spamexperts questions


meeotch

Recommended Posts

A couple of questions regarding the spamexperts setup at HH:

  1. Is it possible to login directly to spamexperts for a given addon domain, without first logging in to cPanel?
  2. Is there a way of reporting spam/ham directly, by forwarding the mail in question to a specific address?  (Other than the thunderbird plugin, which only does spam.)
  3. If you mistakenly report the wrong email, is there a way to unreport spam/ham?  I couldn't find anything in the SE interface.
  4. If the quarantine is OFF, so that all mail is forwarded through, is there a way to flag spam in the subject line, as there is with "unsure" mail?
  5. After being processed by SE, mail arrives at HH's servers & is processed there as usual - i.e., filters/forwarders are applied, etc. - correct?
Link to comment
Share on other sites

1.  It is possible to do this the first step is to set a password for SpamExperts you do this by logging in through cPanel then going my account -> user profile and setting a password.  After this if you look in your address bar when logged in through cPanel method you should see the spamexperts server you're on.  Just go to that URL directly and you'll be able to login.

2.  It is not possible but the other way to report spam other than the thunderbird plugin is to just access it via IMAP.  Same login as logging into SpamExperts directly and connect to the one in your address bar.  You'll see all the reporting folders and be able to access the quarantine directly as well.  You can also do this on a per email account basis by making accounts for them through SpamExperts.

3.  Not possible but if it flags an email based on your reporting previously if you tell it that it's not spam this would be effectively the same thing as reversing it.

4.  If you check the headers there will be SpamExperts specific headers which tell you it's assessment of the email.  I believe in your case you'll be looking for "X-SpamExperts-Class" and the associated values for those.  You could then use filters either in cPanel or your email client to send them to a specific folder.  Although if you do the IMAP integration method you can have the quarantine off while still being able to easily access SpamExperts.

5.  That would be correct once it hits our cPanel servers then it would process everything else as usual filters/forwarders etc.  Also the SpamExperts filtering servers are in fact operated by us as well we just use their software.  It's our own cluster of machines doing the filtering and everything.

Link to comment
Share on other sites

Awesome - thanks.  I'll check it out.

One thing I think I noticed is that there's no "custom header" choice when setting up an email filter.  The spamassassin headers are in there, but the spamexperts ones are not.  I could use the "any header" choice, probably - though I could see where that might lead to mis-filtered mail.

Link to comment
Share on other sites

  • 1 month later...

To follow up on this thread:  I did ultimately get spam forwarding working by setting a Subject line tag for spam in SpamExperts, and filtering on that on the cPanel side.  Interestingly, the Gmail address to which I was forwarding suspected spam ended up silently discarding the vast majority of the forwarded mail.  Didn't even send it to the Gmail Junk folder, it just disappeared into the ether.

I've also noticed that I'm getting a number of spam messages that arrive with no SpamExperts headers *at all*.  Is this the result of spammers mailing directly to the server that runs my site and ignoring the MX records that normally send everything through SpamExperts?

If so, is it possible/reasonable to enable SpamAssassin as a second line of defense against these direct mailings?  Does SpamAssassin run directly on the webserver, or does it involve an MX redirect the way SpamExperts does?

Link to comment
Share on other sites

3 hours ago, meeotch said:

To follow up on this thread:  I did ultimately get spam forwarding working by setting a Subject line tag for spam in SpamExperts, and filtering on that on the cPanel side.  Interestingly, the Gmail address to which I was forwarding suspected spam ended up silently discarding the vast majority of the forwarded mail.  Didn't even send it to the Gmail Junk folder, it just disappeared into the ether.

This is a big reason why we highly recommend anyone using forwarding to service like Gmail, Hotmail etc. is to consider instead of using their POP3/IMAP checking.  This avoids the problem of you forwarding spam to them that is missed and causing mail to be lost outright.

3 hours ago, meeotch said:

I've also noticed that I'm getting a number of spam messages that arrive with no SpamExperts headers *at all*.  Is this the result of spammers mailing directly to the server that runs my site and ignoring the MX records that normally send everything through SpamExperts?

If so, is it possible/reasonable to enable SpamAssassin as a second line of defense against these direct mailings?  Does SpamAssassin run directly on the webserver, or does it involve an MX redirect the way SpamExperts does?


There should be no problem using SpamAssassin as well but it's obviously be unnecessary when dealing with the SpamExperts email.  One other trick some users use is use the filtering option in cPanel and set it to drop any email that does not have SpamExperts in the headers.  In almost all cases anyone ignoring MX entries is more than likely a spammer to begin with so dropping the email is an acceptable outcome.

 

Link to comment
Share on other sites

Thanks for the reply.  w.r.t. Gmail:  my intention in forwarding was to cut down on the work of manually checking spam for false positives.  I've found that Gmail's filters are pretty good, and by using them as a "second line of defense", I'm able to just ignore the spam box altogether, as gmail will let me know when it spots a misclassified ham message.  Anyway, it's a lot easier than scanning many dozens of spam manually, and it reduces the false positive rate.  (For instance, I found that SpamExperts was producing false positives based on "SPF" almost 50% of the time, so I turned off SPF in the Filter Settings.)  It's odd that Gmail is silently dumping so much of the forwarded spam, though.  With the same setup at my previous ISP (SpamAssassin as "first defense" instead of SpamExperts), Gmail would accumulate spam at the rate of a couple dozen per day.  But with the current setup, almost nothing gets through.

I wonder if Gmail is finding something in the headers that get forwarded from SpamExperts that it doesn't like?  (Or alternatively, a spam flag header that it trusts so much that it doesn't even bother scanning & filing the mail away in the Spam folder.)  I know...  good luck getting Google to tell me.

I'll investigate the filter trick you mentioned.  So if I'm understanding correctly, the "Any Header" choice will actually match against the full text of the headers, including their names?  (As opposed to just their values, I mean.) 

(EDIT: I've also discovered that night SpamExperts domain reports don't have SpamExperts headers, which makes sense, so one should make sure to add a filter line that handles that case.)

Edited by meeotch
Link to comment
Share on other sites

The problem with forwarding email and I'm not sure if gmail has changed at all but they consider the server you're on as partially responsible for the spam.  So if you're say forwarding a lot of spam to them they may opt to block the server you're on.  They may also simply consider it to have a poor reputation and be very aggressive and flat out drop mail over a certain threshold.  I'm assuming they'd also put your domain you're forwarding in as part of the equation so a lot of spam from it and it could end up in the same situation as our servers.

As far the SpamExperts SPF problem it may be more aggressive as far as failures compared to say Google.  You could disable SPF checking via SpamExperts filter settings or alternatively if you find it's a common domain just disable the check for it.

For the filtering the any header I believe is what you'd want and just have it make sure the spamexperts header line exists (check one of your messages for it to confirm the exact text).  I would of course suggest when you enable this you test it immediately just to make sure it's working.

Link to comment
Share on other sites

Thanks for the info.  (And yes, I have disabled SPF checking via SpamExperts.)

I set up a filter to catch senders who are ignoring the MX records, and I discovered a couple of things.  Hopefully, this info will be useful to someone in the future:

  • Using "All Headers" and matching against "SpamExperts" works in the test box on the cPanel filter page, but doesn't seem to actually work in practice.  I don't know why this is.  I looked at the filter.yaml file that was produced, and it was using the exim variable $message_headers, which claims to be "all the headers concatenated".  You'd think that this would include the text of the header names, and thus "SpamExperts" would work as a match term, but it didn't.
  • My solution to this was to match the "All Headers" against the *name* of the SpamExperts server, which shows up in the *values* of a couple different headers.
  • Messages sent locally (so, from one of my domains to another) *do* show up with SpamExperts headers, but *don't* seem to match the rule above correctly.  Again, no idea why.  I solved it by adding an additional "From does not contain" line with my own domain as the search term.
  • Messages sent to a mailing list at one of my domains do *not* seem to pass through SpamExperts at all.  Had to add an additional filter line to allow these to pass.
  • Messages sent to my addon domains via default address forwarding do *not* pass through SpamExperts.  Had to add a filter line for every one of my addon domains.

The last point above is the only one I'm really worried about.  It seems like allowing all default address mail to pass without spam filtering is a bad idea.  I suspect that I could fix it by turning off default addresses @ creating specific email addresses at my eight addon domains - but that's sort of a pain in the ass, and requires remembering which addresses are in use at each domain.

Link to comment
Share on other sites

btw (unrelated) - there seems to be no way of getting an email notification when someone responds to a thread you've posted.  I'm following this thread, and have all email notifications turned on. When I click on the "Following" button in the upper right of the thread, "notification when new content is posted" is selected.  However, when I then click on "change how the notification is sent" and it takes me to the notifications settings page, I see that the "Someone comments on something I follow" option is highlighted in red and both email & browser options are locked out by the administrator.

(I've also got "Notify me of replies" turned on as I post this message.)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...