How to stop the spam!?!?

[JD Austin]

I've been going nuts trying to stop all of the spam that slips through plesk/qmail.

I'm using all of the features in plesk.. black hole lists, spam assassin, rejecting invalid recipients.. etc.

My clients send me mail constantly where the spammer sends it 'from' a known good address of the client to another known good addresses at the client.

1) how to I stop outside MTA's from sending mail 'from' the domain it's sending to?

2) I tried setting up qmail-scanner but get qq temporarily unavailable errors when trying to send mail.

In the past with other MTA's I've used procmail to do things.. is that possible?

I feel like my hands are tied since it's already a hacked version of qmail and recompling with other options would likely break it. Is SWsoft working on this issue?

 

[jspilon]

Your question is not clear.

Do you mean people are spoofing the domain ?
QUOTE]1) how to I stop outside MTA's from sending mail 'from' the domain it's sending to?[/QUOTE]

Also

make sure you disabled open relay and enabled smtp auth in plesk server admin

 

[JD Austin]

Yes, they are spoofing the domain .
Open relay is disabled and smtp auth is enabled.

 

[jspilon]

Here's the step you can take :

1. create spf records for their domain

spf records are store in a TXT dns record and tell the world which servers are allowed to send mail for this particular domain. That does not mean that everyone will check out if you have spf records, but at least its a start

make sure to put all the info... like if the domain users will be sending email from their home ISP smtp server because they dont have the choice then those addresses needs to be added... if the ISP have a SPF record theirselves then i can be included in the domain's spf record ... quite cool

a good place to look up the dns records :
http://www.dnsstuff.com/

an example of an isp with an spf record...

http://www.dnsstuff.com/tools/lookup.ch?name=telus.net&type=TXT

more info on spf records: http://spf.pobox.com/


2. SpamAssassin Rulesets

take a look at "Rules du jour"
http://www.exit0.us/index.php?pagename=RulesDuJour
a script for updating SA rulesets
there is many interesting rulesets there

dont want to update on reg basis, then you can download rules from SARE :

http://www.rulesemporium.com/


3. your SA version is important

i think you require SA 3.x to be able to lookup spf records in your SA rules...


This is about what i can tell to help, obviously self addressed spam is a bitc h cause you dont want to blacklist yourself

I guess this is just going to enforce people to use SPF and maybe mail will get to be a better wolrd

 

[ShadowMan@]

Yes, spam control/prevention requires a multi-level approach, in addition to what jspilon posted above -

Install mod_security (or subscribe to ARTs ASL - Atomic Secured Linux)

Create/edit the /var/qmail/control/envnoathost
(see qmail docs) put some random domain name in it. This prevents one way of domain 'spoofing', if a message is received with a from address without a domain, then qmail auto fills in the domain name from the value of 'me' which is usually your domain name.... If envnoathost is not set, it defaults to 'me'.

Definitely upgrade to SA 3.x, get qmail-scanner working! Absolutely a must do!!

Setup a default qmail handler (.qmail-default) and set it for a 'blackhole' account.

There are probably dozens more things, but all that jspilon and I have posted should reduce spam to a low level in itself.