Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - suddenly more spam making it in
  FAQ FAQ  Forum Search   Register Register  Login Login

suddenly more spam making it in

 Post Reply Post Reply
Author
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Topic: suddenly more spam making it in
    Posted: 09 May 2014 at 10:05am
Starting about 2.5 weeks ago we have started to see a jump in spam making it through the filter...some of this is borderline offensive.  We are currently on 4.5.1.98 version of spamfilter.  My blacklists are as follows:
 
Maps
bl.spamcop.nt
cbl.abuseat.org
combined.njabl.org
zen.spamhause.org
b.barracudacentral.org
zombie.dnsbl.sorbs.net
 
Surbl
multi.surbl.org
 
I am thinking some setting must have gotten messed up because we haven't had this type of issue since we installed spamfilter many many years ago...
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 11 May 2014 at 10:20pm
Terry,

Could you please zip us the following so we can take a look:

• SpamFilter's activity logfile for a day

• The to/from email addresses for at least 3-4 such emails for the above day so we can locate them in the logs

• Your SpamFilter.ini file

• The \SpamFilter\Domains directory structure (if the files containing any of your blacklists/whitelists are outside that directory tree, please include those as well.


I'll send you via a PM with link to upload the files to us.

Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Posted: 12 May 2014 at 10:06am
Okay...I have uploaded some samples and the info requested...really unusual for me to get "Hot Cougars" messages anymore and our users are starting to notice and complain about the increase.  Hope you can find something we are doing wrong.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 12 May 2014 at 10:27pm
Terry,

We finished debugging your logfile, and I have to agree that the spam catch accuracy is not as good as we're used to seeing.

The logfile you forwarded us shows 44,302 connection attempts. Of those connections, SpamFilter accepted and delivered only 7,337  emails. 758 of these emails were whitelisted, so SpamFilter identified as clean 6,579 emails out of 44,302. This means that SpamFilter only allowed 14.9% of your total email traffic thru. Not counting the whitelisted emails, SpamFilter thus identified as spam about 85.1% of your total SMTP traffic. This is actually slightly better than the 70%-80% we usually see.

Now, assuming that one out of two emails you receive in your mailbox is spam (thus 50%), this still means that SpamFilter incorrectly allowed thru 50% x 6,579 = 3,290 emails. So SpamFilter would have incorrectly identified as clean only 3,290 emails out of 44,302. This is an accuracy of 92.6%, which is instead slightly lower from the 95%-99%% accuracy we often see.

The one filter that usually catches more spam than what we see in your logs is the MAPS RBL filter. That filter blocked only 1,652 emails that day. That is rather low when comparing it to our own proprietary SFDB filter that blocked 8,121 of your emails.

I'd suggest removing these entries from your MAPS server list as they did not block a single email:

combined.njabl.org, true
zombie.dnsbl.sorbs.net, true

and replacing them with these ones:

dnsbl-2.uceprotect.net, true
ubl.unsubscore.com, true
free.v4bl.org, true

to see if that filter improves a bit.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Posted: 13 May 2014 at 8:42am
Thank you Roberto,   I have made the changes and will see how it goes.  This all started about 3 weeks ago so it is pretty weird.....Thank you for taking the time to analyze the information so thoroughly and for the suggestions.
Back to Top
Terry View Drop Down
Senior Member
Senior Member


Joined: 06 February 2005
Status: Offline
Points: 155
Post Options Post Options   Thanks (0) Thanks(0)   Quote Terry Quote  Post ReplyReply Direct Link To This Post Posted: 13 May 2014 at 2:19pm
well that worked way to good...the ubl.unsubscore.com and free.v4bl.org blocked so many legitimate emails our users were complaining and we had to remove those lists...any others I should be looking at?
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 13 May 2014 at 6:05pm
Those two were the only ones which had blacklisted all 3 IP for the spam samples that you forwarded to us. The dnsbl-2.uceprotect.net had blacklisted two of them, so even just adding that one single one may help. There are many other public RBL servers available, but those 3 are the ones we are familiar with, in addition to the ones that SpamFilter comes configured for.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.139 seconds.