Over the last 24 hours, I received 47 spam e-mails on my domain, and only 7 were marked as spam by Spamassassin.

I don't know about others, but I'm not particularly interested in turning my threshold (which is currently 5.0) down because I'm finding that legitimate e-mails are scoring higher than the spam.

What can I actually do, short of adding all my family and other known contacts to the white list (which I think is a bogus solution) and dropping the threshold to something <1 (which is near the score of many of those actual spams)?

While I realize this isn't a large number of spam, it's still a PITA, particularly because the filter isn't working.

Over the last day or two I've also noticed that SpamAssassin isn't doing anywhere near as good a job at catching spam. Have the spammers outsmarted SA?

I too have noticed that the SPAM scores of (un)legitimate SPAM has gone down.
I was catching 50-60% now that has dropped to around 35%.
I was wondering if the ruleset had been changed or default scores been modified?

I CAN'T believe spammers have gotten smart....
...maybe more devious! :angry:

Devious yes! and possibly more clever - but I surely hope not smarter.

I picked up 16 more last night since my first post and only 1 was caught by SA. That's a pathetic record. Most are the stock related spams, with a few being cheap software, not as many for meds these days.

They've gotta be changing their methods or something. About 6 months ago our IT group must have put some spam catcher in at work, because I went from hundreds of spam a day to a maximum of 4 a week. I've noticed that in the last month or so that number is quickly rising, and it's now no longer surprising to find at least 5 a day.

Freakin' spammers.

Part of the problem is that the version of SpamAssassin we are using is over a year old. The rules are not updated like virus definitions, they are built in. To get the new rules we need the new version. I am very interested in a server-side solution that works, and does not cost more than the hosting does.

In order to get new spamassassin versions we need to push the Direct Admin crew over at the DA forums (http://www.directadmin.com/forum/index.php)

We should probably also be pushing for a better IMAP daemon, but that's another topic all together.

Although I agree, it would be great to have the newest version....

The thread started with the change that has been seen with SA. It was working at a pretty decent level of detection, and then something seemed to change... rather quickly... to reduce the detection of SPAM.

True, however, I have noticed changes in the spam e-mails as well. They are far more simple, and don't include all the generic words designed to fool bayesian filters.

Most of mine actually look like legitimate e-mail - though the temptations of cheap meds, cheap software and stock tips give them away.

http://www.hostpc.com/forums/index.php?showtopic=1871

WHOOOO HOOOOO!
Let's see how it does! :P

Yep..... www13

version=3.0.1

cool...

Originally posted by spamassassin
Subject: Micr0s0ft Update warning - January 24th
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on www15.hostpc.com
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=HELO_DYNAMIC_IPADDR2,
HTML_30_40,HTML_MESSAGE,INFO_TLD autolearn=no version=3.0.1

That's a better score but still pretty low. The message content is a mix of barely intelligible blather and a 'real e-mail'. I may have to RTFM to see if I can help eliminate some of this junk getting through.

29 spam today - over the last 14 hours or so. Only 5 were marked as spam by SA. Things don't seem that much more promising.

I have certainly not seen the improvement I had hoped for. I also tried adding a custom rule, but I must be doing something wrong as it is not working. The lines I added are:

header VS_STOCK_SUBJECT Subject =~ /st0ck/i
score VS_STOCK_SUBJECT 2

I added this to my user_prefs file using the da interface. I had hoped this would pick out the unwanted st0ck tips, and if it worked I was going to add other common words with numbers in them.

Any ideas?

Originally posted by vickys@Jan 29 2005, 10:28 AM
I have certainly not seen the improvement I had hoped for. I also tried adding a custom rule, but I must be doing something wrong as it is not working. The lines I added are:

header VS_STOCK_SUBJECT Subject =~ /st0ck/i
score VS_STOCK_SUBJECT 2

I added this to my user_prefs file using the da interface. I had hoped this would pick out the unwanted st0ck tips, and if it worked I was going to add other common words with numbers in them.

Any ideas?
Quoted post


Does it work for you ?? cause i've been getting this alot lately but it went to my junk-mail folder in outlook.

Thanks

No, emails with st0ck in the subject are not being scored for it. I don't know why, it looks like it should work. I'm no expert on this so I am probably missing something. Maybe someone here can tell me what.

From the SpamAssassin docs online:
allow_user_rules { 0 | 1 } (default: 0)
This setting allows users to create rules (and only rules) in their
"user_prefs" files for use with "spamd". It defaults to off, because
this could be a severe security hole. It may be possible for users
to gain root level access if "spamd" is run as root. It is NOT a
good idea, unless you have some other way of ensuring that users'
tests are safe. Don't use this unless you are certain you know what
you are doing. Furthermore, this option causes spamassassin to
recompile all the tests each time it processes a message for a user
with a rule in his/her "user_prefs" file, which could have a
significant effect on server load. It is not recommended.

Note that it is not currently possible to use "allow_user_rules" to
modify an existing system rule from a "user_prefs" file with
"spamd".

Link to particular page is here (http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Conf.txt)

User rules are probably not turned on.

Just a tip, you probably have already figured out, you can modify the scores of tests already being done.

Sounds like the other side has upped the ante.

Junk e-mails on relentless rise
http://news.bbc.co.uk/2/hi/technology/4225935.stm

Spam traffic is up by 40%, putting the total amount of e-mail that is junk up to an astonishing 90%.

corrected link

Just to correct the link:
http://news.bbc.co.uk/1/hi/technology/4225935.stm

Here's even more evidence that spam continues to grow at a record rate:

http://news.com.com/Law+barring+spam+allow..._3-5558528.html (http://news.com.com/Law+barring+spam+allows+a+flood+instead/2100-7348_3-5558528.html)

Originally posted by tnas@Jan 31 2005, 05:29 AM
Just a tip, you probably have already figured out, you can modify the scores of tests already being done.


Yeah, but if the e-mail looks legit enough - as many of my new spams do, it's not getting any score and that's where the problem arises.

Here's a new story about SPAM going to 95% :angry:
http://news.zdnet.com/2100-1009_22-5560664.html

They call it the "Email Meltdown"

don't people understand that if they fall for the ad, no matter how infrequently they do it, it's like a blank check for spammers? mass e-mail is *so* cheap that there's little reason not to do it if someone - anyone is biting the bait.

what's with people????

Originally posted by thevillageinn@Feb 3 2005, 01:54 AM
don't people understand that if they fall for the ad, no matter how infrequently they do it, it's like a blank check for spammers? mass e-mail is *so* cheap that there's little reason not to do it if someone - anyone is biting the bait.

what's with people????
Quoted post


This just in: People are stupid. News at 11.