• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

need help with antispam filter

Sven L.

Regular Pleskian
Hello,

scenario:

90% of my customers are from spain. spanish mobile 3G connections and most home DSL not only use dynamic IP, but also IPs that at some point have been blacklisted.

one specific customer was complaining a lot that when sending emails from their mobiles to their offices (ex: from [email protected] to [email protected]) they arrived marked as spam, so what we did was adding their internal email adresses to the whitelist

THE PROBLEM:

now, out of a sudden, some spamming mecanism is sending hundrets of emails where the destination email is = origin email. (ex: from [email protected] to [email protected]) and as you can guess, due the whitelist, all this emails are not filtered as spam, ever.

i have looked at the headers, the origin is always a different IP range and a different google.com account

how could i solve & filter this problem?
 
Last edited:
Have you enabled SPF mail filters? You can find that in your Server Settings -> Mail settings
If you have not and need help with this, let me know!
 
No, I am not using SPF filters and I cannot use that.

Why? Because as I already mentioned above, many of my customers have bad IPs and if I enable SPF they can't even send email anymore as the SMTP server blocks them.
 
Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing (Which is the exact problem you are having!!)
 
I have the same Problem.

The SPF could not work unless you set a spf like "v=spf1 ip4:xxx.xxx.xxx.xxx -all" for each domain . And then you have to set the filter SPF to deny when spf fail.

You can create specific rules for sa.

body RP10 /googleapps-espana.com/i
score RP10 20.0
describe RP10 Spam Agosto

body RP11 /googleapps-spain.com/i
score RP11 20.0
describe RP11 Spam Agosto

Greetings from spamin!!
 
sorry abdi i misunderstood you initially and thought you were talking about dns blackhole for some reason (stupid me) which I can't use due the problems with customer bad IPs

thx also to JavierAlonso for his post


could you both elaborate a little on SPF? some links to get me started how it is suposed to work and how to properly MAKE it work in plesk?
 
Please find my settings here-in attached and ensure you have this exact for SPF ...

spf.jpg
 
thx a lot abdi.

could you elaborate what each setting and it's value means? I don't usually configure something without knowing what it exactly does.
as said, if you could give me a link to some info or guide for someone who who has no idea how SPF works...
 
I am trying to read through all that info (and some more stuff I found online) and there rises one main concern:

As far as I understood the plesk SPF antispam protection is based around the fact that a sender is using an allowed sending IP that is allowed with the SPF DNS TXT record
so far so good, all our domains have the proper SPF TXT in the DNS records.

However, when going through the postfix maillog (and same happens with qmail) the origin IP of an email is not the IP of our server, but the IP where the customer is sending from (3G mobile phone, home DSL with dynamic IP, etc.) so the SPF check would always result in a fail.

Am I understanding this right? how can I avoid these problems?

also, which SPF spam protection setting would you recommend for testing purpose to start checking logs without changing yet towards customers?
 
so, in order to start some testing, i enabled the SPF protection, leaving all camps except the first empty and setting it to only show headers, not to block.

i can already see some interesting stuff in mail headers, but there is something that concerns me.

many (actually MOST) of the mails we receive (valid mails) come from servers that don't see to be SPF compliant, thus i see this header:
"Received-SPF: none (no valid SPF record)"

i am afraid to lose such mails if i set SPF protection to actually block.
any suggestions on this?


Sven
 
Back
Top