The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FINALLY - An end to CPanel SPAM!

Discussion in 'General Discussion' started by nexthost, May 24, 2005.

  1. nexthost

    nexthost Active Member

    Joined:
    May 26, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Princeton NJ | London England
    I suggest a movement from within the CPanel community to have every single CPanel installation come with http://assp.sourceforge.net

    To begin this movement, I suggest everyone of you reading this post - WHO FOR SOME REASON HASN'T YET INSTALLED ASSP - to do so immediately!!!

    Every release continues to prove that this is the best solution out there to put an end to spam at the ROOT SMTP LEVEL :eek: There is nothing else out there that does everything ASSP does as well as ASSP does it! AND IT'S OPEN SOURCE!!

    If you are part of the group of people who hasn't yet installed ASSP, just check out the short and to the point front page of http://assp.sourceforge.net

    Doesn't describe everything that you'll find as you dig deeper into ASSP, but I'm sure 90% of you who read it will implement ASSP immediately. The bigger community of CPanel users we can get to support ASSP, the more likely of a chance we can get ASSP integrated into CPanel which will definitely put an end to spam as we know it!

    Not to mention all the COOL things that CPanel developers can do by having ASSP integrated into WHM and CPanel! For example, we can have statistics on every users intro mail screen that tells us all kinds of details on the spam we've blocked and how much it has saved each individual user in Time and Money!

    How's that for promoting your personal hosting business by getting actual savings right in front of your end users daily email check ;)
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yup, it's been discussed before and I've played with it. It does look good and at a good price on performance, but it's configurability falls far behind that of MailScanner, and that does impose some limitations because of that.
     
  3. nexthost

    nexthost Active Member

    Joined:
    May 26, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Princeton NJ | London England
    When you mention "good price on performance", i hope you are talking about how well it utilizes system resources (especially for the functionality it provides)... because as far as real cost, it's FREE :D hehe

    i think this quote alone from the site, shows that it's configuration blows away everything out there (including Mailscanner) - although it does come down to each person's preference i guess ;)

    "It has long been clear to me that the best place to stop spam is at an organization’s SMTP server. This is true for the following reasons:

    1. Most spam has an invalid bounce address, so notifying non-delivery simply bounces to Postmaster, creating even more wasted bandwidth. Failing to notify non-delivery is a problem for false-positives. The SMTP server is the only place where spam can be stopped before entering your system.

    2. The only possible feedback for spammers to void an address is from the SMTP server.

    3. Spam that passes through your SMTP server into mailboxes incurs cost to your organization: storage, transmission, backup, deletion – in all these ways spam costs you money. The only way to minimize cost is to reject it at the initial point.

    However, mail transport systems are slow to adopt new technology, and spammers are quick and flexible, able to adopt new technology as quickly as it becomes available. Consequently, most SMTP servers are ill equipped to stop spam.

    Furthermore, one spam-stopping solution could work with all existing SMTP servers if it was implemented on a second level – a transparent SMTP filtering proxy. This was my goal for this project.

    I wanted a server that accepted connections on port 25, passing the transmission on to the official SMTP server, and relaying its replies back to the SMTP client. But when enough of the message had been transmitted to validate its legitimacy the ASSP server could either pipe the remainder of the message to the official SMTP server or close the connection to the official SMTP server and ignore the remainder of the message.

    The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open source platform-independent SMTP Proxy server which implements whitelists and Bayesian filtering to rid the planet of the blight of unsolicited email (UCE). UCE must be stopped at the SMTP server. Anti-spam tools must be adaptive to new spam and customized for each site’s mail patterns. This free, easy-to-use tool works with any mail transport and achieves these goals requiring no operator intervention after the initial setup phase."
     
  4. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, I did mean it is does perform well. It's not free where performance is concerned, if you mean that, scanning email will always cost something in performance. If you mean it's free as in costs $0, then yes, as is MailScanner and other solutions.

    Don't get me wrong, I do like it, but having tried it, it really is far less configurable than MailScanner where just about every setting can be controlled down to the email address level.

    It's a useful solution amongst many others and would be appropriate depending on your needs but it certainly does not suit all environments.
     
  5. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Not meaning to give the assp a kick in the arse, but why should cpanel dictate what spam prevention measures we as system admin's / hosting companies implement ? I for one, have been more than satisfied with my own implementations and i'd rather cPanel not stick its nose where its not welcome to be quite honest with you.

    A good solution, perhaps ( i've not looked into it other than just now ), but make it default / cPanel's responsibility ? Not going to happen.

    Why? 1. pissed of admin's such as me being bossed around and told what to do and not to do 2. lawsuits up the rear end for cPanel for providing the tools to audit the service.

    See, one major thing you have to understand is that cPanel is used in many countries around the world ( not just in the USA ppl ). Take Australia for instance. If an Australian web hosting business starts filtering mail, being for virii or spam, the company itself is responsible for any damages incurred for loss of email, etc. No disclaimer, legal agreement or anything of the like will save us.

    I could see this being implemented as perhaps an addon module, but as a standard cPanel default, I wouldn't be a happy camper.

    ^^ my 0.05cents
     
  6. easyhoster1

    easyhoster1 Well-Known Member

    Joined:
    Sep 25, 2003
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    16
    I agree with haze on this;

    And I also agree with the statement;

    "It has long been clear to me that the best place to stop spam is at an organization’s SMTP server. This is true for the following reasons:

    You can do this with a firewall/hardware solution such as watchgaurd. We have the smtp-proxy solution filtering all email before they reach the servers, plus rbl/clamav on exim and you will still have spam get through. You will never stop all spam.
     
  7. nexthost

    nexthost Active Member

    Joined:
    May 26, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Princeton NJ | London England
    I guess i should clarify about making ASSP as a default option. If it came off that way, i'm sorry... What i meant to communicate was just as it has many other "options" such as spamassassin, if the option was there, more people would have an easy way of installing, testing, and the overall community - as large as it gets, will put more of an end to spam than just purely filtering spam - and in most cases still receiving the spam in just another folder.

    With ASSP, the most powerful and beautiful aspect is that after the initial training period, the identified spam is not even delivered on the system or moved into another folder. And the few false positives are actually emailed letting them know their email wasn't delivered because it was considered spam, so they can re-contact you Not just some bounce error.

    Spam deliverability drops, as well as a drop in the actual spam being sent to each ASSP / CPanel box (with "ASSP enabled" as suggeted to be an "ASSP optional module" for Cpanel), since most spamming servers realize the non-deliverability.

    I'm sorry i didn't know that about Australia (and half my family has moved out there, I guess i'm an idiot).

    At least you support one more vote for ASSP as "an addon module" :rolleyes: YEAH!

    You might find this interesting ...

    Spam: ISPs must crush zombies, say trade groups
    http://management.silicon.com/itdirector/0,39024673,39130715,00.htm

    Australia joins Operation Spam Zombies
    http://www.abc.net.au/news/newsitems/200505/s1376729.htm

    Besides US & UK morons like me ;) "Also joining the effort are government agencies of Albania, Argentina, Belgium, Britain, Bulgaria, Canada, Colombia, Cyprus, Denmark, Germany, Greece, Ireland, Japan, South Korea, Lithuania, Malaysia, Netherlands, Norway, Panama, Peru, Poland, Spain, Switzerland and Taiwan."
     
    #7 nexthost, May 25, 2005
    Last edited: May 25, 2005
  8. nexthost

    nexthost Active Member

    Joined:
    May 26, 2003
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Princeton NJ | London England
    Johnathan (chirpy) ... hopefully (i would personally almost assume) the ASSP open source developer network will build deeper configuration options consistently as time goes on :D

    For now, ASSP is a solid base product IMHO to be further refined with added configuration options (as Cpanel so beautifully has done)
     
  9. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    Have you actually used the product and found it as usefull as it is clamed ? Personally, i've not heard of the project, but there are others that I know of that have been around longer. For instance dspam I've heard of and just about to implement. We've also had some great results with a global spamassassin setup, monitoring surbl and various other non hardcore rbl's with a mix of Razor, DCC and Pyzor, etc. We've also got spamtraps everywhere which seem to be picking up and getting rid of a large amount of spam that's sent off to usually Razor or spamcop or a users spamassassin bayes.

    Again, I think its a decent idea, but why should cpanel or a 3rd party module developer go the route of ASSP over the others ?
     
  10. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    Does dspam do spam blocking at SMTP level? I have not dug through the docs much but i think it's allow in all and then handle type of a solution.

    Yes i agree on DCC/Pyzor/Razor/Global SA coupled with HELO checks, Dictionary Attack protn wards off a _BIG_ chunk right at smtp level. We too have been using this type of setup.

    Anup
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    dspam is a very similar beast. They all have their place since none of them provide all the functionality you might need. Esepcially for those organisations that cannot accept any email not being delivered, but who need potential spam/viruses tagged but delieverd normally so that they can be checked manually which is where the SMTP level scanners tend to fall down.

    As with others, I'm happy enough with SA+DCC+Vipuls Razor and a couple of good RBLs and the header checks that Anup has mentioned.
     
  12. erick_paper

    erick_paper Well-Known Member

    Joined:
    Apr 19, 2005
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Hello anup123, can you tell me how to install the dictionary attack protection? Also, what is "DCC/Pyzor/Razor/Global SA" -- I would like to configure spamassassin at the ADMIN user level (me) instead of the "spambox" functionality that is at a per-domain level in my users' cpanel.

    Thanks for any thoughts!

    .ep
     
  13. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    Dictionary Attack Blocking is from Chirpy@Jonnathan. It's available Free from his site.
    DCC : http://www.rhyolite.com/anti-spam/dcc/
    Razor : http://sourceforge.net/projects/razor/
    Pyzor : http://pyzor.sourceforge.net/

    I do not use RBL's (except rfc-ognorant) as SA already has that checked and use it only for bumping up score as would not want client being denied SMTP Relay access in case the IP is Listed on RBL's

    All used for Spam Score bumping and block spam server wide at SMTP level.

    HELO Checks (Rejecting all dubious stuff) -- this acounts for almost 30% blocks and after 'n' hits. the IP triggers Dictionary Attack Protection so gets banned for an hour.

    That's it. I rarely provide end user level SpamAssassin configuration stuff.

    Anup
     
    #13 anup123, May 28, 2005
    Last edited: May 28, 2005
  14. erick_paper

    erick_paper Well-Known Member

    Joined:
    Apr 19, 2005
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for the fantastic info Anup.

    Since you seem to know your stuff, may I direct some newbie questions:

    1. Would it make sense to have RBLs if not all of my users have sa enabled (and its associated "spambox")? I could have just a couple of the big ones -- spamhaus and spamcop perhaps.

    2. Is there a way to enable RBLs in exim.conf, but have a whitelist of my own that precedes the RBL checking?

    3. How do you bump scores? I mean, where's the spamassassin.conf file or something like that on a typical WHM setup? Thanks, I'm on CentOS.

    4. I've installed Chirpy's dictionary attack protection. Thanks. Is this the same as your HELO check method? If not, can you please point me to where I can find this HELO checking?

    Sincerely appreciated!
     
  15. haze

    haze Well-Known Member

    Joined:
    Dec 21, 2001
    Messages:
    1,550
    Likes Received:
    3
    Trophy Points:
    38
    1. Be cautious as to what lists you use, but yes they can be a great aid in that case.

    2. Indeed, there are many howto's available, one of which I highly recommend is: http://www.rvskin.com/index.php?page=public/antispam which is far more complex than what you are asking for but it should cover 3 and 4 as well :)

    As for the rest, its a good idea to check out the manual pages and documentation provided by the vendor of the software / service you're going to use much ahead of time so you can get an idea as to what it is you are doing and how it all fits into place, etc.
     
  16. anup123

    anup123 Well-Known Member

    Joined:
    Mar 29, 2004
    Messages:
    897
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    This Planet
    Yes RVSkin has the HELO Checks mentioned also as suggested by me on these forums sometime back ( http://forums.cpanel.net/showthread.php?t=31530 )

    I Never use RBL in exim.conf (except rfc-ignorant) As SA3 is already doing it. Bumping up scores does not mean i add custom scores. Just use the default ones. Few rules from rulesemporium would be fine but be careful with those big files. All these scores added up to take the score past a safe figure... safe enough for me to block it at SMTP level.

    Having done all this, i have found not more than 0.8% as FAILED messages in WHM and que really never bothers me ... And yes the average messages handled per day is well beyond the average as shown on ASSP users list so never really felt the need to take a dig at ASSP.

    [edit]
    I learnt many of these tricks from Chripy@Jonnathan :)
    [/edit]

    Thanks
    Anup
     
    #16 anup123, May 28, 2005
    Last edited: May 28, 2005
  17. erick_paper

    erick_paper Well-Known Member

    Joined:
    Apr 19, 2005
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Thanks Haze. Do you have any thoughts on what lists are not good to have? I currently use Spamhaus, lists.dsbl.org, rfc-ignorant, and ahbl.

    I removed spamcop after I saw they had some false positives, and besides even after removing it, Spamhaus and DSBL catch pretty much everything.

    Would love to hear your thoughts. The HELO and the dictionary attack protection are really working! (I think, fingers crossed!)

    Cheers
     
  18. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    The best two I've found are spamhause and, yes, spamcop. I find spamcop to be good because IP's will drop off it if spam is not further reported after 48 hours. I find that most of the others only find duplicates to those two. Using rfc-ignorant can be good, but if you block email using it (i.e. instead of using it just for scoring) you most likely will lose legitimate email.
     
  19. erick_paper

    erick_paper Well-Known Member

    Joined:
    Apr 19, 2005
    Messages:
    245
    Likes Received:
    0
    Trophy Points:
    16
    Hi Chirpy

    Couple of questions:

    (1) How can I use rfc-ignorant only for scoring? By using "warn" instead of "deny"?

    (2) If I "deny" a message, but later check through logs that I wanted to retrieve it, can it be done?

    Thanks
     
    #19 erick_paper, May 29, 2005
    Last edited: May 29, 2005
  20. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    1. You'd add it into /etc/mail/spamassassin/local.cf in the appropriate format for SpamAssassin which I don't have to hand

    2. No, once it's denied at the SMTP level you've told the sender that you're not accepting it and it has gone
     
Loading...

Share This Page