Email Filtering of IP Addresses

[neil154]

Like everyone else I am trying to reduce my spam email. So when I get a spam email I am taking the IP address of the sender and putting it in a email filter to automatically reject that IP address in the future.

I would appreciate your comments on this. Am I going to have a hopelessly long list or am I creating a problem because there might be many other people that are legitimate senders using the same IP?

Thanks for your thoughts.

 

[rhenderson]

Been down that road as well, although it does help a tiny bit, we opted to get a hosted list and download it to our /etc/spammeripblocks there are several out there for free

 

[neil154]

Been down that road as well, although it does help a tiny bit, we opted to get a hosted list and download it to our /etc/spammeripblocks there are several out there for free

I am not familiar with what you are discussing, could you give me more details so I can research the same. I also am not aware of how I can download it /etc/spammeripblocks and would appreciate info on that to!

 

[rhenderson]

I am not familiar with what you are discussing, could you give me more details so I can research the same. I also am not aware of how I can download it /etc/spammeripblocks and would appreciate info on that to!

In our exim.conf "Combined Exim Configuration" we have

hostlist spammeripblocks = net-iplsearch;/etc/spammeripblocks

I can't remember if it is a default exim.conf setting, but if it isn't it can easily be added.

So any IP's in the /etc/spammeripblocks is rejected as SMTP time, from there you can populate the /etc/spammeripblocks file a different number of ways.

For example if you wanted to use a list from Stop Forum Spam then simply write a script to take care of populating the file for you, then use a cron to call it however often you want to refresh the list.

Sample script to populate the file

#!/bin/sh
cd /tmp
wget http://www.stopforumspam.com/downloads/listed_ip_1.zip
unzip listed_ip_1.zip
mv -f listed_ip_1.txt /etc/spammeripblocks
rm -rf listed_ip_1.zip
chown root:mail /etc/spammeripblocks
/scripts/restartsrv_exim
exit;

We also added some more RBL's in exim, plus run a second email server just for knocking out most of the spam.

 

[neil154]

I am sorry but I am not familiar with exim.conf and do not see it in the cPanel that I access from my hosting company. I assume it is there someplace and would appreciate your assistance to show me how to get at it.

 

[rhenderson]

I am sorry but I am not familiar with exim.conf and do not see it in the cPanel that I access from my hosting company. I assume it is there someplace and would appreciate your assistance to show me how to get at it.

Sounds like you on a personal or reseller account, therefore you cannot deploy the solution.

 

[sawbuck]

@rhenderson

Thanks for posting the info about populating spammeripblocks.

Curious if you've noticed any additional load issues using the SFS list?

 

[rhenderson]

@rhenderson

Thanks for posting the info about populating spammeripblocks.

Curious if you've noticed any additional load issues using the SFS list?

Not on our end, but we are running 16 core 24GB ram servers

 

[neil154]

My cPanel is provided to me by my hosting company so I guess I do not have the access to Exim.conf.

Any suggestion on reducing the spam email would be appreciated. I already use SpamAssassin & BoxTrapper. I am getting spam email which is not getting caught by the email filters (even though th test filter says it should not have gotten to me).

My hosting company is useless they just keep telling me the cPanel is not perfect

 

[rhenderson]

My cPanel is provided to me by my hosting company so I guess I do not have the access to Exim.conf.

Any suggestion on reducing the spam email would be appreciated. I already use SpamAssassin & BoxTrapper. I am getting spam email which is not getting caught by the email filters (even though th test filter says it should not have gotten to me).

My hosting company is useless they just keep telling me the cPanel is not perfect

At the access you have there is not a whole lot you can do. User level will only help on recurring spam. You might need to buy an additional email service and put your email there.

 

[neil154]

I guess I am wondering if email filtering problems that I am having are because of the implementation by my hosting company or it is a normal issue with any hosting company that uses cPanel and would appreciate some feedback on this point.

 

[rhenderson]

Neil,

I am sure out of 1000 companies the spam is handled 1000 different ways. cPanel is not necessary designed to to take care of spam, but to provide a platform for the server administrators to have a basic setup then customize to fit their needs. There are aftermarket solutions but that adds to the cost of doing business which raises the price of hosting and hosting is such a competitive market where every dollar counts.

As a host, when you block it server wide you also run the issue of blocking something someone wanted. We think a really good solution is to filter the email on it's own dedicated server, allow the user to have more control in blocking or allowing the emails, following up with a nightly email showing what was blocked with the option to release those email(s). But then some users do not want that much "hands-on". SOmeone else reading this might think that way of doing it is terrible, it is just really hard to find a balance.

 

[neil154]

I understand your philosophy and agree with it. In my case I have set up email filters on my personal email accounts (I am the administrator for the domain also) but I am getting email which is supposed to be filtered out and rejected. After I received the emails I then copied the email body to the cPanel Email test filter and the filter says that the email should not have been delivered. So that is why I am wondering if it is a cPanle problem that I would have no matter who is the hoster (as long as they use cPanel) or it is a problem with the implementation by my hosting company

 

[rhenderson]

I would say if the filter tester says it should be blocked and it is not blocked then that sounds like a cPanel issue. Can you post the email and what your putting in the filter?

To me that doesn't not sound like you host is doing anything to cause that, like overriding it.

 

[neil154]

The attached file below shows the filter I have setup and I have pasted the email also. As I said the filter says it should not have gotten to me and when I ask my hosting company they just say they do not know and that the filters are not perfect. This not the only email that I have the problem with just the easiest one I could find.

Airline Tickets

Save big when you fly with these deals

Save on your next flight. Find hundreds of airline ticket deals for less. Start saving on travel today.

 

Preferences 

13876 SW 56 St, Miami, FL 33175
________________________________________
Unsubscribe

 

[rhenderson]

The attached file below shows the filter I have setup and I have pasted the email also. As I said the filter says it should not have gotten to me and when I ask my hosting company they just say they do not know and that the filters are not perfect. This not the only email that I have the problem with just the easiest one I could find.

Airline Tickets

Save big when you fly with these deals

Save on your next flight. Find hundreds of airline ticket deals for less. Start saving on travel today.

 

Preferences 

13876 SW 56 St, Miami, FL 33175
________________________________________
Unsubscribe

View attachment 20502

You might take the SW out to see if that changes things, you also might have your host look at the logs to see if there is an error reporting in the exim logs.

 

[neil154]

My hosting company won't do anything. I have also tried various other slight modification to the filter but no change. As I said this is not the only email filter which has failed so I am very frustrated and I will be changing hosting company when my contract is up. I will seriously consider other hosting companies which don't use cPanel (but in my first look, it looks like cPanel has the entire market).

 

[rhenderson]

There are other control panels out there, but we simply think cPanel is the best. We've tested some of them because they were cheaper but did not like how they tested out. The biggest problem I see is at your level of access your hands are tied, if your host is unresponsive to your issues then there is not a lot you can do, but that is not the fault of cPanel software.

 

[neil154]

Okay, that is fair enough. Do you have a list of suggested hosting companies that you would suggest?

 

[rhenderson]

I think the forum rules disallow advertising hosts, take a look at WebHostingTalk, tons of offers in there.