I've been using 4PSA's Spam Guardian product for just over a year now and I've been considering swithing to the Plesk version. I would love any opinions/experience as to which product may work better. I realize that both products use the same basic engine, but I'm not sure if there could be any differences that could cause one to "out-perform" the other.

I can't say that I've been completely thrilled with the performance of the 4PSA product. I thought the idea is that over time it will "catch" and filter more and more spam so less will get through. This doesn't really appear to be happening. I currently have approx. 123,000 messages used for spam training. My server processes on average 2700 emails a day and drops about 531 as spam.

My personal email account brings in about 130 to 150 spam messages a day and 4PSA's Spam Guardian catches maybe 30 to 40 of them. Is this as good as it gets after a full years worth of training?

Any advice would be greatly appreciated.

Have you kept SpamGuardian up to date with the newer releases? What I have done is to also manually add some additional RulesDuJour rule sets to their configuration to make it more effective. (on 7.5.3 servers)

I personally have not paid Plesk for their SA license, since earlier versions of theirs were a bit limited... and seeing all the current set of problems with the 7.5.4 release, I would hate to pay more money just to find that it's more limited or not. :)

Yes, I have kept up-to-date with the latest releases. When I upgraded last (or maybe two times ago) I also added the RulesDuJour option but I couldn't really tell any difference? If anything, it seems like it got worse after the last upgrade.

My annual "subscription" for their products have expired and I need the updated version of the 4PSA product in order to upgrade Plesk to 7.5.4...so I'm just wondering if I should bother to pay for the 4PSA upgrade again or just use the Plesk product (which I already have a license for) instead.

or just use the Plesk product (which I already have a license for) instead Well, if you have already paid the extra for the Plesk SA key, then certainly give it a try and see if it works better for you. I have no idea why your SpamGuardian would have gotten less effective after an update.

Mine have always been quite effective, especially for those clients who insist on getting their email addresses listed on every spam list possible. I have one client who receives over 2500 spam hits per day, but only about 15-20 per day reach his mailbox, which I consider to be pretty good.

Hmm...I don't understand why mine isn't working that well. Where is the "sensitivity" level set on that account? I've moved mine from Strict to Very Strict and tried many different settings, but it doesn't seem to make a big difference.

For his account I had tried "Very Strict" but he was having too many false positives. He's currently back at "Moderate" and forward to his mailbox (due to false positives) and I set his Outlook up to auto-move Spam marked messages for his review. He is in a business where he gets emails from new clients and prospects everyday, not like many who's address book stays fairly static. He now knows to review and forward to either SPAM or HAM email addresses to assist in the training process. Maybe it's because of the sheer volume of emails he gets each day?

Did you set up the Training email address and then train your clients to forward undetected Spam mails to that email address?

And there was a jump in detection when I added more of the RulesDuJour sets, but that does take some admin monitoring since they deprecate some of the sets and whatnot.

As I said earlier, if you already paid Plesk for their SA key, why not give that a try and see if you have better luck with that one? If you have Plesk 7.5.4 I hear they made some changes, I just don't know (yet) exactly what, or if that info I heard was just poop.

spaceout, if you learn so many emails and the detection is the one you tell above, than there is something wrong on the server. On my own server I trained less than 10000 emails and the detection rate is higher than 95%. Open a support ticket with our support.

spaceout - I agree with you. I purchased the 4PSA Spam Guardian recently (I had the Plesk Spam Filter) and mainly liked the idea of having the ham_learn and spam_learn folder is the reason why I moved.

After three weeks and literally hundreds of thousands of emails sent to the junk_learn folder, I can say that the 4PSA Spam Filter is awful when compared to the Plesk spam filter.

I have enjoyed most all other 4PSA products, but their spam filter leaves much to be desired. I do plan to switch back next week if 4PSA doesn't come up with a way to make it work better. My customers have not been happy at all, and I certainly haven't been happy at all. I have also talked with support and, so far, the problem still exists.

For our high volume email customers, I have implemented multiple Fortress Secure Mail Gateways to filter out spam, and with an almost 99% success rate. I highly recommend them.

Unfortunetly, they just changed their website this month and no longer offer the stand alone FSMG installations, only Mailscanner alone. But, you can still download it from here: http://dl.fsl.com/download.php?version=1.65&pw=f3f0623d (This is meant to be installed on its own server and sit infront of your hosting servers).

FSMG sounds similar to ART's Project Gamera (PG). PG also does AV as well as AntiSpam.

FSMG has a full web frontend to manage all of its settings including Anti-virius. It also uses Mailwatch to give you all sorts of stats about the spam/virii that its filtered out. It will also do Milter-ahead so it will filter out mail that is addressed to fake users, if they dont exist on your server, it drops the message. :)

Originally posted by sieb
But, you can still download it from here: http://dl.fsl.com/download.php?version=1.65&pw=f3f0623d I guess they removed it, I get a 404 File not found :(

James - I am stil able to download it at the above location.

Also - 4PSA says that they know the problem and so hopefully they can fix it - I'd much rather stick with their solution since it has the ham/junk learning features via IMAP.

justyxxxx - I've tried clicking on that link from multiple PC's on different ISP's, turned off firewalls, no matter what I do I get the 404

I'm either having a 'stupid' day or something... :(

Basically - what it does for me is redirects me to the location for the link and then brings up the file to download. I'm using Internet Explorer with Windows XP.

Still no luck on this. Have tried IE5, IE6, Firefox, Mozilla on multiple Windows and Linux boxes, from different geographical locations in California (different ISPs and DNS servers), tried clearing browser caches, no proxies, everything I can think of. And all it ever gives me is 404 file not found. Oh well.

hey - now it's giving me the 404 error - so perhaps they changed dns entries or something and it took a while longer for the change to hit me . . .

Just my luck to miss being able to download it to test... always a day late and a dollar short!

don't worry - I never actually completed the download either - and to top it off, I backed into a light pole tonight. So, my luck is similar . . .

<OffTopic>
I don't know which is worse, being the driver and hitting something, or having your parked car get totalled by a hit and run truck driver (happened 2 weeks ago), and being at home with 7 people in the house, and none of us heard or saw a thing when it happened. Car was parked directly outside in front of the house...
</OffTopic>

oh - that really sucks. At least I know who to blame in this instance - ME. I wasn't even looking while I was backing up - I was trying to stare (ok - undress) someone getting into a car all the while backing up. HA. And hell, I guess I got their attention then. LOL.

And then I checked the mail and got in a Netflix movie and the thing was broken. DANG!

I wonder what will be next . . .

Just an update - it appears that some older PSA Spam filter files were conflicting with the 4PSA Spam Filter - but 4PSA fixed it.

It's now running amazingly well - I'm very excited about 4PSA's spam filter. It's really very very good - much better than I'd originally hoped it would be.

I've never used the PSA spam filter, so I wouldn't think that could be the problem on my box.

I have started using the IMAP junk_learn folder though, so I'm going to give that a little time to see if it helps the learning process. So far, I've been using it for almost a week and I don't see a noticable change yet.

Look in the headers of your junk mail to see if any of them have lines beginning with RCVD_IN or any lines that say stuff like this email is in the blocklist, etc.

If it's not checking blocklists -then that's possibly the problem.

I have seen a few that has "RCVD" but none yet that show specifically "RCVD_IN" or anything about a blocklist. I'll keep looking through them. Here is an example:

X-Spam-Status: Yes, score=6.1 required=6.0 tests=BAYES_50,INVALID_DATE, RCVD_HELO_IP_MISMATCH,RCVD_NUMERIC_HELO,SARE_FROM_ CAPS_MSN, SARE_SPEC_ROLEX autolearn=no version=3.0.2

And another:

X-Spam-Status: Yes, score=15.4 required=6.0 tests=BAYES_50,FORGED_MUA_OUTLOOK, MIME_BOUND_DD_DIGITS,MISSING_MIMEOLE,MSGID_SPAM_CA PS,RCVD_BY_IP, RCVD_HELO_IP_MISMATCH,RCVD_NUMERIC_HELO autolearn=no version=3.0.2

Nope - those aren't it. It'll look similar to this in some emails (note the word blocklist, spamcop, etc). If this isn't working, then you're missing out on, in my opinion, the real benefits of spam assassin. Mine is now working properly with the dns blocklists being checked and it's 98% or better detection, whereas before, it was very poor:

X-Spam-Level: **************
X-Spam-Status: Yes, score=14.1 required=2.0 tests=BAYES_95,
DNS_FROM_AHBL_RHSBL,HTML_80_90,HTML_IMAGE_RATIO_02 ,HTML_MESSAGE,
HTML_TEXT_AFTER_BODY,HTML_TEXT_AFTER_HTML,MIME_HTM L_MOSTLY,
MPART_ALT_DIFF,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_SBL, URIBL_JP_SURBL,
URIBL_OB_SURBL,URIBL_SBL,URIBL_WS_SURBL autolearn=disabled
version=3.0.4
X-Spam-Report:
* 0.1 HTML_80_90 BODY: Message is 80% to 90% HTML
* 0.1 HTML_TEXT_AFTER_BODY BODY: HTML contains text after BODY close tag
* 0.0 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
* 0.0 HTML_TEXT_AFTER_HTML BODY: HTML contains text after HTML close tag
* 1.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 3.0 BAYES_95 BODY: Bayesian spam probability is 95 to 99%
* [score: 0.9886]
* 0.1 MPART_ALT_DIFF BODY: HTML and text parts are different
* 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?72.11.146.19>]
* 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
* [72.11.146.19 listed in sbl-xbl.spamhaus.org]
* 0.3 DNS_FROM_AHBL_RHSBL RBL: From: sender listed in dnsbl.ahbl.org
* 1.0 URIBL_SBL Contains an URL listed in the SBL blocklist
* [URIs: imglt.com celestialcom.com]
* 2.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
* [URIs: imglt.com celestialcom.com]
* 1.5 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
* [URIs: imglt.com celestialcom.com]
* 3.2 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist
* [URIs: celestialcom.com]

If that is not working on my server, can I add those blocklists in my "Enable MAPS Spam Protection" configuration in Plesk...or do I need to do it diffrently since I'm using the 4PSA product?

You can - but I recommend tagging them instead because there's always a chance that good emails will be getting deleting by enabling it in MAPS. If you're not seeing some blocklists in the headers, contact 4PSA and they should be able to log into your server and correct the problem. You'll notice a tremendous difference once those are working . . . also, have them check and make sure that your main database's permissions are correct - just to be sure. My main two problems were that the main database permissions weren't correct and so it wasn't reading from it AND the DNS Blocklists queries weren't working. After that - presto - fabulous spam filtering.

Also, have them disable auto-whitelists and autolearning. If you're manually training it, then you don't need these. It was just auto-learning a bunch of crap in mine and calling it ham.

Thank you for the help...I feel like I'm heading in the right direction now!

Here's a small FAQ that I did for 4PSA SpamGuardian (mine is Red Hat Enterprise 3):

I'd like to explain the things that you might want to check if yours isn't working well - gathered thru my conversations with support and/or some of my own observations:

1. See if autolearn and autowhitelist are disabled. It was auto'ing many bad emails. You can disable them yourself by adding the following two lines somewhere in the /etc/mail/spamassassin/local.cf file:

bayes_auto_learn 0
use_auto_whitelist 0

Then, restart spamd. If done correctly, the headers of emails should begin reporting that autolearn is disabled and you shouldn't be seeing any autowhitelist scores. You may also need to delete the autowhitelists by finding them using this command:

locate auto-whitelist

And then just delete the results that you find.


2. Stop spamd and run:

/usr/bin/spamd -u popuser -D -m 5 -x --virtual-config-dir=/var/qmail/mailnames/l --socketpath=/tmp/spamd_full.sock

And check to see if you see any errors. This is debug mode. Look for permission errors, etc. There was a database permission error in mine causing it to not be reading the bayes database.

3. Make sure that DNSBlocklists are enabled and scoring. You should see lines such as spamcop, RCVD_IN* and words such as blocklists in the headers of some emails. If you're not seeing them in any emails, then something is wrong. In my opinion, this is one of the biggest reasons why mine wasn't scoring SPAM very well. According to 4PSA, it was due to an older perl-Net-DNS file. Some say that enabling Blocklists slows down email a little, and perhaps it does - a very a little, but it hasn't been anything that has delayed my emails for over just a period of a few seconds in most instances. You can add MAPS to Plesk, but then you lose the ability to actually see the email that the blocklists are rejecting. I'd do it all in SpamAssassin - so make sure this feature is enabled and that you see the above words mentioned in some emails.

Thanks for the advice. I have added sbl-xbl.spamhaus.org to the blocklists and it seems to have made a BIG difference so far.

I remember using the MAPS function in Plesk back in Plesk 5 and it never seemed to really work well so I never really paid much attention to the blacklists!

4PSA's SpamGuardian is also doing a little better now that I started using the junk_learn IMAP folder for training. I'll keep monitoring it closely for a couple more days to see what happens.

If you're gonna go the MAPS route, then I'm not sure if you're aware of this or not, but you can add multiple entries with a semi-colon:

relays.ordb.org;bl.spamcop.net;sbl-xbl.spamhaus.org

Also - if you had the -Rt0 option in the psasmtp file, then you will probably need to re-add it since Plesk seems to remove this option when updating the MAPS, thus in some cases, slowing down sending of mail via the mail client.

Originally posted by justyxxxx
If you're gonna go the MAPS route, then I'm not sure if you're aware of this or not, but you can add multiple entries with a semi-colon:

relays.ordb.org;bl.spamcop.net;sbl-xbl.spamhaus.org

Also - if you had the -Rt0 option in the psasmtp file, then you will probably need to re-add it since Plesk seems to remove this option when updating the MAPS, thus in some cases, slowing down sending of mail via the mail client. I thought the use of semi-colons as separators was a bug and actually prevented rblsmptd to work properly, originally posted with the 7.5.2 release, supposedly fixed in 7.5.3 (my 7.5.3 test server does not use semi-colons). Reference this thread:

http://forums.sw-soft.com/showthread.php?threadid=26239&goto=nextnewest

Did they modify the rblsmtpd in 7.5.4?

Originally posted by jamesyeeoc
I thought the use of semi-colons as separators was a bug and actually prevented rblsmptd to work properly, originally posted with the 7.5.2 release, supposedly fixed in 7.5.3 (my 7.5.3 test server does not use semi-colons). Reference this thread:

http://forums.sw-soft.com/showthread.php?threadid=26239&goto=nextnewest

Did they modify the rblsmtpd in 7.5.4?

Actually - I believe that I read that in the Control Panel Help file when I was in the MAPS area and it said that (from my memory - which can't always be trusted).

Also, it did seem to significantly cut down on spam when I had those three enabled and people were asking me - is that thing deleting the spam? So, yes - I believe that it does work with semi-colons - at least from my experience something was working when I enabled multiple MAPS sites.

I agree that the use of MAPS servers can be effective, and I do use MAPS, but cannot get it to work with the semi-colon separator. As a test (to see any error messages) I run the command at a shell prompt:
# /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org;smtp.dnsbl.sorbs.net /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/trueand get the error:bash: smtp.dnsbl.sorbs.net: command not found

No matter what 2nd MAPS server I put. But if I change the semi-colon to <space>-r<space> like this:# /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org -r smtp.dnsbl.sorbs.net /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/trueThen it runs fine and does not give any error. This is what leads me to believe that the use of semi-colons is in error.

DOH! (I really need a vacation, my brain must be really slow lately) Unless they have changed the control panel to allow the admin to enter it with ; but then convert it before writing it to the /etc/xinetd.d/smtp_psa file (which was a bug in 7.5.2), but since then I've just manually edited the files, have not tried it again by the cp screen.... can you confirm this?

I did it from the MAPS Control Panel and apparently they change it to spaces because my arguments look like this (I added the -Rt0 option). I added those for testing - but I'm removing all but the relays.ordb.org since I prefer the tag route:

server_args = -Rt0 /usr/sbin/rblsmtpd -r relays.ordb.org -r bl.spamcop.net -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

That's what I thought, I know it was resolved in 7.5.3, but when it first appeared in 7.5.2 they didn't convert the ; to space -r space which caused many people problems...

Maybe I'll go back to using the GUI that I'm paying for and not using for many things :)

I've had to stop using MAPs altogether because some of my clients (businesses) were on DSL lines where the whole subnet was getting blacklisted daily by Spamhaus.

That is one of several reasons I do not use MAPS on all servers, just the ones where it does not cause more problems than good.