The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cpanel pro & boxtrapper : what works and what doesn't

Discussion in 'General Discussion' started by danimal, Nov 17, 2004.

Thread Status:
Not open for further replies.
  1. danimal

    danimal Well-Known Member

    Joined:
    Jul 14, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    Folks,

    After using BoxTrapper (version 0.9.9 I believe) for a while, and after reading through all the threads related to BoxTrapper, I've come up with some good tips for it as well as my list of bugs and suggestions. I would welcome any comments, including any suggested fixes for the issues that I have with it. Thanks!

    First off, let me say that I think that this is a GREAT idea in theory. An integrated opt-in spam solution is a MUST for cpanel. Particularly one that is end-user managable. My wife is happy again because BoxTrapper has made her spam virtually go away (kudos for the techie husband who _finally_ did something about spam. *grin*).

    That being said, here's my current list of gripes and suggestions and tips:

    Gripe #1: End-user management is so broken as to be unusuable.
    If you log into WebMail and access the BoxTrapper tools, you notice that:
    a) there is no link to configure the various emails (verify, re-verify, blacklisted). These currently can only be configured via the main cpanel account
    b) the lists are not actually editable!!! If you try to edit one, and then click the SAVE button, you get a page with SAVED but it's not actually running any code (as far as I can tell). It certainly doesn't save the list, so your edits are lost. The only way to manually edit the list is from the main cpanel account (or edit the file on the server, I guess)

    Both of these features are kinda important for us Web Hosters so that our clients can manage their own accounts.

    Gripe #2: list regexp is either too limiting or else needs some documentation
    Currently, as far as I know, you can only do straight string matching on "from" and "subject". You can do wildcard equivalents, but not to the level of functionality of, say, perl regular expressions. And you can't match against "to" or "cc" or "reply-to" or any other header fields.

    Gripe #3: returnverify message isn't sent
    First off, I'm not even sure this is a necessary feature. Once a user replies to the verify message, they should understand based upon the message that there is nothing more to do and that you will then receive their original message. So, the gripe is that this is a broken thing, even though IMHO it should be ignored (not used) anyway.

    Gripe #4: verify code should match to original message, not incoming address
    If user1@somewhere.com sends an email and then gets the verify message, but upon reply, the person, who is a techie and has Eudora configured with multiple personalities, each with a different email address, replies to the verify message as from: differentuser@somewhereelse.com, BoxTrapper mistakenly adds "differentuser@somewhereelse.com" to the whitelist and since it doesn't match "user1@somewhere.com", it (a) doesn't add user1@somewhere.com to the whitelist and (worse!) (b) doesn't release the original email from user1@somewhere.com. What is should do is: associate the verify code with the original email address regardless of the To: field in the verify reply and then (a) whitelist the original address (user1@somewhere.com) and (b) release the email(s) for that address

    Gripe #5: whitelist gets munged when combining manual edits and automatic edits (from queue actions and/or auto-whitelisting)
    The infamous blank from line is an example of this. I've also noticed straight up blank lines. This causes false matches which puts spam in the inbox. At least this is manageable, but requires periodically going in via the main cpanel account (see gripe #1) and cleaning up the whitelist (and other lists).

    Gripe #6: Queue should be inbox-like, not day-based pagination (like the logs)
    It is annoying to have to navigate back days to see messages in the queue from previous days. The queue should be like any of the webmail systems inboxes: just a long list of messages sorted by day and optionally paginated at some number (like 50). The queue should also have various sorting, filtering, date range selection and such functions.

    Gripe #7: Queue actions are per-message and require clicking on a message
    Just like with the webmail systems, you should be able to select multiple (or all) messages in the queue from the queue list and then perform sensible actions: delete all, delete and blacklist, delete and ignorelist, delete and whitelist (why not), release and X, etc.

    Gripe #8: The log file should contain more information for "successes"
    It just says "Email matches line 2 of whitelist" or such. The matches should work like the failures and queues: show from address and subject line. This would make reading the log file easier. In fact, it should be like exim logs or other system logs... have an internally consistent structure like:
    <date&timestamp> <messageid> <from> <status (success, fail/ignore, queue, etc)> <subject> <notes>
    or something like that. Then, all the lines would be structurally the same.

    -Danimal :cool:
     
    #1 danimal, Nov 17, 2004
    Last edited: Nov 17, 2004
  2. danimal

    danimal Well-Known Member

    Joined:
    Jul 14, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    ... more ...

    And now some general suggestions:

    Suggestion #1: add in ASK-like email controls. It would be nice to be able to view the log or queue and perform actions on the queue directly via email. ASK and TMDA have this feature. Also, to be able to modify the lists via email edits.

    Suggestion #2: have daily? and/or weekly? backups of configuration options, including the lists. Then, if your whitelist gets messed up, for example, you can roll back to a previous working version.

    Suggestion #3: Make the queue more user-friendly (see Gripe #7)

    Suggestion #4: same for the log file (see Grip #8)

    Suggestion #5: provide some very basic documentation on configuration options (like codes for the emails)

    Suggestion #6: have optional auto-reminder emails. I.e. if you set your queue to purge at 30 days, then have an option to have BoxTrapper email your account a list of queue items that will be auto-purged in X days. So let's say you set X to 2, then every day you'd get an email with the list of queue emails (maybe from and subject) that will be purged in 2 or less days.

    Suggestion #7: have optional auto-ignore-list. I.e. if on, then when emails are auto-purged from the queue, they are added to the ignore list. This way, you don't have to do _anything_ about the spam (unless the spammer replies) and it keeps your queue clean because spam messages in the queue eventually get added to the ignore list. The only downside is that if you miss a real address, it gets added eventually to the ignore list and you never see future messages from that address. On the other hand, if you didn't see it in the queue and it got purged, you wouldn't see it anyway.

    Suggestion #8: Add a "auto-pass key" as an optional feature. This is where you could define a chunk of text of whatever sort... and if an email comes in and matches that text, the email bypasses the verify/list mechanism and just goes to your inbox. This way, you could add some unique string or phrase or something in emails that you send to people (perhaps new or potential clients). When/if they reply, and include your message in the reply, their reply goes right through and doesn't require whitelisting.

    Suggestion #9: Add 3rd-party access control delegation. As a parent, it concerns me what junk might make it into my kids email box. It would be great if I could have access to manage their account (either partially or fully) without having to log into their webmail account. I.e. from _my_ webmail account, clicking on the BoxTrapper, I could have a list of accounts to manage, perhaps just like there are multiple webmail systems I could choose. Then, if I chose my son's account, I could manage the queue and the lists and such. Actually, a whole set of parental control features would be nice... maybe even beyond parental control... this could be good for CxO's who are too busy to manage their accounts and want their secretaries to do it? Hmmm...

    Suggestion #10: have the verify emails come from the To: field of the original email, even if it doesn't match the BoxTrapper account. For example, if I have dude@one.com forward to dude@two.com and dude@two.com is the BoxTrapper-enabled account, then if someone emails to dude@one.com, the BoxTrapper verify message should come from dude@one.com instead of dude@two.com (which is what it does now).

    -Danimal :cool:
     
  3. danimal

    danimal Well-Known Member

    Joined:
    Jul 14, 2003
    Messages:
    79
    Likes Received:
    0
    Trophy Points:
    6
    ... and more ...

    And now some tips I've learned:

    Tip #1: Modify your verify email message and take out the %headers% tag. It's just too ugly and most people will not know what it is.

    Tip #2: In your verify email, mention that the _purpose_ of their reply is to release their _original_ email to your inbox and that any content they put in their reply will be lost/not read.

    Tip #3: here are some header tags you can use in the verify (and return verify and blacklist) emails:
    %acct%
    %msgid%
    %subject%
    %email%
    %headers%
    %webdomain%

    Tip #4 (from another thread): here's a good template for the verify email (I actually use this one):
    -------------------------------------
    To: %email%
    Subject: Sender Verification Request [ verify#%msgid% ]

    In the war on spam, here's another line of defense.

    Your e-mail entitled "%subject%" to %acct% is from an e-mail address that I don't recognize yet. For me to recieve messages from your %email% address, please reply to this message without changing the subject.

    Once you reply to this message, I'll get your original and future messages without further interference given that they're coming from %email%.

    Also please note that your reply will be used to automatically approve and release your original message, so don't put anything in your reply since I won't ever read it.

    Thank you!

    -----

    My Account: %acct%
    Message ID:%msgid%
    Subject: %subject%
    Web Domain: %webdomain%
    Email: %email%

    -----

    Full Headers: %headers%

    -------------------------------------

    Tip #5: the lists use regexp pattern matching. So, to match a whole domain, just do:
    from @domain.com
    or even:
    from @domain

    Tip #6: because the lists use regexp pattern matching, beware of characters that may cause pattern issues. For example, if you subscribe to a mailing list and the name of the list is prepended to the subject line as [listname] then pattern-match _without_ the brackets:
    GOOD: subject listname
    BAD: subject [listname]
    (the latter will cause a match-all success and match everything)


    That's enough for now! Enjoy!

    And if you've made it this far. Whew! :D

    -Danimal :cool:
     
    #3 danimal, Nov 17, 2004
    Last edited: Nov 17, 2004
  4. DogTags

    DogTags Active Member

    Joined:
    Mar 10, 2002
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    6
    Verified Email moved to Inbox - not working?

    Hi All

    First, thanks for this thread. Boxtrapper/ASK - either would be great to have working.

    Am I mistaken, or isn't it true that once an email is verified that it should automatically be moved to the recipient's inbox? I mean, it is supposed to be pretty automatic, right?

    In my trials, that never happened. Instead, even after validation, the dang email sat in the holding tank. This makes things rather useless. The idea is to allow boxtrapper/ASK to go through this validation routine all automatically so that the recipient has LESS work to do, not more (/end rant) :)

    Man, I would love to get boxtrapper or ASK working, but if it's stuck on all this manual processing, it ain't gonna fly.

    Please let me know if I'm off track. I'm pulling my last few hairs out :)
     
  5. dougiamas

    dougiamas Member

    Joined:
    Jul 15, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Yes it should be doing that, and in my trials today it WAS doing that. After the mail was verified it appeared in my destination INBOX. I use IMAP if that matters.
     
  6. damainman

    damainman Well-Known Member

    Joined:
    Nov 13, 2003
    Messages:
    515
    Likes Received:
    0
    Trophy Points:
    16
    Nice post, make sure you submit a enhancement request in bugzilla, and post the same eact thing there :)
     
  7. Abu Mami

    Abu Mami Active Member

    Joined:
    Mar 11, 2004
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for this information. Where can I find the full list of header tags?

    All-in-all, boxtrapper seems fairly effective, however there don't seem to be any docs. Is there anyplace I can find more information on boxtrapper?

    Thanks.
     
  8. mbogosian

    mbogosian Registered

    Joined:
    Dec 28, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    yes, the docs are pretty much useless

    I second this request. It seems that the available cpanel documentation was written with the absolute simplest user in mind with no mention of what is possible or even how things work under the covers. It is extremely frustrating to have to register for the user help forums to get any kind of useful in-depth information.

    For example, I created an entry on my Boxtrapper "ignore" list as follows:

    Code:
    subject [SPAM]
    It would have been nice if someone mentioned that regular expressions were expected, since this rule matches every e-mail with a "Subject:" header*. I ended up having all my e-mails ignored for 24 hours before I figured it out.

    Ouch! :eek:

    Not at all clear from the written-for-a-six-year-old documentation. :mad:

    * The string "[SPAM]" in regex means match any string that contains "S", "P", "A", or "M". Since the "Subject:" header always contains an "S" character at beginning of the word "Subject", every e-mail was ignored.
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Please don't dig up old threads in this manner.
     
Loading...
Thread Status:
Not open for further replies.

Share This Page