What is a good spam filter ?

[Duboux]

Hi, we normally use barracuda spam filter, which is an external server.
Great to keep unnecesarry bandwith outside.

But it's annoying
clients receive an email with if they received potential spam, and need to tell barracuda when they mark it as spam.
For outlook there's a plugin, that adds 2 buttons, to accept / mark as spam.
But when u use webmail, that option isn't there.
which is a big downside.


So, which local installable spam filter is usuable for & integrateable into both the common webmails (squirrelmail, squirrelmail, [horde]), and email programs like outlook and outlook express (and w/e is out there) ?

 

[smtalk]

ASSP http://assp.sourceforge.net/

 

[floyd]

It is my opinion that email should be accepted or rejected at SMTP time and never filtered. I would not let somebody filter my paper mail. Why would I let a dumb piece of software filter my email especially if it is a business. Filtered email is likely to have false positives that will not get seen for days or never at all. I have had this happen to me and my clients where we have lost thousands of dollars because some email got filtered. So its all about risks. Also never return spam to the sender as it is probably fake. That is why filtered email can be dangerous. If it gets filtered neither you nor the sender may ever know it.

 

[nobaloney]

Mine, too, Floyd, and Duboux.

DirectAdmin includes SpamBlocker; see the SpamBlocker2 section of these forums, and set up SpamBlocker for the domains on which you want it to work.

It's not perfect but on our servers it blocks well over 90% of the spam.

Jeff

 

[Duboux]

Thanx for your replies

I've searched a bit on SpamBlocker in this forum (even Google), but I can't find a description of it.

Also have some questions on this:

1. And how does it intergrate into our DA-default webmails ?
   (if not, I'll be happy to script some buttons)
2. And is there a plugin available for emailclients like Outlook (express) ?
3. And does SpamBlocker use a shared list on addresses & words, or does every client have to start from scratch ?
4. Will Spamblocker have tweaking-settings to set boundaries that mark stuff as spam, or ignore it even ?
5. Will it move email to a spam folder ?

I'm the lazy type, and don't want to have 2 windows open, just to mark something as spam



ps, it's good to see that it works with AV, I'm thinking abt installing that as well.

 

[floyd]

I think you have the wrong idea about Spamblocker. Spamblocker blocks spam (not filter) based on popular ip blocklists. It doesn't mark it as spam it totally blocks it and bounces it back to sending server letting the sending server know that the email was not accepted. It has nothing to do with webmail or outlook or any other email client. It works before mail is delivered at all to the user's mailbox.

More info http://www.nobaloney.net/downloads/spamblocker/DirectAdmin/ReadMe.txt

 

[nobaloney]

Thanks, Floyd!

All I want to add is that because SpamBlocker notifies the sending server that an email was blocked, it's very friendly towards it's occasional false positives; senders get notified.

And if the server admin has installed it properly, senders of occasional false positives get told exactly what they need to do to get their email accepted.

As bad as spam is these days, it would be that much worse if it wasn't for SpamBlocker.

And Duboux, there are probably a lot of solutions out there called SpamBlocker; I'm writing about the exim.conf file I wrote for DA.

Jeff

 

[Duboux]

ow, sorry

I was under the impression that the "SPAM Filters" option in the clients control panel, was for SpamBlocker.
Looking at the empty fields behind that link, I got worried abt not being linked to public lists. And franckly my clients would look like o_0; and avoid using it.

I've read the readme file - btw, thanks to Jeff for making this - and searched for those files on the server, and it turns out they're there, so I most prolly have SpamBlocker2 installed already. o_0;

I have a small email account on that server, and it receives spam emails with their spam written in an image in their body. But I guess those are quite risky to block.

So, if this SpamBlocker is running, do I still need SpamAssassin or any other filter/blocker ?
I read SpamAssassin is a bit heavy on the serverload, plus I don't like having things double

So if there's still spam coming through SpamBlocker, witch which additional blocker/filter are my clients able to mark email as spam in their webmail and email-clients like Outlook (express) ?

 

[nobaloney]

Thanks <blush>.

SpamBlocker is turned off by default, as is SpamAssassin. You can turn SpamBlocker on very simply, on a per-domain basis. but putting domain names into your /etc/virtual/use_rbl_domains file (copy them from your /etc/virtual/domains file to make sure you've got the right format).

Since SpamBlocker blocks by reputation it doesn't know about contents; in fact it works without ever bothering to receive the body of the emails.

The Spam Filters you see in DirectAdmin are exim-based filters; we don't use them because it's too easy to block real stuff.

For example, you might easily block the U.S. Declaration of Independence:

and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them

We generally don't use SpamAssassin but once you've got SpamBlocker blocking most spam from your server you can probably use it with a reasonably provisioned server without increasing the server load too much.

Jeff

 

[Duboux]

Thanx Jeff,

I filled in the use_rbl_domains file, and am anchious to find out to see its reputation

Do I need to manually add a domain, every time I add a new client in DA ?

And what if I remove a client from DA, and forget to remove its domain in the use_rbl_domains file ?

 

[jlandes]

If you follow the directions at http://help.directadmin.com/item.php?id=142 you'll be able to block email from domains that are added to DirectAdmin and this will also take care of domains that are deleted. Hope this helps.

 

[Duboux]

I'm confused jlandes,

Is that that emailblocker the same as spamblocker2 ?

And what's confusing me on that help page, is that it says it checks and blocks incoming mail, but then they mention abt users not being able to send email o_0;

 

[floyd]

And what's confusing me on that help page, is that it says it checks and blocks incoming mail, but then they mention abt users not being able to send email o_0;

The section you are referring to is:

Note that some lists also block entire ISP IP ranges, so if your clients are not able to send email, then can switch to sending email through port 587 instead of port 25.

Its saying that some of your customers may be using an isp who is on a blocklist. So when you enable blocklists your customers who are on that blocklist will be blocked. They can get around the block by using port 587 instead of 25.

On the other hand if you find a blocklist that blocks an entire isp then maybe you should not use that particular blocklist.

 

[nobaloney]

Is that that emailblocker the same as spamblocker2 ?

Yes, /etc/use_rbl_blocklists is part of SpamBlocker.

And what's confusing me on that help page, is that it says it checks and blocks incoming mail, but then they mention abt users not being able to send email

See my reply to floyd, below.

Jeff

 

[floyd]

See my reply to floyd, below.

Uh oh. I must have said something wrong.

 

[nobaloney]

Its saying that some of your customers may be using an isp who is on a blocklist. So when you enable blocklists your customers who are on that blocklist will be blocked. They can get around the block by using port 587 instead of 25.

On the other hand if you find a blocklist that blocks an entire isp then maybe you should not use that particular blocklist.

The blocklists we use by default do NOT block any entire ISP, though they may occasionallly block a specific IP# that belongs to an ISP and listed as a dynamic IP# and/or currently sending spam.

But SpamBlocker2 and newer versions will send mail from all authenticated senders (whether authentication is on port 587 or port 25), automatically whitelisting them from blocklists. The code that does that is:

       !authenticated = *

The code means that the blocklist will only be used if the sender is unauthenticated.

The main reason to use port 587 rather than port 25 is because many ISPs block port 25 off their network; to keep zombie servers on their network from sending spam.

In other words, I think the knowledgebase article is a bit confusing.

Jeff