Glad to see that BoxTrapper is back, but what about the backscatter question?

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
I just updated to cPanel 10.6.0-R55 and I am happy to see that BoxTrapper is back, now integrated into the regular part of cPanel, in the E-Mail section. But is it safe to use?

I am asking this because of what I read here:

http://forums.cpanel.net/showthread.php?t=42778&highlight=boxtrapper


I guess the specific question would be; Does BoxTrapper currently send the challenge in the SMTP response code to the DATA section instead of accepting the message and generating a bounce? Or is BoxTrapper just another way to produce "backscatter"?

Thanks much.
 
Last edited:

rs-freddo

Well-Known Member
May 13, 2003
834
1
168
Australia
cPanel Access Level
Root Administrator
I'll second this feature request. Boxtrapper just contributes to the spam problem by bouncing.

Blocking at SMTP level would make it a worthwhile feature of Cpanel.
 

jols

Well-Known Member
Mar 13, 2004
1,110
3
168
rs-freddo said:
I'll second this feature request. Boxtrapper just contributes to the spam problem by bouncing.
Must be true then, seeing as how no one on the cPanel side is refuting this. What a pity to see such a good idea go the way of the now extinct Search Engine Submit tool. BoxTrapper appears to be just about as useless, even worse, having he potential to get servers blackballed by some REBLs for just using it.

Okay, now I'm off to disconnect Boxtrapper from all of our cPanel servers and then will give our hosted customers who use this the bad news. What a shame.
 

rs-freddo

Well-Known Member
May 13, 2003
834
1
168
Australia
cPanel Access Level
Root Administrator
Boxtrapper was a good idea but it's current implementation is poor. A spammer can bypass it simply by using an autoresponder!!!

It would be quite easy to make it block non-whitelisted email addresses at SMTP and give a link to a webpage with CAPCHA enabled whitelisting. No more backscatter and no more bypassing via autoresponder, plus the extra benefit of running with a lot less CPU needed.

If it was done right I'd use it, but as it currently stands it's a no-no.
 

matt621

Well-Known Member
Jun 25, 2003
175
0
166
Does anyone know if this suggestion has been included? I saw boxtrapper in, and then out of the most recent cpanel/whm updates. Now it is out.

That sure is a wanted feature.... just so long as it does not add to the problem of spam/backscatter.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,462
25
473
Go on, have a guess
If you want it you'd need to log an enhancement request in bugzilla and post a link back to the entry here for people to vote on if they want it.
 

rs-freddo

Well-Known Member
May 13, 2003
834
1
168
Australia
cPanel Access Level
Root Administrator
chirpy said:
If you want it you'd need to log an enhancement request in bugzilla and post a link back to the entry here for people to vote on if they want it.
I've had a bug report in bugzilla for about 6 months and nobody from cPanel has even looked at it. The bug is still there in the latest release.

It's all very well to tell people to lodge stuff in bugzilla, but you really need to know someone in cpanel to get it even looked at. That's the reality, unfortunately. Maybe bugzilla works for you Chirpy, but for those of us without connections - well 6 months is 6 months...
 

matt621

Well-Known Member
Jun 25, 2003
175
0
166
bugzilla already shows:
2765 enh P2 All NEW Feature Manager: Statistics Software Configuration/Statis...
3179 enh P2 All NEW [BoxTrapper] Spammers are using Auto-responders to reply ...
2915 enh P2 All NEW Configure Boxtrapper verification emails per account
271 enh P2 All ASSI Drop bounced BoxTrapper verification requests
2508 enh P2 All ASSI Boxtrapper not logging when manually whitelisting message...
2663 enh P2 All ASSI Extend BoxTrapper Queue Management
2932 nor P2 All REOP [10.6 BLOCKER] [BLUELAGOON] Boxtrapper not showing in Blu...


so when does it get done?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,462
25
473
Go on, have a guess
Regardless of its effectiveness (I don't have any connections and get about 50% turnaround on bugzilla entries) the point is: if you want to bring it to their attention you need to use bugzilla. Posting here and not doing so will continue to illicit the response to log it there as otherwise they will not be aware. If they choose to ignore you, that's their loss and is something you can always take up with [email protected]
 

matt621

Well-Known Member
Jun 25, 2003
175
0
166
I understand what you are saying Chirpy, but only by expressing our feelings over the system and it's (in)effectiveness will Cpanel (or any company) learn that they have a system that is not meeting the needs of their customers.
 

PDW

Well-Known Member
Dec 29, 2003
121
0
166
Just to weigh in - I love this program, and my clients love it. When it went down - I had so mamny complaints.
 
C

cPanelBilly

Guest
jols said:
I just updated to cPanel 10.6.0-R55 and I am happy to see that BoxTrapper is back, now integrated into the regular part of cPanel, in the E-Mail section. But is it safe to use?

I am asking this because of what I read here:

http://forums.cpanel.net/showthread.php?t=42778&highlight=boxtrapper


I guess the specific question would be; Does BoxTrapper currently send the challenge in the SMTP response code to the DATA section instead of accepting the message and generating a bounce? Or is BoxTrapper just another way to produce "backscatter"?

Thanks much.
Having boxtrapper challenge the SMTP response makes no sense with how it is made and intended to work.
The issue here is that SORBS is blaming the wrong people. They dont like the challenge method, which they are allowed to have their own opinion on. However this method currently works the best and is implemented by many large ISP's all over the world.

The CAPCHA etc would have no difference in this instance because an email would still get sent back to the from address.

Now the auto responder response, that is somewhat of an issue, however I along with many others here have used used this and have not had an issue with autoresponders letting through spam. remember spammers usually dont use real email addresses they control to send out the spam.

Now if anyone has any ideas on what they would like to see changed I am always open for discussion.
 

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,488
35
158
cPanel Access Level
DataCenter Provider
matt621 said:
I understand what you are saying Chirpy, but only by expressing our feelings over the system and it's (in)effectiveness will Cpanel (or any company) learn that they have a system that is not meeting the needs of their customers.

We are aware of the backlog with QA. We have TRIPPLED our QA staff in the last six months. It is just going to take a bit longer to get it all caught up.
 

rs-freddo

Well-Known Member
May 13, 2003
834
1
168
Australia
cPanel Access Level
Root Administrator
cPanelBilly said:
Having boxtrapper challenge the SMTP response makes no sense with how it is made and intended to work.
The issue here is that SORBS is blaming the wrong people. They dont like the challenge method, which they are allowed to have their own opinion on. However this method currently works the best and is implemented by many large ISP's all over the world.
Just because it used by many lareg ISPs DOES NOT mean it works the best. It's not a matter of SORB not liking the challenge method it's that Boxtrapper simply doubles the spam problem. The problem with Boxtrapper is "how it is made and intended to work". Try and think out of the box on this one guys!

cPanelBilly said:
The CAPCHA etc would have no difference in this instance because an email would still get sent back to the from address.
Blocking at SMTP does not send an email back to the from address - it works exactly like ":fail: no such user" it simply blocks the email and adds an error code to it. The mail is never delivered to my server, so obviously my server doesn't send back to the from address.

cPanelBilly said:
Now the auto responder response, that is somewhat of an issue, however I along with many others here have used used this and have not had an issue with autoresponders letting through spam. remember spammers usually dont use real email addresses they control to send out the spam.
Some spammers may use false addresses, but many are now using real email addresses that they purchase specifically for setting up autoresponders. It is the wave of the future with internet services being so cheap.
 
C

cPanelBilly

Guest
rs-freddo said:
Just because it used by many lareg ISPs DOES NOT mean it works the best. It's not a matter of SORB not liking the challenge method it's that Boxtrapper simply doubles the spam problem. The problem with Boxtrapper is "how it is made and intended to work". Try and think out of the box on this one guys!
As I asked before, please let us know your ideas on how it would work better...

Blocking at SMTP does not send an email back to the from address - it works exactly like ":fail: no such user" it simply blocks the email and adds an error code to it. The mail is never delivered to my server, so obviously my server doesn't send back to the from address.
What rules do you suggest that we use to block these? a whitelist/blacklist like we are doing? The reality of the boxtrapper response is just the same as an autoresponder or a response from the user replying back saying what is this.
Boxtrapper does not block the emails, so blocking at the SMTP level makes no sense.

Some spammers may use false addresses, but many are now using real email addresses that they purchase specifically for setting up autoresponders. It is the wave of the future with internet services being so cheap.
If the spammers are using real addresses then there is no doubling spam as you said... You are just responding to the email that they sent you.
 

BenThomas

Well-Known Member
Feb 12, 2004
598
0
166
Houston, Texas USA
cPanel Access Level
Root Administrator
BoxTrapper SpamAssassin Combo

I just had an idea to minimize the "backscatter" issue, and I am hoping to get a little feedback from our forum users on it. Since nearly all of our customers are utilizing SpamAssassin, it would be feasible to have BoxTrapper check the "X-Spam-Status" header and only send a verification request to ham messages (and additionally if spamd were down, all messages without a X-Spam-Status header). Then on the client side, the disposition of spam messages would be entirely up to the user (filtered and dropped, sent to the spam box, or whatever). I'm seeing this as being the default behavior of BoxTrapper, with a user configurable option to disable it.
 

rs-freddo

Well-Known Member
May 13, 2003
834
1
168
Australia
cPanel Access Level
Root Administrator
cPanelBilly said:
As I asked before, please let us know your ideas on how it would work better...
Obviously you haven't read the entire thread, you'll find my feedback at post number 4 (RS-Freddo)...;)


cPanelBilly said:
What rules do you suggest that we use to block these? a whitelist/blacklist like we are doing? The reality of the boxtrapper response is just the same as an autoresponder or a response from the user replying back saying what is this.
Boxtrapper does not block the emails, so blocking at the SMTP level makes no sense.
I'm saying it should block emails - unless whitelisted, my ideas do make sense (if you took the time to read them of course)...;)


cPanelBilly said:
If the spammers are using real addresses then there is no doubling spam as you said... You are just responding to the email that they sent you.
The issue with real addresses is not about doubling spam it is about using autoreponders to defeat boxtrapper, once again if you had read my post...;)

cpanelben has a good idea, as i don't use spamassasin the solution won't suit me - but it should suit the majority of cpanel users. Good one Ben!:D
 
C

cPanelBilly

Guest
rs-freddo said:
Obviously you haven't read the entire thread, you'll find my feedback at post number 4 (RS-Freddo)...;)


I'm saying it should block emails - unless whitelisted, my ideas do make sense (if you took the time to read them of course)...;)


The issue with real addresses is not about doubling spam it is about using autoreponders to defeat boxtrapper, once agin if you had read my post...;)

cpanelben has a good idea, as i don't use spamassasin the solution won't suit me - but it should suit the majority of cpanel users. Good one Ben!:D
I did read your post :) a few times actually. Maybe I am misunderstanding what you are saying then.
If you only allow white listed email addresses to email you that means you have to manually whitelist the email address before they email you.
What if its a signup email from a forum? You wont know what the email is going to be coming from, so it would always be blocked and you would never know to release it.

I like the idea of the blocking at the SMTP level, I am just not sure how implementing it would work...
 

rs-freddo

Well-Known Member
May 13, 2003
834
1
168
Australia
cPanel Access Level
Root Administrator
cPanelBilly said:
I did read your post :) a few times actually. Maybe I am misunderstanding what you are saying then.
If you only allow white listed email addresses to email you that means you have to manually whitelist the email address before they email you.
What if its a signup email from a forum? You wont know what the email is going to be coming from, so it would always be blocked and you would never know to release it.

I like the idea of the blocking at the SMTP level, I am just not sure how implementing it would work...
Currently fail works by blocking at SMTP with a message "no such user" on my email boxes it actually says "Please use contact form at http://mydomain.com/contact.html" because I use ":fail: Please use contact form at http://mydomain.com/contact.html". So Boxtrapper could block at SMTP with a message to the sender to whitelist themselves with a CAPCHA page.

I do agree with you that this would not work AT ALL with emails sent from no-reply email addresses - such as forum signups etc. But it would work for email addresses that you did not use for forum signups. Maybe Bens idea is better for most cpanel clients....

Anyway, I could implement my idea without too much trouble if i only knew how to make EXIM pick a whitelist/blacklist based on the domain the email is sent to.
Something like:
drop hosts = /etc/domain.com/blacklist
!hosts = /etc/domain.com/whitelist
message = To allow your email to be delivered please go to http://domain.com/capcha.php
log_message = Connection denied from $sender_host_address as not whitelisted
!hosts = +relay_hosts
!authenticated = *
(aplogies to Chirpy for the flagrant copying of his dictionary attack ACL)
Obviously domain.com would be the recipient domain name...
Maybe this is too different to be called Boxtrapper - maybe Email Sentinel is a better name.... Something for somebody to pick up and run with...

[EDIT]Just an idea to get around forum signups, the ACL above works for sender domains not email addresses so you could just whitelist the forum domain. I still think it would work better than boxtrapper:p[/edit]
 
Last edited: