Hello again for another in our series of posts, upgrades for the Lounge network, where we are introducing new changes to our CPanel Web Hosting systems. In our last few posts, we have focused on Apache specifically so we want to touch on other improvements in the posts coming up. These upgrades are in progress, but they may not have reached your specific server yet. They are being rolled out everywhere as soon as possible.

Exim – Front line defenses.

For many years, Exim has been the front line in our fight against spam with a focus on DNSBL with different data sets. We have always tried to focus on blocking using data sets that are updated in real time from multiple automatic points. We don’t want to depend on humans due to errors and the delay in blocking. We also require them to automatically expire old data after a short length of time. Some blacklists have entries dating back to 2011 for IP space that has changed hands between different owners since that time. It is no use to us if it is out of date.

To do that, we have tested each DNSBL extensively watching for false positives. Those that had old/stale data, overlapped too much with major blacklists, were too slow to update, or just didn’t fit what we were looking for didn’t make the cut. Altogether, we tested more than 30 blacklists to construct the set we are using now. We don’t post this publicly because it is the product of considerable research. With that said, any email blocked here would also be blocked at Gmail.com, Hotmail.com, and other providers as well. There are some differences, but we try to limit the filters to ensure we aren’t too out of line with major webmail providers to encourage senders to fix the email problems instead of requiring whitelisting here. Even if we whitelist you, Gmail.com and Hotmail.com are blocking the emails so it is a much bigger problem for the sender than just us.

Beyond that, we have also introduced whitelisting at the DSNBL level to further reduce false positives. When servers are very high trust, they can bypass DNSBL filters entirely to prevent rogue listings from blocking servers that should be able to relay email we want. We wouldn’t want Twitter emails blocked because those emails were reported as spam too many times.

Spam Assassin – Highly configurable spam blocking

As we approached the next layer of spam filtering, we wanted to create a modular system that could be reconfigured as needed. If we didn’t need a component, it could be disabled on a per-user basis. If we needed to increase the score for a particular type of spam, we could add a single line to handle the spam pushed by spammers. This would be combined with plugins, new self updating rule sets, hash based email processing, and a lot more to build what we have now.

Without giving too much away, we have added new components which match hashes to a cloud of other email hashes to verify what is currently being sent as bulk email. As the bulk email is detected, it can be targeted for further scrutiny to determine if it is spam. In our case, we add a small additional bit to the score to confirm it is bulk email so it can be added in along with tests focusing on other types of spam analysis to conclude if an email is or is not spam.

These are all put into email headers as it is delivered to let us know which tests were triggered. If some tests are triggering too much, we can adjust these for you. If some are not triggering enough, we can also adjust those. The ongoing scanning adjusts these automatically everyday, but it is available.

To interact with Spam Assassin, you can log into cPanel, click Spam Assassin, and configure your options from there. We recommend a spam score of 5, placing your spam in a folder such as Spam, and disabling anything that automatically deletes email. Even if it is more convenient in theory, it is much easier to debug issues when email is not automatically removed.

After you have confirmed that the spam filtering is working correctly, setting up automatic removal of spam over a score of 15 is recommended while any over a score of 5 are placed into a Spam folder. This allows you to automatically remove email that is very, very likely to be spam while verifying the rest. A detailed tutorial for this will be available shortly, but it is all available via the Spam Assassin screen in cPanel with documentation there on how to set it up.

Note: Your spam filtering should work properly for several days before setting up automatic removal. Automatic removal should never be used with a score below 15 – 20.

Debugging – What we need to know.

If your email is missing, please log into cPanel and remove all email filters that automatically delete your email. If any filters are filtering out spam tagged by Spam Assassin, these should also be removed.

After removing the filters, please collect any bounced messages or incorrectly tagged emails including full message headers. If none are available, please watch for any examples that come in and provide these as soon as possible. Once you have the email source including full headers, paste these into a .txt file (not .rtf, .doc, .docx, or similar as these corrupt the headers), and attach it to the helpdesk. We can debug virtually any email error with this information combined with our server log files. Unfortunately, we are unable to debug many errors without it.

Note: If you are receiving spam that is not correctly tagged by Spam Assassin or you email is being incorrectly tagged by Spam Assassin, we will need the message source including full headers to debug the issues. The necessary information is in the message headers in most cases.

Our next posts will go into more details about different parts of the new system.