• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Spam black list doesn't work

J

JuanCar

Regular Pleskian
Server operating system version
Centos
Plesk version and microupdate number
Obsidian 18.0.48
Hi
I've set spam black list for a subdomain and for the domain. The filter is *@*.top, because I'm receiving the same spam mails form differents emails: [email protected], [email protected] and so.
I've set the filter but the spam keep on reaching me!!!.
Where is my mistake? Is there any other way to reject this spam?
Thanks
 
If I'm not mistaken, the spam filter blacklist identifies emails from those subdomains as SPAM, but it is to the individual mailboxes filters to either reject SPAM, move it to the SPAM folder or just mark it as such on the subject but still deliver it to the inbox.
 
But in my case, the mail is delivered as any other mail, without any mark or moved to spam folder.
If a set a *@gmail.com in black list, the rule works and the mail is not delivered.
My spams mail came from *@*.top
Thats what I see in maillog
Mar 3 14:17:05 mydomain qmail-queue[797]: 788302: from=<[email protected]> to=<[email protected]>
Mar 3 14:17:05 mydomain qmail-queue[797]: 788302: py-limit-out: stderr: INFO:__main__:No SMTP AUTH and not running in sendmail context (incoming or unrestricted outgoing mail). SKIP message.
Mar 3 14:17:05 mydomain qmail-queue[797]: 788302: py-limit-out: stderr: SKIP
Mar 3 14:17:05 mydomain qmail-queue[797]: 788302: check-quota: stderr: SKIP
Mar 3 14:17:05 mydomain spf[805]: 788302: Error code: (6) Unknown mechanism found
Mar 3 14:17:05 mydomain spf[805]: 788302: Unable to set local policy: Unknown mechanism found near 'spf1 +a +mx '
Mar 3 14:17:05 mydomain spf[805]: 788302: Unable to set local policy: Failed to compile local policy 'spf1 +a +mx +a:mydomain.com -all'
Mar 3 14:17:05 mydomain qmail-queue[797]: 788302: spf: stderr: SKIP
Mar 3 14:17:06 mydomain qmail-queue[806]: scan: the message(drweb.tmp.MJpofr) sent by [email protected] to [email protected] is passed
Mar 3 14:17:06 mydomain qmail-queue[797]: 788302: drweb: stderr: PASS
Mar 3 14:17:06 mydomain qmail[20219]: new msg 788302
Mar 3 14:17:06 mydomain qmail[20219]: info msg 788302: bytes 270206 from <[email protected]> qp 811 uid 2020
Mar 3 14:17:06 mydomain qmail[20219]: starting delivery 1597: msg 788302 to local [email protected]
Mar 3 14:17:06 mydomain qmail[20219]: status: local 1/10 remote 0/20
Mar 3 14:17:06 mydomain qmail-local[812]: 788302: from=<[email protected]> to=<[email protected]>
Mar 3 14:17:06 mydomain spamc[814]: skipped message, greater than max message size (256000 bytes)
Mar 3 14:17:06 mydomain qmail-local[812]: 788302: spam: stderr: PASS
Mar 3 14:17:06 mydomain dk_check[815]: 788302: DKIM verification (d=(null), 0-bit key) failed: domain tag missing
Mar 3 14:17:06 mydomain qmail-local[812]: 788302: dk_check: stderr: PASS
Mar 3 14:17:06 mydomain dmarc[816]: 788302: SPF record was not found in Authentication-Results
Mar 3 14:17:06 mydomain qmail-local[812]: 788302: dmarc: stderr: PASS
Mar 3 14:17:06 mydomain qmail[20219]: delivery 1597: success: did_0+0+2/
Mar 3 14:17:06 mydomain qmail[20219]: status: local 0/10 remote 0/20
Mar 3 14:17:06 mydomain qmail[20219]: end msg 788302

The remote addres here is [email protected], but the same email can came from similar email (*@*.top), all with the same top domain.
 
Is [email protected] also the address used in the From header of the email? Because if I am not mistaken the SpamAssassin blacklist blocks emails solely based on the address set in From header. Not the address used in the senders envelope.
 
Kaspar said:
Is [email protected] also the address used in the From header of the email? Because if I am not mistaken the SpamAssassin blacklist blocks emails solely based on the address set in From header. Not the address used in the senders envelope.
Click to expand...
Yes, header show the same email in from header. Here is a mail header with this spam problem
Authentication-Results: mydomain.com;
dmarc=pass (p=NONE sp=NONE) smtp.from=yaud.top header.from=yaud.top;
dkim=pass header.d=yaud.top;
dkim=temperror header.d=(null)
Received: (qmail 6245 invoked from network); 4 Mar 2023 23:03:17 +0100
Received: from coupons.yaud.top (134.73.142.146)
by mydomain.com with (DHE-RSA-AES256-GCM-SHA384 encrypted) SMTP; 4 Mar 2023 23:03:13 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default; d=yaud.top;
h=List-Unsubscribe:MIME-Version:From:To:Date:Subject:Content-Type:
Content-Transfer-Encoding; i=[email protected];
bh=2RWaE2NqlvEXsTrIAPxtsl561qlnY/JRkRqbYW93xR0=;
b=GM2fKYuJ5/tQMYgDDD1Tr7B+DBLKwx8/iyraeWVhRQz9ESeTs9aLton56fZGJzQj0bfs/XHTUSt1
8FBePM4KP1lfROdd9OzxAyvFBLHXlv/LwUXaLcBjhcQ/IH+pOVQ5eB4QgvgwSqyJaO1gjGwNyVBj
onAwqWuBnKTvTddmRsg=
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
X-Spam-Score: 0.5
ReturnReceipt: 1
DKIM-Signature: v=DKIM1; k=rsa;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC93rT0nxRFY5VjvZ4XWHSSB6wukwCfkm7GchaAqsiVz/gyKiJnnxNfzcsc2ChPKIsMv33QNI4aw5evTh22JGdcI6ffaEWgN//+x0SL9bzyZrxXwAYP7uOyg3jgVHioA+n9Lh0DV88aCcQQuAWljcNzyCBivnszhB/qSY7ajBYLCQIDAQAB
List-Unsubscribe: <https://www.sexydoll4u.com/list.cgi?cmd=unsub&lst=list>,
<mailto:[email protected]?subject=unsubscribe>
MIME-Version: 1.0
From: =?utf-8?Q?Louis=C2=AE_Vuitton?= <[email protected]>
To: "mymail" <[email protected]>
Priority: urgent
Importance: high
Date: 4 Mar 2023 13:54:38 -0800
Subject: mymail, Award winning Christmas group purchase.
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
 
@JuanCar The reason why the messages are passing the filter is that they are too big. Spammers use this technique on purpose, because they know that SpamAssassin only scans messages up to a certain size. This is done so that a mail server cannot be successfully attacked by sending lots of large mails which would cause a lot of cpu load for the scan of the large mail. Spammers put large image files into an HTML body of a mail to achieve this. You can see what happens in this log line of yours:
Code: 
Mar 3 14:17:06 mydomain spamc[814]: skipped message, greater than max message size (256000 bytes)
In the Plesk documentation you can find instructions how to increase the message size threshold of SpamAssassin:
docs.plesk.com

SpamAssassin Spam Filter

The SpamAssassin spam filter identifies spam messages among emails sent to mailboxes hosted on your Plesk server. Lea...
docs.plesk.com docs.plesk.com
 
Peter is right. I missed this line in the mail log, which indicates the messages size is larger then the maximum allowed message size configured in SpamAssassin. Which is why the message is ignored by SpamAssassin.
Mar 3 14:17:06 mydomain spamc[814]: skipped message, greater than max message size (256000 bytes)
Click to expand...
 
Last edited:
You must log in or register to reply here.

Similar threads

C
Issue Help needed with spam filtering
Replies
5
Views
687
ciB
C
F
Resolved Postfix SRS default domain
Replies
1
Views
761
Mikhail_S
Mikhail_S
propz
Resolved Email Domain Blacklisting not working 100%
Replies
7
Views
3K
Kaspar
K
C
Question Block mail if domain doesn't exist in Plesk
Replies
0
Views
444
checkinindza
C
M
Resolved Plesk Email Security Pro: No access to individual Blacklist/Whitelist/Filter sensitivity - Button is Missing since
Replies
2
Views
750
mcac
M
Back
Top