SPAM Education

Discussion forum for Enterprise Edition.
rfwilliams777
Posts: 1370
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

SPAM Education

Post by rfwilliams777 »

In times past spam filtering was fairly simple. Known spam from known providers or high-risk and we just filter. What is going on is spammers--Bosly, FTD, etc.--are acquiring servers from providers like me, GoDaddy, etc. send their spam and when they get nailed or blocked, then they move onto other providers sending out their same spam again. As a result "Add to Blacklist" or "Report as SPAM" where it blocks IP addresses may be a temporary or physcologically a good suggestion, but in truth it is not working. Spam scoring (with MXScan) is showing scores of 3.4, 4.2, 5.6, etc...meaning low scores. As a result, I cannnot block or adjust the score to go over low stuff because then legit emails get blocked. It is also difficult to go based on subject or content as some are using images and images cannot be blocked.

So what are your suggestions ME and MXScan?
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!

lowcountrytoday
Posts: 32
Joined: Wed Feb 03, 2010 2:04 pm

Re: SPAM Education

Post by lowcountrytoday »

Mailenable doesn't care about spam. I stopped buying the upgrade insurance a while back and I am just about to the point where I am ready for the hassle of migrating to a new email platform with a company who cares.

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SPAM Education

Post by MailEnable-Ian »

Hi,
In times past spam filtering was fairly simple. Known spam from known providers or high-risk and we just filter. What is going on is spammers--Bosly, FTD, etc.--are acquiring servers from providers like me, GoDaddy, etc. send their spam and when they get nailed or blocked, then they move onto other providers sending out their same spam again. As a result "Add to Blacklist" or "Report as SPAM" where it blocks IP addresses may be a temporary or physcologically a good suggestion, but in truth it is not working. Spam scoring (with MXScan) is showing scores of 3.4, 4.2, 5.6, etc...meaning low scores. As a result, I cannnot block or adjust the score to go over low stuff because then legit emails get blocked. It is also difficult to go based on subject or content as some are using images and images cannot be blocked.

So what are your suggestions ME and MXScan?
While MailEnable provides security settings and spam filters to help stop incoming spam, its not a dedicated spam gateway. If you require a more efficient means at stopping spam then it would be ideal implementing a spam gateway and filtering the incoming mail before it hits the MailEnable server. Some that come to mind are Symantec SMTP proxy, Barracuda etc. Have you enabled SMTP reverse DNS blacklisting and URL blacklisting? Are you performing SMTP PTR checks? Have you looked in SPF checking?
Regards,

Ian Margarone
MailEnable Support

rfwilliams777
Posts: 1370
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

Re: SPAM Education

Post by rfwilliams777 »

I'd prefer using an inhouse (as in on the same server) spam filter as it would be easier to adjust when needed versus relying on someone else's spam filtering. Additionally, I can afford a one-time price for annual renewal with MXScan. Those other services are way out of budget.

I had SPF but when companies like Haliburton, Slumberger, etc. (major corporations) don't have valid SPF because they host their email with Microsoft, it is hard for me to decide to enable SPF blocking if not valid. I ran into that problem a while back.
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SPAM Education

Post by MailEnable-Ian »

Hi,

Perhaps you should look into open source free spam gateways.

http://sourceforge.net/projects/scrollout/
Regards,

Ian Margarone
MailEnable Support

rfwilliams777
Posts: 1370
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

Re: SPAM Education

Post by rfwilliams777 »

What is the difference (as in which product is better): The one from sourceforge or MXScan?
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!

MailEnable-Ian
Site Admin
Posts: 9738
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: SPAM Education

Post by MailEnable-Ian »

Hi,

We have not conducted any tests with the free gateway but have with Symantec products. The difference though is that MXScan is a MTA pickup event therefore the message needs to be accepted by the SMTP service in order for it to be scanned at the MTA level. The spam gateway is an SMTP proxy where the message is filtered before it hits the MailEnable server and then forwarded.

Perhaps inquire with the user in this thread who seems to know it works well and may have more information:

http://forum.mailenable.com/viewtopic.p ... rce#p93736
Regards,

Ian Margarone
MailEnable Support

Brett Rowbotham
Posts: 560
Joined: Mon Nov 03, 2003 7:48 am
Location: Cape Town

Re: SPAM Education

Post by Brett Rowbotham »

You could also look into installing Anti-Spam SMTP Proxy Server (ASSP) in front of your mail server: https://sourceforge.net/projects/assp/

Cheers,
Brett

lowcountrytoday
Posts: 32
Joined: Wed Feb 03, 2010 2:04 pm

Re: SPAM Education

Post by lowcountrytoday »

How about good directions on best practices for setting up a mailenable server or baseline configuration for minimal spam. Where is that?

How about some options like when a ip address tries to send spam and is rejected for no ptr, no mx record or failed spf they go into a permanent blacklist. For most it is just a little bit of time needed for them to solve those issues by getting the ptr setup or the mx record setup and then you are inundated with spam. I would rather manually remove them from the blacklist than to have the spammer fix the issues and send spam in time.

lowcountrytoday
Posts: 32
Joined: Wed Feb 03, 2010 2:04 pm

Re: SPAM Education

Post by lowcountrytoday »

Anther great option would be to have every ip that is rejected from the DNSBL to be blacklisted permanently. It would greatly reduce the number of queries to the DNSBL. I also go through the logs everyday to look for things and I see the same IP that has been blacklisted creating hundreds or thousands of log entries trying to send spam to different email addresses. Again I would rather remove an IP from the blacklist manually if it needs to be removed.

rfwilliams777
Posts: 1370
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

Re: SPAM Education

Post by rfwilliams777 »

I would had agreed with you but there is a slight problem and that is what I stated "What is going on is spammers--Bosly, FTD, etc.--are acquiring servers from providers like me, GoDaddy, etc. send their spam and when they get nailed or blocked, then they move onto other providers sending out their same spam again. As a result "Add to Blacklist" or "Report as SPAM" where it blocks IP addresses may be a temporary or physcologically a good suggestion, but in truth it is not working." It was blocked permanently at an email account level, but it ought to had been done at the server level (a good suggestion) but what happens when legit mail servers use that IP address that 2-3 years prior was blocked by a spammer. How are we to know when they were blocked without an error reported to someone that "Hey, so and so got blocked"?
Robert Williams, Owner
www.WilliamsWebSolutions.com
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and we will migrate your accounts to us for FREE!
We can be hired to help you with your Mail Enable server, too!

lowcountrytoday
Posts: 32
Joined: Wed Feb 03, 2010 2:04 pm

Re: SPAM Education

Post by lowcountrytoday »

Only want DNSBL, No MX and No PTR to be permanent until removed manually with an option to turn it on or off. I don't have too much issue with Godaddy because they take SPAM reports seriously and usually resolve the issue in a timely manner. There are some others like Colorado Crossing who have nothing but spam servers and they ignore spam complaints. I haven't found where any of my customers receive any valid email from Colorado Crossing which is why I blocked them and a whole bunch of other spam farms. A contact number in the email welcome can give someone access to make a compliant if they are blacklisted.

Webmail blacklists only affect that user who added them and email to other users goes through. The report as spam blocks email for all when the set threshold is reached. Most of my customers don't use that anyway.

aahq
Posts: 183
Joined: Sat Aug 07, 2010 11:08 am

Re: SPAM Education

Post by aahq »

We are happy with our modified free Spam Assassin solution and our modified home made Quarantine Program for Mail Enable.

We have IIS on the perimeter so we have the option from our program of blocking on "SMTP Connect" too so our spam is now way way down.

What users and customers need to understand that Anti Virus and Anti Spam "get most of them". Sometimes the odd thing gets through and that's just tough luck... Some level intelligence is expected from the user in 2015 I would hope...

Scott

ccgeek
Posts: 24
Joined: Tue Feb 07, 2006 2:28 am
Location: Georgia, USA

Re: SPAM Education

Post by ccgeek »

aahq wrote:We are happy with our modified free Spam Assassin solution and our modified home made Quarantine Program for Mail Enable.
Care to share how you modified Spam Assassin or what distribution you used to start with?

aahq
Posts: 183
Joined: Sat Aug 07, 2010 11:08 am

Re: SPAM Education

Post by aahq »

Start here for how we have set ourselves up using Spam Assassin... Its relatively detailed... Use on a test server first... We have been using this for 2 odd years now and I only touch 2 spam assassin files usually.

http://forum.mailenable.com/viewtopic.php?f=7&t=24726

We have made a home made utility that manipulates the Quarantine Queues and has a much more friendly interface than the standard ME Quarantine... I can send you the source code for you to compile if you send a request to aahq@hotmail.com directly. No charge.

ME is a good product but there are just some things you need to do yourself.

Scott

Post Reply