1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

How to stop the spam!?!?

Discussion in 'Plesk for Linux - 8.x and Older' started by JD Austin, Nov 3, 2005.

  1. JD Austin

    JD Austin Guest

    0
     
    I've been going nuts trying to stop all of the spam that slips through plesk/qmail.

    I'm using all of the features in plesk.. black hole lists, spam assassin, rejecting invalid recipients.. etc.

    My clients send me mail constantly where the spammer sends it 'from' a known good address of the client to another known good addresses at the client.

    1) how to I stop outside MTA's from sending mail 'from' the domain it's sending to?

    2) I tried setting up qmail-scanner but get qq temporarily unavailable errors when trying to send mail.

    In the past with other MTA's I've used procmail to do things.. is that possible?

    I feel like my hands are tied since it's already a hacked version of qmail and recompling with other options would likely break it. Is SWsoft working on this issue?
     
  2. jspilon

    jspilon Guest

    0
     
    Your question is not clear.

    Do you mean people are spoofing the domain ?
    QUOTE]1) how to I stop outside MTA's from sending mail 'from' the domain it's sending to?[/QUOTE]

    Also

    make sure you disabled open relay and enabled smtp auth in plesk server admin
     
  3. JD Austin

    JD Austin Guest

    0
     
    Yes, they are spoofing the domain .
    Open relay is disabled and smtp auth is enabled.
     
  4. jspilon

    jspilon Guest

    0
     
    Here's the step you can take :

    1. create spf records for their domain

    spf records are store in a TXT dns record and tell the world which servers are allowed to send mail for this particular domain. That does not mean that everyone will check out if you have spf records, but at least its a start

    make sure to put all the info... like if the domain users will be sending email from their home ISP smtp server because they dont have the choice then those addresses needs to be added... if the ISP have a SPF record theirselves then i can be included in the domain's spf record ... quite cool

    a good place to look up the dns records :
    http://www.dnsstuff.com/

    an example of an isp with an spf record...

    http://www.dnsstuff.com/tools/lookup.ch?name=telus.net&type=TXT

    more info on spf records: http://spf.pobox.com/


    2. SpamAssassin Rulesets

    take a look at "Rules du jour"
    http://www.exit0.us/index.php?pagename=RulesDuJour
    a script for updating SA rulesets
    there is many interesting rulesets there

    dont want to update on reg basis, then you can download rules from SARE :

    http://www.rulesemporium.com/


    3. your SA version is important

    i think you require SA 3.x to be able to lookup spf records in your SA rules...


    This is about what i can tell to help, obviously self addressed spam is a bitc h cause you dont want to blacklist yourself

    I guess this is just going to enforce people to use SPF and maybe mail will get to be a better wolrd
     
  5. ShadowMan@

    ShadowMan@ Guest

    0
     
    Yes, spam control/prevention requires a multi-level approach, in addition to what jspilon posted above -

    Install mod_security (or subscribe to ARTs ASL - Atomic Secured Linux)

    Create/edit the /var/qmail/control/envnoathost
    (see qmail docs) put some random domain name in it. This prevents one way of domain 'spoofing', if a message is received with a from address without a domain, then qmail auto fills in the domain name from the value of 'me' which is usually your domain name.... If envnoathost is not set, it defaults to 'me'.

    Definitely upgrade to SA 3.x, get qmail-scanner working! Absolutely a must do!!

    Setup a default qmail handler (.qmail-default) and set it for a 'blackhole' account.

    There are probably dozens more things, but all that jspilon and I have posted should reduce spam to a low level in itself.
     
Loading...