SpamAssassin and cPanel Help Needed

Volphin

Lieutenant
Joined
Jun 5, 2011
Messages
1,405
My server is getting flooded with spam and I can whitelist and blacklist till the cows come home and it just keeps coming! I sure could use an IT assist here guys? I'm no cPanel expert nor a coder. This is an Apache server running SA. Been reading up a bit on the cPanel site and it's making my two synapses hurt. LOL
 

MTboatguy

Fleet Admiral
Joined
Jul 8, 2010
Messages
8,988
Volphin, there is really nothing that is currently good at stopping it at the server level, SA is good at the mail client level, if and only if you are willing to accept the fact that some things you want to receive is going to get filtered. The problem is the spammers have become very smart, I have several right now that will send a million messages at us and each message with the same content will have a different title, different email, different IP address which is what SA uses to filter messages.

Who are you leasing your server from? Sometimes they can do something, but not often, let me know some of the spec's of the server and I will see if I can figure something out to help you along.
 

Volphin

Lieutenant
Joined
Jun 5, 2011
Messages
1,405
I'll get the info for you, thanks! Yep those spammers sure are persistent. I went to the server and set up a POP box email address for an employee that had not worked for me in 5 years as a test. Yep, spam started coming in within 15 minutes. A scary thought is that they wouldn't do it if no one was buying their stuff, so some idiots are clicking on through encouraging it! I may just have to require some long time employees to change email addresses. :(
 

Rick Stephens

Admiral
Joined
Aug 13, 2013
Messages
6,118
We added a root level block of all Asia, period. We did by virtue of IP number blocking. Your server takes a little bit of a hit in CPU time since it has to process that huge number of IPs. I'm never afraid to block another country. We'll do a search of IPs and add them to the block.

Killing off China made a huge dent all by itself. If China won't crack down themselves, tough. I'll just block em altogether. Pakistan, India, Bulgaria, most of north Africa, and so on.

Rick
 

MTboatguy

Fleet Admiral
Joined
Jul 8, 2010
Messages
8,988
I agree blocking Asia is a good way to cut down on your spam, I did that several years ago as I had no reason to have correspondence from China or any other Asian countries, I bet if you blocked an IP range for Asia, you would see a massive difference in your spam.
 

Volphin

Lieutenant
Joined
Jun 5, 2011
Messages
1,405
We only do business in North America so that would make a lot of sense. Um, how do I do that exactly? Anyone care to fwd me IP address blocks off forum? :)
 

MTboatguy

Fleet Admiral
Joined
Jul 8, 2010
Messages
8,988
We only do business in North America so that would make a lot of sense. Um, how do I do that exactly? Anyone care to fwd me IP address blocks off forum? :)

Send me your email in a PM and I will be happy to send you a big list that will help you out!
 

bruceb58

Supreme Mariner
Joined
Mar 5, 2006
Messages
30,454
The company I work for is in the Ethernet security and testing business. We sell dedicated hardware for bigger companies that block known bad ip addresses. The hardware is constantly updated realtime with updated threat lists.

The bigger problem is not just all the spam and phishing attempts but how much time is spent dealing with this. That is why for bigger companies, dedicated hardware is a cost savings.

Not sure if you are at that level or not. If you are, send me a PM.


If this is email only, that's one of the reason my company and many companies have switched to Microsoft 365 using cloud email. MS does a good job with filtering the SPAM. I actually use 365 for my home email as well for that and other reasons.
 
Last edited:

Volphin

Lieutenant
Joined
Jun 5, 2011
Messages
1,405
Hi guys, sorry I have not gotten back to you. Work has been a bear lately. Bruce, thanks for the insight, but we are probably nowhere near the size of company that would be able to take advantage of your serves. :(

MT, I'll send you a PM. I spoke with my server admin and he said yeah, it may help a little, but most of them spoof US IPs.

Thank you all for your insights. I just may wind up nuking some of these addresses and start fresh. :D
 
Top