OK… panic mode here… i’m getting TONS of spam to my an email address within one of my domains… it’s as if the spam filter is not working… i’ve poked around in the various logs but have not been able find anything…
i have same problem from yesterday. All the domains mail quotas blocked with this spam mail. So how can i delete all this spam. And how can change the spam mail saving configuration. what must i do delete all the spam directly?
issue is that email is not getting scanned by the spam filter so none of the email is getting caught… it’s all being passed to the inbox instead of the mail folder… it’s like spamassisan just stopped working
i’ve reviewed a few email headers and noticed that spamassassin was not canning any of the emails… or at least there was no sign on scanning in the email header… maybe Joe from virtualmin will chime in here and help…
I actually saw this behavior on Virtualmin.com a few days ago–not sure what triggered it, but a restart of the spamassassin daemon fixed it. Of course, if you aren’t using spamd, then this definitely won’t solve the problem.
On most Linux systems, I think this would do it:
/etc/init.d/spamassassin restart
If that doesn’t solve the problem, check the maillog/mail.log to be sure mail is being delivered to procmail-wrapper. If so, look in the procmail.log to see if there are any clues about what’s going wrong. If not, send along your /etc/procmailrc and we’ll see if there are any hints there. Finally, the procmail rules for the domain in question have the final say on delivery–but that’s a little harder to find, as it’s in a numbered file within /etc/webmin/virtual-server/procmail.
This is not a spamassassin on my server. This caused by ClamAv update. i updated the ClamAv yesterday. And all of my mail did not go to user. i think all the my mail assigned infected and sent to tmp/clamav… Or what else? Because when i remove the clamav from the system. all thing are normal. But then whrn i reinstall it, same problem continue again.
This is not a spamassassin on my server. This caused by ClamAv update.
First piece of advice: Start a thread about your problem. This thread is about spam and spam delivery. So, all of the advice doesn’t apply to your case at all.
I have seen your multiple other threads about your clamav issues…how about picking one of those threads, and follow up on it with reasonable information (like log entries) so we can help you solve the problem? Don’t chime in on completely unrelated threads. It confuses everybody (me, especially, as I’m trying to answer dozens of posts every day, on top of a couple hundred emails and another couple dozen tickets in the tracker). Take pity on poor, easily confused, old me.
The biggest spam problem occurring at the moment (for about the past 2 months) is NDRs (Non-Delivery Receipts) – 554 (service unavailable) or 550 (user unknown) "bounce" errors. These are legitimate responses from mailservers which have been hit using reply-to addresses harvested from your web users.
Although this sort of attack has been used sporadically in the past, it now seems to be commonplace. We have 2 or 3 users per day complaining about it. It appears to actually be a tactic to get users to actually open and investigate, and click the links inside the NDR’s if they copy the message text back to the reply-to recipient.
Load on our mailservers is higher than it has been since we started using Postini to filter the majority of our mail and mailservers.
spam is still getting through… it’s not getting scored correctly by spamassassin… there is a score applied to ‘some’ of the emails but tno all of them… and the score that is applied is VERY low like 0.5 or less
You’ve actually got two different (and incompatible) rulesets there. Remove these lines:
:0
$DEFAULT
:0
^X-Spam-Status: Yes
/dev/null
The last two, in particular, aren’t the right way to go–it takes control out of the hands of Virtualmin (and your users).
But, neither of these things has any impact on spam filtering… All of the spam filtering happens in the VIRTUALMIN section, and the behavior of procmail is determined by the configuration (per-domain and possibly per-user).
You’ll want to look in the procmail.log to see if there are any clues.
You’ll also want to be sure Postfix is actually delivering to procmail-wrapper. Check the maillog/mail.log for this.
So I’m having this issue also, that I don’t think spamassasin is doing anything. I’ve restarted it and checked maillog and procmail.log. procmail.log has stuff in but in neither log file can I see any mention of spam checking.
So I’m having this issue also, that I don’t think spamassasin is doing anything. I’ve restarted it and checked maillog and procmail.log. procmail.log has stuff in but in neither log file can I see any mention of spam checking.