The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam get's smarter, what can we do?

Discussion in 'E-mail Discussions' started by hm2k, Jan 13, 2008.

  1. hm2k

    hm2k Well-Known Member

    Joined:
    Jul 19, 2005
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Recently I'm seeing a huge increase in spam that's not being scored by spam assassin, thus not being detected as spam.

    Not only am I seeing this increase, but so are my users.

    The mail is coming from external sources, and is being received on genuine email addresses.

    I'm confident that I'm not the only person running cPanel who's having this issue and would like to discuss the best way to approach this issue.

    You'll notice that gmail for example is getting very smart, this is due to it's thousands+ of users who are reporting spam, there already huge spam base and their fantastic algorithms.

    There must be some approach we can take.

    I look forward to the responses.
     
  2. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    rbl's seem to be an effective way of reducing the incoming amount, but they dont come without problems, be prepared for a lot of support calls!

    Use as many good spamassassin rulesets as you can get your hands on, reduce the overall spam trigger score (I have my low trigger defaulting at 3, which does produce a few false positives but has reduced the amount of crap that clients get quite a bit) and also reject spam that scores over a certain threshold (I have mine set to 10)

    also the new ratelimiting options seem to help a bit as well (my company runs CURRENT, not sure how far down the tree the changes have made it so far - may not be in stable or release yet)
     
  3. hm2k

    hm2k Well-Known Member

    Joined:
    Jul 19, 2005
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    How come rbls cause so much trouble considering the whole point is to block bad ips...

    As the list is realtime it shouldn't cause that many problems should it?

    I currently use SA, i'm aware of the scoring, however some spam appears to becoming through as follows:

    Code:
    X-Spam-Status: No, score=
    X-Spam-Score: 
    X-Spam-Bar: 
    X-Spam-Flag: NO
    Has anyone tried integrating any of these techniques into cpanel? If so, what are the results?

    http://en.wikipedia.org/wiki/Anti-s...utomated_techniques_for_e-mail_administrators

    Does anyone have any further suggestions?

    Thanks.
     
  4. troxalias

    troxalias Well-Known Member

    Joined:
    Nov 21, 2001
    Messages:
    96
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Athens - Greece
    There is always a thin line between usability and "protection". Most of the techniques you mention are either out of any RFC scope or could lead your server to reject mail from mass amount of valid smtp servers. I would suggest to rely on RBL lists, Spamassassin and your own personal spam "honeypot" :)
     
  5. nickp666

    nickp666 Well-Known Member

    Joined:
    Jan 28, 2005
    Messages:
    770
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    /dev/null
    RBL's are not 100% clean and free of errors (there is no way they could be) also, a lot of RBL's list dynamic address space as technically they shouldnt be sending email but if, like probably 99% of the hosts on the planet, your customers send through you, you will undoubtedly run in to problems with PBL's and such, although with that said, the way that cPanel/exim handle RBL's now, as long as your client authenticates correctly they should be allowed to send, the main problem you will see is small businesses that have exchange servers running on their DSL and similar setups will be unable to send to your clients.

    I also had a problem yesterday with a blacklisted server at hotmail that had been used to relay spam, therefore my servers were dropping connections, causing my customer to blame me asking questions like "how can one of the biggest email providers on the planet not send to you"

    Implementing RBL's is definately a must, but do your homework so that you can disarm the situation when you have an annoyed customer whos clients cant get mail to them.

    What rulesets are you using with SA?
     
  6. Kent Brockman

    Kent Brockman Well-Known Member

    Joined:
    Jan 20, 2008
    Messages:
    1,130
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Buenos Aires, Argentina
    cPanel Access Level:
    Root Administrator
    Twitter:
    How do you know what rulesets are being used? how can you add some more to make SA stronger?
     
  7. BigLebowski

    BigLebowski Well-Known Member

    Joined:
    Dec 24, 2007
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Cpanel with external anti spam hardware

    hi, just wondered if anyone uses a dedicated hardware solution externally in front of an array of Cpanel servers to filter spam before it arrives?

    The main problem we have is via email forwarders to AOL, Yahoo etc. Email via the forwarders are not filtered by Spam Assassin. Therefore spam bombardments are passed directly on resulting in those ISPs blacklisting.

    Cheers
    Dude
     
  8. nxweb

    nxweb Active Member

    Joined:
    Oct 29, 2008
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    I noticed a huge increase in "spam catching" with the latest versions of spamassasin... make sure you are running the latest versions.
     
Loading...

Share This Page