1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Spam is Killing us?

Discussion in 'Plesk for Linux - 8.x and Older' started by Traged1, Nov 19, 2006.

  1. Traged1

    Traged1 Guest

    0
     
    We are getting complete overrun with spam. We have SPF setup, we use MAPS from spamhaus, spamcop, cbl, and ORBL yet we are still gettting thousands of spam emails per day on all of our domains and all of our email addresses. What else can we do?
     
  2. Traged1

    Traged1 Guest

    0
     
    We calculated that this spam is using 800GB of bandwidth each month, and we do not want to continue to pay for it. Anyone have any other suggestions, maybe a better RBL or some other programs?
     
  3. Ronaldve

    Ronaldve Guest

    0
     
    You could try using greylisting.
    There are some topics on this here in the forum.
     
  4. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    also add in dcc, razor, and pyzor to your box. If you're on CentOS/RHEL or Fedora I've got rpms of all those, as well as a greylisting wrapper (qgreylist) in my yum archive.
     
  5. Traged1

    Traged1 Guest

    0
     
    Thanks, I have just installed the qgreylist rpm from you ART and I have to say that it has immediately reduce the spam to only a few pieces so far today, whereas before we would get thousands.
     
  6. juhanes

    juhanes Guest

    0
     
    Can someone paste here up to date MAPS,
    i am using those atm:
    cbl.abuseat.org;dnsbl.ahbl.org;rhsbl.ahbl.org;ircbl.ahbl.org;list.dsbl.org;t1.dnsbl.net.au;combined.njabl.org;bhnc.njabl.org;relays.ordb.org;dnsbl.sorbs.net;bl.spamcop.net;sbl-xbl.spamhaus.org
    which i found in another thread, but i have problem with SMTP Server (QMail)when enable MAPS, it goes down, anyone know why?
     
  7. jwdick

    jwdick Guest

    0
     
    On my FC4 / Plesk 8 box, i use all of those in MAPS but on my CentOS4 /Plesk 8 box, if i use more than one, Qmail goes down. I have not been able to determine why as yet. As a matter of fact, from the control panel, I cannot even add more than one or it errors out. If I ever get it fiqured out, I'll post the solution.
     
  8. lpittman

    lpittman Guest

    0
     
    hello good sir.

    would you mind to provide a bit more info here? what are dcc, razor and pyzor and what do they do? i already have your qgreylist installed and running, will adding those change/affect it?

    my installation of spamassassin is someone custom now ... it is setup to use a site-wide bayes database and no per-user settings. are installing those going to effect that?

    when installing things like these, what exactly does it do? is there a file or something that tells the system what to do with an email (like put it through qgreylist, spamassassin, clam av, etc...)?

    thanks for the info
    Luke
     
  9. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    They are agents that test mail against databases of known spam (signature based). Extremely easy to add in, if you're using my yum archives just run: yum install razor-agents dcc pyzor, and then restart spamd.
     
  10. lpittman

    lpittman Guest

    0
     
    thanks for the reply - i'll give them a try.

    while i have you - can i throw an off-topic question at you?

    is there any reason not to run "yum update" on a live server with 100+ domains?

    it is plesk 8.0.1/centos 4.2..

    thanks

    Luke
     
  11. lpittman

    lpittman Guest

    0
     
    Installed as suggested and am getting the following in my maillog:


    Nov 20 13:40:17 server spamd[13496]: pyzor: check failed: internal error
    Nov 20 13:40:17 server spamd[13496]: mkdir //.spamassassin: Permission denied at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin.pm line 1530
    Nov 20 13:40:17 server spamd[13496]: locker: safe_lock: cannot create tmp lockfile //.spamassassin/auto-whitelist.lock.server.mydomain.com.13496 for //.spamassassin/auto-whitelist.lock: No such file or directory
    Nov 20 13:40:17 server spamd[13496]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile //.spamassassin/auto-whitelist.lock.server.mydomain.com.13496 for //.spamassassin/auto-whitelist.lock: No such file or directory
    Nov 20 13:40:17 server spamd[13496]: spamd: clean message (3.5/5.0) for myemail@mydomain.com:110 in 3.3 seconds, 1385 bytes.
    Nov 20 13:40:17 server spamd[13496]: spamd: result: . 3 - BAYES_99 scantime=3.3,size=1385,user=myemail@mydomain.com,uid=110,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/tmp/spamd_full.sock,mid=<b4a4485f0611201340r67288247r539527792174c10a@mail.gmail.com>,bayes=0.999999999999982,autolearn=no
    Nov 20 13:40:17 server spamd[13491]: prefork: child states: II


    are these errors significant? how would I go about fixing them?

    Thanks again for your help
     
  12. Ronaldve

    Ronaldve Guest

    0
     
    Could you tell me in what repository they are? I've trouble finding them.
     
  13. lpittman

    lpittman Guest

    0
     
  14. lpittman

    lpittman Guest

    0
     
    One more question!

    Is it possible to have the server reject emails to non-existant users BEFORE using greylist? Might save a lot of processes ...

    Luke
     
  15. Ronaldve

    Ronaldve Guest

    0
     
    Thanks, got them :)
     
  16. atomicturtle

    atomicturtle Golden Pleskian

    29
     
    Joined:
    Nov 20, 2002
    Messages:
    2,110
    Likes Received:
    7
    Location:
    Washington, DC
    You want to add in the yum channel:

    [atomic]
    name=Atomic Rocket Turtle
    baseurl=http://3es.atomicrocketturtle.com/atomic/art/4ES

    If you're running RH9, or the Fedoras replace 4ES with $releasever.

    And yes, you should be updating your system with yum every day.

    Ive got an anti-spam appliance package called Project Gamera (dedicated servers only, not compatible with psa) that implements a check for valid accounts before greylisting occurs. Ive been considering porting that version of qmail over to PSA since so many people seem to be struggling with building their own versions of qmail. Its a big project, which has been the major hinderance, and I've got the feeling that the moment I actually do it, sw-soft is going to put out an update and start supporting postfix :p
     
  17. gromett

    gromett Guest

    0
     
    I am looking for a way to do this as well if anyone knows. I am not using atomics greylist I am using the one from http://meshier.com/2006/09/18/adding-greylisting-support-to-qmail-on-plesk-8/
    as I needed it to use mysql and I think from initial readings atomics uses files.
     
  18. JoaoCorreia

    JoaoCorreia Guest

    0
     
    Greylisting ...

    Hello,

    Well I tried all, spamassassin, blacklists, etc but the only effective thing is greylisting.

    Today a funny thing happened, I started getting lots and lots of spam, and I was like ... "maybe spammers adapted to 403 envelope failure".

    A customer complained about the spam and I went to investigate.

    The MySQL table greylist was corrupt letting all mail pass.

    You dont imagine the diference with GREYLIST ON and OFF its abissal !


    I recomend greylist, its far better then spamassasin that increases the server load.


    Regards
    Joao Correia
     
  19. lpittman

    lpittman Guest

    0
     
    Re: Greylisting ...

    Hi Joao,

    I agree that greylisting make a significant difference - however adding a few other things to it can help you to filter out those final few results that get through. The one thing greylisting can't stop is the spam that is being sent from legitimate mail servers that do retry sending mail.

    A combination of Spam Assassin, greylist, dcc, razor, pyzor, blocklists and SPF is what you need. They are all cover slightly different things.

    But regardless, glad to hear of your success.

    Luke
     
  20. viruseater

    viruseater Guest

    0
     
    I have a question.

    On the RBL MAPS entry in the server there is only one slot to fill in the zone. is this how to fill it?

    cbl.abuseat.org;dnsbl.ahbl.org;rhsbl.ahbl.org;ircbl.ahbl.org;list.dsbl.org;t1.dnsbl.net.au;combined.njabl.org;bhnc.njabl.org;relays.ordb.org;dnsbl.sorbs.net;bl.spamcop.net;sbl-xbl.spamhaus.org

    I am trying to figure out how to add multiples
     
Loading...