Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

anti-spam - is no 'false positives' achievable?

Discussion in 'General Discussion' started by spaceman, Jan 15, 2005.

  1. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    497
    Likes Received:
    3
    Trophy Points:
    318
    Hi All.

    We run 3 dedicated WHM/cPanel servers on behalf of several hundred website hosting clients.

    For years I've been extremely reluctant to put any server-wide anti-spam measures in place, preferring to recommend to clients that they take local anti-spam precautions. I just don't want the hassle of false positives: email that is misidentified as spam, and blocked from arriving in the intended inbox.

    However, due to the incredible volume of spam in circulation, I'm re-considering my position. What I'd like to implement is a server-wide anti-spam solution that guarantees (or as near as dammit, eg. less than one in 10,000 or stricter) no false positives. In other words, I'll accept that some spam will get through if it means that the really obvious stuff (which most of it is) and legitimate messages are never blocked.

    So does anyone know if this can be achieved, and if so, which software/setting?

    Thanks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    I'd recommend installing MailScanner. It is excellent at tagging spam and you can set it to tag at 2 different score levels (low scoring and high scoring). You can choose on a per domain basis what score levels you want to use and what actions to take (deliver, forward, delete the email). You can then configure it on a per customer basis, i.e. those willing to take the small risk of false-positives and those that are not. You will never achieve 0 false-positives, but you can get very close.

    I have a free installation package for it:
    http://www.webumake.com/free/mailscanner.htm

    It would be fair to say that there is another solution available on cPanel servers that is configured using exiscan (a search on the forum will bring it up) but it has far less scope for per domain configuration and actions.

    There are performance considerations if you also do virus scanning on servers with low memory and very high email throughput, but a normally configured server is almost always fine.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    497
    Likes Received:
    3
    Trophy Points:
    318
    Thanks for you reply, chirpy. We're already using Mailscanner for anti-virus, but not for anti-spam (yet).

    At the risk of being flamed for not reading the f'ing manual... :)

    ...let's say we turned low level anti-spam checking on with Mailscanner. Is there an option to store it for a week (all mail that was marked as spam), and then auto-delete, i.e. so that we could re-queue it for a client who insists that it's not spam?

    That said, I think I'd be able to justify a policy where ALL email identified as spam is instantly deleted IF, and only if, a log is kept that clearly identified date, sender, and recipient emails so that we are in a position to authoritatively advise a client whether or not our anti-spam measures were the reason for the mail not getting through. Does Mailscanner create such a log to allow such a reference to be made?

    Thanks for your help.

    P.S. Bottom line: if we plan to implement any sort of anti-spam measures on behalf of our valued clients then I need to formulate a good, reasonable, anti-spam policy that can be communicated to our clients prior to any changes happening. And in order to do this I first have to understand what Mailscanner can and can't do technically.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    Yes, you can do that with MailScanner. You can quarantine all email, just spam and just viruses. You can then release them back to the user. A handy UI for this is MailWatch, though it can be tricky getting it configured:
    http://mailwatch.sourceforge.net/

    Without MailWatch, you would have to do it by hand from shell. MailScanner can be configured to clear down the quarantine directories on a regular basis.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    166
    You need a solution like this;

    Jan 17 12:45:42 sever5 MailScanner[22884]: Message 1Cqawz-0000xc-JZ from 209.124.86.42 (cjwatson@xxxstarsforyou.com) to sler.us is spam, SpamAssassin (score=33.045, required 3.5, autolearn=spam, BAYES_99 1.89, CLICK_BELOW_CAPS 0.11, DCC_CHECK 5.00, DIGEST_MULTIPLE 0.10, DOMAIN_4U2 1.59, EXCUSE_3 0.12, HTML_FONT_BIG 0.14, HTML_FONT_INVISIBLE 0.04, HTML_IMAGE_RATIO_06 0.13, HTML_MESSAGE 0.00, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 5.00, SARE_HTML_MANY_BR05 0.89, SARE_HTML_MANY_BR10 1.37, SARE_HTML_TITLE_SEX 0.69, SUBJECT_SEXUAL 2.90, UPPERCASE_25_50 0.03, URIBL_JP_SURBL 4.00, URIBL_OB_SURBL 4.00, URIBL_SBL 1.00, URIBL_WS_SURBL 4.00)

    And you can expect about ZERO spam. In 4 days we have 4 msgs stuck in the queue and those were sent outbound by one of our users. Its not spam. So in 4 days 99% of spam is being killed off. Since Cpanel has closed OFF the use of PM's, i couldnt reply personally but if you need more information on this solution contact me, somehow.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    No, they haven't.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. bullethost696

    bullethost696 Well-Known Member

    Joined:
    Nov 23, 2003
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    England, UK
    I recommend you check out Webumake's anti spam solution as it has made a huge improvement to both my servers anti spam abilities
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Bloory

    Bloory Active Member

    Joined:
    Aug 22, 2002
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    156
    I'll second that. The price he charges isn't worth my time even attempting it. :D
     
  9. bullethost696

    bullethost696 Well-Known Member

    Joined:
    Nov 23, 2003
    Messages:
    133
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    England, UK
    and chirpy updated the mail scanner plugin for me months after using the service
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice