FastServers has been entrenched in the Windows server hosting arena for almost a decade, however a good number of our customers steer clear of running local email solutions on Windows servers because of cost, administration, complexity, and reliability — to name a few. The answer to this predicament was to employ an add-on component that would allow for ease of administration — Mail Enable (http:/www.mailenable.com). For some time now, Mail Enable has been a cornerstone of thirdparty components for our windows dedicated customers. The problem that initial arose from utilizing Mail Enable was that additional features that customers wanted to offer were totally lacking: including webmail, anti-virus, and RBL support.

Realizing that these additional features come at a premium, Mail Enable created varied builds of their product for the hosting community — Standard, Professional, and Enterprise. Mail Enable Standard is still the flagship entity of this product; providing the foundation for all the additional elements that customers require within their required operations. The standard versions allows customers to setup multiple domains, POP mailboxes, SMTP relay, email forwarders, and aliases. For the vast majority these core features are adequate, but advanced versions of Mail Enable allow for much more functionality. Mail Enable Professional employs additional features that make it more attractive for advanced hosting services. All the features of Mail Enable standard are included, but additional functionality such as webmail and RBL implementations are built into ME Professional, making it more robust than the standard version. In addition, anti-virus plug-ins are available with Mail Enable Professional: F-Prot, McAfee, Sophos, and many more — along with web administration and a handful of other bells and whistles. For customers who require more features that what are offered in a modestly robust hosting entity, then Mail Enable Enterprise may be the necessary solution. Including all the features of Standard and Professional, Enterprise includes a wealth of features that rival those of other well known enterprise level mail servers. Enhanced webmail (featuring skins and advanced management features), message filtering and event processing, database connectivity, clustering, Bayesian anti-spam filtering, are all additional aspects that are provided by ME Enterprise.

Of course it is best to speak with your dedicated sales engineer to see which version of Mail Enable will fit in best in your environment, but rest assured that Mail Enable can provide the functionality that our customers have been looking for: a sane, stabilized, and fully functional mail hosting solution for Windows platforms.

We all know what Spam Assassin does, but do we all have a firm grasp of how Spam Assassin actually goes about marking one of our beloved 419 daily scams as SPAM, lovingly tagging it for either our email clients to download and handle, or moving it to a separate “spambox” on your dedicated server, allowing for later perusal or utter destruction in one fell swoop?

Well, to examine this, we need to do a little background work first. Let’s touch on the basics, and then move forward into a more advanced analysis for our favorite spam killer. Spam Assassin is a mail filter which attempts to identify spam using textual analysis and several internet-based blacklists that are updated in real-time. Basically, Spam Assassin looks for text patterns that are common among spam messages, and uses several constantly updated databases that monitor spam throughout the internet. The blacklists can work in two ways: the first being the pinpointing of IP addresses of common spammers, and the second by comparing a checksum of the mail message against the database, to see if anybody else on the ‘Net has received and labeled this message as spam. While the first is an excellent way to reduce your unwanted email, the latter is a little more dangerous, and definitely on the more brazen side of things. Remember, when Spam Assassin does its textual comparison, it’s not only looking for the misspelled words with punctuation inserted at random places, but it’s also looking inside the headers of the message to verify the message is legit.

So, now that we know what Spam Assassin does, and a little (more I hope for some) about how it does it, let’s look at implementing some of the “Best Practices” on our common Linux automation/management tools, Plesk and CPanel/WHM.

Starting with the CPanel viewpoint, once your client logs into their CPanel interface they can select Spam Assassin from under the E-Mail main menu. They will be presented with the option of Enable Spam Assassin, and Enable Spam Box. The spam box is a secondary inbox located in the user’s mail directory on the server that contains all the messages Spam Assassin tags as spam. This is a double edged sword, however, as messages are collected there until they are checked by the user (either via webmail or a separate POP3 account using the user@domain.tld/spam setup in both cases), which means disk usage (remember email account quotas!) is being used for these messages that are almost wholly going to end up as unwanted junk mail. In the unlikely event a message does get falsely identified as spam when it is legitimate, it will be kept here until the user checks it… but typically the message gets buried very quickly under the amount of unsolicited email a vast majority of us receive. The last option on the screen allows us to customize the Spam Assassin scripts, allowing us to black list domains (refuse any and all mail from them), white list domains (such as if Spam Assassin decrees the mailing lists you’re subscribed to are spam, etc), and modify the score required for a message to be tagged as spam.

Moving into the Plesk end of the equation is a little hairy, as the Plesk software requires an additional key to activate Spam Assassin through the Plesk interface, and the configuration is done through Administrative privileges only. Once the Administrator has enabled Spam Assassin, and allows the users to individually specify spam filtering, their end users must enable Spam Filtering for each individual mail account. The settings such as white lists, and the aggressiveness settings of Spam Assassin are configured from a global (server-wide) perspective. Thanks for your time and happy hunting!

As the main Abuse Administrator for FastServers, it is my duty to inform you when your servers have been doing something that violates our Authorized Usage Policy (AUP) on our network. Along with that implied task, it is also my responsibility to instruct you on how to fix these issues. In this brief summary, I plan on informing you of how to deal with the task of tracking down spamming resources on your server, and dealing with spoofed emails.

Let’s start with the unrecognizable emails you’re seeing in your mail queue. The emails don’t look like they’re from anyone at any of your hosted domains, but they still seem to be flowing through your server to domains you’ve never heard of before. The first thing you need to check is the email header, as this will explain what account/username the email was spawned from. You should be able to find this in the form of <user> @ <hostname> and the IP of the server will also be present. If you don’t see the IP of your server anywhere in the header, it’s probably been spoofed (which we’ll get to below). If you don’t see a username within the header of the email, or you see “nobody” @ <hostname>, the spammers have probably found a way to route mail through an alternate (non-SMTP) facility on your server. Our best suggestion in this case is to disable the “nobody” user from sending mail in “Tweak Settings” in your WebHost Manager (or similar facility, depending on the panel environment). Another thing that needs to be done is a locate command from the command prompt (SSH) for the following: formmail.cgi and formmail.pl. These potentially outdated formmail gateways need to be replaced with the most recent version of the file from http://www.scriptarchive.com/formmail.html, as older versions are very vulnerable to spammers. Also, when applicable, make sure your CPanel build is kept up to date, as new software is installed to your server upon new releases from Darkorb!

The second issue you may have is dealing with spoofed return mail. If you notice mail that is coming back to your server on a bounce that you never sent out, it’s likely that someone has used your email address as the return-to address. If you look at the headers of the email, you won’t see the IP of your server anywhere. The best defense against this is to make sure you have anti-virus and spam blocking software on your local workstation(s) at your business or home. Always make sure to keep this software up-to-date, as there are new viruses and new spam schemes being created every day. If possible, find the server the spam was originally sent from, and alert their Internet Service Provider’s Abuse Department of the incident.

If you have questions about the above practices, or have any other issues dealing with SPAM, please be sure to email our Abuse Desk at abuse@fastservers.net. We’ll try to guide you in the best direction for the issue you’re experiencing.

Have a great week!