Bad Spam recognition (compared to other solutions)

itNGO

Well-Known Member
Jun 12, 2020
583
128
48
44
Germany
it-ngo.com
So as requested by @ozgurerdogan

- Custom ClamAV-Signatures added, inspired from here https://forum.proxmox.com/threads/more-clamav-signatures-via-databasecustomurl.93206/
- Business Linux Editionfrom AVAST for 3 Years.
We have about 200k in/out E-Mails per month, not that much. This is current month virus/scam detection-Chart.


1664202290183.png

1664202351945.png
Currently we use this DNSBL-Sites-List with Threshold "3"
wl.mailspike.net*-1,
list.dnswl.org*-1,
score.senderscore.com=127.0.[0..255].80..100]*-1,
zen.spamhaus.org*2,
bl.spamcop.net*2,
psbl.surriel.com*2,
spamrbl.imp.ch*2,
noptr.spamrats.com*2,
escalations.dnsbl.sorbs.net*2,
bl.score.senderscore.com*1,
bl.spameatingmonkey.net*2,
rbl.realtimeblacklist.com*2,
dnsbl.dronebl.org*2,
ix.dnsbl.manitu.net*2,
b.barracudacentral.org,
truncate.gbudb.net,
bl.blocklist.de,
nomail.rhsbl.sorbs.net*2,
badconf.rhsbl.sorbs.net*2,
zombie.dnsbl.sorbs.net*2,
smtp.dnsbl.sorbs.net*2,
dnsbl.dronebl.org,
ip4.bl.zenrbl.pl,
apikeyhidden.combined.mail.abusix.zone*2,
rhsbl.rbl.polspam.pl,dnsbl.spfbl.net,
spam.dnsbl.anonmails.de,
dnsbl.justspam.org,
rbl.rbldns.ru,
bl.0spam.org,
0spam.fusionzero.com,
rbl.metunet.com,
all.s5h.net,
rhsbl.rbl.polspam.pl,
dnsbl.zapbl.net,
black.dnsbl.brukalai.lt,
black.junkemailfilter.com,
all.spamrats.com,
dnsbl.tornevall.org,
dnsbl-3.uceprotect.net,
bl-h3.rbl.polspam.pl

We also made a VirusTotal-API-Checkscript. But this is not allowed in commercial usage without paying. So it was more a proof of concept.
https://forum.proxmox.com/threads/virustotal-api-integration.113194/#post-489113

Greylisting is enabled and also SPF and Before Queue Filtering

At least we use Mail Filter in different Levels for different Domains. Sharpest blocks already at Spam Level 5.
1664202677975.png
Was enabled after feeding the PMG-Database with tons of known E-Mail-Adresses and Domains from Customers Contacts...
 
  • Like
Reactions: hata_ph

bougatoyta

Member
Jun 8, 2021
53
5
8
33
Hi, just found out this topic.
So as requested by @ozgurerdogan

- Custom ClamAV-Signatures added, inspired from here https://forum.proxmox.com/threads/more-clamav-signatures-via-databasecustomurl.93206/
- Business Linux Editionfrom AVAST for 3 Years.
We have about 200k in/out E-Mails per month, not that much. This is current month virus/scam detection-Chart.


View attachment 41598

View attachment 41599
Currently we use this DNSBL-Sites-List with Threshold "3"
wl.mailspike.net*-1,
list.dnswl.org*-1,
score.senderscore.com=127.0.[0..255].80..100]*-1,
zen.spamhaus.org*2,
bl.spamcop.net*2,
psbl.surriel.com*2,
spamrbl.imp.ch*2,
noptr.spamrats.com*2,
escalations.dnsbl.sorbs.net*2,
bl.score.senderscore.com*1,
bl.spameatingmonkey.net*2,
rbl.realtimeblacklist.com*2,
dnsbl.dronebl.org*2,
ix.dnsbl.manitu.net*2,
b.barracudacentral.org,
truncate.gbudb.net,
bl.blocklist.de,
nomail.rhsbl.sorbs.net*2,
badconf.rhsbl.sorbs.net*2,
zombie.dnsbl.sorbs.net*2,
smtp.dnsbl.sorbs.net*2,
dnsbl.dronebl.org,
ip4.bl.zenrbl.pl,
apikeyhidden.combined.mail.abusix.zone*2,
rhsbl.rbl.polspam.pl,dnsbl.spfbl.net,
spam.dnsbl.anonmails.de,
dnsbl.justspam.org,
rbl.rbldns.ru,
bl.0spam.org,
0spam.fusionzero.com,
rbl.metunet.com,
all.s5h.net,
rhsbl.rbl.polspam.pl,
dnsbl.zapbl.net,
black.dnsbl.brukalai.lt,
black.junkemailfilter.com,
all.spamrats.com,
dnsbl.tornevall.org,
dnsbl-3.uceprotect.net,
bl-h3.rbl.polspam.pl

We also made a VirusTotal-API-Checkscript. But this is not allowed in commercial usage without paying. So it was more a proof of concept.
https://forum.proxmox.com/threads/virustotal-api-integration.113194/#post-489113

Greylisting is enabled and also SPF and Before Queue Filtering

At least we use Mail Filter in different Levels for different Domains. Sharpest blocks already at Spam Level 5.
View attachment 41600
Was enabled after feeding the PMG-Database with tons of known E-Mail-Adresses and Domains from Customers Contacts...
Did you used paid clamav signature ?

Do you know why default clamav signature are not efficient ? Seems weird to me that I need to get unofficial signature to get a proper protection
 

itNGO

Well-Known Member
Jun 12, 2020
583
128
48
44
Germany
it-ngo.com
Hi, just found out this topic.

Did you used paid clamav signature ?

Do you know why default clamav signature are not efficient ? Seems weird to me that I need to get unofficial signature to get a proper protection
We never used paid CLAMAV Signatures.... did even not recognize that there exist any.
We had very good experience with the custom unofficial signatures....
 

ozgurerdogan

Active Member
May 2, 2010
564
5
43
Bursa, Turkey, Turkey
I was just about to install PMG but now confused... A friend told me that I have to add rules to have better results but I guess it will still not enough...
Just wanted to update here about that I have been running PMG for couple days and till now I am happy with it. So need some attention for installing and adjusting detailed configuration. So I highly can recomment it for anyone still trying to decide about it. :)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!