Tuesday, December 25, 2018

cPanel EMail Filtering

Administrators that have access to cPanel can find a lot of tools to help control spam!



Apache Spam Assassin

This feature is automatically enabled by my hosting provider, and I cannot turn it off.

Spam Assassin runs every incoming email through a logarithm to give it a SPAM "threshold score." When the threshold score goes the number you set, Spam Assassin will add a “***SPAM***” tag to the subject line.

The administrator can set the numeric level for the threshold score. cPanel publishes the following advice:

  • "Spam messages score higher calculated spam scores than regular messages. 
  • "If a message’s calculated spam score meets or exceeds the Spam Threshold Score, the system will label that message as spam. 
  • "For example, an account that uses a Spam Threshold Score of 10 will only mark messages that are obviously spam. 
  • "A Spam Threshold Score of 2 will label many messages as spam, which includes messages that are likely not spam. 
  • "We recommend that new users use the default setting of 5. We recommend that an ISP set this score to 8. "

By default it was set at 7.5 at my site.

Message Headers

Spam Assassin adds a dozen or so tags to a message header, but only two are used in the next section. They are:

  • X-Spam-Score: This shows the actual numeric threshold score. 
    • 54 is the highest example I found after a cursory search, so I don't know how high the threshold score can go. 
    • What is important is that the instructions are centered on using a threshold score under 10.
  • X-Spam-Bar: This is a visual/graphic representation of the threshold score using the plus symbol ("+").  The 54 score was represented as "+++++" and a score under 10 was represented as a single forward slash ("/").


Additional Spam Assassin Configurations

(For Advanced Users) Here you will find options (and instructions) for creating and maintaining "white lists" and "black lists."

I haven't touched those settings.

cPanel Global Email Settings

This is another main option in the cPanel Email section that can be closely tied to Spam Assassin settings, specifically Spam Status, Spam Score, and Spam Bar.

The rules are executed from the top down, and one of the options is to stop processing the rules if it hits.

When you created a "rule" you have to create a unique name. Fortunately you can use mixed case letters, numbers, spaces and some special characters.

Next, you have to define a condition for the rule. This is really flexible, and includes such as options as "to," "from," and multiple other lines in the message header.

Part of the condition is how to compare it to the content: "equals," "contains," "not contains," "begins with," etc.

Finally, if (and only if) the condition is met, then you have to define what happens to the message. If it's spam, then I will forward it to a special SPAM.CATCHER account I have setup on another server. It's possible to add more than disposition, so I will add the "stop processing rules" at the end.

Here is the set of rules for one of my domains, and use this as a start for all of my domains. In this particular case, this cPanel contains multiple instances of WordPress for add-on domains:

  1. ~~ Black List ~~ SPAM-Bar = ++++
    • I can tell at a glance what this does. If the message header shows the SPAM-Bar to have 4 or more plus symbols, then this goes to to spam-catcher. 
    • If the email has 7 pluses, it will still trip because it contains 4 plus symbols.
    • Of course, I stop processing rules at this point.
  2. ~~ White List ~~ (Name of Addon Domain)
    • The rule here is for email [To] [Ends With] [Domain Name]
    • If the rule trips, then just stop processing the rules and send it on to the domain.
    • If the rule DOES NOT trip, then move on to the next rule.
  3. ~~ Black List ~~ SPAM-Bar = ++
    • This further reduces the spam. Like rule #1, this filters out messages with 2 or 3 plus symbols (remember, 4 or more were cut out in rule #1.
    • If the email has 7 pluses, it will still trip because it contains 4 plus symbols.
    • Of course, I stop processing rules at this point.
  4. ~~ White List ~~ Postmaster, Webmaster, etc
    • The rule here is for email [To] [Begins with] and I list the usual administrative accounts such as webmaster, listmaster, abuse, etc.
    • If the rule trips, then I just stop processing the rules and send it on to the domain.
    • If the rule DOES NOT trip, then move on to the next rule.
  5. ~~ White List ~~ (Name of another Addon Domain)
    • The rule here is for email [To] [Ends with] and I list specific addresses I have known to look like spam.
    • If the rule trips, then I just stop processing the rules and send it on to the domain.
    • If the rule DOES NOT trip, then move on to the next rule.
  6. ~~ White List ~~ (Name of another Addon Domain)
    • The rule here is for email [To] [Ends with] and I list specific addresses I have known to look like spam.
    • If the rule trips, then I just stop processing the rules and send it on to the domain.
    • If the rule DOES NOT trip, then move on to the next rule.
  7. Today is 2018-12-~~ 25 Filter is spam bar = +
    • I'm tightening up spam handling, and sending it to my spam.catcher.
    • I also use it to indicate the date I worked with these filters.
    • If the email has even a hint of SPAM the I send it to my spam.catcher mailbox.
    • Otherwise the mail is delivered.
The global filters works with all income email, both forwarders and actual mailboxes.



Email Filters

This icon allows the administrator to build similar filters, but these are limited to actual mailboxes.

I rarely use this because I manage so many domains that have so many different user accounts. On this particular cPanel, I manage 4 hosted domains plus 3 aliases, but I have only two actual mailboxes.






No comments:

Post a Comment