Email Spams On My own Email Address

2. This line
{<{$message_size}{100k}}
needs to be about ~100K larger than the size Outlook reports if you want SpamAssassin to scan it. Changing it from 100k to 200k would still skip the phishing messages that Outlook reports at 113k, 146k, 172k, 173k while it would start to scan the SBS messages that show 108k-115k. If I make it 300k, it scans the phishing messages as well. I don't understand why, but it was very repeatable.
You should use the SURBL modification and the extra clamav signatures if you want to catch the phishing emails. It works very well.
 
I do understand why...
I read it, and decided to take your word for it.:D All I know is just because Outlook said it is small enough, doesn't necessarily mean it will scan it. In one case, the a larger attachment, 115k got scanned, and not the one slightly smaller, 113k, while I had the size set to 200k. However, the smaller one was binary while the slightly larger one was no doubt 7 bit ASCII. The 115k ASCII attachment was the largest I had to test with. It may have been able to do much closer to the 200k. I suppose if you attached a file to an e-mail, you would want it to read the same as it is on disk, so Outlook's approach for reporting the size is probably the best in most cases.

...freshclam -d -c 24...tells it to check 24 times in 24 hours, or in other words, hourly.
They also have a parameter in /usr/local/etc/freshclam.conf named Checks that does that too.

You should use the SURBL modification and the extra clamav signatures if you want to catch the phishing emails. It works very well.
I'm putting together procedures that work with DA and keeps out spam and viruses, so I'm willing to incorporate anything that works and is maintainable. How do I implement this?

Thanks!
 
The quickest would be to search this forum...
That's what I've been doing, but coordinated solutions are slim picking in this area. I'll check out your links.

Exim (ClamAV[xtra]+Spamblocker+BATV+DKIM[in/out]+DSPAM+SURBL+Multi-IPs+SSL) Dovecot (LDA+SASL+Quota+Sieve+DSPAM)
But before I do any more, how well is this working for you, and how much work is it to maintain?

I'm also wondering if starting with Jeff's newest exim.conf/SpamBlocker has enough benefits to outweigh the benefits of sticking with DirectAdmin supported exim.conf/SpamBlocker 2.1.

Thanks!
 
SURBL is a set-and-forget type of solution. You just keep an eye on things.
The ClamAV signatures are downloaded just like the regular ones, so it's no more work that just setting it up. The script gets updated once in a while, so you just make the changes if needed.
In other words, it's low maintenance.
Regarding the other stuff, most of it is just scripting, so I think one is safe until the way the configuration in Exim and Dovecot changes (new releases), then you'll be on your own to maintain on the changes you've made on top of the DA standard conf.
 
I've just posted in a DKIM thread for someone to explain it clearly and create a DIFF file for me (after I post RC6 tonight).

Now I'm posting here about BATV. If you think BATV is helpful, explain why in this thread, clearly and specifically, and create a diff file for me, between the new RC6 (to be uploaded later tonight) and your code with BATV.

Otherwise I can't consider it.

And note that I'm feature-locking exim.conf at the end of this coming weekend. On Monday morning I'll work on the final RC.

Jeff
 
Batv

Hi,

What is the current situation around BATV?
I enabled DKIM, I guess just fails now BATV to pass all the tests from allaboutspam.com
 
I resolved the bounce/backscatter issue by setting each domain's catch-all email to Ignore. Works in my before/after testing. They were on Fail/Reply by default.

Is this just a quick fix or should I also use BATV etc and other approaches in this thread? I'm not a techie.
 
I have BATV configuration and [email protected] say me that I have correctly configuration, but still I get a lot of spam "from myself" on many domains. I use Spamblocker 4.
What can I do else to block this spam ?
 
Last edited:
Back in 2010 (see post #7 to this thread) I erred and allowed this thread to become a discussion on BATV, even though the subject has nothing to do with spam coming from your own email address. See post #4 on this thread (and also a post I made to a different thread within the same week) for information as to how to block emails which appear to come from yourself, and why, in my opinion you shouldn't do it.

What you should do is block all spam by other means available, which will of course block spam which comes from you as well, as long as your server doesn't have your own email address or domain whitelisted. You should never whitelist an email address or domain name hosted on the server as doing so will cause your server to be an open relay.

Jeff
 
This thread started out as a thread on spam coming from your own email address or spam coming from an address on your own domain (the discussion subject is a bit misleading), and ended up a discussion on using BATV to eliminate what I believe we call backscatter spam.

Should I break out the thread into two?

Jeff
 
See post #4 on this thread (and also a post I made to a different thread within the same week) for information as to how to block emails which appear to come from yourself, and why, in my opinion you shouldn't do it.

Jeff

Thanks Jeff for your answer. I've seen before your post #4 but this information is not nice to apply. Otherwise in Spam filters I didn't see option to apply your sugestion. "Block mail from an entire domain:" it could be, but then another user from the same domain will not be able to send me.
 
Last edited:
You could write custom code for exim.pl, but I don't recommend it. Instead find out if there's a SpamAssassin rule


I find that I've got a bunch of accounts where I get email from me, to me; I'm not sure of the details as to why, but for example in reseller accounts set up in the LogicBoxes (logicboxes.com)system for domain sales which we use to sell domain registration. We need those emails. Your mileage may certainly vary.

Jeff
 
You could write custom code for exim.pl, but I don't recommend it. Instead find out if there's a SpamAssassin rule


I find that I've got a bunch of accounts where I get email from me, to me; I'm not sure of the details as to why, but for example in reseller accounts set up in the LogicBoxes (logicboxes.com)system for domain sales which we use to sell domain registration. We need those emails. Your mileage may certainly vary.

Jeff
 
Back
Top