We're testing an install of SpamAssassin on one of the internal servers. If it continues to wok well, we'll be releasing it on all DA servers soon.

I'll follow up on this in a few days.

Joe

YES! :D

SpamAssassin is now ACTIVE on www5 and www9.

Here's MORE INFORMATION (http://au.spamassassin.org/index.html) on SpamAssassin ...

Please let me know if there's any problems.

We're trying to take a very proactive approach to spam - you hate it, I hate it, and it does NO good for the servers. We've still got a couple tricks up our sleeves, they haven't won yet :)

Joe

Joe,

Is this something we'll be able to configure / monitor ourselves (e.g., tweaking our own filters) or is it "invisible" to us?

Thanks for this great add-on!

OZEE

Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email.


The spam-identification tactics used include:

header analysis: spammers use a number of tricks to mask their identities, fool you into thinking they've sent a valid mail, or fool you into thinking you must have subscribed at some stage. SpamAssassin tries to spot these.

text analysis: again, spam mails often have a characteristic style (to put it politely), and some characteristic disclaimers and CYA text. SpamAssassin can spot these, too.

blacklists: SpamAssassin supports many useful existing blacklists, such as mail-abuse.org, ordb.org or others.

Razor: Vipul's Razor is a collaborative spam-tracking database, which works by taking a signature of spam messages. Since spam typically operates by sending an identical message to hundreds of people, Razor short-circuits this by allowing the first person to receive a spam to add it to the database -- at which point everyone else will automatically block it.

Once identified, the mail can then be optionally tagged as spam for later filtering using the user's own mail user-agent application.

SpamAssassin requires very little configuration; you do not need to continually update it with details of your mail accounts, mailing list memberships, etc. It accomplishes filtering without this knowledge, as much as possible.

:evil:
How do we turn this on and make it work???

I'm getting spam !!!!

I too am getting more spam on the DA server. Either that or I've been added to another 50 spam lists (also possible).

It seems that the Spam-o-matic on the Ensim servers filtered out a bit more refuse. :evil:

Is there any way to tighten up the spamassassin rules?

I too am getting more spam on the DA server. Either that or I've been added to another 50 spam lists (also possible).

It seems that the Spam-o-matic on the Ensim servers filtered out a bit more refuse. :evil:

Is there any way to tighten up the spamassassin rules?


not related to spamassassin however you shoul try using spamgourmet services... It works out REALLY well for me over the past two year... I have used it EXCLUSIVELY for all online purchases (at least 3 or 4 a week) and for all corspondence with people that I dont know in person...
I as of so far in ?6? months of using hostpc in conjunction with spamgourmet, I have recieved no spam to my hostpc address...

Actually when I place orders online I use a discriptive email address so if it starts collecting spam I KNOW who it came from. Such as with Priceline.com. I bid about 11 months ago using an email address of ????pl.X.XXXX@spmgourmet.com that pl means i used at priceline and that is the ONLY place i ever used... So far, according to stats on spamgourmet, priceline has attempted to send me 112 messages to that address, all of which are being swallowed by SG... I haev about 95 to 125 of these address with a total of probably 1000 to 1500 spam messages "swallowed" already...

give it a try. it is free...

Joe or Nick -- we need your help in here!

Unfortunately, the spam I'm getting are to the webmaster@ addys for my various websites (and they're not exposed anyplace on the sites...). Spamgourmet is fine - but not for those...

There are additional spam blockers in your e-mail control panel - you can filter by domain, ignore adult mails etc ...

Have you tried those?

No, I haven't.

But emails with "Email Advertise to 74 Million People h kk" from a known spammer sourcing out of an email service that's on every spam fliter's black-list ought to be caught by ANY spam-blocker... especially spamassassin.

And will the filters catch spoofed addresses. It seems like an awful lot of the spam I get originates from comcast.net - but you have to dig to get that info. The (bogus) return and from addys are typically yahoo, hotmail, ... but they originate at comcast.net. Will these filters catch if I set them to filter on comcast.net???

I have added quite a few blocks, and I am still getting **more** spam than when we were on ensim w/ spam-o-matic.

I went to spamassassin.org and found the following for testing...

7. Now, you should be ready to send some test emails and ensure everything
works as expected. First, send yourself a test email that doesn't contain
anything suspicious. You should receive it normally, but there will be a
header containing "X-Spam-Status: No".

... I am not seeing this in the headers of any emails that I get on my domain. I also sent myself the "GTUBE" test and it came through just fine...

:ph34r: I felt like I was sending myself SPAM! (like I really need that!)

Should I be seeing anything in the headers that says spamassassin is working?

is there a spam assassin section somewhere in the control panel? I'm on www9 and I can't find it at all.

No, spam assassin is running in the background so to speak...users have no control over the settings

What it does is puts the word "Spam" in the beginning of the subject..this give you a chance to filter it locally in your email client

oh, ok. I have to agree with others...it's not working.

I have not seen any changes or additions to the headers or subjects of any e-mails I receive through my hostpc account.

That's what I was saying last week. I'm getting spam through UNTOUCHED. Stuff that any spam-filter ought to catch.

And I've now received the same spam on all three of my sites. At first I thought it was from a bot-harvester that got my (unprotected) webmaster addy off of a page. But now I've gotten one from the site where my webmaster addy is encoded (bot-proofed).

Either that or they're just finding websites and sending to webmaster@...

Joe/Nick/???, is there any way to test to see if Spamassassin is working?
To my knowledge, I haven't received any "tagged" emails. I wouldn't mind if it just dropped the junk, but it would be nice to be able to send it a "known SPAM" to see if it is filtering. (I don't believe I'm asking to be able to send myself a SPAM message!)

Originally posted by tnas@Nov 10 2003, 04:35 PM
I don't believe I'm asking to be able to send myself a SPAM message!
What is this world coming to... lol :P

didn't we discuss this via PM ?

SpamAssassin is on DA, I think your site is on Ensim still, isn't it?

But mine are on DA (www8) and there is no indication that SpamAssassin is working.

(yes, I did send you a pm about it, too...)

um, www8 isn't a DA server, it's Ensim...

oops -- fatfingered... www9

http://www.directadmin.com/forum/showthrea...=&threadid=1024 (http://www.directadmin.com/forum/showthread.php?s=&threadid=1024)

Y'all can watch the progress - maybe there's a step I overlooked...

Joe

I'm on www9 too. www.diratslabs.com. (no PM to me)

I'll be watching!

Thanks for looking into it.

Can y'all (on 5 & 9) check your mail this morning and see if you notice anything different?

You should be seeing this in the headers:

X-Spam-Status: No, hits=0.6 required=5.0
tests=HTML_80_90,HTML_MESSAGE
version=2.55
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)

Or a positive check....

Joe

X-Spam-Status: No, hits=1.3 required=5.0
tests=HTML_20_30,HTML_MESSAGE
version=2.55
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)


Got it ! Thanks Joe!

How can I turn this SpamAssassin crap off?

I do NOT want Big Brother filtering my incoming mail! I am an adult & can decide what mail to read.

These spam filters are a joke. The people who write them are anti-business. Anything related to money or business triggers the filters. If I have signed up for a list that happens to be about marketing, that is NOT spam.

You should see some of the things that trigger the filter:

EXCUSE_4 (2.7 points) BODY: Claims you can be removed from the list
OPT_IN_CAPS (0.2 points) BODY: Talks about opting in (capitalized version)
OPT_IN (0.5 points) BODY: Talks about opting in (lowercase version)
EXCUSE_15 (1.4 points) BODY: Claims to be legitimate email
EXCUSE_19 (0.6 points) BODY: Claims you opted-in or registered
THIS_AINT_SPAM (1.9 points) BODY: Claims "This is not spam"
RICH (0.9 points) BODY: If only it were that easy
HTTP_WITH_EMAIL_IN_URL (0.3 points) URI: 'remove' URL contains an email address
CLICK_BELOW (0.1 points) Asks you to click below
FORGED_MUA_OUTLOOK (3.5 points) Forged mail pretending to be from MS Outlook

That last one is a real joke, because I ran a test message thru one of these so-called spam checkers. I use Outlook, yet that "forged" message was generated.

Notice most of the things a responsible mailer does actually TRIGGER the filter, such as reminding the user they signed up, providing an unsubscribe link, etc.

I want this crap off my accounts ASAP.

From SpamAssassin's page:

Although we wrote the program, it is your system administrator who chose to use it, and we have absolutely no control over the filtering rules set up by the administrator.

We strongly urge ISPs installing the product to notify their users when it's installed, and to not enable it by default -- but many seem to ignore this advice. We agree, that's totally unprofessional. :(

We're going to be uninstalling SA tonight.

Thanks.

Just so nobody misunderstands me, I don't mind if other people want to use things like this on their own accounts. I just don't want it on mine, because after seeing what they consider spam, the tool is pretty worthless.

The real test of "is this spam" is whether the receiver signed up for the list that sent it. I don't see how any third party tool could determine that.

isnt there an option to just simply turn it off?

I personally dont mind a spam filter

Unfortunately, with SA, it's either on or off for the entire server, there's no middle ground PER domain....

I would STRONGLY suggest y'all get a good spam filtering program, especially with the holiday garbage clogging our mailboxes daily. There are some basic filters built into your control panel, they do work, but admittedly dont' filter everything

I'm still a 100% fan of SpamNet ... it's doing a wonderful job for me.

Now, I will say this. I initially installed SA thinking "everyone wanted it". It has ALWAYS been against my better judgement to make that decision on behalf of everyone. I'm a firm SPAM HATER, but I firmly believe, and always have, that it should NOT be a providers choice on what IS and what is NOT spam. SA basically put me in that position.

Joe

I'm in favor of ANYTHING that kills spam.. I get so much of it, I don't have time to read my real email.. too bad you couldn't have one or two servers with SA on them for those of us who want it.

Originally posted by bluesguy@Nov 12 2003, 09:10 PM
I'm in favor of ANYTHING that kills spam.. I get so much of it, I don't have time to read my real email
Ditto... I adamently hate SPAM, the question this thread brings is WHAT is considered spam, who decides what the spam IS, and how is it handled.

My "perfect spam trap" would allow ALL mail to come to my box, but be smart enough to know what I've identified as spam, without deleting it unless I specifically told it to. I want that choice, I don't want someone else making that choice for me, and I think thats what Flyer was trying to say.

So far, (I know I've said this a million times), SPAMNET is doing an excellent job of learning what is, and what is not, spam (with the exception of those damn overstock.com and buy.com e-mails).

On any given day since I've installed it, it's filtered out over 400 spams from my inbox. Yes, there are mistakes - most of which it learns, and doesn't allow to happen again. I think I've only restored ONE from the spam folder and flagged it NOT as spam... otherwise, it's been 100%. I do a quick check daily to see what I've missed, but again, "I" have that control.

Agreed.. I'm using SPAMNET and it's doing a pretty good job.. it just misses a lot of what I consider spam.. I guess it will learn eventually as I use it to block almost all advertising email.

My home-ISP is using a spam service from Postini (http://www.postini.com) that seems real good. It runs invisibly (most of the time) and has user-definable filters and levels. If you don't want to use it, you can basically open up the filters so wide that only the most blatant spams will be caught. On the other hand, you can also close it up so tight that nothing passes.

It also has the built-in ability to both black-list and white-list senders.

When spam is detected, it sucks it out into a quarantine area - off line so it doesn't consume your time downloading it - where you can decide what you want to do with it. If you want to keep it, you can select to let in pass on through. If you want to flush it -- it's gone forever.

This service also does a virus check on everything that goes into my inbox.

Now, this service is not something that we mere mortals can select. It's something that is provided at the server level. I think Joe could set it up for us, but I can't...


And I do see both sides of this argument. But there's a lot of stuff out there that I don't want my kids seeing. And if it gets downloaded to my computer - they might see it, even if it's put into a spam-box in my outlook files...

It's a tough decision... Good luck, Joe! And keep up the good work. You've got a good thing going here!

I too thought that SA was doing a fine job of filtering.

Is there a possibility of having SA still scan the mail and put the results of the tests in the headers without marking the message as SPAM and making it an attachment? That way we could still filter on the results of the tests.

I don't know if this is configurable though.

After wandering around Spamassassin site...
it seems that there are some configuration options available...? :huh:

The one I was speaking about-->
(from http://au2.spamassassin.org/doc/Mail_SpamAssassin_Conf.html)


report_safe { 0 | 1 | 2 } (default: 1)

if this option is set to 1, if an incoming message is tagged as spam, instead of modifying the original message, SpamAssassin will create a new report message and attach the original message as a message/rfc822 MIME part (ensuring the original message is completely preserved, not easily opened, and easier to recover).
If this option is set to 2, then original messages will be attached with a content type of text/plain instead of message/rfc822. This setting may be required for safety reasons on certain broken mail clients that automatically load attachments without any action by the user. This setting may also make it somewhat more difficult to extract or view the original message.

If this option is set to 0, incoming spam is only modified by adding some X-Spam- headers and no changes will be made to the body. In addition, a header named X-Spam-Report will be added to spam. You can use the remove_header option to remove that header after setting report_safe to 0.


There also seems to be a ignore list



whitelist_to add@ress.com

If the given address appears as a recipient in the message headers (Resent-To, To, Cc, obvious envelope recipient, etc.) the mail will be whitelisted. Useful if you're deploying SpamAssassin system-wide, and don't want some users to have their mail filtered. Same format as whitelist_from.
There are three levels of To-whitelisting, whitelist_to, more_spam_to and all_spam_to. Users in the first level may still get some spammish mails blocked, but users in all_spam_to should never get mail blocked.


more_spam_to add@ress.com

See above.

all_spam_to add@ress.com

See above.



And wildcards are allowed too *@domain.com


Can we use any of these? The site also mentions SITE and USER preference files.

I can understand why Joe had to take it off the servers.. one complaint is one too many. Hopefully something more user-controlled will come along

Originally posted by bluesguy@Nov 13 2003, 04:58 PM
I can understand why Joe had to take it off the servers.. one complaint is one too many. Hopefully something more user-controlled will come along
Its off? <_< i am not getting any spam... maybe all these spam blockers and filters i have running actually work... :unsure:

heh, yeah, it's off

Has this been put back on? I've started getting messages blocked by Spam assassin and it for things I've signed up for. I must admit Spam Assassin seems pretty worthless.

I've got SA configured on one server - but it is NOT set to block ANY mail - it just tags the subject line....

Joe

Originally posted by Joe@May 2 2004, 02:09 PM
I've got SA configured on one server - but it is NOT set to block ANY mail - it just tags the subject line....

Joe
I goofed cause I was in a hurry. It isn't blocking spam, but it's doing more than adding SPAM in the subject. It's putting the whole message as an attachment...I know spam is annoying, but so is this "extra" I'm now getting with my email...

Forgive me because I haven't read the entire thread yet.
My vote is, please don't put anything on the server that blocks/filters/whatever my email. There are plenty of ways for me to do that on my end. Mozilla, for one, has excellent filtering and spam recognition abilities. Too often I've not received mail that I should have because it was filtered out as spam by the ISP, or maybe it was here @ spamassasin. I would really prefer full control (even if it means I have to educate myself) over my email. Please don't hold my hand on this one by installing a spam filter on the server just because some people hate spam - any spam - and don't don't know how to prevent it. Thanks. :ph34r: (I still don't know what ph34r means)