Anyone else have problems with Yahoo Spam filters being overzealous? I recently setup a new domain and a few email accounts. After sending a few test messages to my Yahoo email, each one of them was flagged as spam. I changed the text to a more regular email, with no controversial words and still the same result. I notice that Yahoo regularly traps some newsletters I subscribe to in my spam filter, but rarely, if ever legitimate emails. I checked with my web host who informed me they are not on any spam blacklists and that I would have to contact Yahoo. Yahoo's help is quite a maze (designed to make you lose interest and move on), so before I continue hunting for how to contact Y!, I thought I would come here to see if this is a common problem (with a common fix).
As a web host or ISP what do you think is best to do? do spam/virus filtering, or don't touch mail and let the user do what they want with it? (no chance of false positives, or lost mail, this way)
I work for an ISP and we have a barracuda and we get tons of calls from customers regarding lost mail and such as when you're filtering such a large varitey of mail its very hard to have a "perfect" filter. Mail that a car dealership gets and what a hospital get is totally different, for example.
Also in terms of web hosting the filtering will put a reasonable load on the server during peak spamming hours.
So just curious, as a ISP/webhost customer do you think your host should do filter or do you rather manage that yourself?
We have identified that messages from your IP are being filtered based on the recommendations of the Symantec Brightmail filter as well as our internal Smart Screen Filters. The filter was initiated by Hotmail at (5/20/2009 12:00:00 AM) PST due to a large volume of emails that were sent prior to this time.
We will be happy to work directly with Symantec on your behalf to investigate and possibly resolve this problem. In order to move forward, we will need examples of the messages that were caught by the Brightmail filters.
I am running a small hosting operation and would like to know more about SPAM filtering and controlling. SpamAssasin is installed on my server but it does not do much. I was looking into different solution with a anti-spam device and would like to know which one is recommended the most: sonicwall, barracuda or symantec? (total email addresses is less than at thousand)
How much CPU & RAM load does your spam filter put on your VPS? It seems logical that the more mailboxes hosted, the more VPS resources the spam filter will consume - especially if any of the email addresses are targeted by spammers (or the user is careless and gives out their email address everywhere - as many do).
It's become so much with some of our subscribers that we have had to offer a hardware spam filter, to keep the load off the VPS. It's been great in that the VPS's protected by it have seen a dramatic performance increase....but are these subscribers unique in some way?
And so here is my question...how much CPU is everyone's spam assassin/spam filter using and how many mailboxes do you host on your VPS? very curious...
I'm wondering if theres anything I can install on the server that will either filter or track outgoing spam. I don't want to limit the number of emails sent per hour or anything, I just want to be able to maybe search through some flagged emails or something. Or if they send the exact same email more than x times it can disable their account... I'm not sure
If I'm not mistaken we have reverse DNS setup and no blacklist entries. Is there any reason why welcome emails from our custom CP are being filtered directly into the Yahoo SPAM box?
Here's the full headers from my personal email. This is the exact message a client would be sent.
From HostVentrilo.com Sun Apr 20 20:38:17 2008 Return-Path: <nobody@web.teamspeakhost.com> Authentication-Results: mta105.rog.mail.scd.yahoo.com from=hostventrilo.com; domainkeys=neutral (no sig) Received: from 69.93.229.114 (EHLO web.teamspeakhost.com) (69.93.229.114) by mta105.rog.mail.scd.yahoo.com with SMTP; Sun, 20 Apr 2008 20:38:18 -0700 Received: from nobody by web.teamspeakhost.com with local (Exim 4.68) (envelope-from <nobody@web.teamspeakhost.com>) id 1JnmrB-0007AT-P3 for xxxxx@rogers.com; Sun, 20 Apr 2008 23:38:17 -0400 Received: from phpmailer ([67.204.23.77]) by www.hostventrilo.com with HTTP (PHPMailer); Sun, 20 Apr 2008 23:38:17 -0400 Date: Sun, 20 Apr 2008 23:38:17 -0400 To: Jeff Piper <xxxxx@rogers.com> From: "HostVentrilo.com" <info@hostventrilo.com> Subject: Ventrilo Server Information Message-ID: <edee9a956937977bcb723593ae6938a5@www.hostventrilo.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="utf-8" Content-Length: 567 My only guess would be the PHP programming of the mailer code?
Some of my emails send to the clients who are using Yahoo's email is stored in their " Bulk " folder, so Yahoo is considering my email as spamer althought i'm not. So do you know how can i fix it ? Do i need to contat Yahoo about this matter ?
I just found out all my mails sent to Gmail are marked as spam. However, if I check my IP address in independant grass-root spam databases, my IP address isn't blacklisted. I checked 7 of them. Do you know how to solve this problem
A few months before I updated to Plesk 12 I noticed a huge jump in uncaught spam - I hoped the update to Plesk 12 might solve this but no luck.
I have now changed the spam sensitivity on my account 1, the idea being I would then whitelist the domains I want to get through but literally nothing is getting marked as spam. Users on other domains on the same server are reporting the same.
i have a issue on my WHM/Cpanel Linux Server. I have hosted few vbulletin and IPB forums. Problem is that, when someone REGISTERS the CONFIRMATION email is sent to JUNK/SPAM in Hotmail and Yahoo email boxes.
I have noted that The Confirmation emails sent from many other servers are NOT MARKED as spam by Yahoo and Hotmail email accounts. But the mails sent from My servers are marked as SPAM by default.
I have pasted the headers below:
Here are headers
Mails sent from this server works fine. Received-SPF: pass (google.com: domain of webmaster@vbulletin.org designates 209.62.16.134 as permitted sender) client-ip=209.62.16.134; Authentication-Results: mx.google.com; spf=pass (google.com: domain of webmaster@vbulletin.org designates 209.62.16.134 as permitted sender) smtp.mail=webmaster@vbulletin.org
Mails sent from this server are sent to SPAM folder by default:
Received-SPF: neutral (google.com: 66.90.101.249 is neither permitted nor denied by domain of zahidon_4u@yahoo.com) client-ip=66.90.101.249; Authentication-Results: mx.google.com; spf=neutral (google.com: 66.90.101.249 is neither permitted nor denied by domain of zahidon_4u@yahoo.com) smtp.mail=zahidon_4u@yahoo.com
One thing i am sure is there is something that needs to be fixed in WHM. Some option but i am not sure of that.
switched to ipower.com and not getting any help - really stuck as my customer wanted better spam filtering so I went to them on a recommendation and I do not know how to turn on and what is the best setting for spam filtering with their panel. Also using HORDE where I can set a filter using rules but it only works if I log on and hit apply filter so my customer still gets it in his in box -
I am happily running Plesk 11.5; with just one small but annoying persistent problem:
I have Clients with large mailinglistes - SpamAssassin - Server-wide greylisting - DNSBL is running.
But apparently many of the lists mail addresses have been harvested over the years. And as there is no easy way to use SA in mailman, I am down to greylisting only for list addresses.
This results in insanely large amounts of SPAM (-> moderation requests) on the client's lists. Is this behavior improved in Plesk 12?
Or can probably SIEVE filters work here - are those available to mailman? (probably not as they work in Dovecot?)
I have enabled domainkeys in the mail server and all the emails going out of the server are signed by domainkeys. Yahoo confirms the domainkeys as verified for each message sent to their servers. However, Yahoo still delivers the emails to the spam folder instead of the inbox. I have done the domainkeys setup only an hour ago. Does Yahoo take time to recognize the sender server as genuine and deliver all the emails to the inbox or is there some other reason for the emails going to the spam folder? One thing is sure, Yahoo sucks and it sucks big time.
I am having trouble with all mail from my web server being delivered to the Yahoo! spam folder. After doing some reading, I have set up an SPF record and domain keys on the server, but the messages are still being sent to spam.
Here are the headers from an e-mail I sent to Yahoo! that was marked as spam:
(Note: I've made a few replacements so that my server's identity and my identity are not obvious.) ...
Almost all mail adresses on my server is getting a spam mail from same mail marketing company everyday and i want to block them... Normally i just add the mail address to blacklist from "Spam Filter Settings" but this company is opening new addresses everyday and it is impossible to add all of them to blacklist so i need adding it as a regex to the blacklist...
The company i am talking about is opening mail addresses every day like below...
As you can see all mail addresses begin with "nrt"+"6 digits of day"+"free mail provider", so right now i am using the regex below and it is already added to the blacklist but they are still able to send me... What can i do now?
when im trying to enable spam filter for a particular email account i get this mysql error:
Error: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry 'xxxx@domain.com' for key 3 (mail id i hid it for security reasons xxxx@domain.com)..
i searchd in the psa database but could not find any duplication...
Microsoft Windows Server 2008 R2 Service Pack 1 Panel version 11.0.9 Update #59, last updated at Oct 3, 2013 02:06 AM MailEnable version 5
I see in the plesk documentation that the screen to enable SPAM filtering for an individual there is an option to "Move spam to the Spam folder". I don't see that option so I am wondering if it is only available on some versions of Plesk, or in combination with certain mail servers. How to make that option available?
## Exim system filter to refuse potentially harmful payloads in ## mail messages ## (c) 2000-2001 Nigel Metheringham <nigel@exim.org> ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ## ## This program is distributed in the hope that it will be useful, ## but WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ## GNU General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with this program; if not, write to the Free Software ## Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ## -A copy of the GNU General Public License is distributed with exim itself
## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ## If you haven't worked with exim filters before, read ## the install notes at the end of this file. ## The install notes are not a replacement for the exim documentation ## -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
## ----------------------------------------------------------------------- # Only run any of this stuff on the first pass through the # filter - this is an optomisation for messages that get # queued and have several delivery attempts # # we express this in reverse so we can just bail out # on inappropriate messages # if not first_delivery then finish endif
## ----------------------------------------------------------------------- # Check for MS buffer overruns as per BUGTRAQ. # [url] # This could happen in error messages, hence its placing # here... # We substract the first n characters of the date header # and test if its the same as the date header... which # is a lousy way of checking if the date is longer than # n chars long if ${length_80:$header_date:} is not $header_date: then fail text "This message has been rejected because it has
an overlength date field which can be used
to subvert Microsoft mail programs
The following URL has further information [url] seen finish endif
## ----------------------------------------------------------------------- # These messages are now being sent with a <> envelope sender, but # blocking all error messages that pattern match prevents # bounces getting back.... so we fudge it somewhat and check for known # header signatures. Other bounces are allowed through. if $header_from: contains "@sexyfun.net" then fail text "This message has been rejected since it has
the signature of a known virus in the header." seen finish endif if error_message and $header_from: contains "Mailer-Daemon@" then # looks like a real error message - just ignore it finish endif
## ----------------------------------------------------------------------- # Look for single part MIME messages with suspicious name extensions # Check Content-Type header using quoted filename [content_type_quoted_fn_match] if $header_content-type: matches "(?:file)?name=("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")" then fail text "This message has been rejected because it has
potentially executable content $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it." seen finish endif # same again using unquoted filename [content_type_unquoted_fn_match] if $header_content-type: matches "(?:file)?name=(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))" then fail text "This message has been rejected because it has
potentially executable content $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it." seen finish endif
## ----------------------------------------------------------------------- # Attempt to catch embedded VBS attachments # in emails. These were used as the basis for # the ILOVEYOU virus and its variants - many many varients # Quoted filename - [body_quoted_fn_match] if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))("[^"]+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc])")[\s;]" then fail text "This message has been rejected because it has
a potentially executable attachment $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it." seen finish endif # same again using unquoted filename [body_unquoted_fn_match] if $message_body matches "(?:Content-(?:Type:(?>\s*)[\w-]+/[\w-]+|Disposition:(?>\s*)attachment);(?>\s*)(?:file)?name=|begin(?>\s+)[0-7]{3,4}(?>\s+))(\S+\.(?:ad[ep]|ba[st]|chm|cmd|com|cpl|crt|eml|exe|hlp|hta|in[fs]|isp|jse?|lnk|md[be]|ms[cipt]|pcd|pif|reg|scr|sct|shs|url|vb[se]|ws[fhc]))[\s;]" then fail text "This message has been rejected because it has
a potentially executable attachment $1
This form of attachment has been used by
recent viruses or other malware.
If you meant to send this file then please
package it up as a zip file and resend it." seen finish endif ## -----------------------------------------------------------------------
#### Version history # # 0.01 5 May 2000 #Initial release # 0.02 8 May 2000 #Widened list of content-types accepted, added WSF extension # 0.03 8 May 2000 #Embedded the install notes in for those that don't do manuals # 0.04 9 May 2000 #Check global content-type header. Efficiency mods to REs # 0.05 9 May 2000 #More minor efficiency mods, doc changes # 0.06 20 June 2000 #Added extension handling - thx to Douglas Gray Stephens & Jeff Carnahan # 0.07 19 July 2000 #Latest MS Outhouse bug catching # 0.08 19 July 2000 #Changed trigger length to 80 chars, fixed some spelling # 0.09 29 September 2000 #More extensions... its getting so we should just allow 2 or 3 through # 0.10 18 January 2001 #Removed exclusion for error messages - this is a little nasty #since it has other side effects, hence we do still exclude #on unix like error messages # 0.11 20 March, 2001 #Added CMD extension, tidied docs slightly, added RCS tag #** Missed changing version number at top of file :-( # 0.12 10 May, 2001 #Added HTA extension # 0.13 22 May, 2001 #Reformatted regexps and code to build them so that they are #shorter than the limits on pre exim 3.20 filters. This will #make them significantly less efficient, but I am getting so #many queries about this that requiring 3.2x appears unsupportable. # 0.14 15 August,2001 #Added .lnk extension - most requested item :-) #Reformatted everything so its now built from a set of short #library files, cutting down on manual duplication. #Changed w in filename detection to . - dodges locale problems #Explicit application of GPL after queries on license status # 0.15 17 August, 2001 #Changed the . in filename detect to S (stops it going mad) # 0.16 19 September, 2001 #Pile of new extensions including the eml in current use # 0.17 19 September, 2001 #Syntax fix # #### Install Notes
