Recent Spam increase

Category: Fighting Spam

lmadiou
Asked:
2013-03-22 11:41 am EST

Hits: 492
I've been actively using SpamAssasin for the last 2 years, constantly reveiwing my queue and updating my ignore and blacklists. Its been a a pain but has worked relatively well for me. Recently Ive been getting an influx of spam that is not being caught by SpamAssasin thus flooding my inbox. I suspect one of my contacts recently got hacked or is having their email spoofed but the spam I am receiving is blatant and should be getting flagged by SpamAssasin.

I'm looking for recommendations to get my Spam under control.

thanks in advance.

Lionel.

You must login before you can ask a follow up question.

You must login before you can submit an answer.

Over the weekend pulled the ip addresses from some of the emails and found a few were coming from 192.126.77.*. I then went into the IP Deny Manager and added it, still getting spam from that same subnet of IPs... No idea what to do if I cant even block their IP. Looking forward to your feedback.
lmadiou
11 Points
2013-03-26 12:28 am EST
Hello Lionel,

The IP Deny Manager only blocks IP addresses via your site's .htaccess file, and it only blocks access to your website itself. Unfortunately with SpamAssassin you can only blacklist email addresses or domains, and not IP addresses directly.

I just wrote a new article for you on blocking IPs from sending you email, which goes over setting up a cPanel account level email filter to block email based off IP addresses in the headers.

Hope that helps.

- Jacob
JacobIMH
9,968 Points
2013-03-27 07:11 pm EST

OTHER ANSWERS

0

JacobIMH
Staff
9,968 Points
2013-03-22 2:49 pm EST
Hello Lionel, and thank you for your question.

I apologize that you've seemingly been receiving more spam unfiltered via SpamAssassin. From what I can tell looking at your mail logs, it looks like SpamAssassin has run on 417 messages, with it flagging 135 of them as spam.

From what I can tell, it looks like the messages not flagged as spam are not achieving a high enough spam score to hit your current set value of 3.5 for being flagged as spam.

I would recommend looking at the full mail headers of one of the messages you believe is blatant spam to see why it's possibly not getting marked as spam. If you can't figure it out by looking at the rules, you can forward a copy to us at docs@inmotionhosting.com with the subject "Recent spam increase", then if you comment back on this question letting us know it's been sent there we can take a look for you.

Please let us know if you have any further questions at all.

- Jacob

You must login before you can post a comment about this answer.

Email sent, thanks for helping out!
lmadiou
11 Points
2013-03-23 2:56 am EST
Hello Lionel,

Sorry for the delayed response, I was unable to locate an email from you with the subject Recent spam increase did you possibly send it under a different subject?

- Jacob
JacobIMH
9,968 Points
Staff
2013-03-27 6:32 pm EST
I've tried once more to send it to you. I definitely used the correct subject both times and used "docs@inmotionhosting.com " as the email.
lmadiou
11 Points
2013-03-28 7:47 am EST
Hell lmadiou,

I finally did see the email that you sent into docs@inmotionhosting.com. The emails that you're getting - which are definitely spam, are not being recognized by SpamAssassin because of certain factors. You can actually block this particular sender by using the IP address starting with 192.126.77.xxx and creating a range (e.g 192.126.77.0 -192.126.77.256). I suggest doing this because Spam Assassin isn't blocking those emails unless you lower the score needed to identify the email as a Spam. I'll give you an article link at the end of this comment that shows you how to make the filter. I suggest the filter also because there will be the occasional spam that appears to obey ALL of the rules to classify the message as "not spam", but you can tell by the content that it is spam. The ones that you listed are a good example of this, and they appear to be coming from a particular set of IP addresses. The link below shows how to look in the header and find the IP addresses of the email:

http://grab.by/l810

Here's the article link from Jacob about restricting IP addresses from sending spam:
Blocking IPs from sending email

If you have any further questions, please contact technical support available 24/7.

Regards,

Arnel C.

Arn
18,399 Points
Staff
2013-03-28 12:18 pm EST
Like this Question?

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!