Configuring your cPanel settings so that you see less spam can turn into a never-ending battle once you start - and admittedly, some of you never start. So, this post we’re going to go over the default settings your account is installed with, and introduce you to some tricks that can assist you in filtering out unwanted email.

Exim

We process email through Exim - the way that mail works is that servers essentially knock on each other’s doors, provide a few key bits of information, and the receiving server decides whether to accept the sending server’s mail and if it accepts it, what to do with it. When an email is received, it goes through it’s first layer of security, which is not directly controlled by you. This level checks:

- whether the IP is whitelisted from all security, and delivers the mail.
- that the HELO is there, and if it is empty or not sent, the email is rejected.
- that the HELO is a fully qualified domain name. If not, it is rejected.
- If the IP Only is sent as the HELO, it is rejected.
- if someone sends our IP as their IP, it is rejected.
- against recent dictionary attacks, and is rejected it found.
- checked against the dictionary attack whitelist, and sent if found.
- checked against the RBL whitelist, and sent through if found.
- Is checked against zen.spamhaus.org, and rejected if found.
- Is checked against bl.spamcop.net, and rejected if found.
- checked against sender verify whitelist, and sent if found.
- sender is verified as real on sending server, and rejected if not.
- The recipient of the email is verified as here, and rejected if not.

After an email passes all of these checks, it is delivered to your mail system where your own MailScanner configuration and mail configuration handles the spam from there. While you don’t have the ability to change any of the above settings, we do have white lists set up to bypass almost every check just in case, so if you ever have an issue you can always ask DrakNet to whitelist one of your senders so that they simply step around the above if their mail is ever filtered and there’s no evidence their server is a threat to ours.

MailScanner

Our MailScanner installation is not a cPanel product, it’s an additional spam-fighting software that we installed to better address the spam. While MailScanner incorporates SpamAssassin (the default spam tagging and scanning software that does come default), our MailScanner also incorporates Distributed Checksum Clearinghouse and Vipulus Razor as well as SpamAssassin.

Upon your account’s installation, your MailScanner is pre-configured for the least restrictive use. Low scoring spam is considered a 5, high scoring spam is a 20, everything is set to be delivered, and virus scanning is actually turned off despite it appearing in your configuration area as many people complained of false positives and seemed to prefer handling their own virus scanning. At this point, MailScanner will only tag your spam - you will still see it all (or at least all the mail that gets through the RBL). You can change all of these settings under the “MailScanner Configuration” icon.

The Default Spam scoring numbers are pretty good - but feel free to play with them. Changing them around will change how MailScanner decides what is spam and what is not. There are two choices that you have insofar as what you want MailScanner to do with the spam it finds.

Those who set MailScanner to deliver the spam usually do so because they have set up their own filtering rules to filter spam-tagged mail into a folder so that they can peruse it all and make sure nothing is mis-tagged before nuking it. You can accomplish the same thing by creating an email address specifically for spam, having MailScanner deliver it there, and checking it/cleaning it out frequently.

You can also set it to discard - which is, admittedly, the most pleasant. The domain name drak.net has been around for ten years now, and has had lots of time to be sold and resold again to a variety of spam lists, so the spam that it gets thrown at it is a veritable flood. A few years ago, the tagging was just too much to deal with, and we began discarding both high and low scoring spam so that we don’t see any of it. A few still get through, but the helpdesk is now far more manageable. The risk is, of course, that something is mis-tagged, and you won’t see it to know it got discarded.

Then there’s a third measure you can take that people often overlook - cPanel’s mail filtering.

Filtering

There are two filtering options in your cPanel - account level, and user level. The two buttons are exactly what they say - you can use account level to filter emails for everyone on your account, and user level to come up with specific filtering directives just for one or a few email accounts.

So that this doesn’t get too long, we’re going to give you just one example to get you started.

At the top of account level filtering, it says:

Please create or edit a filter below. You can add multiple rules to match subjects, addresses or other parts of the message. You can then add multiple actions to take on a message such as to deliver the message to a different address and then discard it.

Click on “Create a New Filter”. Once you’re there, you’ll see that you have a number of options to filter out certain emails. Let’s say that you keep getting emails from a spam company that MailScanner just doesn’t seem to get with that Viagra mis-spelling - this newsletter always says “Vi@gra” in the subject line, and no matter how you play with the settings in MailScanner and even though you have it set to discard, you keep seeing it (or you tag email and know that no email with Vi@gra in the subject line is one that you ever need to see).

You’d name the rule - “Vi@gra Subject Filter”, or something that lets you know what it does. Then use the drop down list to choose to filter the subject, then choose “contains” (since you have no idea what else they’ll say in the subject line), and on the second line put Vi@gra. “Discard Message” should be the default chosen - then just hit the button to activate the rule., and bye bye messages There’s even a testing mechanism for the spam you used to make sure that the system is doing what you want with it.

This is a pretty robust system, and this post is meant to show you the ability that you have to manage the mail routing and the different abilities you have to deal with spam, not fully explain every aspect of the system (which would be extremely long and involved). If you have any questions about mail routing, you can always leave a comment here or email support, and we’ll be happy to help.

Tags: filtering, mailscanner, spam

This entry was posted on Thursday, April 17th, 2008 at 8:49 am and is filed under DrakNet Tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.