite.com
X-Spam-Level: ****
X-Spam-Status: No, score=4.6 required=3.0 tests=BAYES_00,HTML_90_100,
HTML_MESSAGE,MIME_HTML_MOSTLY,URIBL_BLACK,URIBL_OB_SURBL autolearn=no
version=3.1.9
X-Original-To: me@mysite.com
[/code:1]
This is not a spamassassin on my server. This caused by ClamAv update. i updated the ClamAv yesterday. And all of my mail did not go to user. i think all the my mail assigned infected and sent to tmp/clamav… Or what else? Because when i remove the clamav from the system. all thing are normal. But then whrn i reinstall it, same problem continue again.
Please help…
First piece of advice: Start a thread about your problem. This thread is about spam and spam delivery. So, all of the advice doesn’t apply to your case at all.
I have seen your multiple other threads about your clamav issues…how about picking one of those threads, and follow up on it with reasonable information (like log entries) so we can help you solve the problem? Don’t chime in on completely unrelated threads. It confuses everybody (me, especially, as I’m trying to answer dozens of posts every day, on top of a couple hundred emails and another couple dozen tickets in the tracker). Take pity on poor, easily confused, old me. 
ok. you are right
i apologize.
Thank you.
The biggest spam problem occurring at the moment (for about the past 2 months) is NDRs (Non-Delivery Receipts) – 554 (service unavailable) or 550 (user unknown) "bounce" errors. These are legitimate responses from mailservers which have been hit using reply-to addresses harvested from your web users.
Although this sort of attack has been used sporadically in the past, it now seems to be commonplace. We have 2 or 3 users per day complaining about it. It appears to actually be a tactic to get users to actually open and investigate, and click the links inside the NDR’s if they copy the message text back to the reply-to recipient.
Load on our mailservers is higher than it has been since we started using Postini to filter the majority of our mail and mailservers.
More info:
http://www.chattanooga.net/20080407112/faqs/web-hosting/email-cloaking.html
(yes, I wrote that FAQ so I could easily reply to the hundreds of customers who are complaining about this very issue).
spam is still getting through… it’s not getting scored correctly by spamassassin… there is a score applied to ‘some’ of the emails but tno all of them… and the score that is applied is VERY low like 0.5 or less
so now what?
Any ideas guys on what could be up? Is it a problem in the procmailrc file?
You’ve actually got two different (and incompatible) rulesets there. Remove these lines:
:0
$DEFAULT
:0
The last two, in particular, aren’t the right way to go–it takes control out of the hands of Virtualmin (and your users).
But, neither of these things has any impact on spam filtering… All of the spam filtering happens in the VIRTUALMIN section, and the behavior of procmail is determined by the configuration (per-domain and possibly per-user).
You’ll want to look in the procmail.log to see if there are any clues.
You’ll also want to be sure Postfix is actually delivering to procmail-wrapper. Check the maillog/mail.log for this.
So I’m having this issue also, that I don’t think spamassasin is doing anything. I’ve restarted it and checked maillog and procmail.log. procmail.log has stuff in but in neither log file can I see any mention of spam checking.
This is my procmailrc file:
[code:1]
LOGFILE=/var/log/procmail.log
TRAP=/usr/libexec/webmin/virtual-server/procmail-logger.pl
:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME
:0
That also doesn’t look like it’s doing anything spam related aside from the X-Spam-Status line.
Help would be appreciated.
So I’m having this issue also, that I don’t think spamassasin is doing anything. I’ve restarted it and checked maillog and procmail.log. procmail.log has stuff in but in neither log file can I see any mention of spam checking.
This is my procmailrc file:
[code:1]
LOGFILE=/var/log/procmail.log
TRAP=/usr/libexec/webmin/virtual-server/procmail-logger.pl
:0wi
VIRTUALMIN=|/etc/webmin/virtual-server/lookup-domain.pl $LOGNAME
:0
That also doesn’t look like it’s doing anything spam related aside from the X-Spam-Status line.
Help would be appreciated.