Portal Home > Knowledgebase > Articles Database > avoid mail spam
avoid mail spam
| Posted by pjssms, 07-02-2015, 06:41 AM |
| Hello,
I have a scrolloutf1 filter that is at the moment rejecting more than 100 000 emails per day and the emails are coming from hundreds of different IPs even if the message is similar.
What approaches do you recommend to improve this ?.
Thank you,
Paulo Santos
|
| Posted by EthernetServers, 07-02-2015, 06:50 AM |
| It may be worth taking a look at the IPs in question by running them through mxtoolbox.com and setting up custom RBL filtering for blacklists such as Barracuda, Spamhaus, etc, depending on any patterns you're able to identify.
Also, it may be helpful to know which MTA you're running.
|
| Posted by Andei, 07-02-2015, 07:00 AM |
| RBL filtering seems like the best way to go.
|
| Posted by pjssms, 07-02-2015, 08:42 AM |
| Scrolloutf1 is a filter already. I am receiving mails from dozens or even hundreds different ips
|
| Posted by pjssms, 07-02-2015, 01:49 PM |
| with command
grep 'Failed password' /var/log/secure* | grep sshd | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq
i was able to see the 531 ips that have tried to enter into the server by SSH.
How do i block 531 ips ? Is that number ok for the firewall or does it get slower and slower ??
|
| Posted by Andei, 07-02-2015, 02:08 PM |
| CSF+LFD can automatically block IPs that fail logins X number of times ( you set X to whatever value you wish )... and CSF should be able to handle 1k entries with no problems.
CPHulk is another option you can look into for failed logins.
|
| Posted by cmcomputers, 07-02-2015, 02:24 PM |
| You can try several WHM settings I mention in this thread - http://www.webhostingtalk.com/showth...26#post9471426
Filters a large quantity of spam email down to almost none.
|
| Posted by pjssms, 07-02-2015, 02:52 PM |
| added 2 rbls to the configuration i have. Thank you.
The rest of the parameters were more or less what i got already.
|
| Posted by albatroz, 09-04-2015, 10:51 AM |
| I don´t understand well your message.
Is scrolloutf1 working fine for you or not?
I am also planning to install scrolloutf1 too, so I am investigating about its performance too
|
| Posted by pjssms, 09-04-2015, 01:07 PM |
| Scrollout is nice.
But it adds one layer of complexity and in case of failure it affects all the domains there.
My approach was to place just domains with more spam issues there leaving the other out.
The rest of the domains are the ones being affected.
Usually you have to add domains one by one and when you have hundreds or thousands domains is not the best approach.
|
| Posted by pjssms, 09-04-2015, 01:08 PM |
| It is fast in performance and by preventing the emails from entering you save processing on the servers, mails in queue and the hit of large logging files and mails statistics.
|
| Posted by albatroz, 09-04-2015, 01:18 PM |
| What I would like to know if it can also work with outgoing email
as an smtp gateway.
|
| Posted by serversolutions24x7, 09-04-2015, 03:27 PM |
| As you mentioned the same emails are receiving from different IPs, in such case spammers usually do IP spoofing and I am pretty sure that emails are not being sent from the IPs which have valid SPF records. To block such emails, you may either use Scrollout or can use the WHM >> Exim Configuration Editor >> Sender Verification check so the server will be rejecting emails from such IPs.
I am sorry that I do not have much experience with scrollout but from my experience I found Mailscanner and SpamExperts really effective against spam.
|
Add to Favourites 
Print this Article
Also Read
Reseller Org? (Views: 487)
