[ale] Somewhat on Topic: Linux/cPanel Spam Assassin Filters - got to be a better way....

Alex Carver agcarver+ale at acarver.net
Wed Aug 14 15:30:55 EDT 2019


If it's there the greylist is automatic.  It forces a delay in delivery
by initially rejecting the incoming email with a non-fatal error.  A
legitimate server will retry at which point the message will go through.
 Spam almost never does a retry.

https://documentation.cpanel.net/display/68Docs/Greylisting

See if you've got anything for it as mentioned in the link above.

On 2019-08-14 12:24, Neal Rhodes via Ale wrote:
> Thanks to all that replied.  Um, the version of greengeeks hosting noted
> below does not offer a grey list in cPanel.  Not that I can find.   If
> by that you mean a constantly evolving remote list updated by SOMEONE ELSE.
> 
> I do have my own explicit blacklisting of .ru, .info, etc which does help.
> 
> Still, what I'm left with is borderline legitimate email, at least as
> far as the normal metrics.  I think it's more commercial mailchimp-like
> activity from Liberty Mutual, and Terminix, and less Viagra and Canadian
> pharmacy. They seem to have hundreds of rotating domain names they use.
> 
> Yes, I COULD enable VPS and go back to the bad old days of running my
> own Postfix server.  But I'm mostly retired.
> 
> regards,
> 
> Neal
> 
> On 2019-08-13 15:46, Alex Carver via Ale wrote:
>> There's also just blocking the known offenders (entire countries) which
>> cuts spam down a lot. I have 219 million IPs (as CIDR blocks) in my
>> firewall drop table for my mail server.
>>
>> On 2019-08-13 11:52, Bryan L. Gay via Ale wrote:
>>> I've been doing this a long time. CPanel does give you a lot of options.
>>> Make sure Greylisting is enabled. I don't mess with the filters much.
>>> I do
>>> more around source filtering at the smtpd and networking level.
>>>
>>> Fail2ban, if you're willing to write rules for it, is a great program
>>> for
>>> blocking inbound traffic.
>>>
>>> On Tue, Aug 13, 2019 at 1:21 PM Joey Kelly via Ale <ale at ale.org> wrote:
>>>
>>>> On Tuesday, August 13, 2019 10:54:55 AM Neal Rhodes via Ale wrote:
>>>>> So, it's my impression that moving my linux/email hosting from GoDaddy
>>>>> to GreenGeeks has resulted in less effective spam control.
>>>>
>>>> I am unfamiliar with GreenGeeks. Do they provide you with a VPS? Can
>>>> you
>>>> install stuff on it? I've had boatloads of success with greylisting.
>>>>
>>>> Spamassassin, amavisd, blocking suspect .TLDs and other tricks are also
>>>> effective, but I've been doing this for almost 20 years, so...
>>>>
>>>> --Joey
>>>>
>>>>
>>>>
>>>>> The basic Spam Assassin appears to be fooled by more subtle commercial
>>>>> Email Chimp programs.  In my cPanel
>>>>> Global Email Filters, I have about 30 Filters at present that do a
>>>>> fairly decent job.
>>>>>
>>>>> Here is the kind of stuff that gets through:
>>>>>
>>>>>          terminix_mosquito_control at resolutionmodels.com
>>>>>          terminix-mosquito-control at resolutionmodels.com
>>>>>          terminixmosquitocontrol at resolutionmodels.com
>>>>>
>>>>>          timesharefreedom at cs15.net
>>>>>          timeshare-freedom at cs15.net
>>>>>          timeshare_freedom at cs15.net
>>>>>
>>>>>          liberty_mutual_insurance at certainlyimportant.com
>>>>>          lifeinsurancenet.info at rationalguidingspirit.com
>>>>>
>>>>> These use an ever-rotating set of apparently legitimate domain names,
>>>>> and the rest of the sender address evolves a bit too.
>>>>>
>>>>> Sometimes I can filter based on subject.  The spam engines appear to
>>>>> have evolved to create emails that look legitimate to Spam Assassin.
>>>>>
>>>>> I can filter for "From contains liberty" and "From contains mutual"
>>>>> and
>>>>> "From contains insurance".  But at
>>>>> some point I'm spending 30 minutes each day writing new filters.
>>>>>
>>>>> What would make far more sense is something that can read my junk
>>>>> folder
>>>>> contents for the day, which has emails I have decided are junk, and
>>>>> knowing the patterns this stuff uses, make up a file of additional
>>>>> cPanel filters.  Then if there was an import, bam.  Done.
>>>>>
>>>>> BTW, the server is running Linux blah-blah
>>>>> 3.10.0-962.3.2.lve1.5.24.8.el7.x86_64 #1 SMP Fri Jan 4 06:55:54 EST
>>>>> 2019
>>>>> x86_64 x86_64 x86_64 GNU/Linux
>>>>>
>>>>> regards,
>>>>>
>>>>>
>>>>> Neal


More information about the Ale mailing list