Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Spam attack

  1. #1
    integraideas is offline Junior Web Sage
    Join Date
    Apr 2005
    Posts
    10

    Default Spam attack

    I have couple of our customers that have using outlook and have received around 100 emails (spam).

    How to increase the level of spam protection in the server in order to reduce those emails?

  2. #2
    Matt's Avatar
    Matt is offline GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    6,236

    Default

    Please see this thread
    http://glowhost.com/forums/showthread.php?t=319
    and let me know if you have any comments on it. I have found this to be the most effective spam reduction configuration. :fail: the default address being the most effective of the group.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | Follow us on X |

  3. #3
    integraideas is offline Junior Web Sage
    Join Date
    Apr 2005
    Posts
    10

    Default

    Matt,
    the email address by default is pointing to one email address. The spam assasins was set up, but the rain of emails keep going in all the email accounts, and most of the computers have antivirus protection, so this take time to check the incoming email and slow the machine.

    This situation was detected since last week. In other words, before last week everything was running smoothly, now it's a headache.

    Any way to stop them directly in the server? more protection?
    Last edited by integraideas; 12-02-2005 at 02:29 PM.

  4. #4
    Matt's Avatar
    Matt is offline GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    6,236

    Default

    You are going to have to trust me when I say :fail: the default address. When I looked, they were all being forwarded to one email address or another. None of them were set to fail.

    You will need to turn on Spam assassin, and disable the spam box, then turn the threshold down to 5 or lower, then have spam assassin re-write the subject lines. When you are comfortable no email is being flagged as a false positive, you can use the filter option described in the above link to automatically delete email flagged as spam.

    As for at the server level, there is not much else we can do other than give you the tools for prevention. if you choose not to implement them, they do not do you any good.

    We have Clam AntiVirus Installed
    We have Spam Assassin Installed
    We subscribe to several RBLs (remote block list, tells us to ignore delivery requests from problematic IP addresses and known spammers)
    We have enabled several other customized features to our mail server including dictionary attack prevention.

    The rest is up to you. It starts with the default address and spam assassin. It also requires safe distribution of your email addresses. Don't just give your best email addresses out to some random contest you saw on the Internet. Make a personal email address for your friend and family. Make a business address for your business contacts and make another address for when you make online purchases.

    Those are my suggestions.

    If you follow those guidelines, you should not get more than a few spam messages, if any, in a given day.
    Last edited by Matt; 12-02-2005 at 02:46 PM.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | Follow us on X |

  5. #5
    integraideas is offline Junior Web Sage
    Join Date
    Apr 2005
    Posts
    10

    Default

    Thanks Matt for your support, the only thing I'm missing is to threshold down to 5, where?

  6. #6
    Matt's Avatar
    Matt is offline GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    6,236

    Default

    Great, you should see a considerable improvement.

    Go into cPanel > mail > Spam Assassin > and click on the button right under "Enable Spam Assassin" it says:

    "Configure Spam Assassin (required to rewrite subjects)"

    Once you are in there, you will see "required_score" and that should default to 5. You can lower this number for more filtering or raise it for less filtering. Once you have done that, you can keep the default subject line next to "rewrite_header subject" as **SPAM** or you can get creative.

    I used this one: Spam Hits _HITS_ / of _REQD_

    The above would rewrite mail flagged as spam to have a subject like:
    Spam Hits 6 / of 5 {the original subject here}

    This told me that the email scored a 6 of 5 allowed, and would have been automatically trashed if i set the filter up for it. if it were a 4 of 5, it would not have been rewritten (or trashed should you configure it like that) it would have been delivered as normal.

    I suggest using subject rewrites for a few days until you have a good threshold (required_score) that you like, then go apply the filter when you are comfortable with the way you have configured Spam Assassin.

    Just make sure you keep the Spam box disabled unless you plan on checking and cleaning it periodically because all it does is collect junk. I am cosidering removing it as an option as 99% of the users never check it and it wastes their disk space.

    Last edited by Matt; 12-02-2005 at 06:11 PM.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | Follow us on X |

  7. #7
    charlesh's Avatar
    charlesh is offline Master Glow Jedi
    Join Date
    Aug 2006
    Location
    Atlanta, GA - better than you imagined it would be.
    Posts
    189

    Default Old post, still same?

    Matt,

    Thanks for the info on tweaking spamassasin. One question, when we put the number of hits out of X allowed into our subject rewrites, do we have to further configure anything else in the options, such as redoing the scores, etc or is that all we have to really tweak?

    And, when we are comfortable in the level of filter, how do we stop those messages from being delivered? Do I click the link on cPanel -> Mail -> SpamAssasin that says to "To simply have the server DELETE and NOT deliver emails that are tagged as spam by SpamAssassin click here now"?

    Thanks,
    Charles H.

  8. #8
    Matt's Avatar
    Matt is offline GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    6,236

    Default

    Charles

    Quote Originally Posted by charlesh View Post
    Thanks for the info on tweaking spamassasin. One question, when we put the number of hits out of X allowed into our subject rewrites, do we have to further configure anything else in the options, such as redoing the scores, etc or is that all we have to really tweak?
    The only reason I suggest doing that is because its quick and easy to see how an email was scored by spam assassin while you are getting used to how it scores junkmail.

    You do not have to do this, you can just look at the email headers and Spam Assassin writes the score in there as well. I just think it saves a few clicks if you rewrite the subject lines and it is right there in front of you for speedy reference.

    Once you are comfortable with how it scored you and adjust X up our down to the point where spam assassin with actually do something useful with emails flagged as spam.

    When you like the numbers go into cPanel > mail > filters and there is a spam assassin hint which works well to discard email tagged as spam so you never see it, or, you can forward it to another email box instead of "Discard" if you want to manually process / check forwarded emails marked as spam for false positives.

    Quote Originally Posted by charlesh View Post
    And, when we are comfortable in the level of filter, how do we stop those messages from being delivered? Do I click the link on cPanel -> Mail -> SpamAssasin that says to "To simply have the server DELETE and NOT deliver emails that are tagged as spam by SpamAssassin click here now"?
    I have had better luck with the filter previously described versus using the one you are talking about, either SHOULD work, I know the filter I discussed DOES work. haven't tried the one on the Spam Assassin page in a while though, at one point I know it was not properly discarding email.
    Last edited by Matt; 02-23-2007 at 04:05 PM.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | Follow us on X |

  9. #9
    charlesh's Avatar
    charlesh is offline Master Glow Jedi
    Join Date
    Aug 2006
    Location
    Atlanta, GA - better than you imagined it would be.
    Posts
    189

    Default Thanks!

    Matt,

    I did try the link referred to above to stop the spam from getting through and it hasn't worked, so that is why I was asking. I will try the filter method, since that has better results. Thanks for the reply to the post. I will also try to delete the default E-mail address for the account to help things along as it not being the catch-all. Then, maybe I'll quit getting calls. The thing is, he is pulling the pop directly from his blackberry. I finally got my client to quit forwarding through Comcast, so this was the option and he told me that the level of spams he was getting on his handheld was totally irratating him (can't say that I blame him).

    I'll update everyone who has read this topic on how the results come out.

    CharlesH.

  10. #10
    Matt's Avatar
    Matt is offline GlowHost Administrator
    Join Date
    Jan 2005
    Location
    Behind your monitor
    Posts
    6,236

    Default

    Main thing is don't pop the server with your cPanel username (won't work anyways after you :fail: the default address) in your mail programs. Use the full email address joe@whatever.com and make sure you setup an account for it in cpanel > mail > add remove accounts and you will cut the spam by no less than 90% is my guestimate.
    Send your friends and site visitors to GlowHost and get $125 plus bonus!
    GlowHost Affiliate Program | Read our Blog | Follow us on X |

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14