The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SPAM solutions, a discussion

Discussion in 'General Discussion' started by mmoyer, Dec 10, 2006.

  1. mmoyer

    mmoyer Member

    Joined:
    Aug 24, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    I've seen a few threads on this subject, but no single thread with a comprehensive discussion on the various solutions out there to battle SPAM. I'd like to get this thread going with a discussion of each of the popular solutions and their pros/cons.

    Most threads I've seen say try this, but don't go into any detail as to why you should consider it. I have quite a few servers and making any change would be a major deal, so I want to research this as much as possible. This past month SPAM has been at a all time high, and SA even with some tweaking is missing 1,000's of messages across the board.

    So far I'm seeing these solutions:
    1.) Spam Assassin
    2.) Mailscanner
    3.) ASSP (Anti-Spam SMTP Proxy Server)


    Things I'd be interested in seeing in the discussion:
    1.) How much control do you have?
    2.) Server load expectations, what impact do you predict on average (CPU / memory)?
    3.) How effective has this solution been?

    I thank-you in advance for your comments on this never-ending battle we all face.

    Matt Moyer, President
    Beyond Web Creations, LLC
    Founded 1998
     
    #1 mmoyer, Dec 10, 2006
    Last edited: Dec 10, 2006
  2. katmai

    katmai Well-Known Member

    Joined:
    Mar 13, 2006
    Messages:
    526
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Brno, Czech Republic
    if you want easy and nice spam solution take a look at http://configserver.com/cp/mailscanner.html . i'm saying this as this is a great spam solution. my customers were up in the air happy that their mailboxes are spam free. another great thing is that i haven't got ANY reports that legit mails are being blocked.

    all depends on how much time are you willing to give in for producing a good spam solution. i preferred fast and from people that already knew what they were doing, instead of me learning it from the bottom.

    server load is pretty low. around 0.2 0.3 usually and at peak time goes to 3 4, but this is combined with the fact that i run some heavy traffic websites. around 400 k hits per day.

    hope it helps.
     
  3. gflamerich

    gflamerich Well-Known Member

    Joined:
    Jul 21, 2003
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    Radio_head,

    Thanks for sharing your how-to, but I think It might be on the Ads & Offers forum since buying your script is needed.
    By the way, your post has nothing to do with mmoyer original post.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,447
    Likes Received:
    195
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I'll second this route and tell you that it's worth the time to read the site there to understand what you're doing before doing it. Spam is at an all time high for all of us. But thankfully most of it is stopped at the door here as well. As for control, quite a bit. Check the site linked above for pictures. ;)
     
  5. gflamerich

    gflamerich Well-Known Member

    Joined:
    Jul 21, 2003
    Messages:
    122
    Likes Received:
    0
    Trophy Points:
    16
    We have being using MailScanner for a long time, and are somewhat satisfied. Didn't like when cpanel took it out from the distribution some time ago. We also are using dictionary attack script from configserver and BFD on exim log alongside callback sender verification, which stops a lot of attempts of mails sender. (We estimate more than 80% of mails attempts on our servers are spam, yes 1 out of 5 mails is genuine ... what a waste of resources)
    For example, one of our boxes is receiving about 8.000 messages a day (just messages, a lot of connections dropped and IP's blocked), everyone scanned for virus and about 7000 scanned by spam, we have a few clients that doesn't want spam to be removed, they work with China suppliers and we had plenty of false positives). He have an excellent performance and a low server load. We had a problem with that box a month ago and let pass mails without any scan, also removed exim callback for the two hours until most of or clients working hours finish and received 4000 messages...... server load was almost the same as we have scanning. After that, we happily rebooted the server and everything was fine again.

    We have being watching ASSP for a while, and seems to be very promising.
    If ASSP does all what it says, should be included as a package in cpanel.
    Here is the issue at bugzilla asking for the inclusion. If you think ASSP should be included, just vote. http://bugzilla.cpanel.net/show_bug.cgi?id=2552 it was created on May'05 .... but it might be the time to ask for it.

    Regarding spamd and clamav cpanel solution, we tested and remove it after two days.... and returned to MailsScanner.
    We are aware that there are some downsides on using MailsScanner, like memory usage but it worth every Kb :) (Of course, if we can find a solution that else less resources and gives same results, will swap in no time)

    I know this is not the way mmoyer asked, but is the closer we can get. Hope this helps on this discussion.
     
  6. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    We chose MailScanner at the beginning of this year. ASSP was fairly new at the time so I thought we should wait that one out a bit. I could not be happier using MailScanner. I have control over spam/virus/content filtering right down to the individual domain names. Invest a little time and you can configure a different ruleset for each instance (spam,virus,content) for each domain on your box. An extreme level of control.

    Obviously resources will be taken up with Mailscanner. However, after combining a few well contructed Exim ACLs that drop things before it gets to Mailscanner we control our load quite well. It depends on the volume of the server. Our busiest server went from a peak of .80 avg to around a 1. Our slowest went from a .25 to about .44. It's not enough to kill a server as you will see some claim. But, yes, it does eat memory.

    Let me also add, with the addition of Chirpy's front end for Mailscanner, my shared hosting clients have direct access to their white/black lists, spam accept/drop settings and virus scan settings. They love it.

    Matt, hope you find the solution that meets your needs. Spam has become THE nuisance for hosts this year I believe - well above fraud and virii problems. It consumes about 10% of each of my days. Too much!! GL!
     
  7. RandyO

    RandyO Well-Known Member

    Joined:
    Jun 17, 2003
    Messages:
    173
    Likes Received:
    0
    Trophy Points:
    16
    Could you expand on your ACL's? I have a couple issues with mailscanner and had to disable file and virus scanning to get loads back under control. Also the "bounced" mail is piling up for some reason and that causes other problems
     
  8. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    Surely! As a matter of fact - maybe this deserves a new thread for Exim ACLs people use. Might help a lot of people, and I might just learn some things as well. :)

    Check here: http://forums.cpanel.net/showthread.php?t=61917
     
  9. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Hmmm looks like i should have looked here in the first place.

    Anyone know when Mailscanner will be compatible with FreeBSD?

    The front end server sphere mentioned sounds quite nice.

    Presently i'm using SpamAssassin and additional RBL stuff from webhostgear.com tutorials as well as some manual header and body control through antivirus.exim

    See tutorials here:

    http://www.webhostgear.com/338.html

    http://www.webhostgear.com/175.html

    Still having a big problem with Image based spam where no two emails are alike. The spam always comes from Zombies so blacklists don't help and the content in the email is always different, one day it's shakespear, next day it some article on health and so forth. The image is always the same image though with different filenames / extensions...

    I've heard Fuzzy OCR is quite good but it doesnt seem to want to acknowledge that Spamassasin is even installed when i'm installing through ports...

    *sigh*
     
  10. Radio_Head

    Radio_Head Well-Known Member

    Joined:
    Feb 15, 2002
    Messages:
    2,051
    Likes Received:
    1
    Trophy Points:
    38
    Why don't you use clamd instead of mailscanner ?
     
  11. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    I'm currently using NOD32.
    Mailscanner is for spam and ClamAV is for antivirus checking?

    I don't understand how i could use ClamAV instead of mailscanner?
    Please elaborate :)

    Thanks
     
  12. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Hey All,

    I don't want to bump this thread for no reason but additionally i dont want to start a new thread.
    I'm still looking for a decent spam management solution and might be forced to forward email to one of the major ISP's here and then let them do the filtering and forward it back,

    Presently my clients are receiving about 20-30 spam daily. Some less and some more...
    My admin guy says that can't stop the spam and that what we have is adequate enough.

    In reality i would a solution where most of the accounts are receive a maximum of 5-10 spam emails per day.

    If any1 could just report back on the following:
    "On average how many spam emails are bypassing the server filters to enter the destination mailboxes?"

    Just need an idea! Thanks
     
  13. SageBrian

    SageBrian Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    415
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    NY/CT (US)
    cPanel Access Level:
    Root Administrator
    I think the original reply was the best: Use Chirpy's Mailscanner solution
    http://configserver.com/cp/mailscanner.html

    I've had people 'complain' because they think they are getting alot of spam when they get 5/day. Then I turn off the filter for them. :) No more complaints.
     
  14. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Does it work on FreeBSD?

    The ConfigServer stuff certainly doesnt otherwise i would have paid them the $125 a long time ago :)
     
  15. mctDarren

    mctDarren Well-Known Member

    Joined:
    Jan 6, 2004
    Messages:
    664
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    New Jersey
    cPanel Access Level:
    Root Administrator
    You actually turn off their filter and let them experience the horror? LOL! If I did that for some of my clients they'd throw their computer out the window... Nice idea though!
     
  16. meganet

    meganet Well-Known Member

    Joined:
    Mar 28, 2005
    Messages:
    46
    Likes Received:
    0
    Trophy Points:
    6
    I use configservers for both of my servers spam solution. It's great and worth the money.

    On a side note, Infopro, that is a hilarious flash animation for chirpy - good job!
     
  17. wzd

    wzd Well-Known Member

    Joined:
    Dec 16, 2005
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    South Africa
    cPanel Access Level:
    Root Administrator
    Yeah BUT IT DOESNT WORK ON FREEBSD - and chirpy doesnt reply to my messages or posts...
    *pant* *pant*
     
  18. celliott

    celliott Well-Known Member

    Joined:
    Jan 2, 2006
    Messages:
    460
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    United Kingdom
    He is probably busy with other things. Email him on www.configserver.com or just purchase one of his plans.
     
  19. electric

    electric Well-Known Member

    Joined:
    Nov 5, 2001
    Messages:
    697
    Likes Received:
    1
    Trophy Points:
    18
    Is it possible to somehow get "statistics" on what the spam assassin and other systems are doing? This way, we can show the customer that the filters are actually working (well) and that the few spam emails they see in their inbox are nothing compared to what is being filtered...

    Some of our clients don't believe we are actually filtering email, because they get 20 spam emails. Is the only way to "prove" to them.. to turn off filtering for a while? That doesn't seem like a good method.
     
  20. ljweb

    ljweb Member

    Joined:
    Nov 26, 2003
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    To enable per domain scanning, you need to modify the rulesets in /usr/mailscanner/etc/rules/spam.scanning.rules , just change yes to no for the domain you want to disable.
    If you make any changes to the configuration/rules files you must restart MailScanner using:

    service MailScanner reload
     
    #20 ljweb, Jan 23, 2007
    Last edited: Jan 23, 2007
Loading...

Share This Page