SPAM died me
Posted by Tiva, 03-19-2007, 05:43 AM hi, my support and sales mailbox almost get full of spam and advertise emails. i turned on spamassasin but it have not any effect.. i wondering to myself to delete support and sales mail account and create a new one with another spell ( for example something like supporting@website.com instead of support@website.com) is there any way to get rid of these spams ?
Posted by jbiel, 03-19-2007, 08:15 AM You may need to adjust your spamassasin filters and scoring to a lower setting. Remember, the lower you go, the more potential you have to get legitament emails marked / dropped as spam.
Posted by ~G9~, 03-19-2007, 10:56 AM Install Anti-Spam SMTP Proxy (ASSP). It works lovely. If you are using cPanel, then this tutorial is for you: http://www.webhostingtalk.com/showthread.php?t=580342
Posted by fbroce, 03-19-2007, 02:24 PM The other post are correct. You must install filtering with spamassassin to eliminate all the spam. Some of the filtering increasing the load on your server. It shouldn't be a problem but I though I should mention it. Look at the spammassassin.org website. Rules de jour is a good set of filters, you can also add clmilter and reroute spam into /dev/null or a spam maillbox. A third trick is to install BADdns. This milter will reject any mail from a source that does not have a real dns. All of these techniques require installation at the os level. In my experience this will eliminate about 99% of the spam. fb
Posted by whmcsguru, 03-19-2007, 02:38 PM SpamAssassin is old and outdated. It does almost nothing but load a server down any more with rules. Properly filtering mail like this should be done BEFORE it ever hits the mail server, and it should be done all in one application, something like ASSP, which can do: --- RBL checks --- Header checks --- PTR checks --- SPF checks --- Bayesian checks and so much more. It analyzes mail sent to you and based on your configuration does what you desire with it, nothing more. All of this is done without harsh loads to the server, the likes of which spamassassin is well known to cause. If you're getting flooded with spam, then stop using SA and start using a real solution instead.
Posted by Tiva, 03-19-2007, 03:53 PM is ASSP filter some correct and legal mails??? what about BADdns ?
Posted by Engelmacher, 03-20-2007, 06:24 AM Not a real solution for me.
Posted by appliedops, 03-20-2007, 06:23 PM These are the FASTEST ways to lose legitimate mail. SA is good because it can still take these into account, yet still score properly against things in the body of the message. SA (like many things) properly configured will not kill your box...
Posted by jonwatson, 03-20-2007, 06:29 PM That's just not true. I get about one false positive a week and 2-3 false negatives. Spamassassin catches about 120 emails a day headed for my personal email. I used to run ESVA and its stats told me that 56% of the email sent to me was spam, yet I barely even noticed thanks to SA. And I agree with the other comment on RBLs. RBLs are hands-down the quickest way to lose contact with people. I've lost track of the number of times I've had to use different email accounts to talk to my parents, friends, and co-workers because their ISP subscribes to an RBL.
Posted by whmcsguru, 03-20-2007, 06:46 PM NOT if things are setup properly, and ASSP does do things properly: Firstly , ASSP supports "whitelist" additions, from users via email. This "whitelist" (if done properly) is not checked, nothing is done, email is automatically allowed from users on the whitelist. Secondly, ASSP knows who you're mailing, AS LONG AS you're sending mail through it. Guess what? Those people are added to the whitelist. Surprise. Thirdly, ASSP supports MULTIPLE RBL checks. Not just ONE, or TWO, but how ever many you want. It also supports MULTIPLE RBL scoring. What does this mean? If a user's ISP is in just one RBL and you have it set to reject if in TWO, it will allow the mail through. Simple, easy. Fourthly, ASSP allows mail rejection based on "scoring". This means that you can reject the mail if the mail has scores too high, with some points higher than others, as set by yourself. Again, you can rely on NOT JUST RBL's, NOT JUST PTR's, etc. Spamassassin does NOT do any of the above. In fact, SA barely allows ANY user interaction at all. My own experience here: Pre-ASSP , my servers were pushing 2-3 load, because they do process a ton of messages. No custom rules were set, nothing was "different" than it is now. Since installing ASSP and disabling SA, my server load has dropped to nothing, and my spam intake has dropped by a LOT . Before, I was grabbing 3-5 spam mails a day (SA was rejecting quite a few based on SARE and other stuff), now I may pull one or two, and I can always forward that to ASSP. Now, what would you rather use? A> Something that barely accepts any user input at all or B> Something that is fully interactive, supports user whitelists, redlists, spam reports, not spam reports, full domain whitelisting, etc? Personally, I'll take option B every single time. BTW: SA will STILL block users you mail frequently, or mark them as "spam". ASSP will not when properly configured.
Posted by jonwatson, 03-20-2007, 06:54 PM SA supports user whitelists and full domain whitelisting. I guess it doesn't have reports and some would like that. I don't even know what a red list is. And this isn't a slam, just an observation: on one of our mail servers with SA we have a small number of users, about 200-250 or so. We run ISPConfig so there's a nice GUI to allow people to set their own spam policy (accept,discard), their own subject rewrite rules, their own scoring, and their own whitelists. I can count on one hand the number of users who have even logged in to their settings never mind changed them. It's been my experience that us geeks like 'fully interactive' apps, but end users couldn't give a rat's butt.
Posted by Engelmacher, 03-20-2007, 09:28 PM You left out the part about it disabling TLS automatically. Where's the user interaction that fixes that?
Posted by whmcsguru, 03-20-2007, 09:34 PM You can do numerous things to resolve this, such as running Exim (or whatever MTA you're using) on another port as well as the port that ASSP is forwarding to. Most people will have to do this anyways, as more and more ISPs are blocking 25 and you can always access exim directly behind said port. Personally, I don't use TLS, and obviously not everyone does, or there WOULD be an option for this.
Posted by CaroNet-Hesham, 03-20-2007, 09:50 PM I use boxtrapper on one of my accounts that gets too much spam, seems to work nicely.
Posted by whmcsguru, 03-20-2007, 09:52 PM Boxtrapper is nothing but a spam trap in and of itself. it's the EASIEST way to get you listed on any RBL
Posted by riverpast, 03-21-2007, 12:20 AM I have been using Google App for my email for the last month, and it eliminated 99% of the spams. It is a little slower than my own mail server, but certainly is an easy and cheap (free) solution.
Posted by Tiva, 03-21-2007, 06:27 AM do you use it for your whole server ?? or just for your own mailbox ?? also, if you want to select from SPAMASSASSIN and BOXTRAPPER, which one is better and work better ?
Posted by ResellerPlanet, 03-21-2007, 08:30 AM SpamAssassin and BoxTrapper are two different things.... BoxTrapper works great but it has two major disadvantages: - People who send you an email for the first time need to whitelist themselves. - If you subscribe and receive an activation e-mail you still have to check the BoxTrapper queue. Out of my experience I know that lots of people don't go in the trouble of whitelisting themselves so I had to check the BoxTrapper queue frequently. I disabled it eventually.
Posted by Tiva, 03-22-2007, 05:09 AM if i enable boxtrapper in WHM, is it have any option for enable/disable it per account ?
Posted by ResellerPlanet, 03-22-2007, 05:42 AM Users have the option to enable it per mailbox on their account. It is disabled for all mailboxes by default.
Posted by mummy, 03-22-2007, 11:15 AM Spam Butcher You can stop a great deal of the spam without updates or stuff. It has an email filter which is far better than others. It's a software. It's not a service or anything like it. The reports are being sent back toy your inbox. All that is done automatically.
Posted by Tiva, 03-25-2007, 12:44 PM i enabled spam asassin, but nothing happend till now. i am receiving all the old spam messages still !! is there anything i should set ? any folder ? any thing else ?
Posted by appliedops, 03-25-2007, 12:51 PM I'd reccommend tuning the config file, it should help a lot. This is all I've got in mine right now: score RCVD_IN_BL_SPAMCOP_NET 2 score RCVD_IN_WHOIS_INVALID 1 I also reccommend enabling SPF and Domainkey checking, its worth it.
Posted by jonwatson, 03-25-2007, 02:10 PM p>You probably haven't configured your MTA to use it. find out what your MTA is (Postfix, exim, etc) and then Google around for a Howto on how to integrate them.You can verify whether or not your MTA is handing messages off to SA by sending yourself a message from *outside* your mail server - like GMail for instance. Once you receive it, view ALL headers. If you see some X-Spam headers in it then yoyr MTA is configured properly to use SA. if not then your MTA isn't configured to use SA.
Posted by Tiva, 03-25-2007, 02:21 PM thanks, i added them , lets see what will happen. also i didnt find any button or option for SPF or domainKey, where are they ?
Posted by jonwatson, 03-25-2007, 05:35 PM Did you check that your MTA is set up to use SA as I advised?
Posted by Tiva, 03-26-2007, 06:57 AM i sent an email from gmail to my support mailbox, but i did not receive it at all !!! also i did not get any failure in gmail box .
Posted by jonwatson, 03-26-2007, 10:21 AM Well, you definitely have a configuration problem of some kind then. You really need to spend a few minutes reading the docs, man. You can't just install it and then wonder what went wrong. I recommend a visit to the Spamassassin site. I further recommend that you take my advice above and find a Howto on how to integrate SA into your MTA.
Posted by Tiva, 03-26-2007, 11:29 AM my server have cpanel/whm. i think when i enable spamassassin in whm , it already installed and compiled before. maybe it just need some configuration
Posted by Tiva, 03-26-2007, 06:45 PM lastly i received the email that was sent from gmail. here its header : X-cPanel-MailScanner: Not scanned: please contact your Internet E-Mail Service Provider for details, Not scanned: please contact your Internet E-Mail Service Provider for details X-cPanel-MailScanner-SpamCheck: , X-Spam-Status: No, No X-cPanel-MailScanner-Information: Please contact the ISP for more information
Posted by jonwatson, 03-26-2007, 06:47 PM Sound like SA is installed, but not configured. Did you follow the advice? Did you contact your provider?
Posted by Tiva, 03-29-2007, 11:32 AM i own my server, is there any how-to or tutorial about configuring SA ?
Posted by fbroce, 03-30-2007, 05:59 AM There is quite a bit of information at spamassassin.org including a wiki. If you need more, pm me and I will find you a link to a quick one page setup. It depends on what mta you are using. I am most familiar with sendmail but there are examples for virtually all mta's. fb
Posted by Mini, 03-30-2007, 07:08 AM A even better method is to not post your email address online without coding it. Mini
Posted by Tiva, 03-30-2007, 07:11 AM i already receiving many spam mails every day. but i need some tutorial about configuring it . i use exim for mta.
Posted by fbroce, 03-30-2007, 07:42 AM I am not familiar with exim. I did a quick google search for exim+spamassassin and got several howto's. You should be able to find what you want that way. fb
Posted by appliedops, 03-30-2007, 02:09 PM If its just your personal email, you can use procmail to filter it # Spam Assassin :0fw: spamassasin.lock * < 60000 | spamc -f :0: * ^X-Spam-Flag: YES $HOME/SPAM If you put that in your .procmailrc it should make SA filter your mail assuming you've got spamd running already.
Posted by wafer, 05-04-2007, 04:26 PM if your server is cpanel, you can still use smtps on cpanel while assp is active by set daemon_smtp_ports = 125 in your exim.conf Last edited by wafer; 05-04-2007 at 04:31 PM.
Posted by wafer, 05-04-2007, 04:38 PM if you don't like RBL checks or PTR checks feature you can disable it and enable/use greylist feature. greylist help me to reduce incoming spam to my client cpanel server.
Posted by sanjuabraham, 05-05-2007, 10:17 PM Hello, RBL is a good tool to reduce spam. Please try this. Thanks
Posted by jonwatson, 05-06-2007, 01:03 AM RBL is not a tool. It is a concept and using it will guarantee that you will miss legitimate emails.
Posted by brianoz, 05-06-2007, 03:38 AM sanjuabraham, Please don't make fake posts to get your post count up, they just waste our time.
Posted by boonchuan, 05-07-2007, 06:11 AM RBL as in Real Time Black Hole List is a useful tool or method to filter out spams. Using reputable ones like Spamhaus or Spamcop does help in a great way. Whether it is a concept or tool, his post is relevant to what is being discussed here. I have scanned through his other posts. I can say that he had been trying to be helpful to other members. I do not see any fake posts that I can remove and warn him about.
Posted by whmcsguru, 05-07-2007, 03:44 PM RBLS are good to a degree, but you need to keep in mind that they won't do everything. The best answer to RBLs is use them (as with everything) in moderation. Don't just block based on ONE RBL, but block based on multiple checks and confirmations. What I'm talking about is this: Say you're using spamhaus and spamcop as well as a couple of other good ones. When an ip is checked in one of them and found there, but not found in any others, let it through to the next phase of checking. Of course, score the ip as "found", but ok, it might be a false positive. When an ip is found in more than one of those , block the mail entirely, and don't let it through. Now, back to the first scenario If the ip found has no valid HELO, then add more scoring to this If the ip found has no valid RDNS entry, then, do the same At the end of the transaction (before it's passed to the MTA), add up the "score" and if it's too high, bounce it. If it's not, send it right through to the MTA (exim, etc). RBLS are good, but they should never be used for the final check, UNLESS the user is in multiple RBLS. Instead, adopting a system such as above will result in less spam and more mail. If you're getting flooded with spam, as I said in my original post, check out ASSP. It will cut the spam down drastically, WITHOUT the necessity of adding custom rules, etc.