Anti-Spam Solution Needed

randvegeta

We used to use Spamexperts.com. Their system actually worked pretty well.

But they kept increasing their prices and spam filtering just isnt worth that much. Especially when clients aren't willing to pay for spam filtering.

But we have one client in particular that has an exceptional amount of SPAM and they really need a solution. The client has their own dedicated server.

I've tried to adjust SpamAssassin to be more aggressive, and add more SBLs to the filter, yet still hundreds of spam messages are getting through every day. Literally several per minute come in. Our client is on the verge of going mad. Worse still, SpamAssassin started blocking legitimate mail while far to much spam still gets through.

Anyone have a solution?

EthernetServers

What control panel, if any, is running on this machine?

tentor

Have you considered signing up for FBL (it is free)? Your customer can track their end users by injecting header identifying them.

ralf

@randvegeta said:
I've tried to adjust SpamAssassin to be more aggressive, and add more SBLs to the filter, yet still hundreds of spam messages are getting through every day.

Make sure this is actually working. I noticed, for instance, that DNSWL is set up to return false negatives when queried too many times by a given IP. So, if you just query it via your provider's DNS, it'll probably never actually block any spam. You need to run DNS locally and make sure for dnswl.org you hit their nameservers directly.

e.g. for BIND:

zone "list.dnswl.org" {
        type hint;
        file "/etc/bind/dnswl.hints";
};

and in dnswl.hints:

list.dnswl.org.         10800   IN      NS      e.ns.dnswl.org.
list.dnswl.org.         10800   IN      NS      a.ns.dnswl.org.
list.dnswl.org.         10800   IN      NS      b.ns.dnswl.org.
list.dnswl.org.         10800   IN      NS      c.ns.dnswl.org.
list.dnswl.org.         10800   IN      NS      d.ns.dnswl.org.

Of course, you may have a different problem. Check the SpamAssasin headers in the spammy mails that are getting through to find out why they were accepted.

darkimmortal

I find rspamd much better than spamassassin, though setup is a bit more involved

SGraf

@randvegeta said:
We used to use Spamexperts.com. Their system actually worked pretty well.

But they kept increasing their prices and spam filtering just isnt worth that much. Especially when clients aren't willing to pay for spam filtering.

But we have one client in particular that has an exceptional amount of SPAM and they really need a solution. The client has their own dedicated server.

I've tried to adjust SpamAssassin to be more aggressive, and add more SBLs to the filter, yet still hundreds of spam messages are getting through every day. Literally several per minute come in. Our client is on the verge of going mad. Worse still, SpamAssassin started blocking legitimate mail while far to much spam still gets through.

Anyone have a solution?

For my personal mail server.... i find about 60% of all spam gets dropped if you set your mailserver to verify for FCRDNS . (basically where their forward dns does not match their reverse dns (PTR) entry. ( https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS )

then its a matter of fine-tuning other variables such as mail filtering, greylisting?,.....

For some client-projects i have deployed Proxmox Mail Gatway with great results. Its fairly easy to integrate... ( https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html )

jfreak53

@SGraf said:

@randvegeta said:
We used to use Spamexperts.com. Their system actually worked pretty well.

But they kept increasing their prices and spam filtering just isnt worth that much. Especially when clients aren't willing to pay for spam filtering.

But we have one client in particular that has an exceptional amount of SPAM and they really need a solution. The client has their own dedicated server.

I've tried to adjust SpamAssassin to be more aggressive, and add more SBLs to the filter, yet still hundreds of spam messages are getting through every day. Literally several per minute come in. Our client is on the verge of going mad. Worse still, SpamAssassin started blocking legitimate mail while far to much spam still gets through.

Anyone have a solution?

For my personal mail server.... i find about 60% of all spam gets dropped if you set your mailserver to verify for FCRDNS . (basically where their forward dns does not match their reverse dns (PTR) entry. ( https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS )

then its a matter of fine-tuning other variables such as mail filtering, greylisting?,.....

For some client-projects i have deployed Proxmox Mail Gatway with great results. Its fairly easy to integrate... ( https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html )

PMG is actually really good at what it does! Second this one.

randvegeta

@EthernetServers said:
What control panel, if any, is running on this machine?

DirectAdmin, but the server is very old. Still running CentOS.

@tentor said: Have you considered signing up for FBL (it is free)? Your customer can track their end users by injecting header identifying them.

Never heard of this. What is it?

@ralf said:

@randvegeta said:
I've tried to adjust SpamAssassin to be more aggressive, and add more SBLs to the filter, yet still hundreds of spam messages are getting through every day.

Make sure this is actually working. I noticed, for instance, that DNSWL is set up to return false negatives when queried too many times by a given IP. So, if you just query it via your provider's DNS, it'll probably never actually block any spam. You need to run DNS locally and make sure for dnswl.org you hit their nameservers directly.

e.g. for BIND:

zone "list.dnswl.org" {
        type hint;
        file "/etc/bind/dnswl.hints";
};

and in dnswl.hints:

list.dnswl.org.         10800   IN      NS      e.ns.dnswl.org.
list.dnswl.org.         10800   IN      NS      a.ns.dnswl.org.
list.dnswl.org.         10800   IN      NS      b.ns.dnswl.org.
list.dnswl.org.         10800   IN      NS      c.ns.dnswl.org.

list.dnswl.org. 10800 IN NS d.ns.dnswl.org.

Of course, you may have a different problem. Check the SpamAssasin headers in the spammy mails that are getting through to find out why they were accepted.

Spam Assassin headers are definitly present, but I'm not sure I understand what you mean by using local DNS vs provider DNS. Why does using a provider DNS make a difference?

@darkimmortal said: I find rspamd much better than spamassassin, though setup is a bit more involved

Can't install that on the old CentOS 6 box. I'd rather not force the client to upgrade. You know how clients get sometimes. If it aint broke, dont fix it, kind of thing.

@SGraf said: For some client-projects i have deployed Proxmox Mail Gatway with great results. Its fairly easy to integrate... ( https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html )

Very interesting. Will investigate this.

jar

Here’s your cron job:

https://github.com/mxroute/da_server_updates/blob/master/spamassassin/update_rules.sh

Set their account to block email scoring a 15 or higher.

Also install the KAM rules.

ExpertVM

@raindog308 can PM me how much you getting as we are direct with spamexperts and it is reasonable

EthernetServers

@randvegeta said:

@EthernetServers said:
What control panel, if any, is running on this machine?

DirectAdmin, but the server is very old. Still running CentOS.

In that case, https://docs.directadmin.com/other-hosting-services/preventing-spam/general.html is worth a read.

JamesF

We get spam experts via WHMCS I think it’s like $12 a year for 1000 email addresses per domain? We use it most places or proofpoint.

rsk

I run PMG (proxmox mail gateway), and I am really enjoying the quarantine feature available to users directly. It allows them to blacklist, whitelist, and deliver emails with ease.

Andreix

@randvegeta said:
Anyone have a solution?

rspamd.