Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




NodexHost
170 posts

Master Geek

Subscriber

# 257461 4-Oct-2019 12:31
Send private message quote this post

Hey everyone. I am receiving a large amount (920 in 24 hours) of spam emails (self hosted running cPanel on a VPS) originating from a variety of domains but all containing a message asking me to "Confirm my subscription" to a marketing list of some sort. The emails weren't getting flagged by Apache SpamAssassin as spam so I had to create a custom rule to redirect the spam messages to my spam inbox.

 

 

 

Would this be a targeted attack or something else? Is there anything else I should do??


Create new topic
957 posts

Ultimate Geek


  # 2329568 4-Oct-2019 12:36
Send private message quote this post

I doubt it's targeted. At most I would do exactly what you did and remove the rule after a few days.

 

I use sieve, very very carefully and don't use any spam filtering - worked in the industry for years, don't trust it.


xpd

Chief Trash Bandit
10037 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 2329581 4-Oct-2019 12:51
Send private message quote this post

Is it all coming from the same server ? If so, just deny/block the server.

 

 





XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  20GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, emulation, geekery, and my attempts at photography.     Now on BigPipe 100/100 and 2Talk

 

Emulation - The art of getting your $4000 PC to run an 80's system - and still fails.

 

Add me on Steam


 
 
 
 


15164 posts

Uber Geek


  # 2329627 4-Oct-2019 14:10
One person supports this post
Send private message quote this post

You should contact your web hosting provider or upstream support about it. I have found that good web hosts should be pretty responsive with resolving this sort of thing. 


Webhead
2292 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 2329644 4-Oct-2019 14:33
Send private message quote this post

I have not used it, but this service have been recommended and advertised on several tech podcasts I follow.

 

Mailroute (the link gives you 10% off, I don´t get a cent), and you can test it for free for 30 days.

 

 

 

Captera have a lot of other services you might want to check out as well.





17 posts

Geek


  # 2329655 4-Oct-2019 14:53
One person supports this post
Send private message quote this post

Spam is a daily battle for any sysadmin, and once you understand the fundamentals about how spammers operate, it's fairly easy to block them.

 

First understand the fundamental ways of blocking spam. 

 

1 - Reputation filtering eg. RBL lists, Senderbase reputation, Greylisting etc.

 

2 - Content filtering eg. Spamassassin / Cloudmark engines / pattern files for engines

 

So questions that come to my mind, you say you are using the normal open source tools bundled with cPanel / plesk. Spamassassin uses a bayesian engine that auto-trains or learns as it picks up patterns.  It works with a scoring threshold system... depending on how low the value is set, the more strict it will be.  Start by checking if you are merely flagging messages as potential spam (aka learning mode), or if you are actually dropping messages that exceed the scoring value. Most of the time, these spam messages are sent by bots who would just find an open MX SMTP port and bomb it.  There is no proper retries involved as per what a normal MTA would do.  For these kinds of problems, look @ Greylisting.  This stops bots dead in their tracks. 

 

Greylisting will merely tell the remote sender, please retry in X amount of minutes... as bots don't retry, you drop a ton of spam messages even being accepted, preventing overloading your content scanning engines.  Same goes for using RBL authorities... there are some of them which are just plain morons, but stick to the bigger more popular ones like Spamcop / Spamhaus.  UCEprotect I categorise under the moron category. 

 

If your MTA is setup to use RBL lists, you wont be accepting mails from dodgy IP ranges.  The free tools will also only help you up to a point, once you get to more crafty devious methods of spam  like "snowshoe spam", then you have to start looking at commercial solutions for that level of protection. 

 

Everything you have described, is why you pay hosting providers to do stuff like email for you.  Its manpower intensive, and requires technical knowledge in how to analyze mail headers, and how to combat entry points.  Don't even get me started on webforms, or broken Captcha checkers.  Most of the time you pick those things up in mail headers @ the injection point. 


xpd

Chief Trash Bandit
10037 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 2329660 4-Oct-2019 14:59
One person supports this post
Send private message quote this post

Aren't you running a hosting company ? A sysadmin should be able to implement a solution.

 

 





XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  20GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, emulation, geekery, and my attempts at photography.     Now on BigPipe 100/100 and 2Talk

 

Emulation - The art of getting your $4000 PC to run an 80's system - and still fails.

 

Add me on Steam


957 posts

Ultimate Geek


  # 2329663 4-Oct-2019 15:09
Send private message quote this post

Pornolio:

 

Spam is a daily battle for any sysadmin, and once you understand the fundamentals about how spammers operate, it's fairly easy to block them.

 

First understand the fundamental ways of blocking spam. 

 

1 - Reputation filtering eg. RBL lists, Senderbase reputation, Greylisting etc.

 

2 - Content filtering eg. Spamassassin / Cloudmark engines / pattern files for engines

 

...

 

Greylisting will merely tell the remote sender, please retry in X amount of minutes... as bots don't retry, you drop a ton of spam messages even being accepted, preventing overloading your content scanning engines.  Same goes for using RBL authorities... there are some of them which are just plain morons, but stick to the bigger more popular ones like Spamcop / Spamhaus.  UCEprotect I categorise under the moron category. 

 

 

Also DKIM, SPF and DMARC. These give the sending domain some control over how messages claiming to be from their domain should be handled. Because this is domain policy, it should be considered law, unlike RBLs and filters.

 

Greylisting doesn't instruct the remote sender to retry in x minutes. SMTP has no mechanism for this, it simply returns a temporary failure. When, or even if the sending server tries again, is entirely up to the sending server. RFC5321 specifies a retry interval of 30 minutes... that's too long to wait for important things to come though. Some verification e-mails aren't even valid for that long. Use with caution.


 
 
 
 


'That VDSL Cat'
11032 posts

Uber Geek

Trusted
Spark
Subscriber

  # 2329666 4-Oct-2019 15:29
Send private message quote this post

It's almost like being sent spam is a factor for all mailhosts, not just the big ones.....





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




NodexHost
170 posts

Master Geek

Subscriber

  # 2329673 4-Oct-2019 16:07
Send private message quote this post

xpd:

Aren't you running a hosting company ? A sysadmin should be able to implement a solution.


 


I have implemented a permanent solution. Just wondering why this would occur because its something I've never seen before.



NodexHost
170 posts

Master Geek

Subscriber

  # 2329674 4-Oct-2019 16:07
Send private message quote this post

mattwnz:

You should contact your web hosting provider or upstream support about it. I have found that good web hosts should be pretty responsive with resolving this sort of thing. 


Contacted OVH.

15235 posts

Uber Geek

Trusted
Subscriber

  # 2329677 4-Oct-2019 16:22
3 people support this post
Send private message quote this post

I gave up hosting my own email, it's someone else's problem now. FastMail does a good job of spam filtering, as does Gmail.




NodexHost
170 posts

Master Geek

Subscriber

  # 2329678 4-Oct-2019 16:25
Send private message quote this post

timmmay:

I gave up hosting my own email, it's someone else's problem now. FastMail does a good job of spam filtering, as does Gmail.


I use G-Suite for my main email account but I use self hosted for others because its much cheaper.

xpd

Chief Trash Bandit
10037 posts

Uber Geek

Mod Emeritus
Trusted
Lifetime subscriber

  # 2331015 5-Oct-2019 14:32
Send private message quote this post

I still host my own (Hmail) , get extremely little spam coming in. Using a combo of Spam Assassin and DNS/SURBL lists.





XPD / Gavin / DemiseNZ

 

Server : i5-3470s @ 3.50GHz  16GB RAM  Win 10 Pro    Workstation : i5-3570K @ 3.40GHz  20GB RAM  RX580 4GB Win 10 Pro    Console : Xbox One

 

https://www.xpd.co.nz - Games, emulation, geekery, and my attempts at photography.     Now on BigPipe 100/100 and 2Talk

 

Emulation - The art of getting your $4000 PC to run an 80's system - and still fails.

 

Add me on Steam


Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Arlo unveils its first video doorbell
Posted 21-Oct-2019 08:27


New Zealand students shortlisted for James Dyson Award
Posted 21-Oct-2019 08:18


Norton LifeLock Launches Norton 360
Posted 21-Oct-2019 08:11


Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18


Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.