SPAM solutions, a discussion

[mmoyer]

I've seen a few threads on this subject, but no single thread with a comprehensive discussion on the various solutions out there to battle SPAM. I'd like to get this thread going with a discussion of each of the popular solutions and their pros/cons.

Most threads I've seen say try this, but don't go into any detail as to why you should consider it. I have quite a few servers and making any change would be a major deal, so I want to research this as much as possible. This past month SPAM has been at a all time high, and SA even with some tweaking is missing 1,000's of messages across the board.

So far I'm seeing these solutions:
1.) Spam Assassin
2.) Mailscanner
3.) ASSP (Anti-Spam SMTP Proxy Server)


Things I'd be interested in seeing in the discussion:
1.) How much control do you have?
2.) Server load expectations, what impact do you predict on average (CPU / memory)?
3.) How effective has this solution been?

I thank-you in advance for your comments on this never-ending battle we all face.

Matt Moyer, President
Beyond Web Creations, LLC
Founded 1998

 

[katmai]

if you want easy and nice spam solution take a look at http://configserver.com/cp/mailscanner.html . i'm saying this as this is a great spam solution. my customers were up in the air happy that their mailboxes are spam free. another great thing is that i haven't got ANY reports that legit mails are being blocked.

all depends on how much time are you willing to give in for producing a good spam solution. i preferred fast and from people that already knew what they were doing, instead of me learning it from the bottom.

server load is pretty low. around 0.2 0.3 usually and at peak time goes to 3 4, but this is combined with the fact that i run some heavy traffic websites. around 400 k hits per day.

hope it helps.

 

[gflamerich]

Radio_head,

Thanks for sharing your how-to, but I think It might be on the Ads & Offers forum since buying your script is needed.
By the way, your post has nothing to do with mmoyer original post.

 

[Infopro]

if you want easy and nice spam solution take a look at http://configserver.com/cp/mailscanner.html . i'm saying this as this is a great spam solution. my customers were up in the air happy that their mailboxes are spam free. another great thing is that i haven't got ANY reports that legit mails are being blocked.

all depends on how much time are you willing to give in for producing a good spam solution. i preferred fast and from people that already knew what they were doing, instead of me learning it from the bottom.

server load is pretty low. around 0.2 0.3 usually and at peak time goes to 3 4, but this is combined with the fact that i run some heavy traffic websites. around 400 k hits per day.

hope it helps.

I'll second this route and tell you that it's worth the time to read the site there to understand what you're doing before doing it. Spam is at an all time high for all of us. But thankfully most of it is stopped at the door here as well. As for control, quite a bit. Check the site linked above for pictures.

 

[gflamerich]

We have being using MailScanner for a long time, and are somewhat satisfied. Didn't like when cpanel took it out from the distribution some time ago. We also are using dictionary attack script from configserver and BFD on exim log alongside callback sender verification, which stops a lot of attempts of mails sender. (We estimate more than 80% of mails attempts on our servers are spam, yes 1 out of 5 mails is genuine ... what a waste of resources)
For example, one of our boxes is receiving about 8.000 messages a day (just messages, a lot of connections dropped and IP's blocked), everyone scanned for virus and about 7000 scanned by spam, we have a few clients that doesn't want spam to be removed, they work with China suppliers and we had plenty of false positives). He have an excellent performance and a low server load. We had a problem with that box a month ago and let pass mails without any scan, also removed exim callback for the two hours until most of or clients working hours finish and received 4000 messages...... server load was almost the same as we have scanning. After that, we happily rebooted the server and everything was fine again.

We have being watching ASSP for a while, and seems to be very promising.
If ASSP does all what it says, should be included as a package in cpanel.
Here is the issue at bugzilla asking for the inclusion. If you think ASSP should be included, just vote. http://bugzilla.cpanel.net/show_bug.cgi?id=2552 it was created on May'05 .... but it might be the time to ask for it.

Regarding spamd and clamav cpanel solution, we tested and remove it after two days.... and returned to MailsScanner.
We are aware that there are some downsides on using MailsScanner, like memory usage but it worth every Kb (Of course, if we can find a solution that else less resources and gives same results, will swap in no time)

I know this is not the way mmoyer asked, but is the closer we can get. Hope this helps on this discussion.

 

[mctDarren]

We chose MailScanner at the beginning of this year. ASSP was fairly new at the time so I thought we should wait that one out a bit. I could not be happier using MailScanner. I have control over spam/virus/content filtering right down to the individual domain names. Invest a little time and you can configure a different ruleset for each instance (spam,virus,content) for each domain on your box. An extreme level of control.

Obviously resources will be taken up with Mailscanner. However, after combining a few well contructed Exim ACLs that drop things before it gets to Mailscanner we control our load quite well. It depends on the volume of the server. Our busiest server went from a peak of .80 avg to around a 1. Our slowest went from a .25 to about .44. It's not enough to kill a server as you will see some claim. But, yes, it does eat memory.

Let me also add, with the addition of Chirpy's front end for Mailscanner, my shared hosting clients have direct access to their white/black lists, spam accept/drop settings and virus scan settings. They love it.

Matt, hope you find the solution that meets your needs. Spam has become THE nuisance for hosts this year I believe - well above fraud and virii problems. It consumes about 10% of each of my days. Too much!! GL!

 

[RandyO]

We chose MailScanner at the beginning of this year. ASSP was fairly new at the time so I thought we should wait that one out a bit. I could not be happier using MailScanner. I have control over spam/virus/content filtering right down to the individual domain names. Invest a little time and you can configure a different ruleset for each instance (spam,virus,content) for each domain on your box. An extreme level of control.

Obviously resources will be taken up with Mailscanner. However, after combining a few well contructed Exim ACLs that drop things before it gets to Mailscanner we control our load quite well. It depends on the volume of the server. Our busiest server went from a peak of .80 avg to around a 1. Our slowest went from a .25 to about .44. It's not enough to kill a server as you will see some claim. But, yes, it does eat memory.

Let me also add, with the addition of Chirpy's front end for Mailscanner, my shared hosting clients have direct access to their white/black lists, spam accept/drop settings and virus scan settings. They love it.

Matt, hope you find the solution that meets your needs. Spam has become THE nuisance for hosts this year I believe - well above fraud and virii problems. It consumes about 10% of each of my days. Too much!! GL!

Could you expand on your ACL's? I have a couple issues with mailscanner and had to disable file and virus scanning to get loads back under control. Also the "bounced" mail is piling up for some reason and that causes other problems

 

[mctDarren]

Could you expand on your ACL's? I have a couple issues with mailscanner and had to disable file and virus scanning to get loads back under control. Also the "bounced" mail is piling up for some reason and that causes other problems

Surely! As a matter of fact - maybe this deserves a new thread for Exim ACLs people use. Might help a lot of people, and I might just learn some things as well.

Check here: http://forums.cpanel.net/showthread.php?t=61917

 

[wzd]

Hmmm looks like i should have looked here in the first place.

Anyone know when Mailscanner will be compatible with FreeBSD?

The front end server sphere mentioned sounds quite nice.

Presently i'm using SpamAssassin and additional RBL stuff from webhostgear.com tutorials as well as some manual header and body control through antivirus.exim

See tutorials here:

http://www.webhostgear.com/338.html

http://www.webhostgear.com/175.html

Still having a big problem with Image based spam where no two emails are alike. The spam always comes from Zombies so blacklists don't help and the content in the email is always different, one day it's shakespear, next day it some article on health and so forth. The image is always the same image though with different filenames / extensions...

I've heard Fuzzy OCR is quite good but it doesnt seem to want to acknowledge that Spamassasin is even installed when i'm installing through ports...

*sigh*

 

[Radio_Head]

Why don't you use clamd instead of mailscanner ?

 

[wzd]

I'm currently using NOD32.
Mailscanner is for spam and ClamAV is for antivirus checking?

I don't understand how i could use ClamAV instead of mailscanner?
Please elaborate

Thanks

 

[wzd]

Hey All,

I don't want to bump this thread for no reason but additionally i dont want to start a new thread.
I'm still looking for a decent spam management solution and might be forced to forward email to one of the major ISP's here and then let them do the filtering and forward it back,

Presently my clients are receiving about 20-30 spam daily. Some less and some more...
My admin guy says that can't stop the spam and that what we have is adequate enough.

In reality i would a solution where most of the accounts are receive a maximum of 5-10 spam emails per day.

If any1 could just report back on the following:
"On average how many spam emails are bypassing the server filters to enter the destination mailboxes?"

Just need an idea! Thanks

 

[SageBrian]

Hey All,

I don't want to bump this thread for no reason but additionally i dont want to start a new thread.
I'm still looking for a decent spam management solution and might be forced to forward email to one of the major ISP's here and then let them do the filtering and forward it back,

I think the original reply was the best: Use Chirpy's Mailscanner solution
http://configserver.com/cp/mailscanner.html

I've had people 'complain' because they think they are getting alot of spam when they get 5/day. Then I turn off the filter for them. No more complaints.

 

[wzd]

Does it work on FreeBSD?

The ConfigServer stuff certainly doesnt otherwise i would have paid them the $125 a long time ago

 

[mctDarren]

Then I turn off the filter for them.

You actually turn off their filter and let them experience the horror? LOL! If I did that for some of my clients they'd throw their computer out the window... Nice idea though!

 

[meganet]

I use configservers for both of my servers spam solution. It's great and worth the money.

On a side note, Infopro, that is a hilarious flash animation for chirpy - good job!

 

[wzd]

Yeah BUT IT DOESNT WORK ON FREEBSD - and chirpy doesnt reply to my messages or posts...
*pant* *pant*

 

[celliott]

Yeah BUT IT DOESNT WORK ON FREEBSD - and chirpy doesnt reply to my messages or posts...
*pant* *pant*

He is probably busy with other things. Email him on www.configserver.com or just purchase one of his plans.

 

[electric]

I've had people 'complain' because they think they are getting alot of spam when they get 5/day. Then I turn off the filter for them. No more complaints.

Is it possible to somehow get "statistics" on what the spam assassin and other systems are doing? This way, we can show the customer that the filters are actually working (well) and that the few spam emails they see in their inbox are nothing compared to what is being filtered...

Some of our clients don't believe we are actually filtering email, because they get 20 spam emails. Is the only way to "prove" to them.. to turn off filtering for a while? That doesn't seem like a good method.

 

[ljweb]

To enable per domain scanning, you need to modify the rulesets in /usr/mailscanner/etc/rules/spam.scanning.rules , just change yes to no for the domain you want to disable.
If you make any changes to the configuration/rules files you must restart MailScanner using:

service MailScanner reload