Best Possible Spam Sets/Combinations.

Discussion forum for Enterprise Edition.
Post Reply
MaliciousIndustries
Posts: 80
Joined: Sat Jun 28, 2008 10:14 pm

Best Possible Spam Sets/Combinations.

Post by MaliciousIndustries » Mon Jun 30, 2008 7:38 pm

Using the latest install of 3.5 Enterprise edition, just installed and everything is working great. We just seem to get a lot of spam to the inbox, would say 20 spam to inbox and 4 to Junk E-mail folder, in about the last 4 hours.

If any one could tell me the best possible setup or what they are using that is working good for them, it would help in getting the spam setup initially.

Do any the third party solutions work well? Should we install something with Spam Assassin included in it?

Also what is best to use for virus filtering?

As i said, we really like the options and ME seems to work very well with IMAP (we use IMAP the most) we just need to get this Spam under control and if that checks out we will be making the purchase and migrating customers in a few days.

Thanks ahead of time for all the help i see in this forum.

MaliciousIndustries
Posts: 80
Joined: Sat Jun 28, 2008 10:14 pm

Post by MaliciousIndustries » Mon Jun 30, 2008 9:00 pm

Also what might be the best setting to run grey listing on?

"Lowest - Low - Medium - High"

as well

Should we use either the "Require PTR DNS" function or the
"Reject mail if sender address is from invalid domain" this one scares me, think we may block a lot of legit mail though?

lunix
Posts: 60
Joined: Wed Feb 09, 2005 4:26 pm

Post by lunix » Tue Jul 01, 2008 7:03 pm

Basically there are very good articles in the knowledge base:

http://www.mailenable.com/kb/Content/Ar ... D=me020008

First of all I would recommend to use bayesian filtering. Ian will be so nice and send you a whitepaper with instructions when you drop him a PM

We use Bayesian since it is available in ME and its wonderful. We have about 10.0000 mails in the spam and 8.000 in ham and the filter catches about 80% of all spam.

The question basically is what do to with it. Move to Junk is useless since many of our customers (about 500 postoffices) dont even know that this folder existst. So I decided to act as a personal guardian and made a filter rule: If spam propability is over 99% -> delete it. f**k off.

When somebody cries: "I didnt get the mail from my partner in china.. blabla" I say: "Simply send a mail to the chinaman. His mailserver will be whitelistet and don't treat on me any longer. :twisted:

I also enabled the "Require PTR DNS". Even if some guys uses a mailserver on a DSL line. He'll get a failure message.

Further I use a whole bunch of DNS blacklists. This works veeeery well. It reduces the spam extremely.

I didnt jet enabled the grelisting since I upgraded to ME 3.5 only one week ago and want to wait for a large amount of whitelistet IPs

rockinthesixstring
Posts: 844
Joined: Mon Dec 05, 2005 7:51 am
Location: Canada

Post by rockinthesixstring » Wed Jul 02, 2008 8:32 pm

Hands Down, I would suggest loading up ASSP on your server. It runs in front of your ME installation and sorts out the mail before it ever reaches ME. I have a HUGE success rate with it, and the development that is coming down the pipe boasts great features, most of which is multi-threadded filtering and MySQL config for scalability.

Just do a search in here for ASSP to see what other users have to say.

www.asspsmtp.org
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9

polarisie
Posts: 696
Joined: Mon Mar 27, 2006 2:58 pm

Re: Best Possible Spam Sets/Combinations.

Post by polarisie » Thu Jul 03, 2008 9:10 am

MaliciousIndustries wrote:Using the latest install of 3.5 Enterprise edition, just installed and everything is working great. We just seem to get a lot of spam to the inbox, would say 20 spam to inbox and 4 to Junk E-mail folder, in about the last 4 hours.

If any one could tell me the best possible setup or what they are using that is working good for them, it would help in getting the spam setup initially.

Do any the third party solutions work well? Should we install something with Spam Assassin included in it?

Also what is best to use for virus filtering?

As i said, we really like the options and ME seems to work very well with IMAP (we use IMAP the most) we just need to get this Spam under control and if that checks out we will be making the purchase and migrating customers in a few days.

Thanks ahead of time for all the help i see in this forum.
Hi

With a default installation on ME this is what i would recommend :

1. SPF - Block on Fail
2. DNSBL - Spamhaus + spamcop (at minimum)
3. URLBL - use Multi and SURBL
4. Block invalid Email Addresses

As for AntiVirus I would recommend using ClamAV running in daemon mode. Its free and very effective. No yearly updates, no maint. fees, etc
MXSCAN :: AntiSpam & AntiVirus for MailEnable (now with Spamtrap/Honeypot!)
Built-in SpamAssassin, Clam, MessageSniffer, DNSBL, URLBL, DCC, Senderbase, SpamTrap, ShortCircuit, Content Filters, Disclamers, Archiving and more.
Visit www.mxuptime.com

MaliciousIndustries
Posts: 80
Joined: Sat Jun 28, 2008 10:14 pm

Post by MaliciousIndustries » Mon Jul 07, 2008 8:28 am

Thanks for the replies, The ASSP looks great, though I would like for my clients to still have a little control over what happens with spam, in the past we used e-scan and mailscan product with our mail server it is a proxy solution as well, it seemed to work great, though at times it was extra work that the customers could have done easily, like whitelists, ect.

We currently have

1. SPF - Block on Fail and (Don't check connections from local IP Addresses)
2. DNSBL - Spamhaus + spamcop + 5 others
3. URLBL - use Multi and SURBL + 5 others
4. Block invalid Email Addresses (Reject mail if sender address is from invalid domain)
5. Prevent sender address spoofing. Sender using a local address must authenticate to send any email.
6. allow relay for authenticated senders (built in method)
7. GREYLISTING - Status determined by Postoffice - Sensitivity set to - High Class D mask
8. BAYESIAN FILTERING - Enabled Auto Training (not sure if working) - set at the recomended settings and process html content.
9. I have no AV ??

I think that is it, we are filtering Spam and have cut it down quite a bit, though we still have some stuff going into inbox's that you would never think it should have made it to the server at all (Pharmacy, enlargement and viagra stuff) i would think with all the filtering we have going on that clients should never even see this kind of spam.

Also we have no AV and have had some Virus's get through already, cought couple trojans in some spam with kaspersky local client on my computer while sifting through some clients Webmail boxs. This is no good, I have to get an AV scanner going. I would set up the ClamAV win, but I have not found anything to descriptive on how to implement it into ME. Mostly what I found was posts saying it was not easily done.

Please direct me to any good articles or posts on implementing Clam or if there is better that can be plugged, for not a lot of cash, then we do not mind that route either.

Thanks for the reply's again, not used to getting to many reply's to posts coming from the SM forums.

polarisie
Posts: 696
Joined: Mon Mar 27, 2006 2:58 pm

..

Post by polarisie » Mon Jul 07, 2008 8:53 am

2 additional points to add

1. You'll definitely need an antivirus. If ClamAV is not an option then go for the paid ones. Seeing that you are already on ME Ent. its just a simple matter of choosing a commercial AV and enabling the option.

2. Take note that Greylisting could cause issues with emails coming in from the large providers like gmail or bigpond

ps: 7 DNBSBL and 7 URLBL is a little bit of an overkill to me but whatever works for you :-)

Cheers
MXSCAN :: AntiSpam & AntiVirus for MailEnable (now with Spamtrap/Honeypot!)
Built-in SpamAssassin, Clam, MessageSniffer, DNSBL, URLBL, DCC, Senderbase, SpamTrap, ShortCircuit, Content Filters, Disclamers, Archiving and more.
Visit www.mxuptime.com

MaliciousIndustries
Posts: 80
Joined: Sat Jun 28, 2008 10:14 pm

Post by MaliciousIndustries » Mon Jul 07, 2008 9:07 am

We will probably tame down the Block/Black Lists, as we were just trying to ease the spam while getting everything up and running, we will probably just use the defaults after the bayesian filters start to actually do something.

Was actually just getting ready to see what the differant costs of all the commercial scanners are, I know that that would be thge best way to go, easiest to implement as well, just the costs are a factor. Usually all of the commercial scanners are quite expensive. We went with the enterprise version just for the full list of features and scalability and not so much ad we needed it for amount of clients and such, as we only have about a total of 100 mailboxs combined.

We have never used the Greylisting before, as we have had the availability with other servers, but were affraid to use it for the reasons you have stated. We have left it setup on a per mailbox optional basis, just incase of problems, still i wonder if the lists are seperate for Greylisting, if a client has a problem receiving a mail item and disables the Greylisting if then the mail would come through, or do the listed IP's need be removed as well? I know one thing though, it sure cuts the spam out in relation to the rest the filters we have running. Your right though, I just dont trust it completely at this point.

Thanks again for the reply.

rockinthesixstring
Posts: 844
Joined: Mon Dec 05, 2005 7:51 am
Location: Canada

Post by rockinthesixstring » Mon Jul 07, 2008 5:38 pm

MaliciousIndustries wrote:Thanks for the replies, The ASSP looks great, though I would like for my clients to still have a little control over what happens with spam.
In my ASSP config, I allow my customers to have control over the tagged spam. If you run filters in test mode, it will add specific headers but not actually do anything with them.

Then in ME, i have custom filters to add appropriate headers to those messages that can then be "handled" by the mailbox filter (High, Medium, Low).

Following that, I also have created a custom SQL Trigger that turns on "Deliver To Junk E-Mail" by default for every mailbox created... Works like a charm.


Note: I don't have "test mode" enabled for every filter as there are many filters in ASSP that NEVER trap false positives (URIBL, Invalid HELO, Penalty Box).
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9

rockinthesixstring
Posts: 844
Joined: Mon Dec 05, 2005 7:51 am
Location: Canada

Post by rockinthesixstring » Mon Jul 07, 2008 5:41 pm

Also, ClamAV in MailEnable totally sucks because it is only single threadded. However if you use it in ASSP, it is NOT single threadded... in fact ClamAV runs as a separate service that ASSP passes the mail off to. It works amazingly, is fast, and catches a lot.

I would recommend ClamAV if you go with ASSP.
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9

polarisie
Posts: 696
Joined: Mon Mar 27, 2006 2:58 pm

Post by polarisie » Mon Jul 07, 2008 6:09 pm

rockinthesixstring wrote:Also, ClamAV in MailEnable totally sucks because it is only single threadded. However if you use it in ASSP, it is NOT single threadded... in fact ClamAV runs as a separate service that ASSP passes the mail off to. It works amazingly, is fast, and catches a lot.

I would recommend ClamAV if you go with ASSP.
The Clamscan sucks, but when run in ClamD mode it really rocks. We run ClamD with MailEnable it runs as fast if not faster than a commercial AntiVirus scanner.

The problem with not running ClamAv in daemon mode is not that its single threaded, but that Clamscan will need to load the entire virus database on every run. Running as ClamD, the ClamAV daemon will stay in memory and the virus database only needs to be loaded once.

Cheers
MXSCAN :: AntiSpam & AntiVirus for MailEnable (now with Spamtrap/Honeypot!)
Built-in SpamAssassin, Clam, MessageSniffer, DNSBL, URLBL, DCC, Senderbase, SpamTrap, ShortCircuit, Content Filters, Disclamers, Archiving and more.
Visit www.mxuptime.com

rockinthesixstring
Posts: 844
Joined: Mon Dec 05, 2005 7:51 am
Location: Canada

Post by rockinthesixstring » Mon Jul 07, 2008 6:18 pm

Here is the ASSP ClamAV instructions. It does not use ClamD
http://www.asspsmtp.org/wiki/ClamAV_Win32
Chase
Server 2008 Standard (x64)
ME Ent 6.51 (SQL Server 2008 Config)
ASSP 1.9

Post Reply