How to harden spam detection

K

Kan

Renowned Member
Dec 21, 2016
89
5
73
55
Hello,

I see there are 2 parameters I can modify :
- Backscatter score (default value : 0)
- Heuristic score (default value : 3)

How should I modify these parameters to harden filters ? Thx
 
  • Like
Reactions: DerDanilo and Christoph Engelbert
Ok for bounced mails but the mailgateway i installed does not block a good percentage of spam. Some mails are pure spam and it passes through filters. How can I have filters more strict ?
 
I use the closest DNS available. Hetzner DNS servers since the ded hosts are running with their networks.
 
use your own DNS resolver - Hetzner does not work

EDIT: (the first 3 are Hetzner DNS Server)
# dig +short @213.133.98.98 2.0.0.127.zen.spamhaus.org
# dig +short @213.133.99.99 2.0.0.127.zen.spamhaus.org
# dig +short @213.133.100.100 2.0.0.127.zen.spamhaus.org
# dig +short @mylocaldns 2.0.0.127.zen.spamhaus.org
127.0.0.4
127.0.0.10
127.0.0.2

# dig +short txt @213.133.98.98 2.0.0.127.zen.spamhaus.org
# dig +short txt @127.0.0.1 2.0.0.127.zen.spamhaus.org
"https://www.spamhaus.org/sbl/query/SBL2"
"https://www.spamhaus.org/query/ip/127.0.0.2"
 
Last edited:
ChFin said:
use your own DNS resolver - Hetzner does not work

EDIT: (the first 3 are Hetzner DNS Server)
# dig +short @213.133.98.98 2.0.0.127.zen.spamhaus.org
# dig +short @213.133.99.99 2.0.0.127.zen.spamhaus.org
# dig +short @213.133.100.100 2.0.0.127.zen.spamhaus.org
# dig +short @mylocaldns 2.0.0.127.zen.spamhaus.org
127.0.0.4
127.0.0.10
127.0.0.2

# dig +short txt @213.133.98.98 2.0.0.127.zen.spamhaus.org
# dig +short txt @127.0.0.1 2.0.0.127.zen.spamhaus.org
"https://www.spamhaus.org/sbl/query/SBL2"
"https://www.spamhaus.org/query/ip/127.0.0.2"
Click to expand...
I don't understand your message. Can you explain it please ?

I've just installed bind on the PMG server as you suggested (and Tom). What should I do next ?
 
Kan said:
I don't understand your message. Can you explain it please ?
Click to expand...
That was just to show that Hetzner DNS does not work with (Spamhaus) DNSBL in response to @DerDanilo message.

If you have installed and configured bind as I explained than you are ok. The mailgateway should now detect the spam.

This commands should always return the IP of your local DNS:
# dig o-o.myaddr.l.google.com -t txt +short
# dig -t a whoami.v4.powerdns.org +short
# dig -t txt whoami.v4.powerdns.org +short
# dig -t txt whoami-ecs.v4.powerdns.org +short
# dig -t a whoami.akamai.net +short

Test/Result with Spamhaus:
# dig +short 2.0.0.127.zen.spamhaus.org
127.0.0.4
127.0.0.10
127.0.0.2

Test/Result with URIBL
# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"
 
  • Like
Reactions: DerDanilo
Today morning I've got more spams than yesterday :( (after installing bind as suggested)

How can I verify if the server really checks DNSBL ?
 
Kan said:
Today morning I've got more spams than yesterday :( (after installing bind as suggested)

How can I verify if the server really checks DNSBL ?
Click to expand...
What is the output of the test commands above? (if "dig" is not available install the dnsutils package with "apt-get install dnsutils")
Do you have any URIBL_BLOCKED in your mail.log since you changed your dns?
 
ChFin said:
What is the output of the test commands above? (if "dig" is not available install the dnsutils package with "apt-get install dnsutils")
Do you have any URIBL_BLOCKED in your mail.log since you changed your dns?
Click to expand...
The dig command returns exactly what you described in your post. I think this is OK.

I have a lot of lines like this one in mail.log BEFORE bind install :
Feb 26 16:36:00 mailgateway pmg-smtp-filter[1792]: 2226B55A94295F9DB40: SA score=3/5 time=0.651 bayes=undefined autolearn=no autolearn_force=no hits=DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_RATIO_02,HTML_MESSAGE,JMQ_SPF_NEUTRAL_ALL,KAM_HTMLNOISE,RDNS_NONE,SPF_PASS,T_REMOTE_IMAGE,URIBL_BLOCKED
Click to expand...
But none after.

Is there any others parameters to modify ?
 
You must log in or register to reply here.
Top Bottom