I have couple of our customers that have using outlook and have received around 100 emails (spam).
How to increase the level of spam protection in the server in order to reduce those emails?
Printable View
I have couple of our customers that have using outlook and have received around 100 emails (spam).
How to increase the level of spam protection in the server in order to reduce those emails?
Please see this thread
http://glowhost.com/forums/showthread.php?t=319
and let me know if you have any comments on it. I have found this to be the most effective spam reduction configuration. :fail: the default address being the most effective of the group.
Matt,
the email address by default is pointing to one email address. The spam assasins was set up, but the rain of emails keep going in all the email accounts, and most of the computers have antivirus protection, so this take time to check the incoming email and slow the machine.
This situation was detected since last week. In other words, before last week everything was running smoothly, now it's a headache.
Any way to stop them directly in the server? more protection?
You are going to have to trust me when I say :fail: the default address. When I looked, they were all being forwarded to one email address or another. None of them were set to fail.
You will need to turn on Spam assassin, and disable the spam box, then turn the threshold down to 5 or lower, then have spam assassin re-write the subject lines. When you are comfortable no email is being flagged as a false positive, you can use the filter option described in the above link to automatically delete email flagged as spam.
As for at the server level, there is not much else we can do other than give you the tools for prevention. if you choose not to implement them, they do not do you any good.
We have Clam AntiVirus Installed
We have Spam Assassin Installed
We subscribe to several RBLs (remote block list, tells us to ignore delivery requests from problematic IP addresses and known spammers)
We have enabled several other customized features to our mail server including dictionary attack prevention.
The rest is up to you. It starts with the default address and spam assassin. It also requires safe distribution of your email addresses. Don't just give your best email addresses out to some random contest you saw on the Internet. Make a personal email address for your friend and family. Make a business address for your business contacts and make another address for when you make online purchases.
Those are my suggestions.
If you follow those guidelines, you should not get more than a few spam messages, if any, in a given day.
Thanks Matt for your support, the only thing I'm missing is to threshold down to 5, where?
Great, you should see a considerable improvement.
Go into cPanel > mail > Spam Assassin > and click on the button right under "Enable Spam Assassin" it says:
"Configure Spam Assassin (required to rewrite subjects)"
Once you are in there, you will see "required_score" and that should default to 5. You can lower this number for more filtering or raise it for less filtering. Once you have done that, you can keep the default subject line next to "rewrite_header subject" as **SPAM** or you can get creative.
I used this one: Spam Hits _HITS_ / of _REQD_
The above would rewrite mail flagged as spam to have a subject like:
Spam Hits 6 / of 5 {the original subject here}
This told me that the email scored a 6 of 5 allowed, and would have been automatically trashed if i set the filter up for it. if it were a 4 of 5, it would not have been rewritten (or trashed should you configure it like that) it would have been delivered as normal.
I suggest using subject rewrites for a few days until you have a good threshold (required_score) that you like, then go apply the filter when you are comfortable with the way you have configured Spam Assassin.
Just make sure you keep the Spam box disabled unless you plan on checking and cleaning it periodically because all it does is collect junk. I am cosidering removing it as an option as 99% of the users never check it and it wastes their disk space.
:spam:
Matt,
Thanks for the info on tweaking spamassasin. One question, when we put the number of hits out of X allowed into our subject rewrites, do we have to further configure anything else in the options, such as redoing the scores, etc or is that all we have to really tweak?
And, when we are comfortable in the level of filter, how do we stop those messages from being delivered? Do I click the link on cPanel -> Mail -> SpamAssasin that says to "To simply have the server DELETE and NOT deliver emails that are tagged as spam by SpamAssassin click here now"?
Thanks,
Charles H.
Charles
The only reason I suggest doing that is because its quick and easy to see how an email was scored by spam assassin while you are getting used to how it scores junkmail.Quote:
Originally Posted by charlesh
You do not have to do this, you can just look at the email headers and Spam Assassin writes the score in there as well. I just think it saves a few clicks if you rewrite the subject lines and it is right there in front of you for speedy reference.
Once you are comfortable with how it scored you and adjust X up our down to the point where spam assassin with actually do something useful with emails flagged as spam.
When you like the numbers go into cPanel > mail > filters and there is a spam assassin hint which works well to discard email tagged as spam so you never see it, or, you can forward it to another email box instead of "Discard" if you want to manually process / check forwarded emails marked as spam for false positives.
I have had better luck with the filter previously described versus using the one you are talking about, either SHOULD work, I know the filter I discussed DOES work. haven't tried the one on the Spam Assassin page in a while though, at one point I know it was not properly discarding email.Quote:
Originally Posted by charlesh
Matt,
I did try the link referred to above to stop the spam from getting through and it hasn't worked, so that is why I was asking. I will try the filter method, since that has better results. Thanks for the reply to the post. I will also try to delete the default E-mail address for the account to help things along as it not being the catch-all. Then, maybe I'll quit getting calls. The thing is, he is pulling the pop directly from his blackberry. I finally got my client to quit forwarding through Comcast, so this was the option and he told me that the level of spams he was getting on his handheld was totally irratating him (can't say that I blame him).
I'll update everyone who has read this topic on how the results come out.
CharlesH.:movies:
Main thing is don't pop the server with your cPanel username (won't work anyways after you :fail: the default address) in your mail programs. Use the full email address joe@whatever.com and make sure you setup an account for it in cpanel > mail > add remove accounts and you will cut the spam by no less than 90% is my guestimate.
Matt, et al,
I have sucessfully reduced the number of spams and the program is very powerful. however, I am having a hard time getting the whitelist to work on E-mails coming from haylee.gendns10.com> Basically, I am getting marked as spam stuff that is being automatically sent to me by the webserver, such as feedback and a contact us page info. How do I whitelist myself, basically? I can't get it to work and I've read everything I could possibly read and try... Any ideas?
Charlesh
Charlesh
Have you tried sending the emails using the FROM header instead of without it? Like from realaddress@yourdomain.com instead of the default which will come from the machine's hostname?
Matt,
Sure did. Finally figured it out - Spamassasin looks for the from: address, not the from envelope. I was using haylee.gendns10.com as the "return", but it is whatever you specify in the header section as the from to whitelist. In fact, whitelisting with *@.domainname.com works as well. It should score at 100. I found that turning spamassasin on and then dialing up the "throttle" to like a 10 or so, will allow you to see what it is doing and scoring on in terms of headers, so you can modify your headers to produce a lower score for your e-mails.
As far as the blackberry thing, blackberry requires very specific headers in order for it to be happy. And, forget HTML type - only text at this point. Blackberry is aware of this problem.
So, below are some headers that I am using on a contact form that are working for blackberry devices. Note that I have a MIME boundary generated, but don't use it. I don't know what this does, but it didn't work without it.
Hope that helps to anyone with the same problem.PHP Code://To help out with the message end of lines...
if (strtoupper(substr(PHP_OS,0,3)=='WIN')) {
$eol="\r\n";
} elseif (strtoupper(substr(PHP_OS,0,3)=='MAC')) {
$eol="\r";
} else {
$eol="\n";
}
$to = 'blah@blah.com' . ', '; // note the comma for multiples
$to .= 'anotherblah@blah.com';
// subject
$subject = 'Subject Here';
$headers .= 'From: Mr. Email Man <blah@blah.com>'.$eol;
$headers .= 'Reply-To: Mr. Email Man <blah@blah.com>'.$eol;
$headers .= 'Return-Path: Mr. Email Man <blah@blah.com>'.$eol; // these two to set reply address
$headers .= "Message-ID: <blah@".$_SERVER['SERVER_NAME'].">".$eol;
$headers .= "X-Mailer: PHP v".phpversion().$eol; // These two to help avoid spam-filters
// Boundry md5 hash for marking the Headers
$mime_boundary=md5(time());
$headers .= 'MIME-Version: 1.0'.$eol;
$headers .= "Content-Type: text/plain; charset=iso-8859-1; boundary=\"".$mime_boundary."\"".$eol;
$message = 'You have just received a comment. Details to follow:'.$eol.$eol;
$message .= 'Name:'.$eol;
//keep going with the rest of the message...
//then, mail it
mail($to, $subject, $message, $headers);
Charlesh
Thanks for the useful tidbits.Quote:
Originally Posted by charlesh
To clarify for others who may happen across this thread, is this correct?
*@.domainname.com
I would think it should be like:
*@domainname.com
(notice no DOT, after the @ symbol)
PS I am sure that blackberry snippit will come in handy for us soon, we are developing an application that needs this sort of functionality so will definately remember it if we run into similar issues.
Matt,
Yes, that's right, no dot is required before the domain.
Also, what's weird about the blackberry stuff is that if you don't have the encoding and headers set just right, it may or may not decide to go get the message. This can lead to some very strange intermittent email issues. My client thinks that I had messed with something on the site and I still don't have him totally convinced that it is a blackberry issue. Ah well, most people only want stuff to work without any idea or concept of what goes on behind the scenes. Ah, OK. I'll stop ranting.
Charles H.