The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam management advice requested, config Spamassassin etc

Discussion in 'E-mail Discussions' started by zackw, Sep 21, 2012.

  1. zackw

    zackw Active Member

    Joined:
    Sep 30, 2010
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Hi there.
    On my server we handle some 15 Email boxes and a whole lot of various forwarding addresses. Many of our addresses are business related, and many are publicly available to see on the Internet. Needless to say we get our fair share of spam because of this. I also get our catch-all Email as well, which is nearly 100% spam.

    It seems like our config of Spamassassin isn't blocking as much as it should, or could. It is the default install that is on the dedicated server we lease.

    One thing that seems confusing is exactly where I should change settings, should I do this on WHM, or on cPanel? In WHM the first option is "SpamAssassin™ reject spam score threshold" which is set to 20. The default is to not have a reject score at all. I was also under the impression that SA's score is only between 0 and 10, why would it be 20?
    In cPanel when I go to configure SA on one of my accounts, it says the score is 3.5 in between the black list and white list.
    I'm also under the impression that 3.5 would be fairly aggressive, as 5 is the default. Yet only about 1 out of 20 spam Emails are tagged with "***SPAM***" and go in the junk box.

    Note that much of our spam are of the "business" type, random "companies" talking about their stuff, or how they can "help" us, get us listed, be on top of search engines, listed in who's who, do marketing, etc etc. Many of these come to the catch-all and are sent to guessed addresses.

    Anyway, the point is I simply want to increase the number of Emails that get the "***SPAM***", I want a little more aggression. A few of our employees have complained of getting MORE spam these days, rather than less.

    We've been training our Thunderbird junk filters for a long time, doesn't seem to be cutting it.
    I've been trying to read as much as I can on Spamassassin but just doesn't seem to have a lot of info. Really not sure where to increase spam catching. Do I change the 20 in WHM, or change the 3.5 in cPanel? Or use some other settings entirely?
    Does SA still work on Email coming through the catch-all channel? Because catch-all has tons of spam.

    Any help, guides, documents, suggestions, things to try, would be most helpful. Note that auto-delete of spam is off, so I'm assuming all junk mail is actually being delivered. I DO want all mail to be delivered, I just want aggressive spam filtering and spam messages going to the Junk box in Thunderbird.

    Thanks guys!
     
  2. zackw

    zackw Active Member

    Joined:
    Sep 30, 2010
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    Any advice? In general we really have to kick up our spam catching from WHM or cPanel or whatever is best.
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Assuming you mean the "Default Address" option in cPanel:
    Default Address - cPanel Documentation

    If this is not set to 'Discard with error to sender' you will get every email sent to: you@, me@, him@, them@, over at yourdomain.com (or guessed addresses as you've called them) You don't want that.

    Personally, I leave the default scores set to, low 5, high 20.

    Forwarded email is not scanned, its just forwarded.
    (interestingly enough, thats the 3rd time I've said that today)

    More on Spam Assassin in the cPanel docs:
    SpamAssassin - cPanel Documentation

    And more yet, here:
    SpamAssassin: Documentation - Apache.org Documentation
     
  4. zackw

    zackw Active Member

    Joined:
    Sep 30, 2010
    Messages:
    28
    Likes Received:
    0
    Trophy Points:
    1
    I had a big reply but lost it with an auto-logoff deal, sucks.

    Anyway, I want the catch-all address, that's not my problem. The problem is too much spam in my regular Email boxes, even boxes that have not really have much of a public display.

    I need to test this system somehow. I need the basics just to know this stuff is working at all. Configurations seem fine, but we get too much spam. Information in the links above say a level of 5 is "aggressive", but ours is set to 3.5 so shouldn't that be really aggressive?

    Something may not be right. And if it IS right, then by golly we need another layer of spam filtering if SA can't cut it.
     
  5. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,471
    Likes Received:
    199
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    The forums will auto save your post if you're disconnected. On the editor where you type in replies you should see a small button to "Restore content" saved by the forum that you did not get posted properly.


    I believe it is, probably.

    If someone sets up a script to email every kind of name in the world @yourdomain.com, you'll receive them all. Legit users email should not go to the catch-all.
     
  6. Evolve

    Evolve Well-Known Member

    Joined:
    Jan 31, 2007
    Messages:
    47
    Likes Received:
    0
    Trophy Points:
    6
    What I've done for some of my clients who were complaining about spam was to set the required_score to 1 in SpamAssassin Configuration and Disable the Auto-Delete Spam feature.

    Then I set up a new email address called spam@yourdomain.com and created an Account Level Filter filter to send everything tagged as spam to that email address.

    The rules were: "Spam Status" | "begins with" and then "Yes" below
    Actions: Redirect to email | spam@yourdomain.com

    You could just use this for testing and check what appears in there after you have it running for a while but I ended up giving my client the spam email info and having them be able to go in and check it if they think something could be in there through webmail. I also set up a crons that will go in and delete any spam in there that is older than 2 weeks so it doesn't take up too much space.

    crons:
    find /home/accountname/mail/yourdomain.com/user/cur -mtime +14 -exec rm {} \;
    find /home/accountname/mail/yourdomain.com/user/new -mtime +14 -exec rm {} \;
    (user would be "spam" from spam@domain.com)

    If anyone sees any flaws in what I've done please let me know otherwise it seems to work fine.
     
    #6 Evolve, Feb 5, 2013
    Last edited: Feb 5, 2013
Loading...

Share This Page