Question Do not forward spam emails to external mailbox

[Talistech]

Server operating system version

Ubuntu 22.04.2 LTS

Plesk version and microupdate number

Version 18.0.52 Update #3

Hi,

Some of our customers are using e-mail forwarding to their personal mailboxes like Yandex, Hotmail or Gmail.
When I check our mail logs I see a lot of incoming spam to our servers (which are marked as SPAM, no issue there)

But is there any way to deny forwarding for spam mails? At this moment, ALL mails are being forwarded, I only want to forward non-spam emails. Can this be done?

Thank you,
Mustafa

 

[Peter Debik]

The forward happens before mails are being processed by the spam filter. DNSBL configuration applies, but not antivirus or spam software.

 

[Talistech]

The forward happens before mails are being processed by the spam filter. DNSBL configuration applies, but not antivirus or spam software.

Exactly, that's why I wanted to ask you guys.
Is there any possibility we can try? Or anything you can suggest I could try?

 

[Kaspar]

I think there used to be a Plesk knowledgebase article explaining how SpamAssassin could also be used for filtering outbound email. I used it once on server a couple of years back. But I don't seem to be able to find the knowledgebase article andI don't remember the steps involved.

But outbound spam filtering probably the way to go. Either with SpamAssassin or something like SpamExperts (or something else).

 

[Talistech]

I think there used to be a Plesk knowledgebase article explaining how SpamAssassin could also be used for filtering outbound email. I used it once on server a couple of years back. But I don't seem to be able to find the knowledgebase article andI don't remember the steps involved.

But outbound spam filtering probably the way to go. Either with SpamAssassin or something like SpamExperts (or something else).

Thank you, I'll give that a try.

 

[Talistech]

For anyone else having this issue, I resolved my isssue it with Postfix header checks.
Since all spam mails are marked with "****SPAM*****" by Spamassassin when they're incoming, I'm simly dropping all outgoing messagedd with "SPAM" in the content.

# Install postfix-pcre
sudo apt install postfix-pcre

# Check if it is available
postconf -m

# Open the postfix configuration file
vim /etc/postfix/main.cf

# Add this to the bottom of that file
header_checks = pcre:/etc/postfix/header_checks


# Then you want to create the file we just added to the config
vim /etc/postfix/header_checks

# And add this to the content
/SPAM/     DISCARD


# After creating that file, you need to build the index file and restart postfix
sudo postmap /etc/postfix/header_checks
sudo systemctl restart postfix

Test it by sending a mail to an external mailbox. And then send the same mail with "SPAM" in the subject, it should not be sent.

 

[Talistech]

cat /var/log/maillog

Jun  9 09:31:15 **** psa-pc-remote[3985528]: 462D61C1208: from=<****@****.com> to=<****@****.io>
Jun  9 09:31:15 **** postfix/cleanup[1142774]: 462D61C1208: discard: header Subject: SPAM from localhost[127.0.0.1]; from=<****@****.com> to=<****@****.io> proto=ESMTP helo=<webmail.****.****>

 

[BastianBalthasarBux]

[..]

# Then you want to create the file we just added to the config
vim /etc/postfix/header_checks

# And add this to the content
/SPAM/ DISCARD

[..]

This perfectly blocks A LOT of mails.
Also the none-redirected mails with Header

header X-Spam-Flag: NO

which e.g. applies to GMX mails. Funny.

 

[BastianBalthasarBux]

Good question, I have this problem too, that's why I stumbled over this thread.

 

[Qhiliqq]

Same issue here.

 

[Maarten]

Make sure to check if postfix-pcre is already active before installing the postfix-pcre package. It needs to be the same version as the postfix package. Otherwise, the installer tries to downgrade the installed postfix version to the same version as the postfix-pcre package.

On AlmaLinux 8, it's already part of the postfix package:

# postconf -m | grep pcre
pcre