• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Alternatives for Span-assassin

hardbrasil

Regular Pleskian
Hello fellas, i would like to know if i am the only one that has spam issue on server.

i have customer that receive 250 spam/day

yes, spf, drbls lists enable, dkim, spam assassin , blacklist (2k domains blocked), list of IPs blocked.

I set spam assassin filter 2 per email account and still getting a lot of msg...
yes, spam assassin is runing...

i dont know what to do to block them.

i am using this:

DomainKeys spam protection: Verify incoming mail [] (unchecked - because there is too much false positive)
SPF rules: include:spf.trusted-forwarder.org
DNS zones for DNSBL service: sbl.spamhaus.org;zen.spamhaus.org;bl.spamcop.net;b.barracudacentral.org;uribl.dnsbl
 
@hardbrasil,

Spamassassin is a pretty particular piece of software and your problem is less related to spamassassin and more to your (general) spam settings.

I will discuss them briefly:

a) Domainkeys: no problem here, leave as is (for the time being at least)

b) DNS zones for DNSBL service: only use "sbl.spamhaus.org;zen.spamhaus.org"

There is a reason for this: the other lists are less reliable, even buggy (in rare occassions, this can lead to no checking at all) and often based upon spamhaus.org (i.e. they overlap).

Better to use a minimal amount of DNSBL lists, by preference the most suitable and efficient lists, being spamhaus.org.

c) SPF rules: it is not enough to use "include:spf.trusted-forwarder.org".

In general, this is a bad setting.

I will not discuss the details, but a proper setting is:

1 - check the checkbox "Switch on SPF spam protection",
2 - set "SPF checking mode" to "Reject mail when SPF resolves to fail (deny)"
3 - set both "SPF local rules" as "SPF guess rules" to "v=spf1 +a/24 +mx/24 +ptr ?all include:spf.trusted-forwarder.org" (Note: this is a general SPF record, it can be more "strict")

Please note that the order in the SPF record, as mentioned in point 3, is very important.

Also note that it is very important to check where the SPF record is "active": if your Plesk instance is a primary nameserver, then step c) is all you have to do.

However, if you use some external nameserver (for instance, you use nameservers provided by the registrar or some external service, like Route53), then it is absolutely necessary to add a TXT record to your DNS, with

<domain>.tld TXT v=spf1 a mx ip4:<IP of your server> ~all

and note that

- this SPF record is somewhat more strict: the "/24" has been removed (allowing less IPs to match SPF syntax) and the "ip4:" has been added (only pass SPF check if the IP matches)
- if your machine allows IPv6: just add "ip6:<IP of your server>"
- do not set the "~all" SPF record to "-all": this will result in a lot of false negatives

and, finally, note that

- the SPF check result of "negative" does not imply that spam does not get delivered: a negative SPF result does not imply that mail is blocked
- Spamassassin does use the SPF results to allow or disallow mail: mails are blocked by Spamassassin.


All of the above is just some rough outline of what you can or should do, to improve the blocking of spam messages.

As another tip, you could also introduce DMARC records in your DNS (this takes the form of _dmarc.<domain>.tld TXT v=DMARC1; p=none; rua=mailto:<mail> or such alike).

DMARC also works like a charm to tackle spam mails, but it requires some additional effort.

In short, I would suggest to take steps a to c first and have a look at the effect of the number of spam mails.


Hope the above helps!

Regards.....
 
Yes I do. Both Razor and Pyzor augment spamassassin well.

@danami,

Absolutely true, they augment Spamassassin.

Problem is that Razor is known to cause many issues and some of the issues are also making it (more or less) unsuitable for Plesk. Such a shame, Razor is nice (in general).

Regards...
 
If you've tried all the suggestions from trialotto and still are not satisfied you could consider MagicSpam. I've been mostly happy with this 3rd party product (about $12 a month). It can be a bit overly aggressive depending how you set it up (you choose which spam blacklists to enable).
 
Jeffrey, i had tested magicspam few years ago.
i got a lot of customers claiming about true emails not coming anymore.
and Magicspam support said that everthing was ok.

was a terrible experience.
 
@JeffreyZ

I must add that MagicSpam is an out-of-the-box add-on to Plesk, but it certainly is not the best one, for many reasons.

When disregarding the price of MagicSpam, there is this huge danger of "false positives" (spam mail that is allowed) and "false negatives" (good mail that is blocked).

Especially the "false negatives" are worrysome: they never reach the mailbox, as a result of the design of MagicSpam.

The design of MagicSpam certainly has very good elements, but it has one major drawback: it is primarily focused on incoming spam.

And in a world of spam, both incoming and outgoing spam should be focused on.

In short, even though I can appreciate the MagicSpam add-on, this does not justify the value thereof.

In essence, the best way to have a good (incoming and outgoing) spam filtering is to create a cluster dedicated to (only) spam filtering, allowing only good mail to be delivered.

We are working on a solution for this, in assocation with a well-known industry partner.

Regards....
 
You really should try MagicSpam again, a lot has changed in 'several years'. We should also point out that with MagicSpam PRO, you also get outbound rate limiters etc. to help outbound spam from account compromises. The beauty of MagicSpam (Aside from it's low cost) is that it blocks right in the SMTP layer, lowering system overhead. Of course, it is very flexible too, you can use the 'defaults' for light protection, or go more aggressive. Statistically, MagicSpam defaults are very safe, and block the worst of the attackers. Protecting unlimited users/domains for one small price is pretty attractive. We do hope you try it once again, there is a reason we were chosen by the Plesk team to be included by default. You can now even try the 'free' version on all Plesk installations from 12.0 and up.
 
@MagicSpam12

Are you kidding? Your post is essentially advertising your own product? I am not sure, but that really seems to be the case.

Moreover, the alleged statistics are not based upon facts, please test the MagicSpam solution in comparison to all alternatives on the market.

Personally, I object to the statement "small price", since prices starting (!) from $ 12,99 per month is not a "small price", certainly when taking into account that Plesk has many (free or included) packages that essentially do the same as one or more functions/features of MagicSpam.

I really dislike your post, such a shame that in a couple of months this forum has been showing a lot of these type of posts or reactions.

Does MagicSpam also protect against hidden advertisements on forums?

That feature should be considered: it is easy to realize, the solution should not be promoted on this forum (under the MagicSpam12 handle or other handles on this forum).

And, do not get me wrong, I will give you a small tip: you are allowed to refer to your services in the signature (see "official announcements" on this forum).

Hope that helps.

Regards
 
Not to start a flame.. wasn't trying to 'pump' our product, just pointing out some discrepencies. And trying to help someone out. "HardBrasil" had mentioned he had tried it a few years back, (and someone else mentioned that outbound protection was needed, so pointed out the PRO version for that). And some claims about MagicSpam were made, (eg 'dangers') that deserved to be spoken to. Our product was mentioned by others early on in this thread. BTW, the original poster was getting 250 spam a day, and this thread is simply meant to offer them some help. PS, "HardBrasil", if you gave some examples of email headers that represent part of that 250 messages, maybe we (this forum) can give you better hard and fast suggestions depending on the type. (99% of all spam fall into the easy to identify, it is the last 1% that gives all the troubles) but 250 usually points to simple things you can do. RBL style protections and rate limiters should be your first line of defense. 'How' you do that, is up to you.. And the only reason I mentioned the 'free version', it makes it really simple to post to this list a CSV that you can highlight your uncaught spams to this list, and I am sure that the people here can quickly point out the type of spam you are getting, and then they can provide some quick and simple ways to get the worst of the worst out of the way. (just install it, even if you turn all the spam protections off except the safest RBL's) and post the logs. (You might even want to first delete the legitimate email entries before posting)
 
@trialotto
Maybe I can shed some light on MagicSPAM, yes, not the best out of the box software, but does help a lot. I have been using it with some tweaking on a shared hosting server with no issues for the past 7-8 years now. Granted, the "recommended" values do need some tweaking and I have whitelisted emails from OK sources and blacklisted others, but haven't had any complains about SPAM for the past 4 years now.

I'm not using the Pro version, as this was recently announced I think, just the one that comes with Plesk licenses, so I cannot speak about the Pro one. The "search mail" feature is pretty good and allows us to identify clients who have issues regarding SPAM or emails not delivered, and in the past it has helped a few other companies to better setup their mail servers (namely PTR records, etc.).

@MagicSpam12
Please consider this a feature request: the emails received through false positives should contain more info and should allow us to edit them, to use something other than your existing website in case we want. Other than that, good product, but would love more RBLs (like spamhaus, protected sky, etc.).
 
@MagicSpam12 and @KonstantinosS

The whole discussion becomes off-topic.

In essence, a good configuration of standard security measures would make any additional spam filtering tool hardly necessary or not necessary at all.

I really don´t mind if people pay for a solution, in the absence of some confidence in their ability to gain the knowledge to prevent spam completely (!), with free open source software and some simple configurations and settings of their servers and OSes.

That is the only thing I still want to add this discussion.

Regards
 
Back
Top