Spam filtering with cpanel-11.

[anton_latvia]

Here is our story, story about spam and cpanel-11.

We were using cpanel-10 and were quite happy with it. But suddenly on several servers SpamAssassin started to fail too often. Then licenses got expired and we were forced to upgrade. This helped a lot - global spamassassin is a great feature, a lot more spam emails are being trapped. Unfortunately we had some "moments" and that's why I have started this thread to ask and discuss them.

1. SpamAssassin is using ACLs for spam scanning. We also are using DCC and SARE rules. Would that harm or disturb new way of operating? Since upgrade we do experience higher load and spamd/exim fails more frequently on _several_ (not all) servers.

2. In exim's configuration there are 2 similar options - how do they interfere with each other? Should we have them both enabled or is it enough with just one? Could fact of having them both enabled be the reason for higher load? These 2 options are:

- Reject mail at SMTP time if the spam score from spamassassin is greater than 10.0.
- Reject mail with a failure message if the spam score from spamassassin is greater than 20.0.

Yes, I think spam score of 10 or 12.5 is more than enough.

3. If incoming mail is being trapped as spam with high score and server refuses to accept it - will sender receive some notification or does it depend on sender's mail server?

4. If spamd and exim fails from time to time and there is nothing sensible in the logs - what could be done? Does it mean that server got too much job to do? Since upgrade our mail queue has improved dramatically - less than 100 emails - wow!

Thanks for your answers and sorry, if this is repeated discussion (although search function did not show anything more or less close to this).

Anton.

[mtindor]

1. Using the DCC and SARE rules can and will increase the load that SpamAssassin incurs because it is processing more rules. I know they are effective rules - I use them sometimes, but if the load gets to high I might turn them off for a while.

2. Reject Mail at SMTP Time vs Reject Mail With a Failure Message

I would suggest that you do not use 'Reject Mail With A Failure Message'.

If you use the Reject Mail With a Failure Message, your machine will accept each of those spam and then generate a bounce back to the sender (and the sender in most spam cases is forged and did not send you the spam). So you end up getting your server blacklisted for being a "spam generator"

If you use Reject Mail With a Failure Message, your machine will reject the mail during the SMTP phase, causing the sending mail server (or spamming client) to receive an error immediately. So the burden of dealing with the spam message will be on the sending mail server instead.

Mike

Here is our story, story about spam and cpanel-11.

We were using cpanel-10 and were quite happy with it. But suddenly on several servers SpamAssassin started to fail too often. Then licenses got expired and we were forced to upgrade. This helped a lot - global spamassassin is a great feature, a lot more spam emails are being trapped. Unfortunately we had some "moments" and that's why I have started this thread to ask and discuss them.

1. SpamAssassin is using ACLs for spam scanning. We also are using DCC and SARE rules. Would that harm or disturb new way of operating? Since upgrade we do experience higher load and spamd/exim fails more frequently on _several_ (not all) servers.

2. In exim's configuration there are 2 similar options - how do they interfere with each other? Should we have them both enabled or is it enough with just one? Could fact of having them both enabled be the reason for higher load? These 2 options are:

- Reject mail at SMTP time if the spam score from spamassassin is greater than 10.0.
- Reject mail with a failure message if the spam score from spamassassin is greater than 20.0.

Yes, I think spam score of 10 or 12.5 is more than enough.

3. If incoming mail is being trapped as spam with high score and server refuses to accept it - will sender receive some notification or does it depend on sender's mail server?

4. If spamd and exim fails from time to time and there is nothing sensible in the logs - what could be done? Does it mean that server got too much job to do? Since upgrade our mail queue has improved dramatically - less than 100 emails - wow!

Thanks for your answers and sorry, if this is repeated discussion (although search function did not show anything more or less close to this).

Anton.

[anton_latvia]

Thanks for the explanation, Mike. I guess I have to pay more attention to what is written and difference is quite obvious. And in last paragraph you probably wanted to say:

Reject Mail at SMTP Time

instead of:

Reject Mail With a Failure Message.

Once again thank you!

Regards,
Anton.