Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

Shared Hosting Providers, what are your Anti-SPAM measures?
New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

Shared Hosting Providers, what are your Anti-SPAM measures?

jetchiragjetchirag Member
edited February 10 in General

Hey,

Again, I'm looking at some more possibilities, suggestions or recommendations on this topic. Pricing on LET won't buy most providers mailchannel or other outgoing relay with filters. Like Francisco has his own scripts system

I wrote a few script to assist or automate things. One is to get mass senders from exim log and suspend outgoing email for them. Some are for reporting which I no longer use.

Now, what else do you guys use?

Or shall I..
  1. .18 votes
    1. Let the SPAM flow?
      33.33%
    2. Live in mountains
      66.67%

Member without signature

Tagged:
«1

Comments

  • 6ixth6ixth Member
    edited February 10

    I'm waiting on Mxroute allowing SMTP relay on standard plans :(

    Thanked by 1MikePT
  • @6ixth said: I'm waiting on Mxroute allowing SMTP relay on standard plans :(

    That'd again be costly for high limits than standard plans. Gleert did pretty good sale last Black Friday still doesn't covers it

    Member without signature

    Thanked by 1MikePT
  • muffinmuffin Member
    edited February 10

    @6ixth said: I'm waiting on Mxroute allowing SMTP relay on standard plans :(

    Will most likely not happen. https://mxroute.com plans are super cheap, often less than $10 / year if you are a light user and only gets them on promotions. If you check https://www.mailchannels.com/reseller/whmcs-module/ , each sub account will cost $1 / month = $12 / year excluding any outgoing emails, so that’s already a loss.

    Thanked by 1MikePT
  • I use mailchannels for email and submit a whole lot of data into influx and ES to spot anomalies - and I actively contact customers when they do stuff that looks semi-spammy.

    I'm also not in the LET pricing, so I guess I can afford it.

    Thanked by 2MikePT vimalware
  • @jetchirag said:

    @6ixth said: I'm waiting on Mxroute allowing SMTP relay on standard plans :(

    That'd again be costly for high limits than standard plans. Gleert did pretty good sale last Black Friday still doesn't covers it

    Depending on how many emails your customers send? I'm sure you can get LET prices as well if you PM Miguel. I'm specifically waiting on being able to use my Mxroute.com account which has unlimited everything but 40GB of storage.

  • jetchiragjetchirag Member
    edited February 10

    @Zerpy said: I use mailchannels for email and submit a whole lot of data into influx and ES to spot anomalies - and I actively contact customers when they do stuff that looks semi-spammy.

    I'm also not in the LET pricing, so I guess I can afford it.

    I have Mailchannels on non-LE pricing plans but still gotta look for LE plans. Mailchannels works great tho

    Member without signature

  • 6ixth said: I'm sure you can get LET prices as well if you PM Miguel

    I don't think it can get cheaper than those Black Friday'ess therefore, my current mailchannels plan may even satisfy my current volume (which is low) but worth checking other options

    Member without signature

    Thanked by 1MikePT
  • FR_MichaelFR_Michael Member, Provider

    We are not into shared hosting but monitoring mailqeue with nagios or zabbix and limit amount of outgoing email per customer per hour is pretty standard and straight forward.

  • @FR_Michael said: We are not into shared hosting but monitoring mailqeue with nagios or zabbix and limit amount of outgoing email per customer per hour is pretty standard and straight forward.

    Just did setup some reportings. Let's see how it goes

    Member without signature

  • FR_MichaelFR_Michael Member, Provider
    edited February 10

    You should also start to monitor the biggest spamlists for your ip address. either use mxtoolbox or write a simple script on your own to query the lists.

  • @FR_Michael said: You should also start to monitor the biggest spamlists for your ip address. either use mxtoolbox or write a simple script on your own to query the lists.

    Already have daily monitoring with email and slack push to all major RBLs.

    Mass mail problem is already solved now. Main problem is even tho you limit to like 100 per hour, those 100 mails can get you a or more notice. I don't think there's any solution to this now rather than mailchannels

    My main reason to open this thread was to discus/see what other providers do

    Member without signature

  • Mailcheap has also some kind of limiting, may be worth checking it out

    Thanked by 1jetchirag
  • FranciscoFrancisco Top Provider

    Do you mean inbound spam or outbound spam?

    My systems handle outbound only, I just use the standard cPanel (SpamAssassin, etc) to handle inbound.

    Francisco

    BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    Thanked by 1MikePT
  • FR_MichaelFR_Michael Member, Provider

    outgoing as he explained in his first post. to avoid getting blacklisted you also can rotate outgoing ip addresses and Scan your outgoing mails with spamassassin and so on

  • angstromangstrom Member
    edited February 10

    @jetchirag said:

    @FR_Michael said: You should also start to monitor the biggest spamlists for your ip address. either use mxtoolbox or write a simple script on your own to query the lists.

    Already have daily monitoring with email and slack push to all major RBLs.

    Mass mail problem is already solved now. Main problem is even tho you limit to like 100 per hour, those 100 mails can get you a or more notice. I don't think there's any solution to this now rather than mailchannels

    My main reason to open this thread was to discus/see what other providers do

    Frankly, I don't know how Francisco really manages to deal with the spam problem. Is he really able to catch most of the spam? I guess that, since a shared hosting user at buyvm gets a dedicated IPv4, there's not a single shared IPv4 that could be blacklisted. But still, Francisco seems brave to tackle this problem on his own.

    "[T]he number of UNIX installations has grown to 16, with more expected." (K. Thompson & D. M. Ritchie, UNIX Programmer's Manual, 3ed, 1973)

  • jetchiragjetchirag Member
    edited February 10

    @Francisco said: Do you mean inbound spam or outbound spam?

    My systems handle outbound only, I just use the standard cPanel (SpamAssassin, etc) to handle inbound.

    Francisco

    Outbound spams. That kinda php mail wrapper of yours IIRC.

    But since it also limits the account, I guess it'd work same as disabled mail.

    @angstrom is right on point, there.

    I am now thinking of this:

    1. Exception list for user accounts.

    2. Cron to disable outgoing features of account but enabling on the ones in exception list.

    Seems legit way here. Some inconvenience to users but legit.

    Member without signature

  • @Francisco said: My systems handle outbound only,

    If I may ask, if your outbound spam filter designates an email as spam, is the email simply deleted without notification to the user who tried to send it?

    "[T]he number of UNIX installations has grown to 16, with more expected." (K. Thompson & D. M. Ritchie, UNIX Programmer's Manual, 3ed, 1973)

  • jetchiragjetchirag Member
    edited February 10

    @angstrom said:

    @Francisco said: My systems handle outbound only,

    If I may ask, if your outbound spam filter designates an email as spam, is the email simply deleted without notification to the user who tried to send it?

    IIRC, it wouldn't let php mail to pass without any notifications. I don't think it is even necessary to have noty.

    Thought it was asked to me

    Member without signature

    Thanked by 1angstrom
  • FranciscoFrancisco Top Provider

    @angstrom said:

    @Francisco said: My systems handle outbound only,

    If I may ask, if your outbound spam filter designates an email as spam, is the email simply deleted without notification to the user who tried to send it?

    It's purely a whitelist for the account as a whole, it doesn't try to see if an email is spam or not.

    99% of our shared users don't need sendmail or remote SMTP, so I block both and require people ticket for it. Some people get crabby about that or make threads on here/WHT complaining about it, but it's generally not bad.

    Francisco

    BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    Thanked by 1angstrom
  • @Francisco said:

    @angstrom said:

    @Francisco said: My systems handle outbound only,

    If I may ask, if your outbound spam filter designates an email as spam, is the email simply deleted without notification to the user who tried to send it?

    It's purely a whitelist for the account as a whole, it doesn't try to see if an email is spam or not.

    99% of our shared users don't need sendmail or remote SMTP, so I block both and require people ticket for it. Some people get crabby about that or make threads on here/WHT complaining about it, but it's generally not bad.

    Francisco

    So it's kinda what I mentioned above, right? WHM has api or command to suspend outgoing mails since 64 version which I guess should work fine as replacement.

    Member without signature

  • @Francisco said:

    @angstrom said:

    @Francisco said: My systems handle outbound only,

    If I may ask, if your outbound spam filter designates an email as spam, is the email simply deleted without notification to the user who tried to send it?

    It's purely a whitelist for the account as a whole, it doesn't try to see if an email is spam or not.

    99% of our shared users don't need sendmail or remote SMTP, so I block both and require people ticket for it. Some people get crabby about that or make threads on here/WHT complaining about it, but it's generally not bad.

    I see, it's basically a trust-based system after a user requests and is granted the right to send email.

    "[T]he number of UNIX installations has grown to 16, with more expected." (K. Thompson & D. M. Ritchie, UNIX Programmer's Manual, 3ed, 1973)

    Thanked by 1Francisco
  • @jetchirag said: So it's kinda what I mentioned above, right? WHM has api or command to suspend outgoing mails since 64 version which I guess should work fine as replacement.

    Yeah, perhaps you should do the same: a user is blacklisted by default but can be whitelisted upon request.

    "[T]he number of UNIX installations has grown to 16, with more expected." (K. Thompson & D. M. Ritchie, UNIX Programmer's Manual, 3ed, 1973)

  • @angstrom said:

    @jetchirag said: So it's kinda what I mentioned above, right? WHM has api or command to suspend outgoing mails since 64 version which I guess should work fine as replacement.

    Yeah, perhaps you should do the same: a user is blacklisted by default but can be whitelisted upon request.

    Been thinking this since morning. Implementation of this seems pretty easy too! There's just one problem that users don't know mostly about spam being sent.

    Will try writing some reportings and auto suspension system something possibly in morning. Thanks fran for sharing and everyone else too

    Member without signature

    Thanked by 1Francisco
  • FranciscoFrancisco Top Provider

    Hello,

    We don't use suspend_outgoing_email for that, but we do when a user has multiple SMTP accounts get compromised. It works very well.

    Remember, you can call it from CLI if you want to speed things up:

    whmapi1 suspend_outgoing_email user=USERNAME

    Francisco

    BuyVM - Dedicated KVM Slices / Anycast Support! / Stallion Control Panel / Windows 2008, 2012, & 2016! / Unmetered Bandwidth!
    BuyShared - Shared & Reseller Hosting / cPanel + Softaculous + CloudLinux / Pure SSD! / Free Dedicated IP Address
    Thanked by 2Aidan JohnMiller92
  • jetchiragjetchirag Member
    edited February 11

    Francisco said: whmapi1 suspend_outgoing_email user=USERNAME

    Yup, that. Wrote yesterday

    I've wrote two script. One is to get top senders from mainlog. If emails sent is higher than xxxx, run that command for it.

    If anyone's interested, here's link

    Member without signature

  • JoseQuesoJoseQueso Member
    edited February 12

    lol shared hosting in 2018

    go repent

    Why fly on Dewlance's magic carpet when you can just be DDOS'd?

  • @JoseQueso said: lol shared hosting in 2018

    go repent

    nothing wrong using shared hosting for non-techie.

    Thanked by 3Aidan Ole_Juul lazyt
  • JoseQuesoJoseQueso Member
    edited February 12

    @sibaper said:

    @JoseQueso said: lol shared hosting in 2018

    go repent

    nothing wrong using shared hosting for non-techie.

    non-techies shouldn't be fiddling around with websites. much better to do apt-get install nginx php

    Why fly on Dewlance's magic carpet when you can just be DDOS'd?

  • JoseQueso said: lol shared hosting in 2018

    It'll always be around

    Be the spark that ignites the dumpster fire of the shithole you live in.
    Noticing a spike in abuse from China and affiliate links? Click here

  • @doughmanes said:

    JoseQueso said: lol shared hosting in 2018

    It'll always be around

    unfortunately

    Why fly on Dewlance's magic carpet when you can just be DDOS'd?

  • JoseQueso said: unfortunately

    Keep working on that post count since your account is new

    Be the spark that ignites the dumpster fire of the shithole you live in.
    Noticing a spike in abuse from China and affiliate links? Click here

  • JoseQuesoJoseQueso Member
    edited February 12

    @doughmanes said:

    JoseQueso said: unfortunately

    Keep working on that post count since your account is new

    ty babe u 2. need to catch up!

    Why fly on Dewlance's magic carpet when you can just be DDOS'd?

  • MikePTMikePT Member, Provider
    edited February 12

    @6ixth said: I'm waiting on Mxroute allowing SMTP relay on standard plans :(

    While we do allow it (you're responsible for the setup though), if you send a few thousand per month, we'd kindly ask you to signup for mxroute.io instead :-).

    @muffin said:

    @6ixth said: I'm waiting on Mxroute allowing SMTP relay on standard plans :(

    Will most likely not happen. https://mxroute.com plans are super cheap, often less than $10 / year if you are a light user and only gets them on promotions. If you check https://www.mailchannels.com/reseller/whmcs-module/ , each sub account will cost $1 / month = $12 / year excluding any outgoing emails, so that’s already a loss.

    This is the only argument I use when I'm asked for 1k email plans @ MXroute.io. We simply can't do it. We still have some stock @ www.mxroute.io/LET.html but that's really the best we can do for our fellow members here. Trust me, if we could do better, we would.

    @6ixth said:

    @jetchirag said:

    @6ixth said: I'm waiting on Mxroute allowing SMTP relay on standard plans :(

    That'd again be costly for high limits than standard plans. Gleert did pretty good sale last Black Friday still doesn't covers it

    Depending on how many emails your customers send? I'm sure you can get LET prices as well if you PM Miguel. I'm specifically waiting on being able to use my Mxroute.com account which has unlimited everything but 40GB of storage.

    Still, imagine if a client sends 50k emails per month, that wouldn't work, at all. We need to apply some soft limits to avoid relaying thousands of emails on accounts that cost $10 USD per year. It's obviously not doable, and we want to do things right here. We like to keep things affordable and sustainable, and that comes with limits that allow us to do such prices.

    For the MXroute.io brand, well, last time I posted here, I didn't get any sales though I had many requests for such small packages. Usage isn't noticeable, but subaccounts getting paid every month are, so even if we profit 5 eur per year, it still need to be worth for us. 2k for 20 EUR per year is really the minimum we can do. It's also possible to order 5k for 30 EUR and 10k for 40 EUR. All this per year, recurring. I would argue that such prices are definitely within the LET limits, 10k emails is a lot of emails to be sent.

    MXroute.io - SMTP Relay Service, powered by MailChannels, fully automated, LET plans

    MXroute.com - Email Hosting, powered by MailChannels

  • i thought jarland owned mxroute, now i'm confused

    Why fly on Dewlance's magic carpet when you can just be DDOS'd?

  • He is partnering with @MikePt (aka elcheapo but aren't we all).

    In a lowend world we are in a race/ to find better deals or get punched in the face/Anything can happen from good to bad/ and if you lose some money don't be too sad./

    Thanked by 1MikePT
  • JoseQuesoJoseQueso Member
    edited February 12

    that makes sense, ty. double the ceo's double the $. deal me in.

    Why fly on Dewlance's magic carpet when you can just be DDOS'd?

    Thanked by 1MikePT
  • The .io version is a joint venture with @jarland and @mikept.

    Thanked by 1MikePT
  • JoseQueso said: non-techies shouldn't be fiddling around with websites. much better to do apt-get install nginx php

    What are you trying to prove here? It's been long past that statement was made invalid!

    Member without signature

  • One day @virmach suspend my vps because my shared hosting customer send spam. I just disable email completely.

  • JoseQuesoJoseQueso Member
    edited February 12

    @jetchirag said:

    JoseQueso said: non-techies shouldn't be fiddling around with websites. much better to do apt-get install nginx php

    What are you trying to prove here? It's been long past that statement was made invalid!

    Bjarne mentioned problems with his hosting account in the 2015 interview. I think you can get way more value for your money over a VPS as compared to a shared hosting account. All the user has to learn is how to connect with PuTTY and run a couple apt-get's. A lot of shared hosting offers don't offer pure DDoS protection like RamNode or BuyVM do. Sometimes the user will have to install and re-compile GoLang just to implement generics so they can add those software level iptables.. I mean, for a shared hosting user to do that, would be very troublesome imo. A VPS user, imo, gets your hands more dirtier so you will be ready for the layer 7 attacks.

    But I mean sibaper is right to an extent, I just unfortunately disagree. Especially since golang doesn't even fucking have generics and you have to pull the damn separate fork for Generics and then re-compile golang. It's just silly to get proper iptables to work on shared accounts. But it is possible however.

    Why fly on Dewlance's magic carpet when you can just be DDOS'd?

  • JoseQueso said: Bjarne mentioned problems with his hosting account in the 2015 interview. I think you can get way more value for your money over a VPS as compared to a shared hosting account. All the user has to learn is how to connect with PuTTY and run a couple apt-get's. A lot of shared hosting offers don't offer pure DDoS protection like RamNode or BuyVM do. Sometimes the user will have to install and re-compile GoLang just to implement generics so they can add those software level iptables.. I mean, for a shared hosting user to do that, would be very troublesome imo. A VPS user, imo, gets your hands more dirtier so you will be ready for the layer 7 attacks.

    So, If I want to host my personal blog which not a single person will bothers to read, I should

    1. Learn about VPS
    2. Learn to manage and do all the nasty stuff
    3. Get my hands pretty dirty with anti-ddos stuff
    4. Care about maintenance and security

    Even if you switch personal blog with some small business site, hobby, some medium traffic blogs, et cetera. What part of running blogs and hosting website can you not do in shared hosting which will have atleast 2.0 effect on website?

    Member without signature

  • @JoseQueso don't you think it's a little late to spam LET?

    thanked by nekki sister !

  • @jetchirag, you make good points. However, the VPS learning process is not hard really.

    In regards to your points:

    1. Yes this is the one I agree with you, they will have to do some reading
    2. couple apt-get's or using a LEMP script is cake. Just upload to FTP, set permission to 755 and ./install.sh
    3. dos-deflate and paying for ddos protected IP from RamNode / BuyVM will be their best bet. They don't even have to worry about ddos if they hide their ip appropriately, assuming they have no leakage, and use cloudflare
    4. Meh, I don't really do any maintenance, other than > /var/log/logxxxx.txt every now and then since I hate LogRotates. But that's just me. That could be done as a cronjob however, so again. Maintenance can be automated to some degree as well

    Why fly on Dewlance's magic carpet when you can just be DDOS'd?

  • @maldovia said: @JoseQueso don't you think it's a little late to spam LET?

    He’s been generating useful posts for the past hour and a half (?) now.

  • @doghouch said:

    @maldovia said: @JoseQueso don't you think it's a little late to spam LET?

    He’s been generating useful posts for the past hour and a half (?) now.

    Thank you, that means a lot to me.

    Why fly on Dewlance's magic carpet when you can just be DDOS'd?

  • @JoseQueso The point still remains intact, why do all of it? For a person who is into hosting, it might make sense but for a non-techie whose primary interest/profession/hobby isn't this, shared hosting is way to go for him.

    Member without signature

  • JoseQuesoJoseQueso Member
    edited February 12

    @jetchirag said: @JoseQueso The point still remains intact, why do all of it? For a person who is into hosting, it might make sense but for a non-techie whose primary interest/profession/hobby isn't this, shared hosting is way to go for him.

    Well, I mean you're not wrong I just think people are underestimating themselves and how easy it is now to learn stuff. I mean look at me, I'm literally retarded and I can setup a VPS pretty good. I'm sure bloggers and other people who do professional work are much more smarter than me. :P

    Why fly on Dewlance's magic carpet when you can just be DDOS'd?

  • WSSWSS Member

    @JoseQueso said: 4. Meh, I don't really do any maintenance, other than > /var/log/logxxxx.txt every now and then since I hate LogRotates. But that's just me. That could be done as a cronjob however, so again. Maintenance can be automated to some degree as well

    Well this is pretty direct and foretelling who you are. Don't you have, like, something better to do?

    This place just isn't the same; You know where to find me if you want me.

  • @WSS said: Well this is pretty direct and foretelling who you are. Don't you have, like, something better to do?

    Unfortunately not, but WHT banned me so..

    Why fly on Dewlance's magic carpet when you can just be DDOS'd?

  • WSSWSS Member

    @JoseQueso said:

    @WSS said: Well this is pretty direct and foretelling who you are. Don't you have, like, something better to do?

    Unfortunately not, but WHT banned me so..

    Well, here's hoping for two for two. Have a good one, broham; I'm no longer engaging you.

    This place just isn't the same; You know where to find me if you want me.

Sign In or Register to comment.