Question Best solution in order to stop incoming spam to a plesk server

[SalvadorS]

Server operating system version

Debian 11.8

Plesk version and microupdate number

18.0.56

Hello,

We are receiving a lot of spam in our servers in the last days/months. It seems that backlist like b.barracudacentral.org, bl.spamcop.net or zen.spamhaus.org does not stop the spam we received and spamassassin is good but a lot of spam is coming.

So I want to know what are you doing to stop the incoming spam in a plesk server.

Thanks a lot.

Regards

 

[JVG]

If your SPF policy is set to "reject if SPF resolves to fail" you can change it to "reject if SPF resolves to softfail", that will take care of the more egregious spam, altough some customers might object because it will also reject mails from real domains who have not been properly configured.

Alternatively, you could also increase the scores of certain spamassasin rules or create your own rules in /etc/spamassassin/local.cf :

score SPF_FAIL 10.0
score SPF_SOFTFAIL 5.0

That will NOT reject the emails but it will identified them as SPAM.

 

[JVG]

Alternatively, you could also increase the scores of certain spamassasin rules or create your own rules in /etc/spamassassin/local.cf :

score SPF_FAIL 10.0
score SPF_SOFTFAIL 5.0

Sidenote, it will be really helpful if Plesk could integrate in the UI these /etc/spamassassin/local.cf basic configurations.

 

[danami]

Sidenote, it will be really helpful if Plesk could integrate in the UI these /etc/spamassassin/local.cf basic configurations.

You can do all of this and more using our Warden Anti-spam and Virus Protection extension. If money is tight and you don't want to use our extension then I recommend looking over this KB article for how to set tighter SMTPD restrictions in Postfix (Warden sets these automatically but you can do it manually if you want). This should help out a lot:

How can I add stronger Postfix restrictions so that the bulk of spam is rejected at the SMTPD level before it gets processed by Amavis? - Knowledgebase - Danami

 

[SalvadorS]

You can do all of this and more using our Warden Anti-spam and Virus Protection extension. If money is tight and you don't want to use our extension then I recommend looking over this KB article for how to set tighter SMTPD restrictions in Postfix (Warden sets these automatically but you can do it manually if you want). This should help out a lot:

How can I add stronger Postfix restrictions so that the bulk of spam is rejected at the SMTPD level before it gets processed by Amavis? - Knowledgebase - Danami

So you change these lines in /etc/postfix/main.cf:

smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

For these new ones:

smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_reverse_client_hostname
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, reject_unknown_sender_domain
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_recipient_domain
smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining

I am going to test it. Thank you.

 

[jmar83]

It seems most of these anti-spam "hosts" (zen.spamhaus.org and so on) are not pingable... why? does somebody know that?

Thank you very much for your feedback(s).

 

[jmar83]

Also the server from "nixspam" - ix.dnsbl.manitu.net...

 

[jmar83]

Don't understand...!?