Question Plesk Email Security Pro more info

[ErnestoSF]

Hi, we recently have installed PES Pro and I suposse that it's working fine. Basically I need to control the outbound spam.
I see that it has detected hundreds of sent mails identified as spam, but what about them? Those spam was blocked? marked? quarantined? Is there any report or log to see which users are sending spam?
The quarantine label seems that only show the inbound mails with virus or malware.

Thanks

 

[Viktor Vogel]

Hi ErnestoSF,

thank you for your request.

Currently, only virus mails are caught and pushed into the quarantine (incoming and outgoing mails). Incoming spam mails are processed using the selected spam rules (server-wide or user-specific rules). Outgoing spam mails are also classified but not blocked (since this could lead to huge problems if mails are not appropriately classified, or the settings are incorrect).

In the actual state, we are working on bugfixes only to get rid of the most common issues and make the extension as stable as possible. I already have the feature in my backlog, that will show detailed statistics for all email addresses on the server, for instance:

[email protected] - Received: 1232 ham / 544 spam / 3 viruses --- Sent: 423 ham / 32 spam / 0 viruses

Thus, you will be able to get a quick overview of problematic email accounts. I don't have an ETA, but I plan to add this feature into the first minor release (1.1.0). Please stay tuned!

Cheers
Viktor

 

[Denis Gomes Franco]

I am also using the extension and would like to know about the incoming spam situation (posted about it here Question - Plesk Email Security Pro and yet getting spam) Seems that my customers are getting more spam in their inbox than when we didn't use the Pro version. Just this morning there were around 12 spam messages sitting in my own inbox.

So I would like to know if there's some solution or should I simply cancel my subscription to the extension. Let me clarify that IT IS catching spam, but it seems that are more spam reaching the inbox ever since enabling the Pro version, and even marking them as such does not seem to make the system learn about them, even with the scheduled action running every day.

 

[Viktor Vogel]

Hello Denis,

thank you for your posting. The switch to the Pro version does not have a negative impact on spam handling; in contrary, it should improve it a lot.

In your other thread, all headers are appropriately set, and SpamAssassin is analysing the email as expected. But I see that the Bayes filter did set a negative value for the spam mail. This means that the filter was trained to classify this kind of mail as not spam. In the very first version, there was a small bug that prevented the Bayes filter from being trained properly using the user actions (mark as spam/not spam). Can you please mark a message as spam and check the mail logs whether the filter was trained successfully?

1) Open logs from terminal: tail -f /var/log/maillog
2) Move an email from the inbox to the spam folder (by drag and drop - if the client allows it - or by marking the email as spam)

Do you see something like this in the logs?



If you see an error, then the filter is not trained correctly. Then we would need to fix this on your machine (I can help you with it, don't worry).

Cheers
Viktor

 

[Denis Gomes Franco]

Hey @Viktor Vogel , thanks for the reply. Did what you requested, here's the result:

Mar 16 09:16:23 cp001 dovecot: service=imap, [email protected], ip=[::1]. sieve: pipe action: piped message to program `es-learn-spam.sh'
Mar 16 09:16:23 cp001 dovecot: service=imap, [email protected], ip=[::1]. sieve: left message in mailbox 'INBOX.Spam'
Mar 16 09:16:23 cp001 dovecot: service=imap, [email protected], ip=[::1]. Logged out rcvd=251, sent=1556
Mar 16 09:16:23 cp001 dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, mpid=32687, TLS, session=<TTOdyfegYsgAAAAAAAAAAAAAAAAAAAAB>
Mar 16 09:16:23 cp001 dovecot: service=imap, [email protected], ip=[::1]. Logged out rcvd=393, sent=11733

The switch to the Pro version does not have a negative impact on spam handling

Well, just like I said, the system IS catching spam overall. But the number of spams sitting in my inbox seems to have increased, at least from my point of view. Every time a spam goes to the inbox I mark it as such but so far it might look like the system isn't learning. I believe it may be, but then, how long does it take to show visible results? I mean, shouldn't the number of spams be reduced by now?

 

[Viktor Vogel]

Thank you for your reply. I think you might have found a bug in the learning functionality!

Please give me some time to analyse it in more detail.

 

[Denis Gomes Franco]

Right, thanks for your support Viktor. In the meantime can you please explain what "Daily updates of the anti-spam database" in the extension description means, exactly?

I was under the impression that this could be something like what Cpanel provides for their users, eg., the antispam filter does not need any previous training at all, it simply works, and it might be the case that their global filter is being trained by all of their customers collectively, and Cpanel provides these results for free for their customers. That way, the antispam filter would start working with great accuracy right at the beginning, instead of depending on being trained on its own with its own messages.

 

[Viktor Vogel]

It is exactly what is says and usually works out of the box. The filter already pre-trained in the first installation process. We also update our internal database with fresh signatures on a daily base and uses this database to update local filters via a cronjob.

In your case, it seems like the Bayes filter is not trained at all (score -1,9 from your example in the other thread). I need to figure out, why the filter is not trained on your server.

 

[Denis Gomes Franco]

Alright, when you figure it out please let me know. Also please know that I have multiple servers, some used Plesk Onyx for quite some time and then got upgraded to Obsidian, and one recent server started "fresh" on Obsidian. Also, I recently started using Email Security Pro, before that I was using the standard SpamAssassin filter that came with Plesk.

 

[Viktor Vogel]

I've found a possible issue but need to verify on your server. Is it possible to get access to one of your machines to apply and test the fix?

If yes, please send me credentials (SSH/Plesk) to viktor[at]plesk(dot)com. Thanks!

 

[IgorG]

If yes, please send me credentials (SSH/Plesk) to viktor[at]plesk(dot)com.

JFYI: I'd suggest you use PM for such cases.

 

[mike.ac]

[email protected] - Received: 1232 ham / 544 spam / 3 viruses --- Sent: 423 ham / 32 spam / 0 viruses

Thus, you will be able to get a quick overview of problematic email accounts. I don't have an ETA, but I plan to add this feature into the first minor release (1.1.0). Please stay tuned!

Cheers
Viktor

Hello Viktor !

if you implement this I will love you for the rest of my life. This is one of the most important features for Plesk mail !

Another thing I am seeing outgoing email spam in the chart. I tried to check my maillog but nothing appears. any keyword to search for those emails the are classified as outgoing spam ?

Cheers,
Mike !

 

[Viktor Vogel]

Hello Viktor !

if you implement this I will love you for the rest of my life. This is one of the most important features for Plesk mail !

Hey Mike!

Hehe, we'll do it with the next minor release!

Another thing I am seeing outgoing email spam in the chart. I tried to check my maillog but nothing appears. any keyword to search for those emails the are classified as outgoing spam ?

It should create a normal log entry (just like for incoming mails). Just tested it with my test accounts:

May 22 09:43:47 plesk amavis[78744]: (78744-17) Passed SPAM {RelayedTaggedInternal}, MYNETS LOCAL [127.0.0.1]:33450 <SENDERMAIL -> <RECEIVERMAIL>, Queue-ID: 489F6105A203, Message-ID: <27521d73ac972346ef9c1412f9935dd5@SENDERDOMAIN>, mail_id: yiiiyVSQhBkC, Hits: 997.001, size: 2014, queued_as: B8A46101F070, dkim_sd=default:SENDERDOMAIN, 1404 ms

Cheers

 

[Achim Drees]

In the actual state, we are working on bugfixes only to get rid of the most common issues and make the extension as stable as possible. I already have the feature in my backlog, that will show detailed statistics for all email addresses on the server, for instance:

[email protected] - Received: 1232 ham / 544 spam / 3 viruses --- Sent: 423 ham / 32 spam / 0 viruses

Thus, you will be able to get a quick overview of problematic email accounts. I don't have an ETA, but I plan to add this feature into the first minor release (1.1.0). Please stay tuned!

Cheers
Viktor

Hi, we stay tuned, now soon this year is over ;-)

 

[Viktor Vogel]

Hi, we stay tuned, now soon this year is over ;-)

Hey Achim,

What do you mean? I've implemented this feature already almost half a year ago in version 1.1.0 (released on 16th July 2020).

Excerpt from the changelog:

1.1.0 (16 July 2020)​

• ...
• [+] Added Statistics tab with detailed statistics about all email accounts (Pro)
• ...

Merry Christmas!

 

[Achim Drees]

Hey Achim,

What do you mean? I've implemented this feature already almost half a year ago in version 1.1.0 (released on 16th July 2020).

Excerpt from the changelog:


Merry Christmas!

Oh sorry, I was looking for another thing. Did not read good enough.

Merry Christmas also for you.