The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Looking for Better Spam Protection

Discussion in 'E-mail Discussions' started by ramorse, Dec 5, 2014.

  1. ramorse

    ramorse Well-Known Member

    Joined:
    Sep 6, 2003
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    I understand the issue of all the spam bypassing SpamAssassin and that it's a widespread problem that may at some point be addressed. I just don't know how much longer to wait.

    I have been using MailScanner for years and it seemed to work pretty well. But now I am looking for another solution and wondered if anyone has had any luck with other third-party systems. I came across MagicSpam: /http://www.magicspam.com/. Has anyone used it and had success with the current wave of undetected spam?

    Any other recommendations?
     
  2. madmanmachines

    madmanmachines Well-Known Member

    Joined:
    Nov 28, 2014
    Messages:
    94
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hi Ramorse,

    Spam can be difficult to tackle as it is ever changing and classification can differ by user. SpamAssassin is quite a powerful tool, but I too have seen more people struggle with it lately and often times not taking much time to customize to their needs. SpamAssassin has a generic guide for this. Additionally, upgrading to 11.46 will provide an update to SpamAssassin.

    Most are aware of adjusting thresholds and customizing SpamAssassin.

    Many also suggest to enable bayesian filtering in SpamAssassin which requires 200 ham and 200 spam tokens to even take effect. I find this quite effective; however, it can be very difficult to get users to place spam in the spam folder and ham in a ham folder. Another fault with bayesian filtering is the possibility of bayesian poisoning. I personally think this is a large part of SpamAssassin's issues of late. Cleaning compromised mail servers, I am seeing more spammers include large text from books scraped from sources such as Google Books as a method to legitimize the message and to smudge the line between spam and ham.

    Another method is trying new rulesets. Be careful here though, as using an outdated ruleset(SARE) can cause worse accuracy.

    SpamAssassin also has the Pyzor and Razor plugins, but I can not offer any information on these as I have no personal experience with them, yet.

    Now to end my rant and address your actual question, I think a simple and effective solution is to use RBL's. I am a fan of SORB's myself. I can't provide any information on the 3rd-party you've referenced, but if you're looking to outsource your mail, I'd personally suggest trying Google Apps mail. Google has spent tons of money on new methods of identifying spam effectively, but frankly, it comes down to the volume of mail they handle, which gives them a considerable edge.

    Thanks,
     
  3. ramorse

    ramorse Well-Known Member

    Joined:
    Sep 6, 2003
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Thank you for the great, detailed reply!

    I am at 11.46 already. I am also already using the two RBLs built in, but I added SORBS to one server. We'll see how that goes. Is it a problem using all three?

    The other ideas I will give some thought.
     
  4. madmanmachines

    madmanmachines Well-Known Member

    Joined:
    Nov 28, 2014
    Messages:
    94
    Likes Received:
    3
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hi,

    You're welcome ramorse. I do apologize for going a bit off topic. I am not aware of an issue of using multiple RBL's in cPanel. The only issues I can foresee is using an RBL that has an unresponsive/long delist process. I think the 2 included in cPanel by default and SORB's don't fall under this category, as I have not personally seen a lot of false positives for my clients, and when I do clean a mail server, their process seems fair/straight-forward/quick. Should you encounter a false-positive, simply whitelist the server, and perhaps lecture(kindly) the sending admin.

    If you do move forward with your third-party, I am sure a review would be welcomed. :)

    Thanks,
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    675
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  6. ramorse

    ramorse Well-Known Member

    Joined:
    Sep 6, 2003
    Messages:
    201
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Thanks, I will check that out. Just reporting back that after adding SORBS, I am still getting quite a bit of spam slipping through. I just think the RBLs can't keep ahead of the spammers changing domains and IP addresses so quickly. I've tried adding domains and IPs to MailScanners Blacklist and that helps a bit, but again, they quickly just start sending from new locations.
     

Share This Page