• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Best solution in order to stop incoming spam to a plesk server

SalvadorS

Regular Pleskian
Server operating system version
Debian 11.8
Plesk version and microupdate number
18.0.56
Hello,

We are receiving a lot of spam in our servers in the last days/months. It seems that backlist like b.barracudacentral.org, bl.spamcop.net or zen.spamhaus.org does not stop the spam we received and spamassassin is good but a lot of spam is coming.

So I want to know what are you doing to stop the incoming spam in a plesk server.

Thanks a lot.

Regards
 
If your SPF policy is set to "reject if SPF resolves to fail" you can change it to "reject if SPF resolves to softfail", that will take care of the more egregious spam, altough some customers might object because it will also reject mails from real domains who have not been properly configured.

Alternatively, you could also increase the scores of certain spamassasin rules or create your own rules in /etc/spamassassin/local.cf :
Code:
score SPF_FAIL 10.0
score SPF_SOFTFAIL 5.0

That will NOT reject the emails but it will identified them as SPAM.
 
Alternatively, you could also increase the scores of certain spamassasin rules or create your own rules in /etc/spamassassin/local.cf :
Code:
score SPF_FAIL 10.0
score SPF_SOFTFAIL 5.0

Sidenote, it will be really helpful if Plesk could integrate in the UI these /etc/spamassassin/local.cf basic configurations.
 
Sidenote, it will be really helpful if Plesk could integrate in the UI these /etc/spamassassin/local.cf basic configurations.
You can do all of this and more using our Warden Anti-spam and Virus Protection extension. If money is tight and you don't want to use our extension then I recommend looking over this KB article for how to set tighter SMTPD restrictions in Postfix (Warden sets these automatically but you can do it manually if you want). This should help out a lot:

 
You can do all of this and more using our Warden Anti-spam and Virus Protection extension. If money is tight and you don't want to use our extension then I recommend looking over this KB article for how to set tighter SMTPD restrictions in Postfix (Warden sets these automatically but you can do it manually if you want). This should help out a lot:


So you change these lines in /etc/postfix/main.cf:
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
For these new ones:

smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_reverse_client_hostname
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_recipient_domain
smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining

I am going to test it. Thank you.
 
It seems most of these anti-spam "hosts" (zen.spamhaus.org and so on) are not pingable... why? does somebody know that?

Thank you very much for your feedback(s).
 
Back
Top