Skip to main content

Spam Detection

The primary source of outbound spam is the unprotected forms on the sites. While they were designed with the best intentions, they can be used by bots and hackers. Most of these vulnerable forms are registration, comment, and "contact us" forms. And now, you can protect these forms and act immediately without reimplementation, extra costs, or changing a single line of code.

BitNinja's Spam detection module is outstanding in its field as it uses advanced artificial intelligence technology to detect spam-activity and so your email addresses and IP addresses don't get block listed or flagged for spamming. Our blog article is here about our Spam protection module.

The module was first introduced in version 2.39.0, marking an exciting addition to the system's capabilities. In its current beta state, the module focuses on effectively collecting data about outbound SMTP traffic on the enabled server. This collected data empowers it to proactively block outbound spam traffic, providing a safer and more secure environment.

By default, the module is enabled, providing valuable insights into spam activity on the server. While it doesn't automatically suspend or limit accounts, it logs and displays detected spam on the dashboard, avoiding false positives and ensuring a seamless experience.

These monitored log files record core system-related processes in Exim and show information about mail transactions. Then the information is sent to our central service, and an advanced AI analyzes it. On the dashboard then, you can see which users' accounts are being used to send out spam emails. Then you can deploy a URL captcha wall on the domain with a single click of a button, so the spam script cannot receive commands and parameters to send the emails.

Supported mail transfer agents

  • Exim
    • /var/log/exim_mainlog

The monitored log's path can be modified from the module's config file.

note

The above-mentioned SMTP logs are monitored in real-time. Logs prior to enabling the module will not be checked.

The contents of the messages are NOT visible for us.

Sender script allow listing

In BitNinja version 3.2.0 we added allow list for sender scripts.

There are two options:

  • A path list, which can be used to define absolute paths under which we do not flag files as potential sender scripts.
  • A file list for which the same applies but can only be used to define file names (without path).

Config options:

[whitelist]
path[] = '/etc/csf'
file[] = '.bash_history'

The config file can be found at /opt/bitninja/modules/SpamDetection/config.ini. However this file will be overwritten by the next BitNinja update. To make permanent changes to the config file copy the directory to the /etc/bitninja/ directory first. cp -R /opt/bitninja/modules/SpamDetection/ /etc/bitninja/