The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Glad to see that BoxTrapper is back, but what about the backscatter question?

Discussion in 'General Discussion' started by jols, Aug 23, 2005.

  1. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    I just updated to cPanel 10.6.0-R55 and I am happy to see that BoxTrapper is back, now integrated into the regular part of cPanel, in the E-Mail section. But is it safe to use?

    I am asking this because of what I read here:

    http://forums.cpanel.net/showthread.php?t=42778&highlight=boxtrapper


    I guess the specific question would be; Does BoxTrapper currently send the challenge in the SMTP response code to the DATA section instead of accepting the message and generating a bounce? Or is BoxTrapper just another way to produce "backscatter"?

    Thanks much.
     
    #1 jols, Aug 23, 2005
    Last edited: Aug 24, 2005
  2. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    I'll second this feature request. Boxtrapper just contributes to the spam problem by bouncing.

    Blocking at SMTP level would make it a worthwhile feature of Cpanel.
     
  3. jols

    jols Well-Known Member

    Joined:
    Mar 13, 2004
    Messages:
    1,111
    Likes Received:
    2
    Trophy Points:
    38
    Must be true then, seeing as how no one on the cPanel side is refuting this. What a pity to see such a good idea go the way of the now extinct Search Engine Submit tool. BoxTrapper appears to be just about as useless, even worse, having he potential to get servers blackballed by some REBLs for just using it.

    Okay, now I'm off to disconnect Boxtrapper from all of our cPanel servers and then will give our hosted customers who use this the bad news. What a shame.
     
  4. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Boxtrapper was a good idea but it's current implementation is poor. A spammer can bypass it simply by using an autoresponder!!!

    It would be quite easy to make it block non-whitelisted email addresses at SMTP and give a link to a webpage with CAPCHA enabled whitelisting. No more backscatter and no more bypassing via autoresponder, plus the extra benefit of running with a lot less CPU needed.

    If it was done right I'd use it, but as it currently stands it's a no-no.
     
  5. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    Does anyone know if this suggestion has been included? I saw boxtrapper in, and then out of the most recent cpanel/whm updates. Now it is out.

    That sure is a wanted feature.... just so long as it does not add to the problem of spam/backscatter.
     
  6. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    If you want it you'd need to log an enhancement request in bugzilla and post a link back to the entry here for people to vote on if they want it.
     
  7. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    I've had a bug report in bugzilla for about 6 months and nobody from cPanel has even looked at it. The bug is still there in the latest release.

    It's all very well to tell people to lodge stuff in bugzilla, but you really need to know someone in cpanel to get it even looked at. That's the reality, unfortunately. Maybe bugzilla works for you Chirpy, but for those of us without connections - well 6 months is 6 months...
     
  8. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    bugzilla already shows:
    2765 enh P2 All NEW Feature Manager: Statistics Software Configuration/Statis...
    3179 enh P2 All NEW [BoxTrapper] Spammers are using Auto-responders to reply ...
    2915 enh P2 All NEW Configure Boxtrapper verification emails per account
    271 enh P2 All ASSI Drop bounced BoxTrapper verification requests
    2508 enh P2 All ASSI Boxtrapper not logging when manually whitelisting message...
    2663 enh P2 All ASSI Extend BoxTrapper Queue Management
    2932 nor P2 All REOP [10.6 BLOCKER] [BLUELAGOON] Boxtrapper not showing in Blu...


    so when does it get done?
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Regardless of its effectiveness (I don't have any connections and get about 50% turnaround on bugzilla entries) the point is: if you want to bring it to their attention you need to use bugzilla. Posting here and not doing so will continue to illicit the response to log it there as otherwise they will not be aware. If they choose to ignore you, that's their loss and is something you can always take up with billing@cpanel.net
     
  10. matt621

    matt621 Well-Known Member

    Joined:
    Jun 25, 2003
    Messages:
    175
    Likes Received:
    0
    Trophy Points:
    16
    I understand what you are saying Chirpy, but only by expressing our feelings over the system and it's (in)effectiveness will Cpanel (or any company) learn that they have a system that is not meeting the needs of their customers.
     
  11. PDW

    PDW Well-Known Member

    Joined:
    Dec 29, 2003
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    Just to weigh in - I love this program, and my clients love it. When it went down - I had so mamny complaints.
     
  12. cPanelBilly

    cPanelBilly Guest

    Having boxtrapper challenge the SMTP response makes no sense with how it is made and intended to work.
    The issue here is that SORBS is blaming the wrong people. They dont like the challenge method, which they are allowed to have their own opinion on. However this method currently works the best and is implemented by many large ISP's all over the world.

    The CAPCHA etc would have no difference in this instance because an email would still get sent back to the from address.

    Now the auto responder response, that is somewhat of an issue, however I along with many others here have used used this and have not had an issue with autoresponders letting through spam. remember spammers usually dont use real email addresses they control to send out the spam.

    Now if anyone has any ideas on what they would like to see changed I am always open for discussion.
     
  13. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider

    We are aware of the backlog with QA. We have TRIPPLED our QA staff in the last six months. It is just going to take a bit longer to get it all caught up.
     
  14. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Just because it used by many lareg ISPs DOES NOT mean it works the best. It's not a matter of SORB not liking the challenge method it's that Boxtrapper simply doubles the spam problem. The problem with Boxtrapper is "how it is made and intended to work". Try and think out of the box on this one guys!

    Blocking at SMTP does not send an email back to the from address - it works exactly like ":fail: no such user" it simply blocks the email and adds an error code to it. The mail is never delivered to my server, so obviously my server doesn't send back to the from address.

    Some spammers may use false addresses, but many are now using real email addresses that they purchase specifically for setting up autoresponders. It is the wave of the future with internet services being so cheap.
     
  15. cPanelBilly

    cPanelBilly Guest

    As I asked before, please let us know your ideas on how it would work better...

    What rules do you suggest that we use to block these? a whitelist/blacklist like we are doing? The reality of the boxtrapper response is just the same as an autoresponder or a response from the user replying back saying what is this.
    Boxtrapper does not block the emails, so blocking at the SMTP level makes no sense.

    If the spammers are using real addresses then there is no doubling spam as you said... You are just responding to the email that they sent you.
     
  16. BenThomas

    BenThomas Well-Known Member

    Joined:
    Feb 12, 2004
    Messages:
    598
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Houston, Texas USA
    cPanel Access Level:
    Root Administrator
    BoxTrapper SpamAssassin Combo

    I just had an idea to minimize the "backscatter" issue, and I am hoping to get a little feedback from our forum users on it. Since nearly all of our customers are utilizing SpamAssassin, it would be feasible to have BoxTrapper check the "X-Spam-Status" header and only send a verification request to ham messages (and additionally if spamd were down, all messages without a X-Spam-Status header). Then on the client side, the disposition of spam messages would be entirely up to the user (filtered and dropped, sent to the spam box, or whatever). I'm seeing this as being the default behavior of BoxTrapper, with a user configurable option to disable it.
     
  17. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Obviously you haven't read the entire thread, you'll find my feedback at post number 4 (RS-Freddo)...;)


    I'm saying it should block emails - unless whitelisted, my ideas do make sense (if you took the time to read them of course)...;)


    The issue with real addresses is not about doubling spam it is about using autoreponders to defeat boxtrapper, once again if you had read my post...;)

    cpanelben has a good idea, as i don't use spamassasin the solution won't suit me - but it should suit the majority of cpanel users. Good one Ben!:D
     
  18. cPanelBilly

    cPanelBilly Guest

    I did read your post :) a few times actually. Maybe I am misunderstanding what you are saying then.
    If you only allow white listed email addresses to email you that means you have to manually whitelist the email address before they email you.
    What if its a signup email from a forum? You wont know what the email is going to be coming from, so it would always be blocked and you would never know to release it.

    I like the idea of the blocking at the SMTP level, I am just not sure how implementing it would work...
     
  19. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Currently fail works by blocking at SMTP with a message "no such user" on my email boxes it actually says "Please use contact form at http://mydomain.com/contact.html" because I use ":fail: Please use contact form at http://mydomain.com/contact.html". So Boxtrapper could block at SMTP with a message to the sender to whitelist themselves with a CAPCHA page.

    I do agree with you that this would not work AT ALL with emails sent from no-reply email addresses - such as forum signups etc. But it would work for email addresses that you did not use for forum signups. Maybe Bens idea is better for most cpanel clients....

    Anyway, I could implement my idea without too much trouble if i only knew how to make EXIM pick a whitelist/blacklist based on the domain the email is sent to.
    Something like:
    drop hosts = /etc/domain.com/blacklist
    !hosts = /etc/domain.com/whitelist
    message = To allow your email to be delivered please go to http://domain.com/capcha.php
    log_message = Connection denied from $sender_host_address as not whitelisted
    !hosts = +relay_hosts
    !authenticated = *
    (aplogies to Chirpy for the flagrant copying of his dictionary attack ACL)
    Obviously domain.com would be the recipient domain name...
    Maybe this is too different to be called Boxtrapper - maybe Email Sentinel is a better name.... Something for somebody to pick up and run with...

    [EDIT]Just an idea to get around forum signups, the ACL above works for sender domains not email addresses so you could just whitelist the forum domain. I still think it would work better than boxtrapper:p[/edit]
     
    #19 rs-freddo, Sep 15, 2005
    Last edited: Sep 15, 2005
Loading...
Similar Threads - Glad BoxTrapper backscatter
  1. Peoplespaces
    Replies:
    1
    Views:
    380

Share This Page