• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Input Warden Antispam & Virus Protection Extension for Plesk

Matt Sonnentag said:
Very impressed with the product so far. Wondering if there is any sort of report that provides in-sight to the effectiveness of DNSBL sites?
Click to expand...
Thanks for the positive feedback. As to the DNSBL effectiveness there are some online resources that will show you the effectiveness of some of the more popular DNSBLs:


ORF Fusion. Simply different.

Award winning e-mail security and monitoring software for Microsoft Exchange and IIS. Fully scalable from SMB to enterprise with a budget-friendly price.
vamsoft.com vamsoft.com

Also we have a list that we recommend in our documentation:

Getting Started | Warden Anti-spam and Virus Protection Documentation

Warden Anti-spam and Virus Protection
docs.danami.com docs.danami.com
 
I have a question, I have installed the trial of your product and so far like very much what I see.

One particular problem I have been having with a client site is a spoofed "reply to" input. Actually let me show you an example.

From: rh60 <[email protected]>
Date: June 30, 2021 at 3:56:29 AM EDT
To: [email protected]
Subject: New Message From Sente Building Group
Reply-To: "\"rh60\"" <[email protected]99.mokomichi.xyz>, rh60 <[email protected]>

If you look above you will see I have changed the client's actual domain to "realdomain.com" for this email. But in the "FROM" field it is showing a legit email address from within their domain. The "TO" field is also legit.

The only thing that is clearly wrong is the first entry in the "REPLY TO" line you can see the spammers actual email or a placeholder.

My question is can I set up a rule that would filter a message like this as SPAM and have it not go to the client? For this ONE particular client as they would NEVER send an email with TWO reply-to addresses in one email.

Thoughts?
 
bkkcanuck said:
I have a question, I have installed the trial of your product and so far like very much what I see.

One particular problem I have been having with a client site is a spoofed "reply to" input. Actually let me show you an example.

From: rh60 <[email protected]>
Date: June 30, 2021 at 3:56:29 AM EDT
To: [email protected]
Subject: New Message From Sente Building Group
Reply-To: "\"rh60\"" <[email protected]99.mokomichi.xyz>, rh60 <[email protected]>

If you look above you will see I have changed the client's actual domain to "realdomain.com" for this email. But in the "FROM" field it is showing a legit email address from within their domain. The "TO" field is also legit.

The only thing that is clearly wrong is the first entry in the "REPLY TO" line you can see the spammers actual email or a placeholder.

My question is can I set up a rule that would filter a message like this as SPAM and have it not go to the client? For this ONE particular client as they would NEVER send an email with TWO reply-to addresses in one email.

Thoughts?
Click to expand...
Warden allows you to add any type of custom spamassassin rule. You could easily add a rule for this under the Warden rules tab. A similar example:
serverfault.com

SpamAssassin, Postfix, and Multiple Addresses in From Header

I'm working on a problem that I'm seeing with an email scanning server (MailScanner, Spamassassin, Postfix, etc.), and From header spoofing. Unfortunately, some of the versions of these components...
serverfault.com serverfault.com

You would juse use the reply-to: field instead of the from: in the example :)
 
  1. Does this extension require extensive technical knowledge to use?
  2. Are spam messages auto-deleted after x days?
 
Pagemakers said:
  1. Does this extension require extensive technical knowledge to use?
  2. Are spam messages auto-deleted after x days?
Click to expand...
1. No not really.
2. Yes. The admin can even configure how many days they want to keep spam in the users spam folders.
 
Thank you. I’ll uninstall Plesk Email Security and install Warden over the weekend.

We’ve changed our server and the old one has MagicSpam free. The new server has Plesk Email Security and it lets through much more spam and doesn’t auto-delete email so I’m looking to change.

If I wanted can Warden only install anti-spam or must all the modules be installed?
 
Is it possible to rename the Warden Antispam and Virus Protection link in the Plesk left panel. It’s a bit long and wraps over 2 lines. I’d just like to call it Warden

47DE796F-4BA8-48B6-A68F-3744C960C08F.jpeg
 
Is there any simple way to learn from messages in the main logs page.

EG: Warden identifies an email as SPAM - is there any easy way to say it’s not spam or vice-versa?
 
Pagemakers said:
EG: Warden identifies an email as SPAM - is there any easy way to say it’s not spam or vice-versa?
Click to expand...
Yes the user can just mark the message as HAM in their desktop email client or though their webmail. Warden has real-time learning. It uses the dovecot service to train the Anti-spam system any time a user moves a message to or from their spam folder.

You can read more about it here:
 
This replies on the user doing the right thing and not simply deleting the email.

I wish the admin could simply mark spam and ham emails via the logs page. I guess it’s not possible. I used to do this with MagicSpam.
 
Pagemakers said:
I wish the admin could simply mark spam and ham emails via the logs page. I guess it’s not possible. I used to do this with MagicSpam.
Click to expand...
You can whitelist an email from the log by clicking on the recipient address then bringing up their mailbox policy but it's better for bayes real training to be done at the user level (or within Warden in the quarantine area) because then you are learning from the actual content of the message and not just the from: address which can be easily forged.
 
You must log in or register to reply here.

Similar threads

T
Question E-mail anti spam suggestion (incoming/outgoing)
Replies
2
Views
631
T2121
T
mschenk
Question Warden Anti-spam and Virus Protection - license question
Replies
4
Views
1K
mschenk
mschenk
K
Issue Message is regarded as spam (but isn't spam) and then the spam report is regarded as spam
Replies
3
Views
2K
Kaspar
K
andreios
Question How to remove viruses with Clamav via Spamassassin
2
Replies
38
Views
10K
andreios
andreios
M
Question Email Security Pro command line per user settings
Replies
1
Views
2K
Mike99
M
Back
Top