Wednesday, November 17, 2010

Spam, Spam, and more Spam

Last night we became aware that all inbound email was not being scored, tagged or filtered by any of our spam filters. Every email had a score of zero and was therefore being delivered.

On Nov. 9th cPanel was updated to version 11.28, which had quite a few changes, one being the configuration file for Exim (the MTA, or Message Transfer Agent), the software that processes your email). Oddly enough the server didn't send a notification that there was a problem with the configuration file until late last night, Nov. 16th. Email continued to be processed, but for some reason it rendered our spam filtering system useless, while the main spam filtering component, MailScanner, still reported it was functioning correctly.

In troubleshooting what the problem was I also found the Bayes database used by SpamAssassin was unusually large, and contained 67 million tokens. Didn't I tell you our spam filters rock? If the database gets too big SpamAssassin can have trouble loading it and using it, so this could have been a part of the problem also.

The end result was that all email was not given any spam score from SpamAssassin and was delivered as "non-spam." Typically 84-90% of all email processed on our server is spam, so you've likely noticed a big difference in the last week or so.

Think of this past week as an experiment, "What your inbox would be like without spam filters." Scary, wasn't it??? I'll bet many of you will never take our spam filters for granted again, huh? I know I won't!

Everything appears to be back on track and filtering correctly. You may receive a few "message released from quarantine" emails if I see any false positives (newsletters or legitimate email being marked as spam). It's always a good idea to routinely check your spam mailbox for false positives, particularly for newsletters, as they frequently contain all the characteristics of spam.

In the "MailScanner" section of your cPanel there are options to adjust your own spam settings (for low-scoring and high-scoring spam) as well as whitelisting and blacklisting options for domains or email addresses.

We apologize for any inconvenience this caused.