anti-spam - is no 'false positives' achievable?

[spaceman]

Hi All.

We run 3 dedicated WHM/cPanel servers on behalf of several hundred website hosting clients.

For years I've been extremely reluctant to put any server-wide anti-spam measures in place, preferring to recommend to clients that they take local anti-spam precautions. I just don't want the hassle of false positives: email that is misidentified as spam, and blocked from arriving in the intended inbox.

However, due to the incredible volume of spam in circulation, I'm re-considering my position. What I'd like to implement is a server-wide anti-spam solution that guarantees (or as near as dammit, eg. less than one in 10,000 or stricter) no false positives. In other words, I'll accept that some spam will get through if it means that the really obvious stuff (which most of it is) and legitimate messages are never blocked.

So does anyone know if this can be achieved, and if so, which software/setting?

Thanks.

 

[chirpy]

I'd recommend installing MailScanner. It is excellent at tagging spam and you can set it to tag at 2 different score levels (low scoring and high scoring). You can choose on a per domain basis what score levels you want to use and what actions to take (deliver, forward, delete the email). You can then configure it on a per customer basis, i.e. those willing to take the small risk of false-positives and those that are not. You will never achieve 0 false-positives, but you can get very close.

I have a free installation package for it:
http://www.webumake.com/free/mailscanner.htm

It would be fair to say that there is another solution available on cPanel servers that is configured using exiscan (a search on the forum will bring it up) but it has far less scope for per domain configuration and actions.

There are performance considerations if you also do virus scanning on servers with low memory and very high email throughput, but a normally configured server is almost always fine.

 

[spaceman]

Thanks for you reply, chirpy. We're already using Mailscanner for anti-virus, but not for anti-spam (yet).

At the risk of being flamed for not reading the f'ing manual...

...let's say we turned low level anti-spam checking on with Mailscanner. Is there an option to store it for a week (all mail that was marked as spam), and then auto-delete, i.e. so that we could re-queue it for a client who insists that it's not spam?

That said, I think I'd be able to justify a policy where ALL email identified as spam is instantly deleted IF, and only if, a log is kept that clearly identified date, sender, and recipient emails so that we are in a position to authoritatively advise a client whether or not our anti-spam measures were the reason for the mail not getting through. Does Mailscanner create such a log to allow such a reference to be made?

Thanks for your help.

P.S. Bottom line: if we plan to implement any sort of anti-spam measures on behalf of our valued clients then I need to formulate a good, reasonable, anti-spam policy that can be communicated to our clients prior to any changes happening. And in order to do this I first have to understand what Mailscanner can and can't do technically.

 

[chirpy]

Yes, you can do that with MailScanner. You can quarantine all email, just spam and just viruses. You can then release them back to the user. A handy UI for this is MailWatch, though it can be tricky getting it configured:
http://mailwatch.sourceforge.net/

Without MailWatch, you would have to do it by hand from shell. MailScanner can be configured to clear down the quarantine directories on a regular basis.

 

[mr.wonderful]

Hi All.

We run 3 dedicated WHM/cPanel servers on behalf of several hundred website hosting clients.

For years I've been extremely reluctant to put any server-wide anti-spam measures in place, preferring to recommend to clients that they take local anti-spam precautions. I just don't want the hassle of false positives: email that is misidentified as spam, and blocked from arriving in the intended inbox.

However, due to the incredible volume of spam in circulation, I'm re-considering my position. What I'd like to implement is a server-wide anti-spam solution that guarantees (or as near as dammit, eg. less than one in 10,000 or stricter) no false positives. In other words, I'll accept that some spam will get through if it means that the really obvious stuff (which most of it is) and legitimate messages are never blocked.

So does anyone know if this can be achieved, and if so, which software/setting?

Thanks.

You need a solution like this;

Jan 17 12:45:42 sever5 MailScanner[22884]: Message 1Cqawz-0000xc-JZ from 209.124.86.42 ([email protected]) to sler.us is spam, SpamAssassin (score=33.045, required 3.5, autolearn=spam, BAYES_99 1.89, CLICK_BELOW_CAPS 0.11, DCC_CHECK 5.00, DIGEST_MULTIPLE 0.10, DOMAIN_4U2 1.59, EXCUSE_3 0.12, HTML_FONT_BIG 0.14, HTML_FONT_INVISIBLE 0.04, HTML_IMAGE_RATIO_06 0.13, HTML_MESSAGE 0.00, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 5.00, SARE_HTML_MANY_BR05 0.89, SARE_HTML_MANY_BR10 1.37, SARE_HTML_TITLE_SEX 0.69, SUBJECT_SEXUAL 2.90, UPPERCASE_25_50 0.03, URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 4.00, URIBL_SBL 1.00, URIBL_WS_SURBL 4.00)

And you can expect about ZERO spam. In 4 days we have 4 msgs stuck in the queue and those were sent outbound by one of our users. Its not spam. So in 4 days 99% of spam is being killed off. Since Cpanel has closed OFF the use of PM's, i couldnt reply personally but if you need more information on this solution contact me, somehow.

 

[chirpy]

Since Cpanel has closed OFF the use of PM's, i couldnt reply personally

No, they haven't.

 

[bullethost696]

I recommend you check out Webumake's anti spam solution as it has made a huge improvement to both my servers anti spam abilities

 

[Bloory]

I recommend you check out Webumake's anti spam solution as it has made a huge improvement to both my servers anti spam abilities

I'll second that. The price he charges isn't worth my time even attempting it. :D

 

[bullethost696]

and chirpy updated the mail scanner plugin for me months after using the service