Looking for Better Spam Protection

[ramorse]

I understand the issue of all the spam bypassing SpamAssassin and that it's a widespread problem that may at some point be addressed. I just don't know how much longer to wait.

I have been using MailScanner for years and it seemed to work pretty well. But now I am looking for another solution and wondered if anyone has had any luck with other third-party systems. I came across MagicSpam: /http://www.magicspam.com/. Has anyone used it and had success with the current wave of undetected spam?

Any other recommendations?

 

[madmanmachines]

Hi Ramorse,

Spam can be difficult to tackle as it is ever changing and classification can differ by user. SpamAssassin is quite a powerful tool, but I too have seen more people struggle with it lately and often times not taking much time to customize to their needs. SpamAssassin has a generic guide for this. Additionally, upgrading to 11.46 will provide an update to SpamAssassin.

Most are aware of adjusting thresholds and customizing SpamAssassin.

Many also suggest to enable bayesian filtering in SpamAssassin which requires 200 ham and 200 spam tokens to even take effect. I find this quite effective; however, it can be very difficult to get users to place spam in the spam folder and ham in a ham folder. Another fault with bayesian filtering is the possibility of bayesian poisoning. I personally think this is a large part of SpamAssassin's issues of late. Cleaning compromised mail servers, I am seeing more spammers include large text from books scraped from sources such as Google Books as a method to legitimize the message and to smudge the line between spam and ham.

Another method is trying new rulesets. Be careful here though, as using an outdated ruleset(SARE) can cause worse accuracy.

SpamAssassin also has the Pyzor and Razor plugins, but I can not offer any information on these as I have no personal experience with them, yet.

Now to end my rant and address your actual question, I think a simple and effective solution is to use RBL's. I am a fan of SORB's myself. I can't provide any information on the 3rd-party you've referenced, but if you're looking to outsource your mail, I'd personally suggest trying Google Apps mail. Google has spent tons of money on new methods of identifying spam effectively, but frankly, it comes down to the volume of mail they handle, which gives them a considerable edge.

Thanks,

 

[ramorse]

Thank you for the great, detailed reply!

I am at 11.46 already. I am also already using the two RBLs built in, but I added SORBS to one server. We'll see how that goes. Is it a problem using all three?

The other ideas I will give some thought.

 

[madmanmachines]

Hi,

Thank you for the great, detailed reply! [...] I added SORBS to one server. We'll see how that goes. Is it a problem using all three?

You're welcome ramorse. I do apologize for going a bit off topic. I am not aware of an issue of using multiple RBL's in cPanel. The only issues I can foresee is using an RBL that has an unresponsive/long delist process. I think the 2 included in cPanel by default and SORB's don't fall under this category, as I have not personally seen a lot of false positives for my clients, and when I do clean a mail server, their process seems fair/straight-forward/quick. Should you encounter a false-positive, simply whitelist the server, and perhaps lecture(kindly) the sending admin.

If you do move forward with your third-party, I am sure a review would be welcomed.

Thanks,

 

[cPanelMichael]

Hello

This is also discussed some on the following thread:

SpamAssassin Improvements

Thank you.

 

[ramorse]

Thanks, I will check that out. Just reporting back that after adding SORBS, I am still getting quite a bit of spam slipping through. I just think the RBLs can't keep ahead of the spammers changing domains and IP addresses so quickly. I've tried adding domains and IPs to MailScanners Blacklist and that helps a bit, but again, they quickly just start sending from new locations.