• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Want to blacklist spam from a specific user name but have wildcards in the domain. Possible?

Today I can say that one of these filters hasn't worked.
1720516927127.png
I can paste the Headers hear for this one @Kaspar@Plesk in the hope it may help.
There's a lot more, but is this amount sufficient to help with a diagnosis.

Code:
Message-ID
<[email protected]>
Date
Tue, 09 Jul 2024 01:00:29 +0000
From
[email protected]
To
"my email address>
Subject
The One Fantastic Shop Newsletter - Essential Gadgets for Your Summer Outdoor Adventures
Authentication-Results
server.alexandersassociates.co.uk; dmarc=pass (p=REJECT sp=NONE) smtp.from=onefantasticshop.fr header.from=onefantasticshop.fr; dkim=pass header.d=onefantasticshop.fr; spf=pass (sender IP is 216.117.191.202) [email protected] smtp.helo=altset202.onefantasticshop.fr
Received
from altset202.onefantasticshop.fr (altset202.onefantasticshop.fr [216.117.191.202]) by server.alexandersassociates.co.uk (Postfix) with ESMTPS id 602CD7F72B for <my email address>; Tue, 9 Jul 2024 01:01:16 +0000 (UTC)
Return-Path
<[email protected]>
 
I am not sure why the rule you created does not catch that particular email. As a way to troubleshoot it might be good to remove all current rules and setup just one rule with a domain (or email address) you own yourself and can test with. And go from there to what rules (and wild cards) work for you and what does not.

For this particular sender you can also consider to completely block them. Because the domain in the Return-Path (envelop sender) matches the domain used in the From header, you could block this domain by adding it to the mail server black list. Which you can find in Plesk via Tools & Settings > Mail Server Settings > Black List.

All emails received from domains on this Black list are reject by the mail server. However the mail server rejects emails based on the domain if the envelop sender (shown in headers as the Return-Path), not the domain used in the From address.
 
Thanks Kaspar. I do have a list of blocked domains there and I will actually add that one now as well.
Sometimes I think this method is easier, I was just concerned at what point would it be detrimental in performance terms, would it impact the server.
I have about 50 at the moment. I believe I'm adding it using the correct syntax? *@onefantasticshop.fr

Sometimes I also ping for their IP's and Blacklist them in imunify360? Is there one method better than the other when it comes to reducing Spam?
 
I think that field might need a complete expression matching the full source string instead of just a partial match, i.e. *onefantasticshop.??
That does make sense actually. @Robert Alexander, maybe you can try that.

Thanks Kaspar. I do have a list of blocked domains there and I will actually add that one now as well.
Sometimes I think this method is easier, I was just concerned at what point would it be detrimental in performance terms, would it impact the server.
I have about 50 at the moment. I believe
There is no hard number for how many blacklist entries can cause performance issues. I'd say you're probably good till you roughly hit mid-tripple digits.

I'm adding it using the correct syntax? *@onefantasticshop.fr
That's actually the spam filter black list, which is different from the one I was referring to. But should do just as well I suppose. The syntax is correct for the spam filter black list.

Sometimes I also ping for their IP's and Blacklist them in imunify360? Is there one method better than the other when it comes to reducing Spam?
Blocking individual IP addresses to reduce spam is a rather tedious task, and not very effective either. It might help to get reduce spam from one particular source for a while. But than they start using another IP or server to sent out spam.

All in all I gather that you want to reduce the spam and probably can do with a more effective solution. So here a some options that can use on your Plesk server to help you reduce spam.

Warden Anti-spam and Virus Protection
A great extension with many features to help you tighten your spam filter trough Plesk.

SpamExperts Email Security
A great cloud based spam filter that can be used to route your emails trough.
 
Right. That's all good stuff. Thanks to you both for your input.
I've done the Syntax Correct now on Webmail. I see what you're saying in blocking those IP's and without some comment on the Block, would get tricky to remove them later. Yes it's time consuming, but right now I'm launching a Service that gives finance to people in Poverty, as voted by the Local Community. So once I can get revenues in after October, I'll see what I can afford with those suggested solutions.

Been a very useful topic for me and I hope for current and future readers.
 
Back
Top