Go Back   SolidHost Forums Support Forums Tutorials / How to?

Reply
 
Thread Tools Display Modes
Old Nov 19th, 2004, 23:08   #1
Haris
Customer
 
Join Date: Nov 2004
Posts: 12
Default Advanced Spam & Virus Protection

Hello,

For an advanced Spam & Virus Protection for your dedicated server please check THIS tutorial. Please note this is an advanced tutorial.


---
If you get an error at the make install section please check this:

manually download and install SHA1 version 2.10 from here:

http://search.cpan.org/dist/Digest-SHA1/

And the make install for the agent-2,61 worked fine.
Haris is offline   Reply With Quote
Old Nov 20th, 2004, 12:24   #2
Haris
Customer
 
Join Date: Nov 2004
Posts: 12
Default

I have added this to all my servers and have to say this is a very very good addon. A must have!
Haris is offline   Reply With Quote
Old Nov 21st, 2004, 13:37   #3
SH-Andre
SolidHost Crew
 
Join Date: Sep 2001
Posts: 850
Default

Looking great, very detailed

It would be great if you could provide some background information what all those applications do.

Thank you!

-----------------
Andre van Vliet
SolidHost Administrators

Solid as a Rock
SH-Andre is offline   Reply With Quote
Old Nov 21st, 2004, 14:32   #4
Haris
Customer
 
Join Date: Nov 2004
Posts: 12
Default

Sure :-)

No problems, i will work on getting some more information on what all these programs are/do
Haris is offline   Reply With Quote
Old Nov 21st, 2004, 14:46   #5
Haris
Customer
 
Join Date: Nov 2004
Posts: 12
Default

What is Vipul's Razor?
Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.


What is DCC?
As of mid-2004, the DCC or Distributed Checksum Clearinghouse is a system of thousands of clients and more than 250 servers collecting and counting checksums related to more than 150 million mail messages on week days. The counts can be used by SMTP servers and mail user agents to detect and reject or filter spam or unsolicited bulk mail. DCC servers exchange or "flood" common checksums. The checksums include values that are constant across common variations in bulk messages, including "personalizations."

The idea of the DCC is that if mail recipients could compare the mail they receive, they could recognize unsolicited bulk mail. A DCC server totals reports of checksums of messages from clients and answers queries about the total counts for checksums of mail messages. A DCC client reports the checksums for a mail message to a server and is told the total number of recipients of mail with each checksum. If one of the totals is higher than a threshold set by the client and according to local whitelists the message is unsolicited, the DCC client can log, discard, or reject the message.

Because simplistic checksums of spam would not be effective, the main DCC checksums are fuzzy and ignore aspects of messages. The fuzzy checksums are changed as spam evolves. Since the DCC started being used in late 2000, the fuzzy checksums have been modified several times.

Unless used with isolated DCC servers and so losing much of its power, the DCC causes some additional network traffic. However, the client-server interaction for a mail message consists of exchanging a single pair of UDP/IP datagrams of about 100 bytes. That is often less than the several pairs of UDP/IP datagrams required for a single DNS query. SMTP servers make DNS queries to check the envelope Mail_From value and often several more. As with the Domain Name System, DCC servers should be placed near active clients to reduce the DCC network costs. DCC servers exchange or flood reports of checksums, but only the checksums of bulk mail. Since most mail is not bulk and only representative checksums of bulk mail need to be exchanged, flooding checksums among DCC servers involves a manageable amount of data.


What is SARE & RulesDuJour?
SpamAssassin Rules Emporium (SARE) & RulesDuJour
SARE & RulesDuJour is a bash script intended to automatically download new versions of SpamAssassin rulesets as the authors release new versions. THis will identify and block spam by filter rules.


And most of you all know what EXIM, EXISCAN, CLAMAV & RBL is
Haris is offline   Reply With Quote
Old Feb 25th, 2005, 19:05   #6
CPUBum
Customer
 
Join Date: Feb 2005
Location: Virginia
Posts: 44
Default Spam Attack Aviodance

Haris,

I am moving to a dedicated server and have been reading some of your posts. I am leaving a server that has a number of features installed and I would also like to add these to my dedicated server to help resolve issues with SPAM.

Please let me know what you have done and how well you like the results. So far I assume you have done the following:
Install required software and scripts
Virus Protection
Configure Exim to reject virus at SMTP time
Configure Exim to reject virus + sender whitelist + receiver whitelist
Blacklists, HELO tests and RBL
Sender blacklist and remote mail server blacklist
HELO test
RBL setting + sender whitelist + receiver whitelist + remote mail server whitelist
Spam Protection
Integrate into user's cPanel allowing user enable/disable server-wide Virus and Spam Protection
Does this work and have you had any problems with it? If you intefrate into the Users CPANEL, does this have to redone after each upgrade of Cpanel? Are there any of these you would suggest not using? While I want to provide a good lockdown for SPAM, I do not want to blow away good mail senders. I also assume that the whitelist allows me to add IP addresses that I want to be allowed to send no matter what?

Thanks for you help and information
Jim
CPUBum is offline   Reply With Quote
Old Feb 25th, 2005, 19:09   #7
SH-Andre
SolidHost Crew
 
Join Date: Sep 2001
Posts: 850
Default

Hi Jim,

I just wanted to add that we have been using a similar configuration on some servers and the system itself works great, but the performance overhead is quite large.

I'll leave the rest of the questions to Haris

-----------------
Andre van Vliet
SolidHost Administrators

Solid as a Rock
SH-Andre is offline   Reply With Quote
Old Feb 25th, 2005, 19:15   #8
CPUBum
Customer
 
Join Date: Feb 2005
Location: Virginia
Posts: 44
Default

From what I see in the documentation, if the load gets too high, you can turn some of these off at will. This would then lesson the load on the server. I really do not see a huge load on the server as I expect to have less thatn 200 domains running on it. None of these domains are huge hitters on email. I would figure we get less thatn 2000-3000 emails a day and most of those are spam. I will need to but my faith in your hands as to load on a p4 3G w/HT
CPUBum is offline   Reply With Quote
Old Feb 26th, 2005, 00:17   #9
SH-Andre
SolidHost Crew
 
Join Date: Sep 2001
Posts: 850
Default

It'll be hard to predict how heavy it will all be, I can't really tell. The only thing will be that the load will be higher than without this software, but you can indeed turn it off when needed.

-----------------
Andre van Vliet
SolidHost Administrators

Solid as a Rock
SH-Andre is offline   Reply With Quote
Old Feb 28th, 2005, 13:59   #10
Haris
Customer
 
Join Date: Nov 2004
Posts: 12
Default

Quote:
Originally Posted by jdstallings
Haris,

I am moving to a dedicated server and have been reading some of your posts. I am leaving a server that has a number of features installed and I would also like to add these to my dedicated server to help resolve issues with SPAM.

Please let me know what you have done and how well you like the results. So far I assume you have done the following:
Install required software and scripts
Virus Protection
Configure Exim to reject virus at SMTP time
Configure Exim to reject virus + sender whitelist + receiver whitelist
Blacklists, HELO tests and RBL
Sender blacklist and remote mail server blacklist
HELO test
RBL setting + sender whitelist + receiver whitelist + remote mail server whitelist
Spam Protection
Integrate into user's cPanel allowing user enable/disable server-wide Virus and Spam Protection
Does this work and have you had any problems with it? If you intefrate into the Users CPANEL, does this have to redone after each upgrade of Cpanel? Are there any of these you would suggest not using? While I want to provide a good lockdown for SPAM, I do not want to blow away good mail senders. I also assume that the whitelist allows me to add IP addresses that I want to be allowed to send no matter what?

Thanks for you help and information
Jim
Hey Jim, sorry for the late reply i had problems logging in the forums.

This works great for me, and no problems so far. The only bad thing is that it takes quite much time to install it, and can be confusing while setting it up.

it does not need to be added again after a cpanel update/upgrade so thats quite good .

I'm not sure which not to use, since i have them all..most are not even needed, but are recommended or optional :-), best is to test them all enabled and disabled.

And yeah indeed, the white list allows you this, it even gives the users a white and blacklist option in their cpanel.

If you have more questions just ask.

Good luck!
Haris is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 05:38.