BoxTrapper causes huge serverloads

**gunmuse** · 11-15-2004 07:16 PM

We get an huge amount of bogus spam generated by robots. I turned on the box trapper without thinking and when you get stuff that is bogus your "please confirms start overloading your server"

:blackhole: needs to be default for users when they enable this feature. No exception.

Went from a static 5.5 server load to a .36 after making this change and clearing my mail que.

Also it appears that once you enable the box trapper disabling it doesn't actually disable the feature on the mailbox just in the Users cpanel. People were still getting a bounce back email after disabling this feature.

also There should be an automatic response of reporting spam senders automatically. Its completely insane to do this by hand when we are getting 28,000 emails a day. Sending a consolidated report to DNS relay's would be a big dent in the war on spam as long as you don't get the crap like I got today. Accused of spam when he got a box trapper message from one of HIS spam messages. The genius actually reported me to my registar for responding automatically to his spam.

**BraveX** · 05-22-2005 04:24 AM

Thanks for sharing this information. I was thinking of enabling this feature on my VPS for my customers but am concerned about the overload you mention.

How has it been working for you since?

**chirpy** · 05-22-2005 05:09 AM

This is one of the greatest flaws of such challenge response systems. Generally, they actually increase the amount of email that you'll have processing through your server because of spam that reducing it. You also run the risk (as shown here) of having your server RBL'd because of the arbitary nature of the challenge. They may be fine for one mail box, but from a server perspective they're useless for reducing the amount of spam going through your server and the internet as a whole - that's why generally, anti-spam proponents hate such systems. It's much better to stop it before it hits a user account.

**djblamire** · 05-22-2005 01:14 PM

Is it easy to disable the 'Boxtrapper' function for all accounts after upgrading to cpanel Pro ?

Thanks
Daniel

**chirpy** · 05-22-2005 01:16 PM

Yup, just do it in the WHM > Feature Manager

**djblamire** · 05-22-2005 01:28 PM

Thank you Chirpy

Daniel

**rvskin** · 05-23-2005 02:04 PM

Yup, just do it in the WHM > Feature Manager

It works under cPanel but under Webmail it doesn't. Webmail interface doesn't conform to the feature list. User still able to enable boxtrapper inside Webmail. If you don't want user to do it, you need to remove the file /usr/local/cpanel/base/webmailboxtrapper.cgi . But it will be recreated every time you update cPanel.

**gunmuse** · 05-23-2005 05:41 PM

The mail accounts that had Box trapper enabled. Still function as if it was even when disabled in the WHM. Cpanel hasn't addressed the issue yet.

BlackHoleing spam is still the best method of handling automated "email guesses" to the server.

I think the spam project has taken the wrong approach and others have followed in the lost footsteps.

99% of the spam that is getting through is a garbled mess. Originates from a country I could care less about getting email from.

WHM should create an IP tables interface. THATS an admin tool. Long over do at that. Let the server owner start blocking IP groups using the IP tables. Very load server load using this method. Also its really the best firewall out there.

Iptablesrock.org has a wonderful how-to on IP tables and building a user interface for building the Allows and disallows is the missing link in main stream usability.

As for the proper country and proper port connections for spammer. A relaxation on the current methods as they through up more false positives than should be allowed.

Add in as a replacement (Spell checking). Most of the email getting through at this point is littered with misspelled words as part of the formula for breaking the spam filter. Ad a Percentage to misspelled words to that formula. Relax on the Html content math and would probably relieve 50-70% of the false positives and catch millions more spam messages.

Routine monitoring- Doing a reverse look up on every connection is a server load monster. But sampling it when you have problems that is the answer. Turn it on for a few days and get a report of the Email to flagged email ratio's and possible ips to block connection to your server from. Again this is a manual task at this point and it really should be automated.

**bhd** · 07-14-2005 06:35 AM

Originally Posted by gunmuse

The mail accounts that had Box trapper enabled. Still function as if it was even when disabled in the WHM. Cpanel hasn't addressed the issue yet.

I think box trapper is really dangerous - it does not stop spam but simply creates tons more! ... and gets servers blocked because of spoofed 'from' addresses.
'
Unfortunately, we enabled it on one server to test it but now that it's disabled, it still shows in the webmail whebmail login - https://domian.com:2096/

Anyone know if there are plans to fix this or how to disable it manually?

**jimjoe** · 09-21-2005 02:05 AM

Will boxtrapper slow down the server any more than having the default setting for all accounts be :fail:?

That sends out an email too for each piece of mail that doesn't match one of the real mailboxes, so if that doesn't overload our server, how would boxtrapper be any worse, since it does basically the same thing.

Or... is there additional resources that boxtrapper takes up in the process that :fail: from the mailserver doesn't?

thanks! Jim

**rvskin** · 09-21-2005 02:34 AM

Using :fail: don't send bounce email from your server to the sender. It reject mail at SMTP time. Bounce email will be sent by sender mailserver itself.

**bhd** · 09-21-2005 02:42 AM

Originally Posted by jimjoe

That sends out an email too for each piece of mail that doesn't match one of the real mailboxes, so if that doesn't overload our server, how would boxtrapper be any worse, since it does basically the same thing.

Actually :fail: does not send out any email at all. It simply denies the message at SMTP time. It thus causes almosr zero load and is the best option to use.

The whole :fail: VS :blackhole: thing has been discussed many times here before and you may want to read up on it since it can make a massive difference on a server that gets many misdirected emails.

For example, we have a customer that gets up to 100k emails / day (all spam to bogus addresses on his site). The server was being hammered. We changed his default address from :blackhole: to :fail: and the server load came down form an average of about 2 to under 0.7. Thats a huge difference.

**chirpy** · 09-21-2005 12:14 PM

Indeed. I've written a breakdown of the reasons here:
http://www.configserver.com/free/fail.html

Will boxtrapper slow down the server any more than having the default setting for all accounts be :fail:?

Yes, it will, but by how much is directly related to how much email it receives.

**BraveX** · 11-17-2005 05:16 PM

Thanks, everyone. I was actually considering using Boxtrapper until I read this thread.

Am surprised it still comes up in webmail even when disabled in the features manager. Hope this is fixed in the next update of cpanel.

LinkBack

Thread Tools

BoxTrapper causes huge serverloads

boxtrapper error - Cpanel::Logger::invalid called in boxtrapper

Boxtrapper to Boxtrapper email

Huge issue

Need Huge Help!

Huge Problems