[ale] Somewhat on Topic: Linux/cPanel Spam Assassin Filters - got to be a better way....

Alex Carver agcarver+ale at acarver.net
Tue Aug 13 16:46:31 EDT 2019


There's also just blocking the known offenders (entire countries) which
cuts spam down a lot. I have 219 million IPs (as CIDR blocks) in my
firewall drop table for my mail server.

On 2019-08-13 11:52, Bryan L. Gay via Ale wrote:
> I've been doing this a long time. CPanel does give you a lot of options.
> Make sure Greylisting is enabled. I don't mess with the filters much. I do
> more around source filtering at the smtpd and networking level.
> 
> Fail2ban, if you're willing to write rules for it, is a great program for
> blocking inbound traffic.
> 
> On Tue, Aug 13, 2019 at 1:21 PM Joey Kelly via Ale <ale at ale.org> wrote:
> 
>> On Tuesday, August 13, 2019 10:54:55 AM Neal Rhodes via Ale wrote:
>>> So, it's my impression that moving my linux/email hosting from GoDaddy
>>> to GreenGeeks has resulted in less effective spam control.
>>
>> I am unfamiliar with GreenGeeks. Do they provide you with a VPS? Can you
>> install stuff on it? I've had boatloads of success with greylisting.
>>
>> Spamassassin, amavisd, blocking suspect .TLDs and other tricks are also
>> effective, but I've been doing this for almost 20 years, so...
>>
>> --Joey
>>
>>
>>
>>> The basic Spam Assassin appears to be fooled by more subtle commercial
>>> Email Chimp programs.  In my cPanel
>>> Global Email Filters, I have about 30 Filters at present that do a
>>> fairly decent job.
>>>
>>> Here is the kind of stuff that gets through:
>>>
>>>          terminix_mosquito_control at resolutionmodels.com
>>>          terminix-mosquito-control at resolutionmodels.com
>>>          terminixmosquitocontrol at resolutionmodels.com
>>>
>>>          timesharefreedom at cs15.net
>>>          timeshare-freedom at cs15.net
>>>          timeshare_freedom at cs15.net
>>>
>>>          liberty_mutual_insurance at certainlyimportant.com
>>>          lifeinsurancenet.info at rationalguidingspirit.com
>>>
>>> These use an ever-rotating set of apparently legitimate domain names,
>>> and the rest of the sender address evolves a bit too.
>>>
>>> Sometimes I can filter based on subject.  The spam engines appear to
>>> have evolved to create emails that look legitimate to Spam Assassin.
>>>
>>> I can filter for "From contains liberty" and "From contains mutual" and
>>> "From contains insurance".  But at
>>> some point I'm spending 30 minutes each day writing new filters.
>>>
>>> What would make far more sense is something that can read my junk folder
>>> contents for the day, which has emails I have decided are junk, and
>>> knowing the patterns this stuff uses, make up a file of additional
>>> cPanel filters.  Then if there was an import, bam.  Done.
>>>
>>> BTW, the server is running Linux blah-blah
>>> 3.10.0-962.3.2.lve1.5.24.8.el7.x86_64 #1 SMP Fri Jan 4 06:55:54 EST 2019
>>> x86_64 x86_64 x86_64 GNU/Linux
>>>
>>> regards,
>>>
>>>
>>> Neal


More information about the Ale mailing list