• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Question Plesk Spam Emails Issue

A

AK_learner

Basic Pleskian
Server operating system version
CloudLinux 8.10
Plesk version and microupdate number
18.0.76 #6
Hi Pleskians, @Kaspar @Sebahat.hadzhi @IgorG,

We have been facing sudden influx of spam emails on Plesk.
Most of them are chinese, japanese, korean based spam based mails with Spam score of 2 or sometimes even with 0 score.

How to block these emails?

Can you suggest any flexible configurations under which we can configure blocking settings on server level for domain based on patterns? Or any other suggestions?

/=\?utf-8\?B\?[56]/i

/=\?utf-8\?Q\?.*?(?:E38194|E38288|E383AD).*?\?=/i

/=\?utf-8\?q\?.*?=E3=81=94.*?\?=/i

/=\?utf-8\?q\?.*?\?=/i

/koi8-r|koi8-u|koi7|koi8/i

/charset="gb(k|2312)"/i

#/=\?GB(K|2312)\?/i

/=\?UTF-8\?Q\?.*=E[0-9A-F]{2}=[0-9A-F]{2}=[0-9A-F]{2}.*\?=/i
Click to expand...

These are the patterns which I have found till now.

My end users are getting frustrated. Please suggest a solution.
 
@AK_learner

Do you have SPF, DMARC, DKIM and alike properly defined?

The Plesk mail eco-environment is a bit buggy at the moment, with a lot of spam related issues that can cause major email delivery issues.

Nevertheless, simple solutions like DKIM often seem to help in a considerable way.

I would recommend to setup DKIM first and then, afterwards, analyse the issues that remain.

Kind regards........


PS There is also DANE support (which requires TLSA records) - it improves the situation, but it is not a solution
 
Kaspar said:
There are numerous threads on this forum with suggestions on improving spam filtering or blocking. I am sure you'll find something useful if you use the forum search function.

If you don't want configure your server manually or need a good spamfilter solution quickly, I recommend using Warden Warden Antispam and Virus protection.
Click to expand...
@Kaspar

There is a systematic issue with Plesk mail delivery that is not related to "spam" at all.

One can add all Plesk extensions and all spam solutions and still spam will go through the Plesk server.

I did not find any conclusive / unambiguous root cause of the problem yet ......

...... but it seems to be introduced at the moment that Plesk allowed for issuing LE certificates on the "mail" subdomain (mail.domain.nl).

Stated differently, the nature of spam related issues was different before the option to add LE certs to the mail subdomain ..... and that (former) nature of spam related issues could have been easily solved with standard solutions and/or standard Plesk extensions.

Kind regards....
 
Kaspar said:
That has not been my experience. But then again, I run a heavily modified SpamAssasin configuration. Which gets the jobs done, for me at least.
Click to expand...

I applied a similar approach for testing purposes : a modified SpamAssassin config ....... but it did not make any difference (to be honest, it reduced the spam related issues, but in comparison to DKIM implementation, the "heavy SA config" effects were modest).

I currently assume that there has been a loophole that has been patched partially or nearly fully (but not fully).

Some people might still encounter issues that are related to "old" Plesk versions - Plesk updates not installed yet.

@Kaspar, please note that bugs cannot be found when everything works allright or seems to work properly ....... one really has to work backwards to "break the system" in such a way that the issue is isolated - otherwise, one does not find the root cause of a problem and/or one cannot conclude that there is no problem.


PS Due to changes in the Expert / Guru Program, I am currently highly limited in my test environments. Normally, I would have several servers with various OSes and various old and new Plesk versions installed that can be "broken down to the bone" to isolate issues. This is not possible anymore, so I have the foggiest idea which bug arises when and what parts of the bug are solved and/or what parts of the bug are still persisting in micro updates. Annoying.
 
@Kaspar
  • Can you share your Spam Assassin modifications? Maybe those would work?
  • I have already gone through the Plesk forums, and nothing seems to have worked against these types of spam mails.
@trialotto
Yes the DKIM, DMARC, SPF DNS records are proper for all domains. But since these are under the radar spam emails, they are getting through the Plesk Spam checks and thus into the Inbox of our customers.


To be fair, I have always felt that the Postfix component on Plesk is not properly optimised by the standards of the Plesk Control Panel.
If we observe cPanel/WHM based Exim, you have a very solid foundation over there and you can configure further tweaks easily in the Exim directly via the front-end.
But with Plesk & Postfix, thats very restrictive.

At the moment i'm blocking these rules via the Body_checks & header_checks (Postfix manual - header_checks(5)) via PCRE, but its for server wide and does not allow me to fully customize for a per-domain basis.

I think ASSP is one of the greatest options available, and Plesk should definitely add it to the Postfix to fix these loopholes in the Mailing.

Any suggestions or anything else you guys can assist on, that would be a great help. Have you guys deployed ASSP on plesk? (I did find an article regarding it, but it was for Onyx, don't know how it will work in current scenario).
 
AK_learner said:
To be fair, I have always felt that the Postfix component on Plesk is not properly optimised by the standards of the Plesk Control Panel.
If we observe cPanel/WHM based Exim, you have a very solid foundation over there and you can configure further tweaks easily in the Exim directly via the front-end.
But with Plesk & Postfix, thats very restrictive.
Click to expand...
I realize it's a matter of preference, but I've always liked Postfix for it's ease of configuration compared to Exim. It's one of the reasons I switched from cPanel to Plesk many years ago. Although cPanel gives you a bunch of options to tweak Exim, you are pretty much limited to just those options. Plesk does not offer many options to tweak Postfix, but I love that you can tweak the Postfix configuration directly (outside of Plesk). Giving you, as an server admin, great flexibility to run Postfix the way you want (with certain limitations). Like using it with Postscreen and/or using it with Amavis.

AK_learner said:
I think ASSP is one of the greatest options available, and Plesk should definitely add it to the Postfix to fix these loopholes in the Mailing.
Click to expand...
I've never used ASSP and I am not really familiar with it, however at first glance it looks like it has a very similar feature set as Amavis with SpamAssassin, just as a mail proxy. I don't see much benefit using it over SpamAssassin (with or without Amavis). But perhaps I am missing the advantage of ASSP.

AK_learner said:
At the moment i'm blocking these rules via the Body_checks & header_checks (Postfix manual - header_checks(5)) via PCRE, but its for server wide and does not allow me to fully customize for a per-domain basis.
Click to expand...
Any filtering/blocking performed via Postfix via body_checks or header_checks can be done via SpamAssassin, giving you much more control over the filtering process on individual mailboxes (by adjusting the spam threshold for example).

Here are some forum thread related to spam filtering that might help you.

Question - Are you using "DNS Blackhole Lists" ?

Hello everyone, I am currently reviewing the email security and anti-spam settings on my Plesk server and I am looking into the "Spam protection based on DNS blackhole lists" feature. I would love to get some insights from the community's experience: Do you generally keep this specific DNSBL...
talk.plesk.com talk.plesk.com

Question - Spam detection on outgoing mails with Plesk Email Security

Hi, How does spam detection on outgoing mails work on Plesk Email Security? Spam is counted in the stats table. But how are they processed? For me, everything indicates that they are still delivered when a customer account is hacked. How can I make sure they are not delivered? There seems to...
talk.plesk.com talk.plesk.com

Question - Possible to optimize SpamAssassin?

Hello out there, independent of plugins like Magic Spam and Plesk Email Security I am wondering how you optimize your SpamAssassin configuration? Are you using external databases eg.? Thx Manni
talk.plesk.com talk.plesk.com

Issue - Plesk Email Security seems not to learn spam properly

Since we switched to paid version, we receive a lot more spam mails. I knew that it might take some time for some training to take effect. But unfortunately it only to seems to be getting worse. I have included some headers that were detected as spam and some not - the ones that haven't been...
talk.plesk.com talk.plesk.com

Question - Best way of handling spam email blocking / removal via spamscore?

Hello We have various email accounts on the Plesk server. Some of these have had recent spikes in email sent to specific addresses. The email on the server is currently not too bad, the majority of the spam is caught (by blacklists) and server wide settings. BUT, on other servers and in other...
talk.plesk.com talk.plesk.com

Question - SpamAssassin Bayes Training in Plesk: Daily cron disabled by default – bug or by design?

Hello everyone, I’ve been troubleshooting SpamAssassin on my Plesk server (**Ubuntu 24.04, Plesk Obsidian 18.0.72 Update 3 **, `psa-spamassassin` installed) and discovered what looks like either a bug or at least very confusing behavior. 1. Expectation according to Plesk documentation Plesk KB...
talk.plesk.com talk.plesk.com

Some forum users prefer Rspamd over SpamAssassin and started a thread about using it with Plesk, in case you are interested.

Question - Migration from Plesk Email Security (Amavis, SpamAssassin 3.x) to Rspamd 3.12 – Experiences?

Hi everyone, I'm planning to switch from the default Plesk Email Security stack (Amavis, SpamAssassin 3.x, Pyzor, Razor, etc.) to a more modern and efficient solution based on Rspamd 3.12 on my Ubuntu 22.04 server. The decision comes mainly due to: a massive increase in spam recently, with...
talk.plesk.com talk.plesk.com
 
Last edited:
You must log in or register to reply here.

Similar threads

I
Input Hardening Plesk with AbuseIPDB
Replies
2
Views
2K
iainh
I
N
Issue Migration: mdb.c assertion failed with Plesk 18.0.76
Replies
12
Views
3K
Boni
B
Hangover2
Critical security issue fixed on 24–25 February 2026 (Plesk Obsidian 18.0.75 Update 1 / 18.0.76 Update 2) — request for vulnerability details
Replies
4
Views
3K
Hangover2
Hangover2
S
Issue Email deliverability issues
Replies
6
Views
4K
JVG
J
propz
Resolved Email Domain Blacklisting not working 100%
Replies
7
Views
7K
Kaspar
K
Back
Top