Note: this is reposted (and updated a bit even) from our previous website however everything below is still valid.
As we are all quite aware, spam is a large and increasing problem on the internet. According to recent studies, up to 80% of all email is actually spam. Unfortunately, this is not just an interesting piece of trivia — there is a real cost to spam whether it be your time (or your clients’) in weeding through it or the extra storage and utilization on the server in processing so much extra email.
Note: for the purposes of this article, spam includes UBE (unsolicited bulk email) and email that contains viruses.
At Idologic we have been carefully watching various anti-spam solutions for quite a while. Given the enormity of the problem, there are a multitude of solutions available both for purchase (proprietary) or for free (open-source). Interestingly enough, many of the best proprietary solutions are simply well-packaged sets of open-source tools. Given sufficient time and understanding, a knowledgeable server admin can construct an anti-spam solution that fairly accurate while requiring minimal maintenance. A well-built antispam solution can approach 80-90% accuracy rates with no false positives or manual maintenance (i.e. someone to flag spam manually on the server every day).
Simply put, that is what we have now done.
You may have noticed that there is an “Server-Wide Spam & Virus Protection” option in cPanel. This is simply the front-end to a comprehensive sysem consisting of….
- ClamAV — a superior open-source virus scanning solution. Additionally, virus signatures are updated daily from a central repository.
- Exiscan — an extension of the Exim MTA which provides the glue for Exim to call other programs.
- Exim Advanced Configurations — this allows us to block certain well-known virus file extensions. You can always send a file through regardless of its extension by first zipping it.
- DNS RBL’s — that is, DNS-based black-lists. We currently employ 3 very conservative DNS RBL’s. Please see further notes on them below.
- Vipul’s Razor — a distributed, collaborative, spam detection and filtering network that is constantly updated by screened user contributions.
- Server-based blacklist and whitelist overrides. This gives us the ability to override any of the methods above on a server by server basis whether to allow or disallow email. This would be normally be done in response to a request via ticket where a customer needs to receive certain emails but does not want to disable all filtering.
While we have put a large amount of time into crafting a very conservative but accurate spam-blocking configuration, we do realize that some clients may not wish to have any filtering. Because we recognize this need, this system is combined with cPanel Pro to provide user-controlled opt-in or opt-out on a cPanel account basis. Here is a sample screenshot from cPanel showing the configurability provided.
Please note that CPSkins has stopped updating their skins and so is not compatible with enabling/disabling this feature (spam filtering will still be working….you just can’t use CPSkins to enable/disable it). You will need to use RVSkins or x2 as your cPanel skin. We would recommend RVSkin as being very feature-rich and configurable.
- For RVSkin, go to RVAdmin Skin Manager / Package-Feature Manager. Choose the Feature List you for the user whose feature set you want to control, find the feature ‘Server-Wide Spam & Virus Protection’ and enable it.
- For the x2 skin, go to WHM > Feature Manager > Edit Feature Set. Check the box for “Server-Wide Spam & Virus Protection” at the bottom of the list and save.
We have enabled the configuration above on all reseller servers and will set up dedicated servers/VPS’s by request (no installation charge).
Explanation of DNS RBLs
Given that there are several irresponsible DNS RBL’s (SPEWS & SORBS for example), DNS RBL’s sometimes get a bad name. Fortunately, there are several highly accurate DNS RBL’s available. After careful research, we have chosen to use…
- list.dsbl.org — tests for open relay SMTP servers and will only list a server if confirmed open.
- zen.spamhaus.org – SpamHaus is a well-recognized anti-spam service provided for free to ISP’s and webhosts. It contains the IP addresses of verified spam sources as well as servers confirmed to be compromised by illegal 3rd party exploits.
These 2 lists have a very low to non-existent false positive rate. For example, in over a year of live implementation in a large environment (80,000 emails/day), the Spamhaus RBL’s have had zero false positives.