• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Spam is Killing us?

T

Traged1

Guest
We are getting complete overrun with spam. We have SPF setup, we use MAPS from spamhaus, spamcop, cbl, and ORBL yet we are still gettting thousands of spam emails per day on all of our domains and all of our email addresses. What else can we do?
 
We calculated that this spam is using 800GB of bandwidth each month, and we do not want to continue to pay for it. Anyone have any other suggestions, maybe a better RBL or some other programs?
 
You could try using greylisting.
There are some topics on this here in the forum.
 
also add in dcc, razor, and pyzor to your box. If you're on CentOS/RHEL or Fedora I've got rpms of all those, as well as a greylisting wrapper (qgreylist) in my yum archive.
 
Thanks, I have just installed the qgreylist rpm from you ART and I have to say that it has immediately reduce the spam to only a few pieces so far today, whereas before we would get thousands.
 
Can someone paste here up to date MAPS,
i am using those atm:
cbl.abuseat.org;dnsbl.ahbl.org;rhsbl.ahbl.org;ircbl.ahbl.org;list.dsbl.org;t1.dnsbl.net.au;combined.njabl.org;bhnc.njabl.org;relays.ordb.org;dnsbl.sorbs.net;bl.spamcop.net;sbl-xbl.spamhaus.org
which i found in another thread, but i have problem with SMTP Server (QMail)when enable MAPS, it goes down, anyone know why?
 
Originally posted by juhanes
i am using those atm:
cbl.abuseat.org;dnsbl.ahbl.org;rhsbl.ahbl.org;ircbl.ahbl.org;list.dsbl.org;t1.dnsbl.net.au;combined.njabl.org;bhnc.njabl.org;relays.ordb.org;dnsbl.sorbs.net;bl.spamcop.net;sbl-xbl.spamhaus.org
but i have problem with SMTP Server (QMail)when enable MAPS, it goes down, anyone know why?

On my FC4 / Plesk 8 box, i use all of those in MAPS but on my CentOS4 /Plesk 8 box, if i use more than one, Qmail goes down. I have not been able to determine why as yet. As a matter of fact, from the control panel, I cannot even add more than one or it errors out. If I ever get it fiqured out, I'll post the solution.
 
Originally posted by atomicturtle
also add in dcc, razor, and pyzor to your box. If you're on CentOS/RHEL or Fedora I've got rpms of all those, as well as a greylisting wrapper (qgreylist) in my yum archive.

hello good sir.

would you mind to provide a bit more info here? what are dcc, razor and pyzor and what do they do? i already have your qgreylist installed and running, will adding those change/affect it?

my installation of spamassassin is someone custom now ... it is setup to use a site-wide bayes database and no per-user settings. are installing those going to effect that?

when installing things like these, what exactly does it do? is there a file or something that tells the system what to do with an email (like put it through qgreylist, spamassassin, clam av, etc...)?

thanks for the info
Luke
 
They are agents that test mail against databases of known spam (signature based). Extremely easy to add in, if you're using my yum archives just run: yum install razor-agents dcc pyzor, and then restart spamd.
 
thanks for the reply - i'll give them a try.

while i have you - can i throw an off-topic question at you?

is there any reason not to run "yum update" on a live server with 100+ domains?

it is plesk 8.0.1/centos 4.2..

thanks

Luke
 
Installed as suggested and am getting the following in my maillog:


Nov 20 13:40:17 server spamd[13496]: pyzor: check failed: internal error
Nov 20 13:40:17 server spamd[13496]: mkdir //.spamassassin: Permission denied at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin.pm line 1530
Nov 20 13:40:17 server spamd[13496]: locker: safe_lock: cannot create tmp lockfile //.spamassassin/auto-whitelist.lock.server.mydomain.com.13496 for //.spamassassin/auto-whitelist.lock: No such file or directory
Nov 20 13:40:17 server spamd[13496]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile //.spamassassin/auto-whitelist.lock.server.mydomain.com.13496 for //.spamassassin/auto-whitelist.lock: No such file or directory
Nov 20 13:40:17 server spamd[13496]: spamd: clean message (3.5/5.0) for [email protected]:110 in 3.3 seconds, 1385 bytes.
Nov 20 13:40:17 server spamd[13496]: spamd: result: . 3 - BAYES_99 scantime=3.3,size=1385,[email protected],uid=110,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/tmp/spamd_full.sock,mid=<[email protected]>,bayes=0.999999999999982,autolearn=no
Nov 20 13:40:17 server spamd[13491]: prefork: child states: II


are these errors significant? how would I go about fixing them?

Thanks again for your help
 
Originally posted by atomicturtle
also add in dcc, razor, and pyzor to your box. If you're on CentOS/RHEL or Fedora I've got rpms of all those, as well as a greylisting wrapper (qgreylist) in my yum archive.
Could you tell me in what repository they are? I've trouble finding them.
 
One more question!

Is it possible to have the server reject emails to non-existant users BEFORE using greylist? Might save a lot of processes ...

Luke
 
You want to add in the yum channel:

[atomic]
name=Atomic Rocket Turtle
baseurl=http://3es.atomicrocketturtle.com/atomic/art/4ES

If you're running RH9, or the Fedoras replace 4ES with $releasever.

And yes, you should be updating your system with yum every day.

Ive got an anti-spam appliance package called Project Gamera (dedicated servers only, not compatible with psa) that implements a check for valid accounts before greylisting occurs. Ive been considering porting that version of qmail over to PSA since so many people seem to be struggling with building their own versions of qmail. Its a big project, which has been the major hinderance, and I've got the feeling that the moment I actually do it, sw-soft is going to put out an update and start supporting postfix :p
 
Originally posted by lpittman
One more question!

Is it possible to have the server reject emails to non-existant users BEFORE using greylist? Might save a lot of processes ...

Luke

I am looking for a way to do this as well if anyone knows. I am not using atomics greylist I am using the one from http://meshier.com/2006/09/18/adding-greylisting-support-to-qmail-on-plesk-8/
as I needed it to use mysql and I think from initial readings atomics uses files.
 
Greylisting ...

Hello,

Well I tried all, spamassassin, blacklists, etc but the only effective thing is greylisting.

Today a funny thing happened, I started getting lots and lots of spam, and I was like ... "maybe spammers adapted to 403 envelope failure".

A customer complained about the spam and I went to investigate.

The MySQL table greylist was corrupt letting all mail pass.

You dont imagine the diference with GREYLIST ON and OFF its abissal !


I recomend greylist, its far better then spamassasin that increases the server load.


Regards
Joao Correia
 
Re: Greylisting ...

Originally posted by JoaoCorreia
Hello,

Well I tried all, spamassassin, blacklists, etc but the only effective thing is greylisting.

Today a funny thing happened, I started getting lots and lots of spam, and I was like ... "maybe spammers adapted to 403 envelope failure".

A customer complained about the spam and I went to investigate.

The MySQL table greylist was corrupt letting all mail pass.

You dont imagine the diference with GREYLIST ON and OFF its abissal !


I recomend greylist, its far better then spamassasin that increases the server load.


Regards
Joao Correia

Hi Joao,

I agree that greylisting make a significant difference - however adding a few other things to it can help you to filter out those final few results that get through. The one thing greylisting can't stop is the spam that is being sent from legitimate mail servers that do retry sending mail.

A combination of Spam Assassin, greylist, dcc, razor, pyzor, blocklists and SPF is what you need. They are all cover slightly different things.

But regardless, glad to hear of your success.

Luke
 
I have a question.

On the RBL MAPS entry in the server there is only one slot to fill in the zone. is this how to fill it?

cbl.abuseat.org;dnsbl.ahbl.org;rhsbl.ahbl.org;ircbl.ahbl.org;list.dsbl.org;t1.dnsbl.net.au;combined.njabl.org;bhnc.njabl.org;relays.ordb.org;dnsbl.sorbs.net;bl.spamcop.net;sbl-xbl.spamhaus.org

I am trying to figure out how to add multiples
 
Back
Top