[ale] Somewhat on Topic: Linux/cPanel Spam Assassin Filters - got to be a better way....
neal at mnopltd.com
neal at mnopltd.com
Wed Aug 14 15:24:56 EDT 2019
Thanks to all that replied. Um, the version of greengeeks hosting noted
below does not offer a grey list in cPanel. Not that I can find. If
by that you mean a constantly evolving remote list updated by SOMEONE
ELSE.
I do have my own explicit blacklisting of .ru, .info, etc which does
help.
Still, what I'm left with is borderline legitimate email, at least as
far as the normal metrics. I think it's more commercial mailchimp-like
activity from Liberty Mutual, and Terminix, and less Viagra and Canadian
pharmacy. They seem to have hundreds of rotating domain names they use.
Yes, I COULD enable VPS and go back to the bad old days of running my
own Postfix server. But I'm mostly retired.
regards,
Neal
On 2019-08-13 15:46, Alex Carver via Ale wrote:
> There's also just blocking the known offenders (entire countries) which
> cuts spam down a lot. I have 219 million IPs (as CIDR blocks) in my
> firewall drop table for my mail server.
>
> On 2019-08-13 11:52, Bryan L. Gay via Ale wrote:
>> I've been doing this a long time. CPanel does give you a lot of
>> options.
>> Make sure Greylisting is enabled. I don't mess with the filters much.
>> I do
>> more around source filtering at the smtpd and networking level.
>>
>> Fail2ban, if you're willing to write rules for it, is a great program
>> for
>> blocking inbound traffic.
>>
>> On Tue, Aug 13, 2019 at 1:21 PM Joey Kelly via Ale <ale at ale.org>
>> wrote:
>>
>>> On Tuesday, August 13, 2019 10:54:55 AM Neal Rhodes via Ale wrote:
>>>> So, it's my impression that moving my linux/email hosting from
>>>> GoDaddy
>>>> to GreenGeeks has resulted in less effective spam control.
>>>
>>> I am unfamiliar with GreenGeeks. Do they provide you with a VPS? Can
>>> you
>>> install stuff on it? I've had boatloads of success with greylisting.
>>>
>>> Spamassassin, amavisd, blocking suspect .TLDs and other tricks are
>>> also
>>> effective, but I've been doing this for almost 20 years, so...
>>>
>>> --Joey
>>>
>>>
>>>
>>>> The basic Spam Assassin appears to be fooled by more subtle
>>>> commercial
>>>> Email Chimp programs. In my cPanel
>>>> Global Email Filters, I have about 30 Filters at present that do a
>>>> fairly decent job.
>>>>
>>>> Here is the kind of stuff that gets through:
>>>>
>>>> terminix_mosquito_control at resolutionmodels.com
>>>> terminix-mosquito-control at resolutionmodels.com
>>>> terminixmosquitocontrol at resolutionmodels.com
>>>>
>>>> timesharefreedom at cs15.net
>>>> timeshare-freedom at cs15.net
>>>> timeshare_freedom at cs15.net
>>>>
>>>> liberty_mutual_insurance at certainlyimportant.com
>>>> lifeinsurancenet.info at rationalguidingspirit.com
>>>>
>>>> These use an ever-rotating set of apparently legitimate domain
>>>> names,
>>>> and the rest of the sender address evolves a bit too.
>>>>
>>>> Sometimes I can filter based on subject. The spam engines appear to
>>>> have evolved to create emails that look legitimate to Spam Assassin.
>>>>
>>>> I can filter for "From contains liberty" and "From contains mutual"
>>>> and
>>>> "From contains insurance". But at
>>>> some point I'm spending 30 minutes each day writing new filters.
>>>>
>>>> What would make far more sense is something that can read my junk
>>>> folder
>>>> contents for the day, which has emails I have decided are junk, and
>>>> knowing the patterns this stuff uses, make up a file of additional
>>>> cPanel filters. Then if there was an import, bam. Done.
>>>>
>>>> BTW, the server is running Linux blah-blah
>>>> 3.10.0-962.3.2.lve1.5.24.8.el7.x86_64 #1 SMP Fri Jan 4 06:55:54 EST
>>>> 2019
>>>> x86_64 x86_64 x86_64 GNU/Linux
>>>>
>>>> regards,
>>>>
>>>>
>>>> Neal
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
More information about the Ale
mailing list