The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Reduce Spam

Discussion in 'General Discussion' started by hergy80, Oct 21, 2006.

  1. hergy80

    hergy80 Well-Known Member

    Joined:
    Sep 4, 2004
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    I had Chirpy's Co. install the mailscanner package on our servers a while back, and recently the spam has been getting worse (which I understand happens as they find new ways to get through).

    What I'm wondering are there any specific tweaks to spamassassin or the other filters that has helped people? We're getting a lot of the e-mails that look like just a bunch of words put together as well as "buy this company's stock". I've tried the auto learning in mail watch, but that doesn't seem to help much. I know there are rules lists and rbls and dcc, etc.. so what has helped others?

    Thanks!
     
  2. elitewebninja

    elitewebninja Active Member

    Joined:
    Jan 2, 2004
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    Atlanta Ga!
    We were having this same problem. Nothing worked, even the autolearn (like your attempt).

    It turns out that SARE released a ruleset for these stock email spams:

    Do this: (assuming you got the RulesDuJour addition with Chirpy's package like we did).
    Get the latest RulesDuJour script
    http://sandgnat.com/rdj/rules_du_jour

    Go here and get the stock ruleset:
    http://www.rulesemporium.com/rules.htm#stocks (70_sare_stocks.cf)
    and put it in the /etc/mail/spamassassin/RulesDuJour/ directory

    Then go to /etc/rulesdujour/config and in your TRUSTED RULESETS, add: SARE_STOCKS

    We did this and it shut these spams DOWN! I've only seen like 3 get through so far when we WERE getting an all but unbearable amount of these things.

    Hope this helps :)
    Scott
     
  3. hergy80

    hergy80 Well-Known Member

    Joined:
    Sep 4, 2004
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the info. I've installed the ruleset and we'll see how it goes!

    I'm also going to look through what else is offered and any other lists we may use!

    Thanks for the help!
     
  4. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    I've found, even with Chirpy's tremendous service, that no matter what you do, those spammers are deligently working to get thru.

    The spam always comes thru in waves. They come up with a new technique, then the anti-spam community finds and does it's best to block it, with either new rules, or spamcop blocks, etc.

    You can drive yourself crazy trying to stay on top of it everyday.
     
  5. sanderson

    sanderson Registered

    Joined:
    Oct 23, 2006
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Durham
    There is another way to keep watch on it. If you can find the IPs from where all these mails are coming you will see most of the IPs are same with different email addresses. If this is the case then ask your admin to block those IP addresses. However they keep sending junk through different IPs. But surely the junk will get reduced.
     
  6. hergy80

    hergy80 Well-Known Member

    Joined:
    Sep 4, 2004
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    Yeah, I know. I just wanted to make sure I was updating everything I needed to so I was on top as best as possible. So far the stock e-mails haven't returned!

    I can't image if we didn't have some filters in place. We generally stop about 70% of mail because it's spam (and I haven't yet had a false positive!). And we deal with a modest amount of mail - only between a 1-2 thousand a day.
     
  7. jdstallings

    jdstallings Well-Known Member

    Joined:
    Jul 27, 2003
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Spam Rules

    Thanks for the STOCK info.. I just updated our servers with this new rule. Thank God!! ;)

    We also had Chirpy update our server with MailScanner, Rules-du-Jour, etc and they all have worked GREAT!! We do about 8-9K per day in emails and with MailScanner we catch 50-59% as score 20 for KNOWN SPAM. Then SpamAss catches about another 23% of the left overs.

    First... Chirpy services are MORE THEN GREAT! Support him... between the CSF firewall, explorer, and MailScanner support... You can not go wrong and the price is great!!

    Now to the question... LOL

    There are a limited number of rules that Chirpy uses in the TRUSTED. Here are the ones:

    SARE_REDIRECT_POST300 SARE_EVILNUMBERS0 SARE_BAYES_POISON_NXM SARE_HTML0 SARE_HEADER0 SARE_SPECIFIC SARE_ADULT SARE_BML SARE_FRAUD SARE_SPOOF SARE_RANDOM SARE_OEM SARE_GENLSUBJ0 SARE_UNSUB SARE_URI0 SARE_WHITELIST SARE_OBFU0

    I have added the SARE_STOCKS today by doing the upgrade, etc...

    My question is have any of you found any additional ones that we should add that will help stop more spam, but not really increase false-positives? Example 80_sare_stocks

    What works best for most of you?

    Thanks!
     
  8. meganet

    meganet Well-Known Member

    Joined:
    Mar 28, 2005
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    I'm also interested in knowing what else you need to keep up to date after getting the Configservers services applied.

    What is a typical break down of services I should be monitoring and upgrading on my own after Chripy's team has installed them? So far I've gathered:
    • RulesDeJour
    • SpamAssassin *.cf's

    Anyone else have input on this?
     
  9. jdstallings

    jdstallings Well-Known Member

    Joined:
    Jul 27, 2003
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Logwatch
    Mailscanner
    Mailwatch
    Csf
    Lfd
    Tripwire
    Rootkit
    Chkroot

    I kust upgraded logwatch from 3.1 to 7.1 also upgraded rules-du-dour and other stuff

    It is a lot of work

    Good luck!
     
  10. ajaydsouza

    ajaydsouza Active Member

    Joined:
    Apr 14, 2006
    Messages:
    34
    Likes Received:
    0
    Trophy Points:
    6
  11. meganet

    meganet Well-Known Member

    Joined:
    Mar 28, 2005
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
  12. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    You could try this

    http://assp.sourceforge.net , an antispam project which is becoming really popular. I hope to see it integrated on WHM a day.
     
  13. nsusa

    nsusa Well-Known Member

    Joined:
    Jun 30, 2004
    Messages:
    93
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Colorado, USA
    How does the mailscanner package "survive" cpanel updates? Is there a lot of reconfiguration required?

    Chris
     
Loading...

Share This Page