Recent content by ChFin

  1. [TUTORIAL] Authenticated SMTP, DKIM and DMARC

    @danielb Why did u implement a DKIM verifier? Isn't verification already done by the spamassassin DKIM plugin?
  2. Greylisting konfigurierbar?

    Meines Wissens ist das "Greylisting" über postscreen "deep protocol tests" realisiert. Es wird die Einhaltung des SMTP Protokolls geprüft und ist nicht zeitbasiert wie postgrey. (http://www.postfix.org/POSTSCREEN_README.html#after_220) Oder liege ich da falsch @ Proxmox-Team ?!
  3. Fragen zu Proxmox Mail Gateway V5.0

    => https://bugzilla.proxmox.com/show_bug.cgi?id=1648
  4. How to train for spam

    Unsupervised learning from SpamAssassin rules ( = autolearning ) is enabled. It's efficient & fast. For a site-wide bayesian filter I doubt that any additional (manual) training by users provides better results especially when they provide ham as spam or vice versa. I personally don't see the...
  5. Whitelist

    See https://spfbl.net/delist/ for blocking reasons
  6. Spam / Detector autoupdate

    Falls man die Spamassassin Regeln öfters als 1x täglich updaten möchte kann man das per cron erledigen. Zum Beispiel: # vi /etc/cron.hourly/sa-housekeeping # chmod 744 /etc/cron.hourly/sa-housekeeping #!/bin/sh SYSLOG_TAG=sa-update logger -d -p mail.info -t $SYSLOG_TAG "*** Start Spamassassin...
  7. whitelist

    See Documentation Chapter 4.5.8 All SMTP checks are disabled for those entries (e. g. Greylisting, SPF, RBL, …)
  8. whitelist

    You asked already about whitelists: https://forum.proxmox.com/threads/whitelist-dnsbl.41655/#post-200421 dnswl.org is already integrated into spamassassin. PS: https://wiki.apache.org/spamassassin/DnsBlocklists
  9. HTTPS

    Post the output of the following commands: # grep -i KEY /etc/pmg/pmg-api.pem # ls -la /etc/pmg/*.pem # openssl x509 -in /etc/pmg/pmg-api.pem -noout -text | grep -i Issuer To force/replace the certificate to a self signed one you can use the following command: # pmgconfig apicert --force 1
  10. Root login

    You can use the pam module: See here https://developers.yubico.com/yubico-pam/ Get a API Client ID: https://upgrade.yubico.com/getapikey/ In debian stretch it's just: # apt-get install libpam-yubico Create a yubikey mapping file /etc/yubikey_mappings <first user name>:<Yubikey token...
  11. Root login

    Use 2FA with OTP (e.g. https://www.yubico.com/). Use fail2ban.
  12. How to harden spam detection

    Configuration->Spam Detector -> Use RBL checks "Yes"
  13. How to harden spam detection

    What is the output of the test commands above? (if "dig" is not available install the dnsutils package with "apt-get install dnsutils") Do you have any URIBL_BLOCKED in your mail.log since you changed your dns?
  14. DKIM

    RTFM: You can find the default templates in /var/lib/pmg/templates/. Copy the templates you need to /etc/pmg/templates/, then apply your changes there. After that run: # pmgconfig sync --restart 1 => see 4.3. Service Configuration Templates
  15. "How to" - Local DNS Resolver for Proxmox Mail Gateway

    You don't want to forward any DNS query with spamassassin.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!