Stopping Webmail Spam


#1

Are there any solutions besides SpamAssassin? It doesn’t seem like SA is very effective (based on other DreamHost users’ experiences here). How are other people dealing with spam in their email for domains hosted here?


#2

i added my entire address book to the spam assassin whitelist and set spam assassin to 0 0 - i get very very minimal spam now.

i just have to whitelist new email addresses of friends, family, associates, etc as i get them.

johngrayson.com
suffocate[us]


#3

Forward it to gmail.
I have seen somewhere someone describing a way to forward it to gmail and then back here. The user wouldn’t even notice.


Use promo code US97OFF to get maximum discounts!
Use o código de promoção US97OFF para descontos de até US97!


#4

http://wiki.dreamhost.com/index.php/Double-Pass_Spam_Filtering_with_Gmail

Works great! I set set mine up so procmail only sends emails under 500k. Friends send me a lot of large attachments. Spam is normally smaller. In this way I don’t send/receive a lot of large emails.


Regards,
JohnnyBeGood


#5

Dreamhost is a top hosting company is this is the best way to deal with spam?!? FORWARDING it to gmail?!?

I was hoping to hear about Dreamhost providing instructions to configure SpamAssassin or an Open Source bayesian spam filtering solution. I’m sorry, but forwarding my email to another email and forwarding it back is not a solution.

Why bother? Just tell people to use my Gmail account and cancel Dreamhost hosting. Any other REAL ideas or solutions?


#6

You can install your own spamassassin on your account and use bayes filtering, the latest tests, etc. The latest version of SpamAssassin (3.1.7) is VERY effective at stopping spam. Dreamhost’s version of spamassassin (3.0.3, over 1 year old) doesn’t use bayes filtering and doesn’t do a lot of the tests. Spam filtering is a constant arms race, so having the latest tests is the key.

There are instructions to install your own spamassassin on the dreamhost wiki. However, as of right now spamassassin 3.1.7 segfaults on one of dreamhost’s 2 mail servers so 50% of your email won’t get filtered until this is fixed (which I HOPE is soon, I’ll update this thread when they respond to my ticket).


#7

Well, it wouldn’t be for me, but it might be for some - others were sharing with you what “worked for them” :wink:

Dreamhost has
instructions for configuring SpamAssassin available on the Dreamhost Wiki
, and there is a lot of information on configuring Spamassassin on the Spamassassin website, as well as other location (Google!).

Different solutions appeal to different people; email is only one component of “hosting” and there is no requirement that you use your webhosting company’s email services if you want/need a more robust solution.

There a lots of dedicated email providers out there, any one of which might be more of a “REAL” solution for you. You could also try configuring Spamassassin to meet your needs (fribhey shared with you how he configured SpamAssassin to work well for him in a response to your post earlier in this thread.)

–rlparker


#8

The problem with that approach is legitimate emails ARE going to be classified as spam. So you have to either assume people will call you and say “why didn’t you respond to my email?” to realize the email was marked as spam (which is not reliable) or you have to look through your spam folder often (which means your spam filter is not doing its job very well, nearly all spam filter developers believe false positives are to be avoided like the plague, even at the expense of false negatives). If you get >100 spams a day to your account, you need a better solution.

I think that the thread starter’s point is valid, people expect spam filtering to work well. An up-to-date, non-crippled SpamAssassin works well. Dreamhost can’t/shouldn’t get away with having a version of PHP, apache, MySQL, etc. that is old/unreliable/insecure (dreamhost’s versions of these are all pretty current from my checks, which I commend you for). So why should dreamhost be able to get away with having a version of SpamAssassin that is old, crippled, and works poorly?


#9

That is true, and for that reason it is not the way I approach the issue, but it may be perfectly acceptable for some :wink: .

I also think the thread starter’s point is “valid”, to a point, but working “well” is subjective, and the fact is that the whole spam management issue is very much an “arms race” in that what works “well” enough today may not continue to work well tomorrow. (edit: Oops - didn’t mean to “retread” your earlier post here!)

I generally agree with your comments about Dreamhost keeping stuff current, but I think that has to be balanced to some degree with the greater requirement that things Dreamhost provides, by default, should be “mature” and as “solid” as possible. Dreamhost has stated repeatedly in the past that their main objective is to keep web site hosting as stable as possible, as that is what they perceive their main function to be.

I don’t think they view it as a matter of “getting away” with anything, though I can only guess at the reasons they may have for still using an “older” SpamAssassin version (hey, I’m just another customer here like everyone else and I have no special understanding of why they have made the choices the have made :wink: ).

Your guess is as good as mine, though I don’t characterize their choice of version to be a “getting away with” something kind of thing. Why they are using the version they are using is a question probably better directed at tech support staffers.

That said, one of the things I like the most about Dreamhost is the flexibility they afford for installing and using the tools of your choice. The Dreamhost Wiki Article on SpamAssassin even gives directions on how to install the “latest” version of SpamAssassin for your use, if you choose to do so (Oops again! - edited out repetitious info from wiki article that you already pointed out, in the same previous post I overlooked in the thresd - sorry about that!)

I just think how we choose to handle spam should our own decision, and that not everyone has the same desires in that area. For example, I handle all my spam with my own tools on my own computer . I still like POP3, and I would rather use tools on my computer for spam control, but I recognize others may want to handle it all on the server. Dreamhost offers a version of SpamAssassin “pre-configured”, but each user is welcome to use a different version, or another program altogether if they choose. One thing I am pretty sure of, is that when it comes to spam filtering, somebody will be unhappy with whatever they install as a “default” spam tool - it is just the nature of that beast that users desires and priorities differ.

–rlparker


#10

[quote]So why should dreamhost be able to get away with having a version of SpamAssassin that is old, crippled, and works poorly?

[/quote]

I gather handling email and spam “well” on large scale is a particularly difficult problem. I don’t know if there was any connection, but the last couple staffers to have major roles in that area and visibility in the forum, will, then Nate, are no longer with DreamHost. Even if it had no connection, the turnover probably doesn’t help.

There are numerous spam-related suggestions in the panel, including one to upgrade spamassassin. If you haven’t already, vote!

tor.eff.org


#11

I would personally not have any issue if the latest version of SpamAssassin didn’t crash on one of their 2 mail servers (see thread I mentioned previously). But, it does. Before I narrowed down the problem to happening on just one of the 2 mail servers, they refused to offer support. They’ve yet to respond to my new ticket, so we’ll see. Hopefully they will update/fix the software on the mail server in question so spamassassin doesn’t crash. Then I’ll be happy.


#12

Yep, I understand that completely! I did notice that other thread and hopefully your troubleshooting will get the tech people to investigate why the 2 servers act differently.

The servers really should act the same, and I hope they get it figured out for all of us. I’m also glad you tracked the problem down to the server (I most likely would not have even thought of that as being a possible source of trouble)

Here’s to hoping they get a fix for you!

–rlparker


#13

[quote]
I think that the thread starter’s point is valid, people expect spam filtering to work well. An up-to-date, non-crippled SpamAssassin works well. Dreamhost can’t/shouldn’t get away with having a version of PHP, apache, MySQL, etc. that is old/unreliable/insecure (dreamhost’s versions of these are all pretty current from my checks, which I commend you for). So why should dreamhost be able to get away with having a version of SpamAssassin that is old, crippled, and works poorly? [/quote]
Thank you! That is pretty much how I feel. Email, and spam unfortunately, is just as critical to webhosting as disk space, php/mysql and bandwidth allotted. There is no reason to have software installed on your server if you don’t keep it current, especially when that software is obselete and useless!

I am comfortable with the Unix environment and I tried installing the newest SpamAssassin following the directions in the Wiki. I don’t know if people realize this, but there are TWO sources in the Dreamhost Wiki and both have instruction steps that are slightly different. You would think Dreamhost could post their own guide instead of relying on users who may or may not know what they’re doing and DON’T have any idea of the internal workings of the server.


#14

The directions I found for upgrading SpamAssassin state that I’d have to not just install an upgrade for SpamAssassin, but also track down and install a bunch of upgrades for perl modules. To this I say: bah. Doable, but such a pain in the keister for something that really should be a pretty fundamental offering. Why make customer after customer upgrade themselves individually? I get it if the latest version is just not trustable yet, but that’s not the information I’m seeing.

Okay, so I have to upgrade SpamAssassin, and all the needed perl modules, myself. Fine. Only maybe that’s not a hot idea – from what I’m seeing on this thread, one of the two mail servers is wonky and the new SpamAssassin doesn’t work. Back to square one.

So, I’ll try filtering through Gmail. Not a fan of kludgey solutions, but I just want to get something working, because manually deleting the hundreds of emails a day that SpamAssassin is letting through is not acceptable. I got as far as the procmail instructions, but procmail doesn’t work on m####### mailboxes, which all of mine are.

3/4 of this post has been whining, and I apologize for that. What I’m really looking for is a solution.

  1. Please let me know what is learned about the mail server that is not friendly with the new Spam Assassin, I’m all ears.

  2. What is the workaround for getting procmail working for m####### mailboxes?


#15
  1. A workaround for procmail on the mXXXXXX mailboxes is to create a user instead of a mail-only account. It might break your current mail setup, but procmail only works on FTP/Shell accounts.

-Scott


#16

In what way might it break my current mail setup? Does that mean that I’d have to essentially shut down each of the existing mail accounts and create brand new ones, losing the mail in the accounts in the process, or is there a way to convert the accounts so I don’t lose all the email currently in the accounts?


#17

I don’t think you can convert a mail-only account to an FTP user.

The breakage will most likely be with your mail client. It may lose mail, and you may have to change the login setup.

  1. If your mail client is especially flexible, you won’t lose mail. Many IMAP clients will let you re-sync your account so you’ll end up uploading old mail back to the server. If it’s a POP account, there shouldn’t be any mail loss.

  2. Check the ‘username’ login to see if it’s set to ‘mXXXXXX’ or ‘user@yourdomain.com.’ The ‘mXXXXXX’ won’t work anymore, but user@yourdomain.com will continue to work.

-Scott


#18

I’ve installed 3.17, I have the Bayes system learning, its learned over 300 spams, enough I gather for the bayes system to start filtering… the problem is I have no indication the Bayes filter is filtering.

I noted on the spamassassin website, when installing a personal copy, http://wiki.apache.org/spamassassin/SingleUserUnixInstall, it mentions changing the path of Spamassassin so the system knows where to look for spamassassin… this is not addressed in the install procedures from dreamhost or the unsaturaed instructions. Did anyone have to do this? I know that when I run spamassassin -D --lint, it indicates that I’m running the old version 3.03 and that bayes is not turned on…

Do I need to change the path for my spamassassin install to work… and on that note, the spamassassin website shows how you should set the path, but I don’t believe that applies to how the dreamhost servers are setup, could someone provide the corrected path…

I do agree that dreamhost needs to either A. upgrade to the latest version of spamassassin or B. provide their own instruction on how to setup spamassassin on their servers… why do they rely on a users website, should it not be from there own…

thanks for any help you can offer!


#19

actually that’s not true. just because i have it set to 0 0 doesn’t mean that ALL mail not on my whitelist gets caught. most of my legit mail that’s not on my whitelist does not get marked as spam - and sometimes spam does get through.

setting it to 0 0 is very aggressive but it doesn’t mean it blocks everything. i’ve had it set this way since the spring and so far so good.

i also get the junk mail notifier everyday and check the junk folder often to make sure legit mail wasn’t marked as spam. if it was i just move it to the inbox and add the sender to the whitelist. this is a LOT less time consuming then dealing with the hundreds of spam i get daily.

johngrayson.com
suffocate[us]


#20

Yeah, I’m kind of with you. I’ve been a happy Dreamhost customer for over 6 years, but I’m seriously considering taking at least my email business somewhere else over this issue. The spam is getting worse for me & my family. Among other things I run an email server for my work, so I know exactly how nasty and tricky a problem it is, but that just makes me appreciate that much more that not having a Bayesian filter in this day and age is just too much of a handicap.

And installing spamassassin and all those perl modules is, literally, too much like work. (I started and ran into trouble with the modules… so we’ll have to track that down later.) There’s not a huge distance between doing that and just running my own email server.