Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Is Spam Assassin negatively impacted by recent upgrades?

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    8

    Default Is Spam Assassin negatively impacted by recent upgrades?

    I am using Postini on certain of my accounts, but I am using Spam Assassin on almost all of them. I have noticed an incredible increase in SPAM over the past month or two on my accounts that are using Spam Assassin only and I was wondering if it was a result of the upgrade to my server, cpanel55, or if it was just an increase in less detectable spam. Anybody experiencing this?

    I noticed after the upgrades, that any client that I had customized the Spam Assassin filter for (by changing the Spam score threshold only) had to be reset, but the recent increase in Spam had me wondering if there were some other changes that I need to make. I have set me score down as low as 3 on one of my accounts, but that is pretty scary. Has the "Scoring" system changed?

    I was just wondering if there were configuration changes that needed to be made. Thanks for any info anybody has.

  2. #2
    Administrator AndrewT's Avatar
    Join Date
    Mar 2004
    Location
    Tulsa, OK
    Posts
    3,635

    Default

    SpamAssassin scanning itself has not changed and does not change between server upgrades.

    SA is no where near as effective at detecting and removing spam as Postini is. It never has been and never will be.

    You can look at the headers of each e-mail and see what score SA is giving the e-mail and you can then adjust your auto-delete via cPanel accordingly. You could even set it to delete with scores above 5 and for scores 2-5 to move to a different folder.

  3. #3
    Junior Member
    Join Date
    Aug 2006
    Posts
    8

    Default

    When I was formally setting up SpamAssassin, I would have it rewrite the subject line and include the score assigned to each piece of mail. I would then determine which value to use as a threshold based on that information. I can't seem to find a way to rewrite the subject with the score any longer. I have also looked through the headers of the SPAM I am receiving and am unable to see any score assigned. I tried turning off my "auto delete" to see if that had an effect and it didn't. here is a header from one of my recent spams. I have changed my email address to xxx@xxx.com for obvious reasons.


    From - Tue Feb 05 12:13:18 2008
    X-Account-Key: account3
    X-UIDL: UID7498-1162334523
    X-Mozilla-Status: 0001
    X-Mozilla-Status2: 00000000
    X-Mozilla-Keys:
    Return-path: <luigi@franceloisirs.com>
    Envelope-to: xxx@xxx.com
    Delivery-date: Tue, 05 Feb 2008 11:50:12 -0600
    Received: from exprod8mx208.postini.com ([64.18.3.108] helo=psmtp.com)
    by cpanel55.gzo.com with smtp (Exim 4.68)
    (envelope-from <luigi@franceloisirs.com>)
    id 1JMRvv-0007Kr-0D
    for xxx@xxx.com; Tue, 05 Feb 2008 11:50:11 -0600
    Received: from source ([72.45.98.189]) by exprod8mx208.postini.com ([64.18.7.14]) with SMTP;
    Tue, 05 Feb 2008 12:50:01 EST
    Message-ID: <000801c86830$05dcbee7$e0a68388@taicmab>
    From: "Exquisite Replica" <luigi@franceloisirs.com>
    To: "Replica Watches" <xxx@xxx.com>
    Subject: Watches
    Date: Tue, 05 Feb 2008 18:02:41 +0000
    MIME-Version: 1.0
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_0005_01C86830.05D7DEEF"
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2900.3138
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
    X-pstn-levels: (S: 0.00000/43.69844 CV:99.9000 R:95.9108 P:95.9108 M:97.0282 C:98.6951 )
    X-Antivirus: avast! (VPS 080204-0, 02/04/2008), Inbound message
    X-Antivirus-Status: Clean

    This is a multi-part message in MIME format.

    ------=_NextPart_000_0005_01C86830.05D7DEEF
    Content-Type: text/plain;
    charset="iso-8859-1"
    Content-Transfer-Encoding: quoted-printable

  4. #4
    Administrator AndrewT's Avatar
    Join Date
    Mar 2004
    Location
    Tulsa, OK
    Posts
    3,635

    Default

    You do not have any easy control over the rewriting of subjects as cPanel removed this. Instead you will get ***SPAM*** if the score is 5 or higher.

    The headers that you've shown do not have SA data in them. Either the server got hit hard with e-mails and was unable to process them all at that particular moment or SA isn't enabled on the domain. Rather than delay e-mails it will deliver them without scoring them if they cannot immediately be scored.

  5. #5
    Junior Member
    Join Date
    Aug 2006
    Posts
    8

    Default

    This is what my Spam Assassin screen looks like. (I have disabled "Auto Delete" to see if I get the SPAM message in the header and to see what impact it has on the amount of SPAM I'm receiving)

    ----------------------------------------

    SpamAssassin is currently Enabled.

    Filters

    Spam Auto Delete is Disabled

    You can automatically delete messages marked as spam. First set the number of hits required before mail is considered spam.

    (Note: 5 is the default setting. The higher the number, the more conservative the setting.)

  6. #6
    Administrator AndrewT's Avatar
    Join Date
    Mar 2004
    Location
    Tulsa, OK
    Posts
    3,635

    Default

    If it is enabled then you should be able to check several of your e-mails and see that they do have Spam Assassin headers in them. Occasionally e-mails will get through without them as I noted above but for the most part they should be present.

    If you do not see the headers then please submit a ticket with the specific e-mail address in question and we can take a look at it.

  7. #7
    Junior Member
    Join Date
    Dec 2007
    Posts
    2

    Default

    I also have noticed an incredible increase in Spam over the past month using only SpamAssassin.

  8. #8
    Administrator AndrewT's Avatar
    Join Date
    Mar 2004
    Location
    Tulsa, OK
    Posts
    3,635

    Default

    Spamming techniques are always changing. SpamAssassin, however, virtually does not. An adaptive filtering system, such as Postini's filtering, will always perform much better. If the spam poses that big of a problem for you, then you should consider it.

    You are also only seeing one side of the story. You do not see that the overall volume of e-mail (mainly spam) being processed has significantly increased nor do you see how much spam the server is actually blocking. A good 85% of the e-mails that we process are tagged as spam.

    One thing that you may want to try doing is lowering your auto-delete rule for SA in cPanel. The lower the score the more spam will be blocked however it is also possible for the server to start rejecting legitimate mail if the score is set too low. If you view the full headers of the spam e-mails that you are receiving, you will be able to see what score SA assigned to that particular e-mail. You can then adjust your auto-delete rule accordingly.

    Nothing has changed in the way that SA fundamentally scans e-mails. If anything, the catch rate has increased as we have added hardware upgrades to the SA server in the past few weeks so that it could keep up with very high spikes in incoming e-mail instead of passing a bunch of e-mails on without any scores at all.

  9. #9
    Junior Member
    Join Date
    Dec 2007
    Posts
    2

    Default

    Thanks for your reply Andrew. I will look at message headers in order to lower the spam score (if I can).

  10. #10
    Senior Member
    Join Date
    Sep 2005
    Location
    Russia, Nizhny Novgorod
    Posts
    315

    Default

    You mean that after the upgrades, the SA server is blocking (tagging as SPAM) the same percentage of e-mails (said 85%), but the amount of SPAM has significiantly increased, so, say, when I've been getting 100 messages per day and it was blocking 85% I've been getting 15 e-mails, now they send 200 mails so I get 30? Could you please provide some stats like you're doing every moth for Postini?

    P.S. I am using SA+Evo on my desktops. It's performing VERY well (blocking like 97%-98% of SPAM and not blocking legitimate mails at all), but it took some time to train it and the amount of SPAM increases every two weeks and decrease after a day of training.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •