mmoyer

Member
Aug 24, 2004
6
0
151
I've seen a few threads on this subject, but no single thread with a comprehensive discussion on the various solutions out there to battle SPAM. I'd like to get this thread going with a discussion of each of the popular solutions and their pros/cons.

Most threads I've seen say try this, but don't go into any detail as to why you should consider it. I have quite a few servers and making any change would be a major deal, so I want to research this as much as possible. This past month SPAM has been at a all time high, and SA even with some tweaking is missing 1,000's of messages across the board.

So far I'm seeing these solutions:
1.) Spam Assassin
2.) Mailscanner
3.) ASSP (Anti-Spam SMTP Proxy Server)


Things I'd be interested in seeing in the discussion:
1.) How much control do you have?
2.) Server load expectations, what impact do you predict on average (CPU / memory)?
3.) How effective has this solution been?

I thank-you in advance for your comments on this never-ending battle we all face.

Matt Moyer, President
Beyond Web Creations, LLC
Founded 1998
 
Last edited:

katmai

Well-Known Member
Mar 13, 2006
562
2
168
Brno, Czech Republic
if you want easy and nice spam solution take a look at http://configserver.com/cp/mailscanner.html . i'm saying this as this is a great spam solution. my customers were up in the air happy that their mailboxes are spam free. another great thing is that i haven't got ANY reports that legit mails are being blocked.

all depends on how much time are you willing to give in for producing a good spam solution. i preferred fast and from people that already knew what they were doing, instead of me learning it from the bottom.

server load is pretty low. around 0.2 0.3 usually and at peak time goes to 3 4, but this is combined with the fact that i run some heavy traffic websites. around 400 k hits per day.

hope it helps.
 

gflamerich

Well-Known Member
Jul 21, 2003
122
0
166
Radio_head,

Thanks for sharing your how-to, but I think It might be on the Ads & Offers forum since buying your script is needed.
By the way, your post has nothing to do with mmoyer original post.
 

Infopro

Well-Known Member
May 20, 2003
17,113
507
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
if you want easy and nice spam solution take a look at http://configserver.com/cp/mailscanner.html . i'm saying this as this is a great spam solution. my customers were up in the air happy that their mailboxes are spam free. another great thing is that i haven't got ANY reports that legit mails are being blocked.

all depends on how much time are you willing to give in for producing a good spam solution. i preferred fast and from people that already knew what they were doing, instead of me learning it from the bottom.

server load is pretty low. around 0.2 0.3 usually and at peak time goes to 3 4, but this is combined with the fact that i run some heavy traffic websites. around 400 k hits per day.

hope it helps.
I'll second this route and tell you that it's worth the time to read the site there to understand what you're doing before doing it. Spam is at an all time high for all of us. But thankfully most of it is stopped at the door here as well. As for control, quite a bit. Check the site linked above for pictures. ;)
 

gflamerich

Well-Known Member
Jul 21, 2003
122
0
166
We have being using MailScanner for a long time, and are somewhat satisfied. Didn't like when cpanel took it out from the distribution some time ago. We also are using dictionary attack script from configserver and BFD on exim log alongside callback sender verification, which stops a lot of attempts of mails sender. (We estimate more than 80% of mails attempts on our servers are spam, yes 1 out of 5 mails is genuine ... what a waste of resources)
For example, one of our boxes is receiving about 8.000 messages a day (just messages, a lot of connections dropped and IP's blocked), everyone scanned for virus and about 7000 scanned by spam, we have a few clients that doesn't want spam to be removed, they work with China suppliers and we had plenty of false positives). He have an excellent performance and a low server load. We had a problem with that box a month ago and let pass mails without any scan, also removed exim callback for the two hours until most of or clients working hours finish and received 4000 messages...... server load was almost the same as we have scanning. After that, we happily rebooted the server and everything was fine again.

We have being watching ASSP for a while, and seems to be very promising.
If ASSP does all what it says, should be included as a package in cpanel.
Here is the issue at bugzilla asking for the inclusion. If you think ASSP should be included, just vote. http://bugzilla.cpanel.net/show_bug.cgi?id=2552 it was created on May'05 .... but it might be the time to ask for it.

Regarding spamd and clamav cpanel solution, we tested and remove it after two days.... and returned to MailsScanner.
We are aware that there are some downsides on using MailsScanner, like memory usage but it worth every Kb :) (Of course, if we can find a solution that else less resources and gives same results, will swap in no time)

I know this is not the way mmoyer asked, but is the closer we can get. Hope this helps on this discussion.
 

mctDarren

Well-Known Member
Jan 6, 2004
665
4
168
New Jersey
cPanel Access Level
Root Administrator
We chose MailScanner at the beginning of this year. ASSP was fairly new at the time so I thought we should wait that one out a bit. I could not be happier using MailScanner. I have control over spam/virus/content filtering right down to the individual domain names. Invest a little time and you can configure a different ruleset for each instance (spam,virus,content) for each domain on your box. An extreme level of control.

Obviously resources will be taken up with Mailscanner. However, after combining a few well contructed Exim ACLs that drop things before it gets to Mailscanner we control our load quite well. It depends on the volume of the server. Our busiest server went from a peak of .80 avg to around a 1. Our slowest went from a .25 to about .44. It's not enough to kill a server as you will see some claim. But, yes, it does eat memory.

Let me also add, with the addition of Chirpy's front end for Mailscanner, my shared hosting clients have direct access to their white/black lists, spam accept/drop settings and virus scan settings. They love it.

Matt, hope you find the solution that meets your needs. Spam has become THE nuisance for hosts this year I believe - well above fraud and virii problems. It consumes about 10% of each of my days. Too much!! GL!
 

RandyO

Well-Known Member
Jun 17, 2003
173
0
166
We chose MailScanner at the beginning of this year. ASSP was fairly new at the time so I thought we should wait that one out a bit. I could not be happier using MailScanner. I have control over spam/virus/content filtering right down to the individual domain names. Invest a little time and you can configure a different ruleset for each instance (spam,virus,content) for each domain on your box. An extreme level of control.

Obviously resources will be taken up with Mailscanner. However, after combining a few well contructed Exim ACLs that drop things before it gets to Mailscanner we control our load quite well. It depends on the volume of the server. Our busiest server went from a peak of .80 avg to around a 1. Our slowest went from a .25 to about .44. It's not enough to kill a server as you will see some claim. But, yes, it does eat memory.

Let me also add, with the addition of Chirpy's front end for Mailscanner, my shared hosting clients have direct access to their white/black lists, spam accept/drop settings and virus scan settings. They love it.

Matt, hope you find the solution that meets your needs. Spam has become THE nuisance for hosts this year I believe - well above fraud and virii problems. It consumes about 10% of each of my days. Too much!! GL!
Could you expand on your ACL's? I have a couple issues with mailscanner and had to disable file and virus scanning to get loads back under control. Also the "bounced" mail is piling up for some reason and that causes other problems
 

mctDarren

Well-Known Member
Jan 6, 2004
665
4
168
New Jersey
cPanel Access Level
Root Administrator
Could you expand on your ACL's? I have a couple issues with mailscanner and had to disable file and virus scanning to get loads back under control. Also the "bounced" mail is piling up for some reason and that causes other problems
Surely! As a matter of fact - maybe this deserves a new thread for Exim ACLs people use. Might help a lot of people, and I might just learn some things as well. :)

Check here: http://forums.cpanel.net/showthread.php?t=61917
 

wzd

Well-Known Member
Dec 16, 2005
120
1
168
South Africa
cPanel Access Level
Root Administrator
Hmmm looks like i should have looked here in the first place.

Anyone know when Mailscanner will be compatible with FreeBSD?

The front end server sphere mentioned sounds quite nice.

Presently i'm using SpamAssassin and additional RBL stuff from webhostgear.com tutorials as well as some manual header and body control through antivirus.exim

See tutorials here:

http://www.webhostgear.com/338.html

http://www.webhostgear.com/175.html

Still having a big problem with Image based spam where no two emails are alike. The spam always comes from Zombies so blacklists don't help and the content in the email is always different, one day it's shakespear, next day it some article on health and so forth. The image is always the same image though with different filenames / extensions...

I've heard Fuzzy OCR is quite good but it doesnt seem to want to acknowledge that Spamassasin is even installed when i'm installing through ports...

*sigh*
 

Radio_Head

Well-Known Member
Verifed Vendor
Feb 15, 2002
2,051
1
343
Why don't you use clamd instead of mailscanner ?
 

wzd

Well-Known Member
Dec 16, 2005
120
1
168
South Africa
cPanel Access Level
Root Administrator
I'm currently using NOD32.
Mailscanner is for spam and ClamAV is for antivirus checking?

I don't understand how i could use ClamAV instead of mailscanner?
Please elaborate :)

Thanks
 

wzd

Well-Known Member
Dec 16, 2005
120
1
168
South Africa
cPanel Access Level
Root Administrator
Hey All,

I don't want to bump this thread for no reason but additionally i dont want to start a new thread.
I'm still looking for a decent spam management solution and might be forced to forward email to one of the major ISP's here and then let them do the filtering and forward it back,

Presently my clients are receiving about 20-30 spam daily. Some less and some more...
My admin guy says that can't stop the spam and that what we have is adequate enough.

In reality i would a solution where most of the accounts are receive a maximum of 5-10 spam emails per day.

If any1 could just report back on the following:
"On average how many spam emails are bypassing the server filters to enter the destination mailboxes?"

Just need an idea! Thanks
 

SageBrian

Well-Known Member
Jun 1, 2002
416
2
318
NY/CT (US)
cPanel Access Level
Root Administrator
Hey All,

I don't want to bump this thread for no reason but additionally i dont want to start a new thread.
I'm still looking for a decent spam management solution and might be forced to forward email to one of the major ISP's here and then let them do the filtering and forward it back,
I think the original reply was the best: Use Chirpy's Mailscanner solution
http://configserver.com/cp/mailscanner.html

I've had people 'complain' because they think they are getting alot of spam when they get 5/day. Then I turn off the filter for them. :) No more complaints.
 

wzd

Well-Known Member
Dec 16, 2005
120
1
168
South Africa
cPanel Access Level
Root Administrator
Does it work on FreeBSD?

The ConfigServer stuff certainly doesnt otherwise i would have paid them the $125 a long time ago :)
 

meganet

Well-Known Member
Mar 28, 2005
46
0
156
I use configservers for both of my servers spam solution. It's great and worth the money.

On a side note, Infopro, that is a hilarious flash animation for chirpy - good job!
 

wzd

Well-Known Member
Dec 16, 2005
120
1
168
South Africa
cPanel Access Level
Root Administrator
Yeah BUT IT DOESNT WORK ON FREEBSD - and chirpy doesnt reply to my messages or posts...
*pant* *pant*
 

electric

Well-Known Member
Nov 5, 2001
742
5
318
I've had people 'complain' because they think they are getting alot of spam when they get 5/day. Then I turn off the filter for them. :) No more complaints.
Is it possible to somehow get "statistics" on what the spam assassin and other systems are doing? This way, we can show the customer that the filters are actually working (well) and that the few spam emails they see in their inbox are nothing compared to what is being filtered...

Some of our clients don't believe we are actually filtering email, because they get 20 spam emails. Is the only way to "prove" to them.. to turn off filtering for a while? That doesn't seem like a good method.
 

ljweb

Member
Nov 26, 2003
11
0
151
To enable per domain scanning, you need to modify the rulesets in /usr/mailscanner/etc/rules/spam.scanning.rules , just change yes to no for the domain you want to disable.
If you make any changes to the configuration/rules files you must restart MailScanner using:

service MailScanner reload
 
Last edited: