• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Input Warden Antispam & Virus Protection Extension for Plesk

@danami I've spotted that using the "Move" Spam action does not stop emails identified as being spam from being forwarded out of the server, thus relaying spam.

Is there a way of configuring Warden Anti-spam and Virus protection so that spams are delivered into the Spam folder of local mailboxes, but NOT forwarded off the server? The forwarding of spams (correctly identified by Warden) puts the sending reputation of our server at risk.
 
@danami
Is there a way of configuring Warden Anti-spam and Virus protection so that spams are delivered into the Spam folder of local mailboxes, but NOT forwarded off the server? The forwarding of spams (correctly identified by Warden) puts the sending reputation of our server at risk.
You would have to set the policy spam action to block or quarantine then spam will be rejected or quarantined.
 
You would have to set the policy spam action to block or quarantine then spam will be rejected or quarantined.
Thanks for the really quick response.

That's fair enough. I've configured that now and it is already working well.

I was hoping that there would be the option to put it in the Spam folder (if the email alias has a mailbox) and not deliver on to any forwarding rules (if they exist). Maybe one for your list of possible future product enhancements?
 
Maybe one for your list of possible future product enhancements?
The next major release of Warden is going to be out soon which has a lot of improvements. In the mean time I recommend that you add stronger SMTP restrictions to Postfix as this will block the bulk of spam before it even goes to Amavis (so it will help with yours spam forward problem with accounts that are move to spam folder). Here is a KB article outlining the changes that you can make now:

 
@danami I've spotted that using the "Move" Spam action does not stop emails identified as being spam from being forwarded out of the server, thus relaying spam.

Is there a way of configuring Warden Anti-spam and Virus protection so that spams are delivered into the Spam folder of local mailboxes, but NOT forwarded off the server? The forwarding of spams (correctly identified by Warden) puts the sending reputation of our server at risk.
We had the same problem with those forwardings which led to blacklisted mail servers on our side. One solution could be to disable external forwardings at all - there is even an old Plesk extension available for that. In our case this was no option. So we decided to setup an own automatic applied rule: all mailboxes that activate external forwardings will automatically be set to "spam action" = "block" and also very important "spam level" = "1" or "2". With spam levels >=3 we did not have satisfying results. It would be nice to have such an option already in the extension settings. E.g. disable external forwardings at all or do not forward if spam is detected and spam action is move or set a global rule for mailboxes, where external forwardings are activated.
 
The next major release of Warden is going to be out soon which has a lot of improvements. In the mean time I recommend that you add stronger SMTP restrictions to Postfix as this will block the bulk of spam before it even goes to Amavis (so it will help with yours spam forward problem with accounts that are move to spam folder). Here is a KB article outlining the changes that you can make now:

Very nice to hear that. On our servers 80% of all spam is already filtered out before it goes to Amavis with an appropriate Postfix configuration. As Plesk doesn't offer this configuration option natively yet, it would be a great thing to have it in your extension. See also my posting about this topic here: Postfix configuration parameters to fight spam.
 
Very nice to hear that. On our servers 80% of all spam is already filtered out before it goes to Amavis with an appropriate Postfix configuration. As Plesk doesn't offer this configuration option natively yet, it would be a great thing to have it in your extension. See also my posting about this topic here: Postfix configuration parameters to fight spam.
@Hangover2 don't worry we've aleady added postfix restriction managment and much much more in the next release :)
 
Added a new Postfix settings page under Settings -> Mail Server Settings. This area allows admins to set stronger SMTPD restrictions so that spam is rejected before it gets processed by Amavis. It is recommended that admins go to Settings -> Mail Server Settings then press the "default" button on that page to apply the new recommended SMTPD restrictions
does this mean that I can disable in plesk mailsettings the dnsbls and only set them in your extension?
 
In decades past, our servers came with Dr.Web enabled in Plesk through our host. Now that we've migrated to a new provider, I'm trying to find my way through the maze. The files on our server are pretty much static. It's email that is the big concern for AV.

I installed Juggernaut for GEO Blocking, and that was a bit of a learning curve.

Does Warden interact with Juggernaut in any way?

Also, it seems like many people talk about configuring Warden for several months. How much configuration is required upon installation?

Thanks in advance for the insight.
 
Does Warden interact with Juggernaut in any way?
Also, it seems like many people talk about configuring Warden for several months. How much configuration is required upon installation?
1. If you have Juggernaut Firewall installed then you can ban IP addresses on the firewall though the Warden interface if you want.
2. The getting started has everything that you would need to do in order to configure Warden to it's fullest. It usually takes less than 10 minutes. You can view it here:

 
1. If you have Juggernaut Firewall installed then you can ban IP addresses on the firewall though the Warden interface if you want.
2. The getting started has everything that you would need to do in order to configure Warden to it's fullest. It usually takes less than 10 minutes. You can view it here:

Thank you for the reply. It certainly seems like there is a lot there. I already have the MaxMind key for Juggernaut, so that part is done. We're actually using the GEO block to block all countries other than the U.S. I do have a couple of questions though, if I may.

1. It mentions that we need an AbusePDB key, and the free key is good for 1000 lookups per day, and 100 prefix lookups per day. That sounds like a lot, but if you think about even 15-20 users, which would be a very small server, that are getting spammed on top of legitimate email, 1000 lookups per day doesn't go very far. What happens once that free account level of 1000 is exceeded?

2. You mentioned DCC is not installed because it is not open source, yet it's recommended that we add that. What is the cost for DCC if it's not open source?

Thanks again for the help.
 
does this mean that I can disable in plesk mailsettings the dnsbls and only set them in your extension?
No. I get great value from having the DNS BL functionality enabled. That said we had an incident this week when we had obviously passed a threshold and we had about 6 hours of Spamhaus causing perfectly legitimate emails to be blocked, until we temporarily turned it off. The implications of these rejections going back to bulk senders (our own) is still being felt.

I've now registered a free account with Spamhaus and completely reviewed how we're using them (we were effectively querying the same things multiple times - DOH!) I'm still happy to talk about the enormous value that having this DNS BL enabled is giving. Checking the logs (since fixing it), there's not a single email which looks legitimate which is being blocked... and it is blocking about 10.0% to 12.5% of incoming emails.

My main gripe with @danami (Warden Anti-spam and Virus Protection) is that all emails coming through our server are taking ~10 seconds to be scanned both inbound and outbound. I'm collating data and I hope to be raising a post here to discuss it in more detail. Something isn't right and I'm sure that with a little help to re-configure correctly we'll be working better again.
 
Back
Top