suddenly more spam making it in |
Post Reply |
Author | |
Terry
Senior Member Joined: 06 February 2005 Status: Offline Points: 155 |
Post Options
Thanks(0)
Posted: 09 May 2014 at 10:05am |
Starting about 2.5 weeks ago we have started to see a jump in spam making it through the filter...some of this is borderline offensive. We are currently on 4.5.1.98 version of spamfilter. My blacklists are as follows:
Maps bl.spamcop.nt cbl.abuseat.org combined.njabl.org zen.spamhause.org b.barracudacentral.org zombie.dnsbl.sorbs.net Surbl multi.surbl.org I am thinking some setting must have gotten messed up because we haven't had this type of issue since we installed spamfilter many many years ago...
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Terry,
Could you please zip us the following so we can take a look: • SpamFilter's activity logfile for a day • The to/from email addresses for at least 3-4 such emails for the above day so we can locate them in the logs • Your SpamFilter.ini file • The \SpamFilter\Domains directory structure (if the files containing any of your blacklists/whitelists are outside that directory tree, please include those as well. I'll send you via a PM with link to upload the files to us. |
|
Terry
Senior Member Joined: 06 February 2005 Status: Offline Points: 155 |
Post Options
Thanks(0)
|
Okay...I have uploaded some samples and the info requested...really unusual for me to get "Hot Cougars" messages anymore and our users are starting to notice and complain about the increase. Hope you can find something we are doing wrong.
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Terry,
We finished debugging your logfile, and I have to agree that the spam catch accuracy is not as good as we're used to seeing. The logfile you forwarded us shows 44,302 connection attempts. Of those connections, SpamFilter accepted and delivered only 7,337 emails. 758 of these emails were whitelisted, so SpamFilter identified as clean 6,579 emails out of 44,302. This means that SpamFilter only allowed 14.9% of your total email traffic thru. Not counting the whitelisted emails, SpamFilter thus identified as spam about 85.1% of your total SMTP traffic. This is actually slightly better than the 70%-80% we usually see. Now, assuming that one out of two emails you receive in your mailbox is spam (thus 50%), this still means that SpamFilter incorrectly allowed thru 50% x 6,579 = 3,290 emails. So SpamFilter would have incorrectly identified as clean only 3,290 emails out of 44,302. This is an accuracy of 92.6%, which is instead slightly lower from the 95%-99%% accuracy we often see. The one filter that usually catches more spam than what we see in your logs is the MAPS RBL filter. That filter blocked only 1,652 emails that day. That is rather low when comparing it to our own proprietary SFDB filter that blocked 8,121 of your emails. I'd suggest removing these entries from your MAPS server list as they did not block a single email: combined.njabl.org, true zombie.dnsbl.sorbs.net, true and replacing them with these ones: dnsbl-2.uceprotect.net, true ubl.unsubscore.com, true free.v4bl.org, true to see if that filter improves a bit.
|
|
Terry
Senior Member Joined: 06 February 2005 Status: Offline Points: 155 |
Post Options
Thanks(0)
|
Thank you Roberto, I have made the changes and will see how it goes. This all started about 3 weeks ago so it is pretty weird.....Thank you for taking the time to analyze the information so thoroughly and for the suggestions.
|
|
Terry
Senior Member Joined: 06 February 2005 Status: Offline Points: 155 |
Post Options
Thanks(0)
|
well that worked way to good...the ubl.unsubscore.com and free.v4bl.org blocked so many legitimate emails our users were complaining and we had to remove those lists...any others I should be looking at?
|
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
Those two were the only ones which had blacklisted all 3 IP for the spam samples that you forwarded to us. The dnsbl-2.uceprotect.net had blacklisted two of them, so even just adding that one single one may help. There are many other public RBL servers available, but those 3 are the ones we are familiar with, in addition to the ones that SpamFilter comes configured for.
|
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.139 seconds.