The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

anti-spam - is no 'false positives' achievable?

Discussion in 'General Discussion' started by spaceman, Jan 15, 2005.

  1. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Hi All.

    We run 3 dedicated WHM/cPanel servers on behalf of several hundred website hosting clients.

    For years I've been extremely reluctant to put any server-wide anti-spam measures in place, preferring to recommend to clients that they take local anti-spam precautions. I just don't want the hassle of false positives: email that is misidentified as spam, and blocked from arriving in the intended inbox.

    However, due to the incredible volume of spam in circulation, I'm re-considering my position. What I'd like to implement is a server-wide anti-spam solution that guarantees (or as near as dammit, eg. less than one in 10,000 or stricter) no false positives. In other words, I'll accept that some spam will get through if it means that the really obvious stuff (which most of it is) and legitimate messages are never blocked.

    So does anyone know if this can be achieved, and if so, which software/setting?

    Thanks.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    I'd recommend installing MailScanner. It is excellent at tagging spam and you can set it to tag at 2 different score levels (low scoring and high scoring). You can choose on a per domain basis what score levels you want to use and what actions to take (deliver, forward, delete the email). You can then configure it on a per customer basis, i.e. those willing to take the small risk of false-positives and those that are not. You will never achieve 0 false-positives, but you can get very close.

    I have a free installation package for it:
    http://www.webumake.com/free/mailscanner.htm

    It would be fair to say that there is another solution available on cPanel servers that is configured using exiscan (a search on the forum will bring it up) but it has far less scope for per domain configuration and actions.

    There are performance considerations if you also do virus scanning on servers with low memory and very high email throughput, but a normally configured server is almost always fine.
     
  3. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for you reply, chirpy. We're already using Mailscanner for anti-virus, but not for anti-spam (yet).

    At the risk of being flamed for not reading the f'ing manual... :)

    ...let's say we turned low level anti-spam checking on with Mailscanner. Is there an option to store it for a week (all mail that was marked as spam), and then auto-delete, i.e. so that we could re-queue it for a client who insists that it's not spam?

    That said, I think I'd be able to justify a policy where ALL email identified as spam is instantly deleted IF, and only if, a log is kept that clearly identified date, sender, and recipient emails so that we are in a position to authoritatively advise a client whether or not our anti-spam measures were the reason for the mail not getting through. Does Mailscanner create such a log to allow such a reference to be made?

    Thanks for your help.

    P.S. Bottom line: if we plan to implement any sort of anti-spam measures on behalf of our valued clients then I need to formulate a good, reasonable, anti-spam policy that can be communicated to our clients prior to any changes happening. And in order to do this I first have to understand what Mailscanner can and can't do technically.
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, you can do that with MailScanner. You can quarantine all email, just spam and just viruses. You can then release them back to the user. A handy UI for this is MailWatch, though it can be tricky getting it configured:
    http://mailwatch.sourceforge.net/

    Without MailWatch, you would have to do it by hand from shell. MailScanner can be configured to clear down the quarantine directories on a regular basis.
     
  5. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    You need a solution like this;

    Jan 17 12:45:42 sever5 MailScanner[22884]: Message 1Cqawz-0000xc-JZ from 209.124.86.42 (cjwatson@xxxstarsforyou.com) to sler.us is spam, SpamAssassin (score=33.045, required 3.5, autolearn=spam, BAYES_99 1.89, CLICK_BELOW_CAPS 0.11, DCC_CHECK 5.00, DIGEST_MULTIPLE 0.10, DOMAIN_4U2 1.59, EXCUSE_3 0.12, HTML_FONT_BIG 0.14, HTML_FONT_INVISIBLE 0.04, HTML_IMAGE_RATIO_06 0.13, HTML_MESSAGE 0.00, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 5.00, SARE_HTML_MANY_BR05 0.89, SARE_HTML_MANY_BR10 1.37, SARE_HTML_TITLE_SEX 0.69, SUBJECT_SEXUAL 2.90, UPPERCASE_25_50 0.03, URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 4.00, URIBL_SBL 1.00, URIBL_WS_SURBL 4.00)

    And you can expect about ZERO spam. In 4 days we have 4 msgs stuck in the queue and those were sent outbound by one of our users. Its not spam. So in 4 days 99% of spam is being killed off. Since Cpanel has closed OFF the use of PM's, i couldnt reply personally but if you need more information on this solution contact me, somehow.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    No, they haven't.
     
  7. bullethost696

    bullethost696 Well-Known Member

    Joined:
    Nov 23, 2003
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    I recommend you check out Webumake's anti spam solution as it has made a huge improvement to both my servers anti spam abilities
     
  8. Bloory

    Bloory Active Member

    Joined:
    Aug 22, 2002
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    I'll second that. The price he charges isn't worth my time even attempting it. :D
     
  9. bullethost696

    bullethost696 Well-Known Member

    Joined:
    Nov 23, 2003
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    England, UK
    and chirpy updated the mail scanner plugin for me months after using the service
     
Loading...

Share This Page