• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Input Warden Antispam & Virus Protection Extension for Plesk

@danami I've spotted that using the "Move" Spam action does not stop emails identified as being spam from being forwarded out of the server, thus relaying spam.

Is there a way of configuring Warden Anti-spam and Virus protection so that spams are delivered into the Spam folder of local mailboxes, but NOT forwarded off the server? The forwarding of spams (correctly identified by Warden) puts the sending reputation of our server at risk.
 
Alex Presland said:
@danami
Is there a way of configuring Warden Anti-spam and Virus protection so that spams are delivered into the Spam folder of local mailboxes, but NOT forwarded off the server? The forwarding of spams (correctly identified by Warden) puts the sending reputation of our server at risk.
Click to expand...
You would have to set the policy spam action to block or quarantine then spam will be rejected or quarantined.
 
danami said:
You would have to set the policy spam action to block or quarantine then spam will be rejected or quarantined.
Click to expand...
Thanks for the really quick response.

That's fair enough. I've configured that now and it is already working well.

I was hoping that there would be the option to put it in the Spam folder (if the email alias has a mailbox) and not deliver on to any forwarding rules (if they exist). Maybe one for your list of possible future product enhancements?
 
Alex Presland said:
Maybe one for your list of possible future product enhancements?
Click to expand...
The next major release of Warden is going to be out soon which has a lot of improvements. In the mean time I recommend that you add stronger SMTP restrictions to Postfix as this will block the bulk of spam before it even goes to Amavis (so it will help with yours spam forward problem with accounts that are move to spam folder). Here is a KB article outlining the changes that you can make now:

 
Alex Presland said:
@danami I've spotted that using the "Move" Spam action does not stop emails identified as being spam from being forwarded out of the server, thus relaying spam.

Is there a way of configuring Warden Anti-spam and Virus protection so that spams are delivered into the Spam folder of local mailboxes, but NOT forwarded off the server? The forwarding of spams (correctly identified by Warden) puts the sending reputation of our server at risk.
Click to expand...
We had the same problem with those forwardings which led to blacklisted mail servers on our side. One solution could be to disable external forwardings at all - there is even an old Plesk extension available for that. In our case this was no option. So we decided to setup an own automatic applied rule: all mailboxes that activate external forwardings will automatically be set to "spam action" = "block" and also very important "spam level" = "1" or "2". With spam levels >=3 we did not have satisfying results. It would be nice to have such an option already in the extension settings. E.g. disable external forwardings at all or do not forward if spam is detected and spam action is move or set a global rule for mailboxes, where external forwardings are activated.
 
danami said:
The next major release of Warden is going to be out soon which has a lot of improvements. In the mean time I recommend that you add stronger SMTP restrictions to Postfix as this will block the bulk of spam before it even goes to Amavis (so it will help with yours spam forward problem with accounts that are move to spam folder). Here is a KB article outlining the changes that you can make now:

Click to expand...
Very nice to hear that. On our servers 80% of all spam is already filtered out before it goes to Amavis with an appropriate Postfix configuration. As Plesk doesn't offer this configuration option natively yet, it would be a great thing to have it in your extension. See also my posting about this topic here: Postfix configuration parameters to fight spam.
 
Hangover2 said:
Very nice to hear that. On our servers 80% of all spam is already filtered out before it goes to Amavis with an appropriate Postfix configuration. As Plesk doesn't offer this configuration option natively yet, it would be a great thing to have it in your extension. See also my posting about this topic here: Postfix configuration parameters to fight spam.
Click to expand...
@Hangover2 don't worry we've aleady added postfix restriction managment and much much more in the next release :)
 
Added a new Postfix settings page under Settings -> Mail Server Settings. This area allows admins to set stronger SMTPD restrictions so that spam is rejected before it gets processed by Amavis. It is recommended that admins go to Settings -> Mail Server Settings then press the "default" button on that page to apply the new recommended SMTPD restrictions
Click to expand...
does this mean that I can disable in plesk mailsettings the dnsbls and only set them in your extension?
 
In decades past, our servers came with Dr.Web enabled in Plesk through our host. Now that we've migrated to a new provider, I'm trying to find my way through the maze. The files on our server are pretty much static. It's email that is the big concern for AV.

I installed Juggernaut for GEO Blocking, and that was a bit of a learning curve.

Does Warden interact with Juggernaut in any way?

Also, it seems like many people talk about configuring Warden for several months. How much configuration is required upon installation?

Thanks in advance for the insight.
 
MacGyver said:
Does Warden interact with Juggernaut in any way?
Also, it seems like many people talk about configuring Warden for several months. How much configuration is required upon installation?
Click to expand...
1. If you have Juggernaut Firewall installed then you can ban IP addresses on the firewall though the Warden interface if you want.
2. The getting started has everything that you would need to do in order to configure Warden to it's fullest. It usually takes less than 10 minutes. You can view it here:

Getting Started | Warden Anti-spam and Virus Protection Documentation

Warden Anti-spam and Virus Protection
docs.danami.com docs.danami.com
 
danami said:
1. If you have Juggernaut Firewall installed then you can ban IP addresses on the firewall though the Warden interface if you want.
2. The getting started has everything that you would need to do in order to configure Warden to it's fullest. It usually takes less than 10 minutes. You can view it here:

Getting Started | Warden Anti-spam and Virus Protection Documentation

Warden Anti-spam and Virus Protection
docs.danami.com docs.danami.com
Click to expand...
Thank you for the reply. It certainly seems like there is a lot there. I already have the MaxMind key for Juggernaut, so that part is done. We're actually using the GEO block to block all countries other than the U.S. I do have a couple of questions though, if I may.

1. It mentions that we need an AbusePDB key, and the free key is good for 1000 lookups per day, and 100 prefix lookups per day. That sounds like a lot, but if you think about even 15-20 users, which would be a very small server, that are getting spammed on top of legitimate email, 1000 lookups per day doesn't go very far. What happens once that free account level of 1000 is exceeded?

2. You mentioned DCC is not installed because it is not open source, yet it's recommended that we add that. What is the cost for DCC if it's not open source?

Thanks again for the help.
 
Achim Drees said:
does this mean that I can disable in plesk mailsettings the dnsbls and only set them in your extension?
Click to expand...
No. I get great value from having the DNS BL functionality enabled. That said we had an incident this week when we had obviously passed a threshold and we had about 6 hours of Spamhaus causing perfectly legitimate emails to be blocked, until we temporarily turned it off. The implications of these rejections going back to bulk senders (our own) is still being felt.

I've now registered a free account with Spamhaus and completely reviewed how we're using them (we were effectively querying the same things multiple times - DOH!) I'm still happy to talk about the enormous value that having this DNS BL enabled is giving. Checking the logs (since fixing it), there's not a single email which looks legitimate which is being blocked... and it is blocking about 10.0% to 12.5% of incoming emails.

My main gripe with @danami (Warden Anti-spam and Virus Protection) is that all emails coming through our server are taking ~10 seconds to be scanned both inbound and outbound. I'm collating data and I hope to be raising a post here to discuss it in more detail. Something isn't right and I'm sure that with a little help to re-configure correctly we'll be working better again.
 
You must log in or register to reply here.

Similar threads

mschenk
Question Warden Anti-spam and Virus Protection - license question
Replies
4
Views
1K
mschenk
mschenk
K
Issue Message is regarded as spam (but isn't spam) and then the spam report is regarded as spam
Replies
3
Views
876
Kaspar
K
andreios
Question How to remove viruses with Clamav via Spamassassin
2
Replies
38
Views
8K
andreios
andreios
M
Question Email Security Pro command line per user settings
Replies
1
Views
1K
Mike99
M
danami
Input Sentinel Anti-malware Extension for Plesk
Replies
6
Views
3K
danami
danami
Back
Top