Email Filters

[_Chris_]

Been dealing with spam related issues for many years, so am fully aware of Spamassassin and client side servers, but do eukhost implement other email filters please ?

[eUK-Nick]

Customers are encouraged to configure a catch-all email and use box-trappers.

[_Chris_]

Thanks for the quick response Nick. Opinions do differ on catch-alls, how would you personally suggest to configure a catch-all please ?

Also, do eukhost implement any other email filters please ? I remember seeing something about this on another website forum a few months ago. In other words, if there's some emails that we know have definitely been sent to us and we've checked through all of our client side filters and checked through out Spamassassin controls, and still find no sign of them, are there any other filters that eukhost use, that we have no control over please ?

[eUK-Martin]

Hello Chris,

No, eUKhost does not use any email filters other than on the server. The mail servers are configured to use DNS Blacklists that will reject the message before even reaching the inbox from the IPs that are black listed in major black lists. But this will send a message to the sender specifying why the message was rejected.

Regarding the email not being delivered to the inbox, we will need to investigate this issue, if you can mail this to support [at] eukhost.com, as there can be many reasons for this to happen. I would appreciate if you also specify the problem email address so that we can be more focused.

The above post relates to Linux as well as Windows servers.

[_Chris_]

Hi Martin, Thanks for the quick response. There's no specific domains, and perhaps this is something that other customers may be interested in learning more about, but generally, are there any filters that you are applying, that your customers wouldn't know about ?

Also, quite a few spammers nowadays use other peoples email address's as the 'from' address so sometimes other people have their email address's on blacklists because of that, what blacklists do you refer to please?

[eUK-Martin]

Quote:

Originally Posted by _Chris_

Hi Martin, Thanks for the quick response. There's no specific domains, and perhaps this is something that other customers may be interested in learning more about, but generally, are there any filters that you are applying, that your customers wouldn't know about ?

No, we do not apply any filters other than that has been mentioned above.

Quote:

Originally Posted by _Chris_

Also, quite a few spammers nowadays use other peoples email address's as the 'from' address so sometimes other people have their email address's on blacklists because of that, what blacklists do you refer to please?

Using other peoples domain in the spam emails is called spoofing and this can be avoided but having an SPF record in the DNS zone of the domain. But this will be only work if the receiving email server checks the acceptance of SPF record. cPanel by default does not have this feature enabled, it requires recompiling of exim. And the reason for that is most of the domain does not have this record in their DNS zone so incase we enable this all the emails from such domains will be rejected. However we do add an SPF record in the DNS for all the domains on our server.

Your third point about the email address getting black listed, many people have this misunderstanding about the black listing. It is not the email address that gets black listed but the IP address from where the email was generated. So even if the spammer is using your domain in the header it will not black list your domain but the IP address of the server that is generating the mails.

We use following Black Lists:

bl.spamcop.net
sbl.spamhaus.org
list.dsbl.org
cbl.abuseat.org

[_Chris_]

Thanks for the detailed response Martin, it does help to make things clearer.

Quote:

Originally Posted by eUK-Martin

No, we do not apply any filters other than that has been mentioned above.

Just to be totally clear, (bad experience in the past!!), are you saying that the only settings on the servers that could affect our emails is :

The usual Spamassassin

The configuration that any emails that come from an IP address that is on the blacklist will be rejected.

Box Trapper.

Could there be anything else at server level that might affect how we receive our emails please ?

Quote:

Originally Posted by eUK-Martin

Using other peoples domain in the spam emails is called spoofing and this can be avoided but having an SPF record in the DNS zone of the domain. But this will be only work if the receiving email server checks the acceptance of SPF record. cPanel by default does not have this feature enabled, it requires recompiling of exim. And the reason for that is most of the domain does not have this record in their DNS zone so incase we enable this all the emails from such domains will be rejected. However we do add an SPF record in the DNS for all the domains on our server.

The sooner SPF is used by everyone, the better really. DomainKeys seem to be catching on as well.

Quote:

Originally Posted by eUK-Martin

Your third point about the email address getting black listed, many people have this misunderstanding about the black listing. It is not the email address that gets black listed but the IP address from where the email was generated. So even if the spammer is using your domain in the header it will not black list your domain but the IP address of the server that is generating the mails.

We use following Black Lists:

bl.spamcop.net
sbl.spamhaus.org
list.dsbl.org
cbl.abuseat.org

Just wondering how many dynamic IP address's there are on those lists ! and how many IP address's of 'zombied' machines ! !

Martin, I did try to find a particular IP address on one of the above lists, but could only find a search function on list.dsbl.org - are there hidden-away lists to look at on any of the 4 above ?

[_Chris_]

Quote:

Originally Posted by eUK-Nick

Customers are encouraged to configure a catch-all email and use box-trappers.

Thanks for the quick response Nick. Opinions do differ on catch-alls, how would you personally suggest to configure a catch-all please ?

[eUK-Martin]

Quote:

Originally Posted by _Chris_

Just to be totally clear, (bad experience in the past!!), are you saying that the only settings on the servers that could affect our emails is :

The usual Spamassassin

The configuration that any emails that come from an IP address that is on the blacklist will be rejected.

Box Trapper.

Could there be anything else at server level that might affect how we receive our emails please ?

No nothing else than what I said. any emails that has been rejected will be sent a notification about it.

Quote:

Originally Posted by _Chris_

The sooner SPF is used by everyone, the better really. DomainKeys seem to be catching on as well.

Yes Domains key is also catching but Plesk still have to add an option to have them setup through the control panel.

Quote:

Originally Posted by _Chris_

Just wondering how many dynamic IP address's there are on those lists ! and how many IP address's of 'zombied' machines ! !

Martin, I did try to find a particular IP address on one of the above lists, but could only find a search function on list.dsbl.org - are there hidden-away lists to look at on any of the 4 above ?

No, none of the IPs are hidden. You should be able to see them all if they are present in the list. Its also not mandatory that an IP which is blacklisted in one list, will also be found in the other. Since it depends on the number of requests per IP and they all have their own policies.

[3:16 Designs]

intresting post

[_Chris_]

Quote:

Originally Posted by eUK-Martin

No nothing else than what I said. any emails that has been rejected will be sent a notification about it.


Yes Domains key is also catching but Plesk still have to add an option to have them setup through the control panel.


No, none of the IPs are hidden. You should be able to see them all if they are present in the list. Its also not mandatory that an IP which is blacklisted in one list, will also be found in the other. Since it depends on the number of requests per IP and they all have their own policies.

Many thanks for clearing that up with your detailed responses - I do like to know what could happen to emails sent to me

If anyone hasn't received an email from someone, that they feel they should have, it may be a good idea to carefully read through these posts.

[_Chris_]

Quote:

Originally Posted by eUK-Nick

Customers are encouraged to configure a catch-all email and use box-trappers.

Opinions do differ on catch-alls, how would you personally suggest to configure a catch-all please ?

[eUKhost.com]

Quote:

Originally Posted by _Chris_

Opinions do differ on catch-alls, how would you personally suggest to configure a catch-all please ?

never consider catchall if you wish to stay away from spams. Catchall allows spammers to choose a random emails address on your domain name to use as a reply-to and error-to address in their spamming scripts. Catchall can also result in huge inbound dictionary attack on your domain.

We have disabled catchall on some of our windows servers as catching spammers and inbound dictionary attack on windows is somewhat difficult from Linux. Spamassassin and rbl.spamcop.net + rbl.spamhaus.org make perfect combination to reduce incoming spam.

[_Chris_]

Quote:

Originally Posted by eUKhost.com

never consider catchall if you wish to stay away from spams. Catchall allows spammers to choose a random emails address on your domain name to use as a reply-to and error-to address in their spamming scripts. Catchall can also result in huge inbound dictionary attack on your domain.

We have disabled catchall on some of our windows servers as catching spammers and inbound dictionary attack on windows is somewhat difficult from Linux. Spamassassin and rbl.spamcop.net + rbl.spamhaus.org make perfect combination to reduce incoming spam.

Many thanks - that's a lot clearer now.

Tell Nick, not to worry, it got answered in the end ;-(

[eUKhost.com]

Quote:

Originally Posted by _Chris_

Many thanks - that's a lot clearer now.

Tell Nick, not to worry, it got answered in the end ;-(

lol. Glad to see you are happy now

[_Chris_]

Quote:

Originally Posted by eUKhost.com

lol. Glad to see you are happy now

Me, I'm always happy - it's just good to see explanations of things, that's all