Spam, Virus and Worms, Oh My


After a post over at Mike Little’s Journalized I offered my reccommendations to help.

I figured I’d post my current response to this spam or mail bombing going on due to these Worms/Viri causing the host to send SPAM…

I use Spam Assasin on my server. It works great. But it wasn’t enough, all it did was identify what spam is and isn’t. Which is getting tougher and tougher… It still does a good job though…

I modified my Spam Assasin user_prefs file to contain the following:

required_hits 5
rewrite_subject 1
subject_tag **SPAM**
use_bayes 1
report_safe 1
score RCVD_IN_OSIRUSOFT_COM 0
score X_OSIRU_DUL 0
score X_OSIRU_DUL_FH 0
score X_OSIRU_OPEN_RELAY 0
score X_OSIRU_SPAM_SRC 0
score X_OSIRU_SPAMWARE_SITE 0
report_header 1
defang_mime 0
report_safe 0
auto_learn 1
add_header all
detailed_phrase_score 1
add_header all Status _YESNO_, hits=_HITS_ required=_REQD_ tests=_TESTS_ bayes=_BAYES_ awl=_AWL_ autolearn=_AUTOLEARN_ version=_VERSION_ dcc results=_DCCR_ pyzor results= _PYZOR_ rblresults=_RBL_
score HTML_IMAGE_ONLY_02 4.00
score HTML_IMAGE_ONLY_04 3.00
score HTML_IMAGE_ONLY_06 3.00
score RAZOR2_CHECK 2.094
score RAZOR2_CF_RANGE_51_100 2.202
score RCVD_IN_SBL 2.226
score RCVD_IN_DSBL 1.412
score RCVD_IN_NJABL_PROXY 1.000
score RCVD_IN_SORBS_HTTP 2.202
score RCVD_IN_SORBS_MISC 2.408
score RAZOR2_CHECK 1.50
score RAZOR2_CF_RANGE_51_100 3.00
score DCC_CHECK 3.00
score HTML_FONT_INVISIBLE 3.00
score HTML_COMMENT_SHOUTING 3.50
score X_MSMAIL_PRIORITY_HIGH 0
score X_PRIORITY_HIGH 0
whitelist_from *paypal.com
whitelist_from *godaddy*
whitelist_from *networksolutions.com

Which helps minimize false positives…

However, my server, which runs Cpanel as the server software, offers something else, its called Spam Box. I enabled this, and it routes all the email Spam Assasin identifies as Spam to a subfolder called spam. The spam now gets routed their… I use a simple mail program called mail washer, to then log into this account which is my main account username followed by /spam and then it gets all the headers of the spam, and allows me to search through it, with no risk of links or images, or virus getting through. Then it will even blacklist and bounce the email back to its sender, although I’ve since disabled the bouncing since most of these are forged / fake emails anyway.

Hope that helps. It has cut down the majority of spam I recieved to now 1 in 1000 spam now getting through.

Leave a Reply