LinkBack URL
About LinkBacksIs there any better (paid/free) spam filters which can easily be added into the Exim setup?
Better spam filters than Spam Assassin?
Is there any better (paid/free) spam filters which can easily be added into the Exim setup?
We have been using SpamAssassin (SA) for a very long time and we find it very effective in purging spam. Make sure these filters are also installed and configured properly: Razor-agents (although a little out-date), DCC, SPF, and Pyzor.Originally Posted by SpiritAu
ASSP is another good spam blocker. That will be my choice, if I am looking for a different program than SpamAssassin.
I'll definitely put MailScanner at the end of my list.
Andy Reed
RHCE and CCNA
ServerTune.com
Servertune,
Isn't MailScanner just a more efficient way of running SpamAssassin?
Spirit:
There's detailed instructions for installing a mature setup for MailScanner/SpamAssassin at www.configserver.com. Be warned though, SpamAssassin is a CPU hog and word is out that ASSP is a lot more efficient and effective than SpamAssassin.
MailScanner (MS) is not tied to any particular virus scanner, but can be used with any combination of about 14 different virus scanners. MS is the resource hog and that's one of the reasons we'll put it at the end of our list. For more information about MS, go to: http://www.mailscanner.info/
On other hand, SpamAssassin, without MS, is flexible, easy to extend, uses a wide-spectrum of tests, and is CPU friendly. Everything that you could ever want from an anti-spam program.
I think you meant MailScanner is 'a CPU hog'.
Andy Reed
RHCE and CCNA
ServerTune.com
Check out ASSP it is way better. and Free
There are a a couple of packages to integrate it with CPanel
ASSPX it is a free product and ASSP Deluxe it is 15 per server but a little more robust.
There is plenty of information in these forums - search ASSP
No, I meant SpamAssassin.
Brianoz, do you use Mailscanner/SA? Been using MS for well over a year now with no complaints about resource problems. When well configured I think it performs nicely.
Darren Benfer | SS-Darren | AIM: serversphere
www.serversphere.com
Dedicated Server Solutions Have Come Full Circle
That's interesting. How can you prove that 'SpamAssassin is a CPU hog'? Did you use any tool(s) to reach that conclusion? If yes, what are they? When we talk about 'CPU hog', what is the projected CPU load SA will exert on the server?
Andy Reed
RHCE and CCNA
ServerTune.com
I havn't found spamassassin to be a problem on any of my machines.
there have been moments (like right after someone sends out a bulk mailing) that all the bouncebacks will zip through the machine, but even in those times, it's never been too severe.
if you can help it, put your mail spool on a separate hard drive from the one where the mail ultimately gets delivered.
from what i've heard ASSP is a bit better.. SA can be a memory hog if you have a lot of large and complex rulesets--and also can take slightly longer per message to process (again, if you have large and complex rulesets).
I've found most of the bulky rulesets didn't really catch much that weren't already caught by the RBL's, so I've removed them, and on most of my systems, even in peak web use, my uptime rarely goes above 0.9
MailScanner doesn't have to be a hog if you tune it correctly. As Brionoz has said, I have also seen spamd as a resource hog on many servers and running MailScanner actually used fewer resources. The main function of MailScanner that can cause performance degredation is/was ClamAV which has been improved greatly in recent times, especially if you use the Mail::ClamAV perl module and not clamscan directly.
I also agree with freedman, large and complex SpamAssassin rules can add significant load to a server regardless of how SA is used.
Jonathan Michaelson
Need your cPanel servers secured and tuned?
cPanel Server Configuration, Security, Recovery and Antivirus/AntiSpam Services
Developers of the most effective (and free) Firewall & Security Solution for cPanel Servers - csf
http://www.configserver.com
Chirpy, so what installation do you recommend? I do have SA rules that are becoming big by the day. My main problem is that at any time I have like 1800 queued messages on Exim. If the messages that are sent to non-existent email IDs are set to ":fail:" and the rest are being caught by SA, then why are they queued up? Would ASSP or MailScanner help in clearing my queue?
if you have that many piling up, then it's for one (or more) of a number of reasons:
1) you're allowing open relaying--very bad, fix this if you are.
2) you're clients are running mailing lists which aren't cleaned up very often...some mail hosts dont properly reject things to bad email addresses, so they get queued for redelivery until the 4(or so) day timeout.
3) the return address on bulk emails isn't working right, so the bounces are going back to your server, youre trying to forward them on to somewhere else which isn't working right.
4) your server load is often high, in which case, exim will go into queue only mode. then it'll start to process the queue, load will go up, it'll stop and go queue only again. (if this is the case, raise the 'deliver_queue_load_max' to 3 or 4 or 5, until the queue flushes out.
allso consider: smtp_load_reserve and queue_only_load
(do these through whm if you wish them permanent, otherwise make the change and cpanel will set it back randomly at some point it does an upcp--which is fine if you dont want to have to remember to do it yoruself).
run through your mail logs, they'll provide a wealth of information.
Also, try to determine, if you can, which of your larger SA rulesets account for the least number of detections... if you're getting less than a 2-3% hit rate, then you might do well to just do without that set.
Thanks freedman, very informative! I think for me it may be a combination of those, but no.3 is the most common. This is because the email address I have for one of my domains keeps getting spam that is like something has bounced (which it could not have, because I never sent those emails). To counter this, in my Exim config, I checked the "Exim Verify the existence of email senders" but it hasn't helped at all. What can I do to stop these bounces, or make sure that these fake emails are killed but the email address remains intact?
ahhh.. these types of bounces are caused by spammers sending mail from their own servers, but listing "FROM" as an email address @YOURDOMAIN.
if you set the catchall address for each of your domains to ":fail:" then it should just toss all these in the garbage.
(dont use :blackhole: and, I think, you have to just have :fail: all by itself .. if you have ":fail: REASON" then exim wont treat it the same, as I understand it.
so, check the /etc/valiases/ file for this domain, make sure the catchall is either a valid address or:
*: :fail:
OK OK I retreat in defeatThat's interesting. How can you prove that 'SpamAssassin is a CPU hog'? Did you use any tool(s) to reach that conclusion? If yes, what are they? When we talk about 'CPU hog', what is the projected CPU load SA will exert on the server?
Let me be more precise. I can only say empirically that SA appears to be a resource hog. In fact, if I'm to be entirely accurate with what I've observed I'd have to say that I've observed that MS/SA combined is a hog, which is not at all inconsistent with what you're saying. I do like some MS features - one of the nicest is that it keeps a log of incoming email and that has proven invaluable in tracking email on the odd occasion. I promise - I wasn't meaning to cast fair aspersions, apologies for the loose speaking!
ASSP looks interesting, in particular because it's clear it's not a CPU/resource hog.
Reply With Quote