Spam Help

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
MarHMS
Normal user
Normal user
Posts: 105
Joined: 2015-12-11 17:10

Spam Help

Post by MarHMS » 2016-04-07 19:18

Guys please see below, a spam message that one our clients got:

Code: Select all

From: Email Administrator [mailto:accounts@domain.com]
Sent: Thursday, April 07, 2016 12:09 PM
To: accounts@domain.com
Subject: Update Your Account

 

Dear user

 

  Due to the recent upgrade in our SSL server, to serve you better.

Please note that all users are mandated to update their login details

in other to enjoy the new upgrade. You are required to update through

the link below.

 

Update here (link embed is http://atousauniversal.com/2082/)

 

We are committed to protect your identity.

 

Mail Administrator 2016.
This got through my SpamAssassin :(

User avatar
jimimaseye
Moderator
Moderator
Posts: 8131
Joined: 2011-09-08 17:48

Re: Spam Help

Post by jimimaseye » 2016-04-07 20:28

Are you actually asking anything or just sharing this with us as a friend and advice?
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

MarHMS
Normal user
Normal user
Posts: 105
Joined: 2015-12-11 17:10

Re: Spam Help

Post by MarHMS » 2016-04-08 15:45

jimimaseye wrote:Are you actually asking anything or just sharing this with us as a friend and advice?
Sorry... it's for advice.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8131
Joined: 2011-09-08 17:48

Re: Spam Help

Post by jimimaseye » 2016-04-08 17:44

There isnt anything to do if you are relying on Spamassassin alone. New releases of any spam takes an amount of time before spam traps and AV solutions get it caught and deals with it.

You could always add extra security with an AV solution (such as ClamAV with Sane definitions - see my signature for tips and link), and a choice of DNSBL and SURBL's but in all cases they are still reliant on the authors being made aware and updating the definitions accordingly.

VIGILANCE and education of the users is the answer. It will beat any new release threat or AV solution. If you see a dodgy link then delete it (irrespective of whether your anti-malware solution has identified it or not).

For now, just check your Spamassassin logs and message headers to ensure that your SA was running correctly. Perhaps it didnt identify the threat because you had a problem with it at the time that you didnt know about.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

MarHMS
Normal user
Normal user
Posts: 105
Joined: 2015-12-11 17:10

Re: Spam Help

Post by MarHMS » 2016-04-08 17:48

jimimaseye wrote:There isnt anything to do if you are relying on Spamassassin alone. New releases of any spam takes an amount of time before spam traps and AV solutions get it caught and deals with it.

You could always add extra security with an AV solution (such as ClamAV with Sane definitions - see my signature for tips and link), and a choice of DNSBL and SURBL's but in all cases they are still reliant on the authors being made aware and updating the definitions accordingly.

VIGILANCE and education of the users is the answer. It will beat any new release threat or AV solution. If you see a dodgy link then delete it (irrespective of whether your anti-malware solution has identified it or not).

For now, just check your Spamassassin logs and message headers to ensure that your SA was running correctly. Perhaps it didnt identify the threat because you had a problem with it at the time that you didnt know about.
Okay will do.
I do have ClamAV with Sane definitions remember? :)

I was just really curious as this new one. It could easily fool some.

User avatar
jimimaseye
Moderator
Moderator
Posts: 8131
Joined: 2011-09-08 17:48

Re: Spam Help

Post by jimimaseye » 2016-04-08 18:05

MarHMS wrote:
Okay will do.
I do have ClamAV with Sane definitions remember? :)
Good choice. (I tell a lot of people (whenever I can) and have no idea who I have told and what they have.)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

MarHMS
Normal user
Normal user
Posts: 105
Joined: 2015-12-11 17:10

Re: Spam Help

Post by MarHMS » 2016-06-20 19:12

Can these be added to the DNS blacklist, or are they already added?
http://whatismyipaddress.com/blacklist-check

MarHMS
Normal user
Normal user
Posts: 105
Joined: 2015-12-11 17:10

Re: Spam Help

Post by MarHMS » 2016-06-20 23:27

jimimaseye wrote:...
Can these be added to the DNS blacklist, or are they already added?
http://whatismyipaddress.com/blacklist-check

User avatar
jimimaseye
Moderator
Moderator
Posts: 8131
Joined: 2011-09-08 17:48

Re: Spam Help

Post by jimimaseye » 2016-06-21 23:11

You can add whatever dns blacklists you want to HMS under SETTINGS - ANTI-SPAM - DNS BLACKLISTs. You must research what the check address and return codes are yourself from the relevent provider. (Only SPAMHAUS and SPAMCOP are included by default)
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

janrev15
New user
New user
Posts: 16
Joined: 2015-03-04 03:22

Re: Spam Help

Post by janrev15 » 2016-07-13 05:58

Hi,

I tried enabling CLAMWIN as Antivirus for HMailServer but i noticed that my email server becomes quite slow. Can you point me to the thread on how to configure this properly as I must have missed out some settings.

Thanks,

User avatar
mattg
Moderator
Moderator
Posts: 20132
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Spam Help

Post by mattg » 2016-07-13 06:46

viewtopic.php?f=21&t=26829

If you just use ClamWIN using the hMailserver interface it will slow your server noticeably as ClamWIN is not multi threading except when you run it as a service as per the above thread

Personally I have a Ubuntu Server (non gui) VM (via HyperV) on my Windows 10 Pro machine, with Ubuntu running ONLY ClamAV and SpamAssassin
It seems to work well.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
jimimaseye
Moderator
Moderator
Posts: 8131
Joined: 2011-09-08 17:48

Re: Spam Help

Post by jimimaseye » 2016-07-13 08:36

mattg wrote:viewtopic.php?f=21&t=26829

If you just use ClamWIN using the hMailserver interface it will slow your server noticeably as ClamWIN is not multi threading except when you run it as a service as per the above thread
.....and make sure you apply the SANE definitions (or Securiteinfo) as advised in the thread otherwise you are simply wasting your time bothering with Clamwin as a solution in protecting you. It wont.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Post Reply