• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Plesk Email Security - block emails for reply-to of a different domain from sender

finbarr69

finbarr69

Basic Pleskian
Server operating system version
CentOS Linux release 7.9.2009 (Core)
Plesk version and microupdate number
Plesk Obsidian Web Host Edition Version 18.0.55 Update #2
Hi all. I think this might be a feature request as I can't see a way to do this.

I am (I think we all are) plagued with spam from people emailing us to offer to improve our website. Ironically, they often email the webmaster.

These always come "from" what looks like a genuine company email address, but with a reply-to of a gmail email address. If you reply to the From address, you'll find the email address doesn't exist and you get a bounce.

They never get stopped by the Plesk Email Security and there's no way to easily block them as it is always different From addresses and different Reply-To addresses.

However, they all have one thing in common. The reply-to is almost always a gmail email address and bears no resemblance to the From address.

It would be easy to block these if we could create a rule that marks as spam any email where the From email domain is different from the Reply-To email domain. I think it would be very unlikely that any genuine email would fit in to this category. Reply-to is normally used where the From address is a no-reply email address or some bot email address, and the sender wants replies to go somewhere specific on the same domain, but an exception list could be created.

I think that's desirable for everyone, and it could be a rule we could default to off, and turn on if desired, and turn back off if it causes problems.

Comments welcome.
 
You could write your own SpamAssassin rules to filter spam based on certain email characteristics. Simply create a new file for rules in the SpamAssassin configuration directory. For example you could create a file named custom.cf and add any custom SpamAssassin rules to that file. In case of CentOS 7 the SpamAssassin configuration directory is located at /etc/mail/spamassassin.

To get you started I created the rule below based on the spam characteristics you mentioned. I gave the rule a low score so you can test it without any major impact on your email. If it works well you can increase the rule score so any email that matches this rule hits your spam score threshold.

What it does
In short, this rule uses an already existing SpamAssassin rule to check whether the reply-to email address is from a freemail provider (Yahoo, gmail, outlook/hotmail, ect). If the reply-to address in the email message is indeed from a freemail provider, the rule will then check for certain keywords in the body of the email. If a combination of those key words is found in the body, the rule adds the score to the total spam score of the email.

Change, adapt, improve based on your specific needs and experience.

Code: 
# One of these keywords must be present in the email
body __WEB_DEV_SPAM_01 /develop|design|desing|designing|redesign|revamp/i

# One of the listed keywords bellow must be present in the email as well
body __WEB_DEV_SPAM_02   /company|companies|professionals|professional|expertise|dedicated team|in-house|methodologies|reliable|working experience|experienced|trustworthy|specialist|business/i

# One of the listed keywords bellow must be present in the email as well
body __WEB_DEV_SPAM_03  /affordable|projects?|interested|quotation|quick delivery|services|competitive pricing|very reasonable|very affordable prices|testimonials|price ?list|reply me|any kinds of help|impress you|exact requirement/i

# Final rule. Checks if email has reply-to address from a freemail provider with  a combination of any of the listed keywords above used in the body
meta        WEB_DEV_SPAM    (FREEMAIL_REPLY && ((  __WEB_DEV_SPAM_01 + __WEB_DEV_SPAM_02 + __WEB_DEV_SPAM_03)) >= 3)

# Description of the spam rule, which is shown in the header of the email
describe    WEB_DEV_SPAM    Web dev spam content

# Low spam score, increase to give this rule more weight
score       WEB_DEV_SPAM    1.0

Lastly, when ever you make changes to the SpamAssassin configuration (which includes custom rules) you'll have to restart SpamAssassin for the changes to take effect. SpamAssassin can be restarted by running the command sudo /usr/local/psa/admin/bin/spammng --restart
 
Last edited:
You must log in or register to reply here.

Similar threads

C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
551
Change Maker
C
D
Issue Email Sender domain change when forwarding emails
Replies
2
Views
1K
Derek167
D
williamplk
Issue Plesk default generate domain set in email header Helo
Replies
12
Views
1K
williamplk
williamplk
carlsson
Resolved Outgoing administrator mail not authorized [missing SPF record in sender domain]
Replies
11
Views
3K
rkbonatto
rkbonatto
A
Resolved Unwanted redirects to gmail, when receiving emails
Replies
5
Views
2K
arunda2
A
Back
Top