More spam bypassing Cpanel11 RBLs
Hello, I was very happy with Cpanel11 RBL, they were working quite well days ago, but recently more spam is going through them, how can I strength them again.
Most of the spam is getting less than 5 points in spamassassin score and flooding our users mailboxes.
Any suggestion?
Any ideas to add more strenght to spamassassin rules? it was working quite well days ago but now more spam is going over the filter.
It usually comes in waves as the spammers find a way around the filters, and spamassassin learns and eventually blocks.Originally Posted by Alejandro P
I have had a spam increase in the last week or 2, likely due to the large amounts of bayes-poison the spammers are sending. "Hello! I am tired this afternoon"
Eventually things balance out again.
Brian
I see in your title that you refer to cPanel's RBL's ..spamassassin uses it's own rbl but are you actually using the 2 that cPanel makes easily available as well?
Just keeping my "eye" on things....
R. Paul Mathews
RPMWS - diehard cPanel Nutcase
Hey,
I do not think you can use SpamAssassin and have cPanel's RBL run at the same time...
Thanks,
Adam
cPanel Customer since November 2005
---
- 7 Servers running cPanel/WHM
Tutorials I have made:
- Transfer accounts from one server to another
that's strange ..I have been using them both since Dec 2006
Just keeping my "eye" on things....
R. Paul Mathews
RPMWS - diehard cPanel Nutcase
Sugggestion:
Give up entirely on using SA and EXIM RBL's. Use something that handles things a LOT better and is very user friendly, like assp . There's two versions for CPanel alone, though I'd strongly suggest going with the paid version.
SA is bad, Exims RBLs are bad. Using the MTA (exim) to handle any spam filtering is a bad idea in general. It should all be done before it hits the MTA, through a mail proxy which is configured to handle things.
Linux Tech Networks: Reliable Server Administration and Monitoring since 2002
i'm sorry but i don't agree.
i've been using SA for many years, along with Exim and some of the popular RBL's and they all do an excellent job at filtering spam.
to be more specific, the combination of SA+Exim+RBL and the default rules in cPanel v11 have managed to cut spam to just about... zero. We do get 1-2 spam emails per month in our entire company with hundreds of emails!!! thats like 99,9% success.
we also monitor false positives but so far there haven't been any, so at the moment all marked spam are automatically deleted and the originating IP address is banned by the firewall.
SpamAssassin+Exim+RBL are a great combination!
And that's your right and choice to do, but if you haven't used anything else, who are you to disagree?i'm sorry but i don't agree.
I've managed, and used, both SA/Exim settings AND ASSP/Exim settings, and let me tell you, SA doesn't stand a chance.
SA loads down the server because of user filtering. ASSP does not
SA has minimalistic checks on things such as RBLs, ASSP can check any RBL you tell it to
I could go on and on comparing one to the other, but the fact is that SA doesn't even come close to ASSP's processing, from personal experience, without a LOT of plugins, a LOT of addons, and a good bit of server load.
Linux Tech Networks: Reliable Server Administration and Monitoring since 2002
i never said i haven't used anything else.
you are wrong about SA, but its obvious that you feel strongly about assp... for some reason.
i don't care, but you shouldn't be wrongly influencing others.
I wouldn't say that SA isn't a bloated hunk of blood sucking crap myself. It will kill a server in seconds if the spammers hit it right. BUT having said that ..if you use cPanel's built-in RBL's or configure your own in the exim config editor you can knock down 90% of connections at SMTP time so SA doesn't have to scan so much. works fine for me. The RBL's alone on a typical box will reject 90% of all attempts and I haven't gotten the first false positive in a year. 1000+ domains/users
Just keeping my "eye" on things....
R. Paul Mathews
RPMWS - diehard cPanel Nutcase
Hi, I have to turn off SA for a while due to the high usage of memory it does. SA crashed several times a day, making fail webmaild and eximd each time.
Does anybody know about good ACLs or RBLs to use with Exim only?
Or any way to minimize the resource usage from SpamAssassin? (when using SA, unfiltered spam was 0.1%, using Exim only it is about 5%)
if you enable the 2 RBL's cpanel provides in the exim config editor, that alone on a busy server will block 80-90% of ALL email attempts. The other 10% will be a 50-50 mixture of legit mail and some spam. I have 2 year's worth of MRTG graphs to show the ratios.
Just keeping my "eye" on things....
R. Paul Mathews
RPMWS - diehard cPanel Nutcase
Hi, we use the 2 RBL's: bl.spamcop.net and zen.spamhaus.org and do a good work, but there are certain domains that are receiving hundreds of spam mails daily that's not being filtered by this RBLs.
We also have activated the option of "Sender Verification". The other option, "Sender Verification Callouts", did a great work stopping spam, but had to be deactivated because also filter legit newsletters that use to setup a different Return-Path in their messages cause they send thru group manager softwares or specialized list manager websites.
any other idea? maybe references to smarter ACL rules?
Last edited by Kent Brockman; 04-09-2008 at 01:25 PM. Reason: more data added
do you have all your default addresses set to :fail: ?
Keep in mind RBL's are not filters really. they contain IP addresses of know spammers and the list is used to block at SMTP time. If the email is accepted then the sending server or IP is not on the RBL. Typically these come from infected client computers and eventually will be blocked. But making sure you are not wide open to dictionary attacks is a good idea ..also using cPanel's ratelimiter helps.
Just keeping my "eye" on things....
R. Paul Mathews
RPMWS - diehard cPanel Nutcase
LinkBack URL
About LinkBacks
Reply With Quote