Hi, I need your help. Thursday 23 i actived the option premium spam and virus email filtering because some accounts of my domain receive many spam, but the problem is same, i receive many spam.


In live Chat ( Monday 27 and Thursday 30) suggest to me i will write to you and forward a email with the full header attached for check what is the problem, then by example i receive emails with this header:


Nadine wrote:
Unbalanced
hi it's Meredith
hi it's Brandon
Re: Help
hi it's Bowling
inter.net.ec mailing list memberships reminder

and many more, this is a example of received spam:





-----Mensaje original-----
De: Violet Bowling [mailto:Ingrid'smarjoram's@aaronsteinsettlements.co m]
Enviado el: Miércoles, 29 de Noviembre de 2006 08:01
Asunto: hi it's Bowling



We have giving you winner after winner this year and things are only

become better!



The 21st century house is one in which broadband is available in every room.

Video streams to wherever you choose to watch it. House appliances are seamlessly

integrated into a comprehensive network. This is already a reality for

the wealthy, and is just now becoming a booming

business as it spreads to the middle class house.

Our next feature makes this all possible, and is bringing it to the world!



Advanced Powerline Technologies



Stock: APWL

Current Price: 0.100

Short Term Target: 0.27

Long Term Target: 1.10



An incredible news is expected out of the company very soon.

This will be backed up by a PR blitz and I'm sure you can guess what will

happen to the price of this stock!

Tech companies blast off on news like this. Get in before this one takes

off and ride it all the way to the bank!

---

LITTLE ROCK, Arkansas (AP) -- Wesley Clark said Tuesday he wants to avoid waiting too late to make a decision on whether to run for president -- a mistake he made in his failed 2004 bid.

TAMPA, Florida (CNN) -- Eight former employees of the Bay County Sheriff's Office were charged Tuesday with aggravated manslaughter in the death of a 14-year-old at a Florida boot camp for juvenile offenders.

WASHINGTON (Reuters) -- Democratic Sen. John Kerry, considering a second bid for the U.S. presidency, finished dead last in a poll on the likability of 20 top American political figures.



I have actived the spam filter, in panel control – email manager – spam assasing – i have actived Spam Assassin Spam Assassin and Spam Box

Go into Spamassassin and reduce the minimum score for spam to less than 2. This should reduce the level of spam. The premium service is inconsistent and does not work reliably.

thank you, mrschwarz, the problem with spam was solved with your suggestion. Thank you again.

The premium spam filter does, in fact, work well. Contact support and have them check your MX records. They need to change it when you sign up for the premium service. Instead of changing it, it appears they left the old record and added a new one. They need to remove the old one.

Once they do that, you can disable spamassassin and almost all of your spam will be gone.

Hi, I need your help. Thursday 23 i actived the option premium spam and virus email filtering because some accounts of my domain receive many spam, but the problem is same, i receive many spam.

...
Stock: APWL

Current Price: 0.100

Short Term Target: 0.27

Long Term Target: 1.10



An incredible news is expected out of the company very soon.

This will be backed up by a PR blitz and I'm sure you can guess what will

happen to the price of this stock!

Tech companies blast off on news like this. Get in before this one takes

off and ride it all the way to the bank!

---


I have actived the spam filter, in panel control – email manager – spam assasing – i have actived Spam Assassin Spam Assassin and Spam Box

I noticed that beginning sometime today, these stock pick spam emails are being caught by spamassassin, finally!

This is part of a header from one of those emails:
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[74.129.10.55 listed in dnsbl.sorbs.net]
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?74.129.10.55>]

and it seems that spamassassin is finally tracking these spammers down, yeah! :D

In my opinion, a setting of 2 would be too low and I would miss out on many of the newsletters that I subscribe to. I have my setting on 3.0 and now I only 60 or so spam emails since 9am this morning, not bad as I was receiving about 130 to 150 per day previously this week.

Has anyone else noticed this reduction in spam, especially the stock picks?

Thanks,
Mark :D

Honestly its a pain but its not that hard to hit the delete key. Spam filters don't work that well. They still take real emails and put them in the spam box. They still miss some emails. Its really not worth the extra $2 a month per domain name.


The premium spam filter does, in fact, work well. Contact support and have them check your MX records. They need to change it when you sign up for the premium service. Instead of changing it, it appears they left the old record and added a new one. They need to remove the old one.

Once they do that, you can disable spamassassin and almost all of your spam will be gone.

I thought that spamassassin had 'licked' these spammers, but this morning I found about 45 new spam emails since I went to bed 7 hours ago! Most of them are the 'Greetings Earthling" type with the stock picks... very frustrating.

Yes, hitting the delete key is not much effort, just have to make sure I don't delete the good emails too!

Have a nice weekend.

I'll keep you posted,
Mark
:D

http://www.bluehostforum.com/showpost.php?p=20228&postcount=3

Are you sure that the added rules from the SARE site are being used? I'd bet that bluehost has disabled user_rules because of security risks. see man Mail::SpamAssassin::Conf and look at the "allow_user_rules" setting. If you did get it working, and you are sure it's working, could you post how you did it? You might want to check the verbose output from sa-learn or such to see if your rules are being used at all.

As for the premium filter, I have also paid for it, but yet still have not seen a single instance where it detected a spam that spamassassin missed. It is marking some spam, but no where near as good as spamassassin. Does the fact that it is catching some indicate that nothing needs to be done with my MX records. I see in my headers that it is being passed through mailfilter.bluehost.com. I sure do wish it could do a better job.

Skip

http://www.bluehostforum.com/showpost.php?p=20228&postcount=3

Hi FatJonny,

You're the best! Thanks a million for the link. I've added some rules that bluehost and others have recommended that I knew would work and that would not mess up spamassassin.

I read through your link, but it appears that we have to add the entire file located at http://www.rulesemporium.com/rules/70_sare_stocks.cf to the .spamassassin/user_prefs.cf file, is this correct?

or do we add something like
score SARE_STOCKS 2.0

or something like that to the user_prefs.cf file? If I add this line in bold as above, will it auto-update any new rules added to the sare_stocks file? I am trying to understand this spamassassin business. There was a great post that I followed from this forum to spamassassin help and it was great, I could find and re-post if anyone wants.

I am sorry for the questions, but I want to make sure I get this right and don't do something that messes up my current filtering. I'm not an expert at this spamassassin, but am trying to understand it.

I also want to make sure that the stocks filter gets updated and again, I'm not positive on how to make sure this is done correctly.

I've posted my current user_prefs.cf file below for you to see and comment on if you wish. Have I missed anything in this list that you can see that is obvious?

If you could post the line or lines for the stock filter that I would have to add to my user_prefs.cf file, that would be great.

Again, thanks for your help,
Mark
:D

# SpamAssassin user preferences file. See 'perldoc Mail::SpamAssassin::Conf'
# for details of what can be tweaked.
################################################## #########################

# How many points before a mail is considered spam.
# required_score 5 {{{{Mark's comment - but really it's set at 3, see below}}}}}

# Whitelist and blacklist addresses are now file-glob-style patterns, so
# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
# whitelist_from someone@somewhere.com

# Add your own customised scores for some tests below. The default scores are
# read from the installed spamassassin rules files, but you can override them
# here. To see the list of tests and their default scores, go to
# http://spamassassin.apache.org/tests.html .
#
# score SYMBOLIC_TEST_NAME n.nn

# Speakers of Asian languages, like Chinese, Japanese and Korean, will almost
# definitely want to uncomment the following lines. They will switch off some
# rules that detect 8-bit characters, which commonly trigger on mails using CJK
# character sets, or that assume a western-style charset is in use.
#
# score HTML_COMMENT_8BITS 0
# score UPPERCASE_25_50 0
# score UPPERCASE_50_75 0
# score UPPERCASE_75_100 0


# Enable the Bayes system

# Enable Bayes auto-learning

# Enable or disable network checks

# Use if the message body has many words used only once
# Use if the sender is a confirmed spam source
# Use if the sender's address contains numbers mixed in with letters
# Use if the HELO and IP do not match, but should (Received from)
# Use if envelope sender has no MX or A DNS records
# Use if the body of the message attempts to disguise porn words
# Use if the body of the message attempts to disguise mundane words used in pornblacklist_from *@fbi.gov
blacklist_from *@yahoo.com.hk
required_score 3
rewrite_header subject MarkBulk
score DISGUISE_PORN 2.0
score DISGUISE_PORN_MUNDANE 2.0
score FROM_HAS_MIXED_NUMS 2.0
score NO_DNS_FOR_FROM 2.0
score RCVD_HELO_IP_MISMATCH 2.0
score RCVD_IN_NJABL_SPAM 2.0
score UNIQUE_WORDS 2.0
skip_rbl_checks 0
bayes_auto_learn 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
use_bayes 1
use_dcc 1
use_pyzor 1
use_razor2 1
whitelist_from *@dirkzellertraining.com
whitelist_from *@e2000training.com
whitelist_from mark@mississauga4sale.com

Are you sure that the added rules from the SARE site are being used? I'd bet that bluehost has disabled user_rules because of security risks. see man Mail::SpamAssassin::Conf and look at the "allow_user_rules" setting.

You might be right about that... I presumed that since my rules were incorporated into my cpanel frontend spamassassin page that they were being used. But I guess not! Dammit!

Anyway, Mark, no you need to add an actual descriptor/rule rather than just assigning a score. If you just add the bit you have in bold, then you are essentially saying that if a message fits the SARE_STOCKS rule, then give that message a score of 2. But you need to create the rule as well. For example, the quote below is what I added to my file.

See this link for a basic intro to rule making: http://mywebpages.comcast.net/mkettler/sa/SA-rules-howto.txt

But it doesn't look like it works anyway!


################################################## ############################
# Stocks/shares rules
################################################## ############################
header SARE_MLH_Stock1 Subject =~ /(penny )?st[o0]cks?|cribsheet|marcket|stox|small[ -]?cap|stock report/i
describe SARE_MLH_Stock1 Subject mentions stock or stock related words
score SARE_MLH_Stock1 1.66
#
body SARE_MLB_Stock1 /(?:Opening|Current|Target|Projected)[ _-]Price[ :;-]/i
score SARE_MLB_Stock1 1.66
#
body SARE_MLB_Stock2 /Short Term Target(?::| Price:)/i
score SARE_MLB_Stock2 1.66
#
body SARE_MLB_Stock3 /Last[ _](?:Trade|Price)[ :]/i
score SARE_MLB_Stock3 0.794
#
body SARE_MLB_Stock4 /[0-9][ -]Day Target[(:?_| )Price]?: /i
score SARE_MLB_Stock4 1.66
#
body SARE_MLB_Stock5 /^(?:St[o0]ck[_]Symb[o0]l|Symb[o0]l|S\s?y\s?m\s?b\s?[o0]\s?l|Ticker|OTC):/i
describe SARE_MLB_Stock5 Mentions stock symbol, tickers, or OTC.
score SARE_MLB_Stock5 1.66
#
body SARE_LWTARGETP /target[ _-]price:/i
score SARE_LWTARGETP 1.66
#
body SARE_LWCURTRADE /currently trading/i
score SARE_LWCURTRADE 1.66
#
meta __IMG_ONLY ( HTML_IMAGE_ONLY_04 || HTML_IMAGE_ONLY_08 || HTML_IMAGE_ONLY_12 || HTML_IMAGE_ONLY_16 || HTML_IMAGE_ONLY_20 || HTML_IMAGE_ONLY_24 || HTML_IMAGE_ONLY_28 )
full SARE_GIF_ATTACH /name=\"?[0-9a-z._\-]{3,18}\.gif\"?/i
describe SARE_GIF_ATTACH Email has a inline gif
score SARE_GIF_ATTACH 0.75
#
meta SARE_GIF_STOX ( SARE_GIF_ATTACH && __IMG_ONLY )
describe SARE_GIF_STOX Inline Gif with little HTML
score SARE_GIF_STOX 1.66
#
################################################## ############################

Hi FatJonny,

Thanks for all your tags and I will research more and then insert into file, test and report back.

BTW- FatJonny - Why this name?

Thanks,
Mark
:D

Mark I have been with them since they started and the best thing to do is to use thunderbird as a client because it has a spam detection built in

FYI, just found this on the BH knowledgebase (http://helpdesk.bluehost.com/kb/index.php?x=&mod_id=2&root=34&id=339). This seems to suggest we can add our own rules to SpamAssassin:


Can I set my own rules for SpamAssassin? What are some good ones?

Solution
Absolutely. However, some knowledge of your site's file system is required.

To start, go to the File Manager in your control panel. In there, locate your .spamassassin folder. Once inside, click on the user_prefs file, and edit the file.

At the bottom of the file, you will be adding your new rules. Here are some of the ones we recommend.

score UNIQUE_WORDS 2.0
Use if the message body has many words used only once.
score RCVD_IN_NJABL_SPAM 2.0
Use if the sender is a confirmed spam source.
score FROM_HAS_MIXED_NUMS 2.0
Use if the sender's address contains numbers mixed in with letters.
score RCVD_HELO_IP_MISMATCH 2.0
Use if the HELO and IP do not match, but should. (Received from)
score NO_DNS_FOR_FROM 2.0
Use if envelope sender has no MX or A DNS records.
score DISGUISE_PORN 2.0
Use if the body of the message attempts to disguise porn words.
score DISGUISE_PORN_MUNDANE 2.0
Use if the body of the message attempts to disguise mundane words used in porn.

To use any of these, just copy the 'score NAME_OF_TEST 0' into the bottom of the user_prefs file, and hit 'Save'.

You can find more information and additional tests here (http://spamassassin.apache.org/tests_3_1_x.html).

OK here is an update... After much testing I've found out the following.

1. It doesn't look like you can add custom rules to SpamAssassin since BH probably has the allow_user_rules setting disabled as MrGibbage suggests.

2. You can, however, add additional rules that are not included in the default set up. Just edit th user_prefs file and add additional rules from this website http://spamassassin.apache.org/tests_3_1_x.html
For example:
score NAME_OF_TEST 3.0

3. You can test the settings by adding the rule:
score SUBJ_FREE_CAP 10
and then sending yourself an email with the word FREE in the subject (all caps).

This might get through just because your from email address might be on your white list and will get a -1000 score which counteracts the spam score. Just check the headers and see if the SUBJ_FREE_CAP rule was applied.

4. Don't send yourself too many test spam messages if you have autolearn on, as you will find your email address switches to your black list. eeek!

Actually, don't send yourself test spam emails, I've been spending the past few hours trying to figure out how to get my AWL score back down!!

oh well, ya learn the hard way!

I really like using the bayes to train spam assassin on my domain to work better. Then I raised Bayes_99 to 4.0 points and so on down the line.
Read more (http://www.bluehostforum.com/showpost.php?p=20534&postcount=20)

i have this spanm... it seems a lot of reply but would we be able to stop this?

Are you sure that the added rules from the SARE site are being used? I'd bet that bluehost has disabled user_rules because of security risks. see man Mail::SpamAssassin::Conf and look at the "allow_user_rules" setting. If you did get it working, and you are sure it's working, could you post how you did it? You might want to check the verbose output from sa-learn or such to see if your rules are being used at all.
Skip

Here's the reply I received from the Bluehost Support Team regarding allow_user_rules:


Because of a privilege escalation vulnerability when using the spamc/spamd method of running spamassassin, we in fact do not allow user rules. We apologize for this inconvenience.

I have many spam and I don understand use_bayes option in spamassim configuration.
who can help me?

Here are two references that should get you started.

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CpanelDocs/SpamAssassin

http://email.about.com/cs/bayesianfilters/a/bayesian_filter.htm