The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BoxTrapper causes huge serverloads

Discussion in 'General Discussion' started by gunmuse, Nov 15, 2004.

  1. gunmuse

    gunmuse Well-Known Member

    Joined:
    Jul 3, 2003
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Mexico
    We get an huge amount of bogus spam generated by robots. I turned on the box trapper without thinking and when you get stuff that is bogus your "please confirms start overloading your server"

    :blackhole: needs to be default for users when they enable this feature. No exception.

    Went from a static 5.5 server load to a .36 after making this change and clearing my mail que.

    Also it appears that once you enable the box trapper disabling it doesn't actually disable the feature on the mailbox just in the Users cpanel. People were still getting a bounce back email after disabling this feature.

    also There should be an automatic response of reporting spam senders automatically. Its completely insane to do this by hand when we are getting 28,000 emails a day. Sending a consolidated report to DNS relay's would be a big dent in the war on spam as long as you don't get the crap like I got today. Accused of spam when he got a box trapper message from one of HIS spam messages. The genius actually reported me to my registar for responding automatically to his spam.
     
  2. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for sharing this information. I was thinking of enabling this feature on my VPS for my customers but am concerned about the overload you mention.

    How has it been working for you since?
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    This is one of the greatest flaws of such challenge response systems. Generally, they actually increase the amount of email that you'll have processing through your server because of spam that reducing it. You also run the risk (as shown here) of having your server RBL'd because of the arbitary nature of the challenge. They may be fine for one mail box, but from a server perspective they're useless for reducing the amount of spam going through your server and the internet as a whole - that's why generally, anti-spam proponents hate such systems. It's much better to stop it before it hits a user account.
     
  4. djblamire

    djblamire Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    250
    Likes Received:
    0
    Trophy Points:
    16
    Is it easy to disable the 'Boxtrapper' function for all accounts after upgrading to cpanel Pro ?

    Thanks
    Daniel
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yup, just do it in the WHM > Feature Manager
     
  6. djblamire

    djblamire Well-Known Member

    Joined:
    May 3, 2003
    Messages:
    250
    Likes Received:
    0
    Trophy Points:
    16
    Thank you Chirpy :)

    Daniel
     
  7. rvskin

    rvskin Well-Known Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    400
    Likes Received:
    1
    Trophy Points:
    18
    It works under cPanel but under Webmail it doesn't. Webmail interface doesn't conform to the feature list. User still able to enable boxtrapper inside Webmail. If you don't want user to do it, you need to remove the file /usr/local/cpanel/base/webmailboxtrapper.cgi . But it will be recreated every time you update cPanel.
     
  8. gunmuse

    gunmuse Well-Known Member

    Joined:
    Jul 3, 2003
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    New Mexico
    The mail accounts that had Box trapper enabled. Still function as if it was even when disabled in the WHM. Cpanel hasn't addressed the issue yet.

    BlackHoleing spam is still the best method of handling automated "email guesses" to the server.

    I think the spam project has taken the wrong approach and others have followed in the lost footsteps.

    99% of the spam that is getting through is a garbled mess. Originates from a country I could care less about getting email from.

    WHM should create an IP tables interface. THATS an admin tool. Long over do at that. Let the server owner start blocking IP groups using the IP tables. Very load server load using this method. Also its really the best firewall out there.

    Iptablesrock.org has a wonderful how-to on IP tables and building a user interface for building the Allows and disallows is the missing link in main stream usability.


    As for the proper country and proper port connections for spammer. A relaxation on the current methods as they through up more false positives than should be allowed.

    Add in as a replacement (Spell checking). Most of the email getting through at this point is littered with misspelled words as part of the formula for breaking the spam filter. Ad a Percentage to misspelled words to that formula. Relax on the Html content math and would probably relieve 50-70% of the false positives and catch millions more spam messages.

    Routine monitoring- Doing a reverse look up on every connection is a server load monster. But sampling it when you have problems that is the answer. Turn it on for a few days and get a report of the Email to flagged email ratio's and possible ips to block connection to your server from. Again this is a manual task at this point and it really should be automated.
     
  9. bhd

    bhd Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    149
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    JNB ZA
    cPanel Access Level:
    Root Administrator
    I think box trapper is really dangerous - it does not stop spam but simply creates tons more! ... and gets servers blocked because of spoofed 'from' addresses.
    '
    Unfortunately, we enabled it on one server to test it but now that it's disabled, it still shows in the webmail whebmail login - https://domian.com:2096/

    Anyone know if there are plans to fix this or how to disable it manually?
     
    #9 bhd, Jul 14, 2005
    Last edited: Jul 14, 2005
  10. jimjoe

    jimjoe Well-Known Member

    Joined:
    Jan 31, 2002
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Will boxtrapper slow down the server any more than having the default setting for all accounts be :fail:?

    That sends out an email too for each piece of mail that doesn't match one of the real mailboxes, so if that doesn't overload our server, how would boxtrapper be any worse, since it does basically the same thing.

    Or... is there additional resources that boxtrapper takes up in the process that :fail: from the mailserver doesn't?

    thanks! Jim
     
  11. rvskin

    rvskin Well-Known Member
    PartnerNOC

    Joined:
    Feb 19, 2003
    Messages:
    400
    Likes Received:
    1
    Trophy Points:
    18
    Using :fail: don't send bounce email from your server to the sender. It reject mail at SMTP time. Bounce email will be sent by sender mailserver itself.
     
  12. bhd

    bhd Well-Known Member

    Joined:
    Sep 20, 2003
    Messages:
    149
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    JNB ZA
    cPanel Access Level:
    Root Administrator
    Actually :fail: does not send out any email at all. It simply denies the message at SMTP time. It thus causes almosr zero load and is the best option to use.

    The whole :fail: VS :blackhole: thing has been discussed many times here before and you may want to read up on it since it can make a massive difference on a server that gets many misdirected emails.

    For example, we have a customer that gets up to 100k emails / day (all spam to bogus addresses on his site). The server was being hammered. We changed his default address from :blackhole: to :fail: and the server load came down form an average of about 2 to under 0.7. Thats a huge difference.
     
  13. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Indeed. I've written a breakdown of the reasons here:
    http://www.configserver.com/free/fail.html
    Yes, it will, but by how much is directly related to how much email it receives.
     
  14. BraveX

    BraveX Well-Known Member

    Joined:
    Apr 8, 2005
    Messages:
    155
    Likes Received:
    0
    Trophy Points:
    16
    Thanks, everyone. I was actually considering using Boxtrapper until I read this thread.

    Am surprised it still comes up in webmail even when disabled in the features manager. Hope this is fixed in the next update of cpanel.
     
Loading...

Share This Page