Inbound Spam Filters

INBOUND SPAM FILTER SYSTEMS

INBOUND EMAIL:  On average 80% of all email hitting your server is Junk / Spam or Marketing Emails so Spam Filters are crucial to allow email to be usable. Email is dynamic in that the senders mail server may be on a clean IP address one day and get onto an RBL blocklist the next.  Further the Content of each email is unique in its links, attachments, number of CC and the connecting IP address.  Spam Filter Rules that score email are constantly updated to keep up with changes in Spammer patterns so just because someone sent you email that was accepted as HAM yesterday doesn't mean their email will not get flagged as SPAM Today.  Some email may be undesirable but still accepted because it passes the technical tests and no spam filter is perfect so you will still receive some unwanted email and you can fine tune the systems for even higher accuracy.

Lowesthosting provides 2 advanced spam filtering systems Magicspam and Spam Assassin that process inbound email.  Both systems are managed via your cPanel / Email / Magicspam and  cPanel / Email / Spam Filters.  Both systems are preset to our default settings but you can customize them your needs.

Overview:  Magicspam and Spam Assassin will work well using our default settings however every user has different needs so you may need to modify the settings to make the filter more or less aggressive or to whitelist the occasional False Positive where a sender you desire is being marked or rejected as spam.

If a senders email server is compromised and on one of the IP reputation lists it will be processed as Spam and if its a temporary condition you can simply move the spam into your inbox but if it's an ongoing issue you may need to add it to the applicable system whitelist.  You should periodically scan your Spam Folder to identify False Positives (Email that you desire but are  categorized as Spam) and adding them to your whitelist or if you find too many of emails you desire are being flagged by a particular RBL list you can turn the applicable Magicspam RBL list OFF if it is causing more problems than its solving.



Magicspam is a connection level filter that rejects emails that are malformed or out of RFC compliance and can be set to Reject or Flag  emails if they are on  various  RBL block or Marketing Lists or emails originating from Select Countries.  If a list is set to Reject it will bounce back to the sender and its logs will show which list it was on.  If the List is set to Flag it will be accepted and marked as *** SPAM ***  and put into your Spam Folder and the logs will show it was Quarantined.  If you you find this list is causing too many valid rejections you can set it from Reject to Flag or Off to disable it.  Email that pass Magicspam as HAM is then processed through Spam Assassin Spam Filter.


Spam Assassin Does not Reject email, its uses advanced algorithms to score each email from 1 to 10 and has a Default Spam Threshold of 5.  Emails that score below 5 are delivered into your Inbox and those that exceed 5 are Flagged as  *** SPAM ***  and routed into your IMAP based spam folder.  You can adjust the Spam Threshold to make Spam Assassin more or less sensitive as well as define if you want it to route spam into your Inbox instead of the Spam Folder.  You can also add emails to its Black List or Whitelist to force to over-ride the default scoring.

 

Viewing Email Headers To Identify True Sender, The System that Flagged It and Reason:

Often the actual sender Known as Envelope From is not the same as the Reply to address you see so viewing the email headers will give you all the information you need to take the appropriate action to whitelist it. It will also show you which system flagged it as spam and the reason so you can whitelist the correct entry.

MAGICSPAM: If the the bottom of the Mail Headers has an entry similar to: "X-MagicSpam-Spam: 5.5.2 block_list (41)"
you will know it triggered Magicspam and which RBL or Reputation List the email was on. You can then locate the "Envelope From" email address (which is the actual sender) and copy and past it to the Magicspam Whitelist by going to cPanel / Email / Magicspam / Exemptions From Whitelist. Alternately you can search the Magicspam Logs and once the email has been located click the sender to whitelist it.   If you see a pattern where many of your desired emails are constantly being flagged by the same List it may be better to turn the list off  via cPanel / Email / Magicspam / IP Reputation section. 



SPAM ASSASSIN: If the headers will contain a Spam Score similar to: "X-Spam-Status: Yes, score=7.2. X-Spam-Score: 72 X-Spam-Bar: +++++++  you know it triggered the Spam Filter and will contain X-Spam-Report: report showing all the things within that email that triggered the Spam Filter. You can then locate the "Envelope From" email address (which is the actual sender) and copy and past it to the Spam Filters Whitelist via cPanel / Email / Spam Filter / Advanced / Whitelist.  If you feel Spam Assassin is too sensitive you can modify its  Threshold from 5 to 6 (or higher) via cPanel / Email / Spam Filters / Threshold Score which will make it less sensitive however this will also allow in more spam to your inbox.


NOTE REGARDING WHITELISTING: If you see the Envelope From email formatted like 234ac342343.something@domain.com it often means the sending system is a third party mail gateway that is creating a unique id for that account. You can use the search function in your webmail to locate all the emails formerly flagged as spam from the sender or subject and see if the Envelope Sender is the same every time or changes. If its the same you can whitelist it as is. If it changes each time it means they are creating a unique campaign id for tracking so you would add a wildcard whitelist entry like *.something@domain.com or *@*.domain.com.

Track Delivery Your cPanel / Email / Track Delivery is a tool you can use to view your mail logs to identify how an email was processed and will tell you if the mail was rejected or flagged by Magicspam and the magicspam List that the mail was on.  It will also show if email was flagged by spam Assasin and its spam score however the logs are massive and overwrite.  Track Delivery does not contain a direct search function (but you can set it to display up to 1000 entries use your browsers search to locate entries).

 


    Magic Spam Features

  • Checks all inbound email for technical checks.
  • Checks all inbound email against User selectable RBL blacklists & marketing lists.
  • Allows you to set the routing for some of the optional lists to mark as spam or reject and return to sender.
  • Allows you to view Statistics to view total mail and spam volume and how changes in your settings effect accuracy.
  • Allows you to route email classified as Spam to your Inbox or spam folder automatically
  • Allows you to view inbound mail logs to verify if the email reached your server and how it was classified and routed.
  • Allows you to block email based on country so you can kill off junk email from foreign countries you don't do business with.
  • Allows you to set Blacklists for problem emails that are getting through the normal filters.
  • Allows you to set Whitelists to insure important emails bypass all filters and are always delivered.
  • Allows you to set Blacklists or Whitelists for email sender, mail server IP or Country.


DASHBOARD: Displays daily mail summary of volume of email and mail categorized as spam.

SEARCH MAIL LOGS

You can search the Mail Logs by Date Range and or by Sender or Recipient.  You can also set the filter to display all events or just Spam or Quarantine or Ham .  If you leave the search and filters blank and just click SEARCH all emails received will be displayed.

LOG DETAILS:  Email marked as HAM has been accepted.  Mail marked as QUARANTINE has failed one or more checks and has been marked as ***SPAM*** in the subject and saved to your  INBOX or SPAM Folder depending on your Spam Settings / Routing Option settings.  Mail marked as SPAM in the logs was Rejected and sent back to sender. You can CLICK on the IP or Sender or Country to add the entry to the Block or Allow Exception List.


SPAM SETTINGS:  

 

 

 

SPAM ROUTING  OPTIONS: Once the filter determines an inbound mail is Spam it will mark its subject with **** Spam **** . You can then choose to have the mail added to your Inbox, placed inside a "Spam" folder which can be accessed via IMAP from your email software, or the online Webmail system or Deleted.   By Default both MagicSpam and Spam Assassin will put all mail Classified  as SPAM folder.  You would have to uncheck the routing in both systems to have Spam put into your inbox.


IP REPUTATION: 

DEFAULT IP REPUTATION LISTS SET TO FLAG:  UCEPROTECT-1 (List Number: 4).   UCEPROTECT-2 (List Number: 5). SORBS-DUL    (List Number: 23)

Mail matching these lists will be ACCEPTED and marked a ***SPAM***  in subject and put into your Spam Folder.  You can set them to ON if you would rather reject the email and return it to sender.

 

MARKETING BLACK LISTS :  

MIPSpace-worst (List Number: 40)  https://www.mipspace.com/ratings.php
MIPSpace-poor (List Number: 41)   https://www.mipspace.com/ratings.php
MIPSpace-pros (List Number: 42)   https://www.mipspace.com/ratings.php

 

ABUSE / BOTNET BLACK LISTS :

RATS-Dyna (List Number: 36)         https://www.spamrats.com/rats-dyna.php
RATS-NOPTR (List Number: 37).    https://www.spamrats.com/rats-noptr.php
RATS-Spam (List Number: 38)        https://www.spamrats.com/rats-spam.php

 

These are optional lists that include known marketers and bulk mail sources should be used with caution.  They will kill off a tremendous amount of spam but may also classify email some email that you desire as spam (false positive) especially if the sender is using a third party mailing relay that may be shared with other known spammers.  These are set to OFF by default and we suggest you test them by setting the list(s) to FLAG mode so email matching the list will still be ACCEPTED and marked ***SPAM*** and you can whitelist any desired senders and after testing  you can set them to ON which will then reject the spams.

EXCEPTIONS: Force the filters to exempt any email to be Allowed if it was being mislabeled or block if its getting through by:Sender's specific email address ie: spammer@acme.com or a wildcard address such as *@acme.com or a subdomain wildcard *@*.acme.com that will cover any email address from the specified domain.

Some senders use mail gateways that are often on junk lists because the same mail gateway ip is shared by many users sending bulk mail. When you see a gateway sender it may not be obvious who the source is, some gateways add an account user name ie: uniqueidnumber.client@gateway.com  where the Uniqueid number changes so clicking on the whitelist in the log won't work you would need to add a wildcard *@mailgateway.com in those cases or whitelist the mail server IP address.

 

ADVANCED LOG SEARCH:  The reply to you often see is not the same as the actual sender.  If you have email marked as spam or rejected even after whitelisting it means the sender is using a gateway or third party mailer.  To locate the sender in the logs:

1. Open the email in your spam folder and view its headers (in roundcube there is an option to view Header) locate the X-MagicSpam-TUUID value at the bottom of the header: it will be a value like e7959b6a-5ed6-4499-8b34-407c04b82835 and Copy it (control C)

2. In cPanel / Magicspam / Logs paste the value (control V) into the Transaction UUID field and click search

3. This will display the log entry for that email and you can view the true sender and click on the sender to whitelist the specific sender or whitelist domain to allow email from the entire domain of the sender.

If you still have difficulty open a support ticket and provide us the  To / From / subject / date / and folder location ie: spam folder or inbox so we can view the email itself for analysis and assistance. If the email is not on your server because you are using pop to download emails you would have to provide its headers in the ticket.

 

SECURITY: This section allows you to block email by the sending country and is very effective at reducing junk and spam.  Countries that are blocked that are preset by your host are in GREY and you can select one or multiple countries in the "Allowed Countries" list and move them to the Block side and save to block even more junk mail.

 

 

  • spam filters, magic spam, spam assassin
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Auto Responders

Configuring Email Auto responders An auto responder allows you to send an automatic reply to...

Configure Outlook

1. click the File menu and click Add Account.2. Select Manually configure server settings or...

Configure Outlook Express

1. In Microsoft Outlook Express, from the Tools menu, select Accounts.2. Go to the Mail tab and...

Configure IOS

1. Press to select "Settings" from your SpringBoard. 2. Press to select "Mail" from the...

Apple Mail

Open Apple Mail. and click 'Mail,' and select 'Preferences...Open the 'Accounts' tab, and click...