Spam Help

[MarHMS]

Guys please see below, a spam message that one our clients got:

Code: Select all

From: Email Administrator [mailto:accounts@domain.com]
Sent: Thursday, April 07, 2016 12:09 PM
To: accounts@domain.com
Subject: Update Your Account

 

Dear user

 

  Due to the recent upgrade in our SSL server, to serve you better.

Please note that all users are mandated to update their login details

in other to enjoy the new upgrade. You are required to update through

the link below.

 

Update here (link embed is http://atousauniversal.com/2082/)

 

We are committed to protect your identity.

 

Mail Administrator 2016.

This got through my SpamAssassin

[jimimaseye]

Are you actually asking anything or just sharing this with us as a friend and advice?

[MarHMS]

Are you actually asking anything or just sharing this with us as a friend and advice?

Sorry... it's for advice.

[jimimaseye]

There isnt anything to do if you are relying on Spamassassin alone. New releases of any spam takes an amount of time before spam traps and AV solutions get it caught and deals with it.

You could always add extra security with an AV solution (such as ClamAV with Sane definitions - see my signature for tips and link), and a choice of DNSBL and SURBL's but in all cases they are still reliant on the authors being made aware and updating the definitions accordingly.

VIGILANCE and education of the users is the answer. It will beat any new release threat or AV solution. If you see a dodgy link then delete it (irrespective of whether your anti-malware solution has identified it or not).

For now, just check your Spamassassin logs and message headers to ensure that your SA was running correctly. Perhaps it didnt identify the threat because you had a problem with it at the time that you didnt know about.

[MarHMS]

There isnt anything to do if you are relying on Spamassassin alone. New releases of any spam takes an amount of time before spam traps and AV solutions get it caught and deals with it.

You could always add extra security with an AV solution (such as ClamAV with Sane definitions - see my signature for tips and link), and a choice of DNSBL and SURBL's but in all cases they are still reliant on the authors being made aware and updating the definitions accordingly.

VIGILANCE and education of the users is the answer. It will beat any new release threat or AV solution. If you see a dodgy link then delete it (irrespective of whether your anti-malware solution has identified it or not).

For now, just check your Spamassassin logs and message headers to ensure that your SA was running correctly. Perhaps it didnt identify the threat because you had a problem with it at the time that you didnt know about.

Okay will do.
I do have ClamAV with Sane definitions remember?

I was just really curious as this new one. It could easily fool some.

[jimimaseye]

Okay will do.
I do have ClamAV with Sane definitions remember?

Good choice. (I tell a lot of people (whenever I can) and have no idea who I have told and what they have.)

[MarHMS]

Can these be added to the DNS blacklist, or are they already added?
http://whatismyipaddress.com/blacklist-check

[MarHMS]

...

Can these be added to the DNS blacklist, or are they already added?
http://whatismyipaddress.com/blacklist-check

[jimimaseye]

You can add whatever dns blacklists you want to HMS under SETTINGS - ANTI-SPAM - DNS BLACKLISTs. You must research what the check address and return codes are yourself from the relevent provider. (Only SPAMHAUS and SPAMCOP are included by default)

[janrev15]

Hi,

I tried enabling CLAMWIN as Antivirus for HMailServer but i noticed that my email server becomes quite slow. Can you point me to the thread on how to configure this properly as I must have missed out some settings.

Thanks,

[mattg]

viewtopic.php?f=21&t=26829

If you just use ClamWIN using the hMailserver interface it will slow your server noticeably as ClamWIN is not multi threading except when you run it as a service as per the above thread

Personally I have a Ubuntu Server (non gui) VM (via HyperV) on my Windows 10 Pro machine, with Ubuntu running ONLY ClamAV and SpamAssassin
It seems to work well.

[jimimaseye]

viewtopic.php?f=21&t=26829

If you just use ClamWIN using the hMailserver interface it will slow your server noticeably as ClamWIN is not multi threading except when you run it as a service as per the above thread

.....and make sure you apply the SANE definitions (or Securiteinfo) as advised in the thread otherwise you are simply wasting your time bothering with Clamwin as a solution in protecting you. It wont.