How much spam do you get?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
revresliam
New user
New user
Posts: 2
Joined: 2009-10-05 15:34

How much spam do you get?

Post by revresliam » 2009-10-05 16:54

Hi there,

at the moment for each "good" email I receive about 20 spam messages (50.000 vs. 1.000.000/month) which are being filtered out. This slightly varies from month to month, but the overall trend is going up.

Is this something others are seeing too? Anything I can do about that?

revresliam

^DooM^
Site Admin
Posts: 13861
Joined: 2005-07-29 16:18
Location: UK

Re: How much spam do you get?

Post by ^DooM^ » 2009-10-05 17:12

Are they marked as spam or are these getting through? What anti spam settings are you using?

http://www.hmailserver.com/forum/viewto ... 12&t=15442
If at first you don't succeed, bomb disposal probably isn't for you! ヅ

roi
Normal user
Normal user
Posts: 153
Joined: 2009-09-20 12:56
Location: Chiba, Japan

Re: How much spam do you get?

Post by roi » 2009-10-05 17:43

The volume of spam seems directly proportionate to the age of the domain more than the age of the mail server.

My hMS installation is barely one month old. I have a 13-year old domain that has (spam) 90:10 (ham) ratio. On the other hand, a two-year old domain is nearly 100% spam free. When I installed hMS and hosted the 13-year old domain in it, it immediately started getting spammed. Some accounts in that domain that had been deleted more than 10 years ago are still being spammed, and non-existing (random named) accounts in that old domain are constantly being spammed.

The previous mail servers (7 years in SendMail, 6 years in Postfix) which hosted the 13-year old domain are partly to blame. They were not that good at detecting spam, so the old domain name became a fair-game favorite of spammers.

I think it will take longer for spammers to discover my new domains because hMS is quite good at its job of detecting spam at an early stage of the smtp connection. This is important because by the time filtering rules kick in, the spammers already know the email address is valid and probably already included it in their list of likely spam vectors so rules are not really effective at reducing spam attempts. Spammers steal address books packed with valid email addresses via trojans.

Spammers are quick to add valid email addresses but don't care to remove invalid email addresses. So I think you can expect your spam:ham ratio to increase with spam as your domains get known to spammers. I believe the 90:10 ratio is just about the max at this stage of the bad vs good game we are in. hMS seems to be quite good at defending our domains from spammers; I'm actually quite impressed with hMS in this regard.
hMS: 5.2.1-B361 | DB: Internal MySQL from hMS 4.4 | OS: W2K3 1Gb VM

User avatar
sheffters
Senior user
Senior user
Posts: 453
Joined: 2009-07-01 20:46
Contact:

Re: How much spam do you get?

Post by sheffters » 2009-10-05 18:08

Spam averages 94% of all e-mail sent
http://en.wikipedia.org/wiki/E-mail_spam

S.

p.s. I agree with the older domain / more spam thing .. I've basically stopped using my .co.uk mail variant as it gets so much spam its basically useless; whereas .net version gets nothing at the moment

revresliam
New user
New user
Posts: 2
Joined: 2009-10-05 15:34

Re: How much spam do you get?

Post by revresliam » 2009-10-05 18:16

Thanks for the reply!

First of all I am using 4.4 B270 - working very smooth together with SquirrelMail.

229 accounts - 71 distribution lists

I have attached screenshots with Spam protection settings. Spam mails are being marked as [SPAM] and after deleted by a global rule.

Tarpitting is both set to "0".

I realized that lately some of the "good" emails have been received by our backup email server (causing annoying delays for the users), so my thought was that the main email server might eventually have been to busy with spam emails...

CPU and memory are fine!

The domian is 11 years old. Email has been hosted by an external provider until two years ago, since then hmail server is serving the main MX record of the domain running in house.

Two year ago the "spam:ham" ratio was about 50:10. Now it is 200:10, which I think is pretty bad. Maybe this happened, because most of the email accounts have been used to setup Windows Live user accounts :(

...
Attachments
spam3.JPG
spam2.JPG
spam1.JPG

roi
Normal user
Normal user
Posts: 153
Joined: 2009-09-20 12:56
Location: Chiba, Japan

Re: How much spam do you get?

Post by roi » 2009-10-05 18:31

I'd like to add that my 13-year old domain which used to be a garbage pit, is now spam-free thanks to hMS. This is one reason I am so impressed with hMS. The helo and SPF are just two of the most effective spam tests there are. The blacklist and MX check are effective but pretty much old stuff that SendMail and Postfix were using. Of course, Spamassassin is also old stuff relative to Sendmail and Postfix.

This spam-free 13-year old domain is made possible but with only a few (6 to be exact) filter rules and SA after the "fact", i.e., after hMS had received the message for possible local delivery and without graylisting. So I credit the early smtp spam checks for this almost magic work that hMS is doing.

Ah... yes... I must not forget the authentication for local smtp. We used to use Pop before Smtp when smtp had no authentication, and Smtp then was wide open to spammers for about 30 minutes after you popped the account. That spam hole has been virtually elliminated by smtp authentication.
hMS: 5.2.1-B361 | DB: Internal MySQL from hMS 4.4 | OS: W2K3 1Gb VM

roi
Normal user
Normal user
Posts: 153
Joined: 2009-09-20 12:56
Location: Chiba, Japan

Re: How much spam do you get?

Post by roi » 2009-10-07 04:35

229 accounts - 71 distribution lists

Two year ago the "spam:ham" ratio was about 50:10. Now it is 200:10, which I think is pretty bad.
200:10 spam processing is, I think, a bit too high. I believe the average is 90:10 for a well managed mail server hosting a 10-year old domain. I suppose your account users are forced to authenticate when they send out email. If not, I would enable smtp authentication from local accounts to local and external and ask my account users to also do the same with the email client apps.

If authentication is done, then you can proceed to audit the smtp activity of your 229 accounts, and watch those accounts that are on top of the smtp volumn users. If you suspect one or more accuonts have been compromised by spammers, force a password change on those accounts. Enable Auto-Ban. Since you use webmail, increase the priority of IP range-My Computer to 25, that is, above Auto-Run's default priority of 20. This is necessary because Webmail uses the localhost address, and if one user is banned, and the localhost address is banned, then all users of Webmail will also be banned.

You should review the members list of your distribution list, and who can send email to the distribution list. If one of those accounts authorized to send to the distribution list is compromised, spam can be easily sent to all members of the distribution list.

There are a lot more settings you can do in hMail to reduce if not stop spam. I suggest you read old posts in the forum during your spare time. It is loaded with tons of tips based on actual experience of hMail users -- and it's very interesting reading too!

Oddly enough, I can now appreciate having a 13-year old domain that is/was a spam favorite. It is my own benchmark for mail server spam detection and rejection effectiveness since new domains cannot be used for this purpose.
hMS: 5.2.1-B361 | DB: Internal MySQL from hMS 4.4 | OS: W2K3 1Gb VM

User avatar
mattg
Moderator
Moderator
Posts: 21183
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: How much spam do you get?

Post by mattg » 2009-10-07 04:40

What is SPAM?

I reckon maybe 6 SPAM messages in nearly three years, One domain 40 or so accounts, 2000 or so messages per month.
One word - 'Greylisting'

:wink:

Matt
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

DanCML
Normal user
Normal user
Posts: 103
Joined: 2009-07-08 17:56

Re: How much spam do you get?

Post by DanCML » 2009-10-09 14:27

I just took at look at my hMail status pages ... :shock:

Server1: main server, has all POP accounts and is used for almost all outgoing mail from users in the company.
Up since 24th September (had to reboot due to new RAM installation)
Processed messages: 140042
Spam messages: 11024815 (and seems to be growing by about 15 per second)

Server2: secondary server, used for incoming mail when main is too busy, and all outgoing mailings to customers, forwards all incoming mail to Server1
Up since 24th September (it's a VM on the same server as Server1, so same reboot date)
Processed messages: 108714
Spam messages: 8506333 (and growing at around 15 per second)


So that's a 78:1 ratio roughly on both servers. However, I have a feeling the spam count is much higher than is actual - as much of the "spam" is rejected by RBL/DUL a lot of these could possibly be retried messages where the spamming systems are ignoring the 5xx response and simply requeuing.

I don't seem to have had any false positives so far, but I am getting spam coming through unmarked. SpamAssassin still needs lots of training by the looks of things :oops: I do use grey listing, and have SPF and host checking in EHLO/HELO enabled, as well as RBL/DUL and SpamAssassin mentioned above. I'm certainly getting a lot less spam in my inbox than I used to on my old mail server though :) Oh, and to domain age - the oldest one running on here is now over 13 years (can't give an exact age as Nominet just has a "before Aug-1996" as the registration date, but I think it was only a few months before that).

User avatar
mattg
Moderator
Moderator
Posts: 21183
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: How much spam do you get?

Post by mattg » 2009-10-10 03:07

Server up since 2009-09-09 21:54:30
Number of Processed messages 4725
Viruses detected 6
Spam messages 1

There was a single different message that wasn't flagged as SPAM or AV and therefore quarantined.
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Post Reply