Where is my SpamBox?

LeMarque

Member
Was getting tons of spam and enabled SpamAssain and SpamBox and now I'm not getting the spam e-mails.

But I can't find the spambox to delete them. Using Horde.
 

Dan

Moderator
Hello LeMarque,

It should have simply created a 'spam' folder for you under your inbox. I haven't used Horde (or Spamassassin for that matter) much but when folders have been added I seem to remember they always just showed up. Some webmail clients require you to subscribe to folders for them to show up like an IMAP client would.

You could check in SSH to see if you can find the folder in question as well.

Not much help I know, sorry :)
 

LeMarque

Member
Hello LeMarque,

It should have simply created a 'spam' folder for you under your inbox. I haven't used Horde (or Spamassassin for that matter) much but when folders have been added I seem to remember they always just showed up. Some webmail clients require you to subscribe to folders for them to show up like an IMAP client would.

You could check in SSH to see if you can find the folder in question as well.

Not much help I know, sorry :)
Don't know how they got my e-mail address, but I've been getting tons of spam from this Canadian pharmacy.

I've looked for that folder, searched the cPanel forum, googled, etc. and did a quick ssh and still can't find it :confused:

Enabled all the other webmail clients but still no spam folder. Going to disable spambox and start all over again.

ehh.
 

Dan

Moderator
Was the spam actually addressed to you or did you configure your email as a catchall? Your spambox should only get what is addressed to you if I'm not mistaken.

And just in case the paths should be:
/home/acctname/mail/domain.com to see the users
/home/acctname/mail/domain.com/user to see the user's folders
 

LeMarque

Member
Was the spam actually addressed to you or did you configure your email as a catchall? Your spambox should only get what is addressed to you if I'm not mistaken.
Its one of those 'from me to me' sort of emails; i.e.:

Virgen [john.doe@xxxxxdomains.com] to john.doe@xxxx.domains.com

My catchall goes to :blackhole.

I disabled spambox and started receiving the spam again to my outlook inbox. I'll re-enable it and see if I can find the folder in the paths you mention.

Thanks for the info.
 

Dan

Moderator
Its one of those 'from me to me' sort of emails; i.e.:

Virgen [john.doe@xxxxxdomains.com] to john.doe@xxxx.domains.com
Ah, it's very likely that the system is just trying to bounce this type of email since it knows you did not send it. Check your email queue to see if you have emails stuck in there. This is the spammers actual objective is to have the emails bounce to their real target. This is the reason why I stopped using Spamassassin as I could not find where to simply trash these emails rather than bouncing them.
 

LeMarque

Member
Ah, it's very likely that the system is just trying to bounce this type of email since it knows you did not send it. Check your email queue to see if you have emails stuck in there. This is the spammers actual objective is to have the emails bounce to their real target. This is the reason why I stopped using Spamassassin as I could not find where to simply trash these emails rather than bouncing them.
These emails were making it thru to my local inbox and not being rejected by exim nor are/were there any stuck in the queue. But! I found the spambox, as you pointed out and they are trapped there and not being bounced - also <ducking> I was logging into webmail as the acct. name and viewing all my associated emails. I logged into webmail as the user getting the spam and subscribed to the spam folder (which didn't appear using the acct name) and the spambox is present with the spam!

Here's what one of them looked like in the exim log:

2009-06-07 15:00:44 1MDPUF-0005m8-R5 H=ppp-124-121-149-181.revip2.asianet.co.th (ppp-124-122-6-95.revip2.asianet.co.th) [124.121.149.181]:2361 I=[xx.xxx.xx.xx]:25 Warning: "SpamAssassin as XYZ detected message as spam (16.0)"
2009-06-07 15:00:44 1MDPUF-0005m8-R5 <= me@mydomain.com H=ppp-124-121-149-181.revip2.asianet.co.th (ppp-124-122-6-95.revip2.asianet.co.th) [124.121.149.181]:2361 I=[xx.xxx.xx.xx]:25 P=esmtp S=7995 id=YJCCV66647.B0969D8@ppp-124-122-6-95.revip2.asianet.co.th T="Douglas asked to send it" from <me@mydomain.com> for me@mydomain.com
2009-06-07 15:00:44 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1MDPUF-0005m8-R5
2009-06-07 15:00:44 1MDPUF-0005m8-R5 => me <me@mydomain.com> F=<me@mydomain.com> R=virtual_user_spam T=virtual_userdelivery_spam S=8094
2009-06-07 15:00:44 1MDPUF-0005m8-R5 Completed
2009-06-07 15:00:45 SMTP connection from ppp-124-121-149-181.revip2.asianet.co.th (ppp-124-122-6-95.revip2.asianet.co.th) [124.121.149.181]:2361 I=[xx.xxx.xx.xx]:25 closed by QUIT
 

Dan

Moderator
AAahhh you were logging in using the domain account name and couldn't see it. Yes I have seen this happen as well, didn't even think about that!

Glad you got it worked out!
 

LeMarque

Member
Dan

This is the spammers actual objective is to have the emails bounce to their real target. This is the reason why I stopped using Spamassassin as I could not find where to simply trash these emails rather than bouncing them.
At your convenience, could you explain "bounce to their real target"?
 

Dan

Moderator
You can put anything in the 'from' field and you can even put a different address in the 'reply to' field. So they put in the address they want it to bounce to and then if the 'to' address is bad it will bounce to another target.
 

LeMarque

Member
This is the spammers actual objective is to have the emails bounce to their real target. This is the reason why I stopped using Spamassassin as I could not find where to simply trash these emails rather than bouncing them.
Doesn't this do it?

Main >> Service Configuration >> Exim Configuration Editor

So they put in the address they want it to bounce to and then if the 'to' address is bad it will bounce to another target.
Not sure I understand why they would want it to bounce to 'another target'
 

Dan

Moderator
OK

I'll let you get back to work; but doesn't this provide for whether or not SA will bounce spam?
That does look like what you would be looking for! :D

I don't think they had those options when I tried Spamassassin.
 
Top