Spam fighting solutions PLEASE!

EchoHost

Well-Known Member
Jul 27, 2003
52
0
156
Ok so I'm going crazy with all the spam here! I've tried spamassasin + mailscanner and all that happened is I lost a lot of legit e-mails, some e-mails took a very long time to get delivered to my inbox and server load was much higher. So I stripped it all down and just started doing spam filtering on my side.

I want a better solution and I don't mind paying, I've read a few things abotu ASSP. Is this worth it. What about ASSP deluxe http://www.grscripts.com/screenshots.html ?

Thanks!
 

nyjimbo

Well-Known Member
Jan 25, 2003
1,136
1
168
New York
I hate to recommend this but I found that a huge percentage of spam comes from countries you could probably do without.

We have taken to blocking wide ranges of IP's from Russia, France, Poland, etc..

Even with spam rules or RBL services like Spamhaus or NJABL we still have to deal with the connections, handshake, rejections and all the i/o and processing it takes to do it.

Blocking massive ranges of IP's via software or hardware firewalls just cuts off any TCP talk at all and reduces spam as well.

So much spam is tricky enough to get around normal rule sets, at least cutting them off earlier reduces ALL traffic from the bad guys so at least a good percentage of the garbage is never even seen.
 

EchoHost

Well-Known Member
Jul 27, 2003
52
0
156
Yea I'd love to do that but it's a bit too risky. A few other criteria I forgot to mention:

1) We get a constant dictionary attack either from the same guy or multiple guys (alexa rating for the domain is ~1,100)
2) A TON of rejected mail

So basically I don't want a spam program that keeps a log of these because i would have to clear it every day or just get too big in general.
 

Infopro

Well-Known Member
May 20, 2003
17,112
513
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Yea I'd love to do that but it's a bit too risky. A few other criteria I forgot to mention:

1) We get a constant dictionary attack either from the same guy or multiple guys (alexa rating for the domain is ~1,100)
2) A TON of rejected mail

So basically I don't want a spam program that keeps a log of these because i would have to clear it every day or just get too big in general.

After reading at least three of your posts in separate forums all seeming to have to do with the same thing, I've only got 2 suggestions for you.

1) Search these forums for the answers you seek, you're not the first that wishes to know this stuff. It's all here.

2) If all else fails, hire a pro. http://www.configserver.com/cp/cpanel.html


He has the answer to your problems I'm sure of it. Look around the forums a bit more. ;)
 

Gene Steinberg

Well-Known Member
May 26, 2007
163
3
168
Ok so I'm going crazy with all the spam here! I've tried spamassasin + mailscanner and all that happened is I lost a lot of legit e-mails, some e-mails took a very long time to get delivered to my inbox and server load was much higher. So I stripped it all down and just started doing spam filtering on my side.

I want a better solution and I don't mind paying, I've read a few things abotu ASSP. Is this worth it. What about ASSP deluxe http://www.grscripts.com/screenshots.html ?

Thanks!
You know, with a little judicious adjustment, SpamAssassin is just about perfect for us. The settings in WHT and cPanel 11 give us plenty of elbow room to block 99% of spam, but we check the option to create a Spam folder, so we can keep tabs on legitimate mail.

My SpamAssassin setting is 4. And we have Exim, via WHT, adjusted to delete anything with a 10 or more rating. and we have also selected the option labeled "Reject mail at SMTP time if the sender host is in the zen.spamhaus.org, or bl.spamcop.net rbl."

We've never lost a single e-mail we needed to receive that we are aware of, and mistakenly flagged legitimate messages are minimal with tha setting.

FYI: We have four busy sites on a VPS system, with several hundred legitimate messages received every day. We have used dedicated e-mail hosting, with supposedly advanced spam settings, and it was no better.

Of course, these settings might not work for you, but for the variety of mail we get, it's just fine and I have no complaints. The Spam filters are not overwhelming, and everything is manageable.

Peace,
Gene Steinberg
Co-Host, "The Paracast"
www.theparacast.com
 
Last edited:

mambovince

Well-Known Member
Jan 15, 2005
193
0
166
London, UK
I hate to recommend this but I found that a huge percentage of spam comes from countries you could probably do without.

We have taken to blocking wide ranges of IP's from Russia, France, Poland, etc..

Even with spam rules or RBL services like Spamhaus or NJABL we still have to deal with the connections, handshake, rejections and all the i/o and processing it takes to do it.

Blocking massive ranges of IP's via software or hardware firewalls just cuts off any TCP talk at all and reduces spam as well.

So much spam is tricky enough to get around normal rule sets, at least cutting them off earlier reduces ALL traffic from the bad guys so at least a good percentage of the garbage is never even seen.
AFAIK, most spam originates from servers hosted in the US :confused:

- Vince
 
Jul 7, 2006
12
0
151
Fighting SPAM

i have use ConfigServer's dictionary attack tool ... just a little perl script that would deny ip's doing dictionary attack , works great for me ... i'll let you guys know tomorrow how it would turn out since most of the attacks starts Tuesday(my time) Philippines.
 

_Chris_

Well-Known Member
Oct 22, 2007
64
0
56
I hate to recommend this but I found that a huge percentage of spam comes from countries you could probably do without.

We have taken to blocking wide ranges of IP's from Russia, France, Poland, etc..

Even with spam rules or RBL services like Spamhaus or NJABL we still have to deal with the connections, handshake, rejections and all the i/o and processing it takes to do it.

Blocking massive ranges of IP's via software or hardware firewalls just cuts off any TCP talk at all and reduces spam as well.

So much spam is tricky enough to get around normal rule sets, at least cutting them off earlier reduces ALL traffic from the bad guys so at least a good percentage of the garbage is never even seen.
Very interested in this - how did you do it please ? Is it possible on shared servers please ?

Any help much appreciated.

Chris.
 

twhiting9275

Well-Known Member
Sep 26, 2002
560
28
178
cPanel Access Level
Root Administrator
Twitter
AFAIK, most spam originates from servers hosted in the US
Correct
According to project honeypot (what a name ;)).
Top-25 Countries
Where Spam Servers
Are Located

#1 [United States] United States (15.6%)
#2 [China] China (15.3%)
#3 [Korea] Korea (7.3%)
#4 [Germany] Germany (5.8%)
#5 [Poland] Poland (5.0%)
#6 [Brazil] Brazil (4.5%)
#7 [France] France (4.0%)
#8 [Italy] Italy (3.8%)
#9 [Spain] Spain (3.7%)
#10 [Russian Federation] Russian Federation (3.2%)
#11 [United Kingdom] United Kingdom (2.9%)
#12 [India] India (2.6%)
#13 [Turkey] Turkey (2.5%)
#14 [Japan] Japan (1.9%)
#15 [Taiwan] Taiwan (1.9%)
#16 [Thailand] Thailand (1.4%)
#17 [Israel] Israel (1.4%)
#18 [Argentina] Argentina (1.2%)
#19 [Chile] Chile (1.0%)
#20 [Peru] Peru (1.0%)
#21 [Netherlands] Netherlands (0.9%)
#22 [Canada] Canada (0.9%)
#23 [Malaysia] Malaysia (0.9%)
#24 [Mexico] Mexico (0.9%)
#25 [Egypt] Egypt (0.8%)