Bad Spam recognition (compared to other solutions)

So as requested by @ozgurerdogan

- Custom ClamAV-Signatures added, inspired from here https://forum.proxmox.com/threads/more-clamav-signatures-via-databasecustomurl.93206/
- Business Linux Editionfrom AVAST for 3 Years.
We have about 200k in/out E-Mails per month, not that much. This is current month virus/scam detection-Chart.


1664202290183.png

1664202351945.png
Currently we use this DNSBL-Sites-List with Threshold "3"
wl.mailspike.net*-1,
list.dnswl.org*-1,
score.senderscore.com=127.0.[0..255].80..100]*-1,
zen.spamhaus.org*2,
bl.spamcop.net*2,
psbl.surriel.com*2,
spamrbl.imp.ch*2,
noptr.spamrats.com*2,
escalations.dnsbl.sorbs.net*2,
bl.score.senderscore.com*1,
bl.spameatingmonkey.net*2,
rbl.realtimeblacklist.com*2,
dnsbl.dronebl.org*2,
ix.dnsbl.manitu.net*2,
b.barracudacentral.org,
truncate.gbudb.net,
bl.blocklist.de,
nomail.rhsbl.sorbs.net*2,
badconf.rhsbl.sorbs.net*2,
zombie.dnsbl.sorbs.net*2,
smtp.dnsbl.sorbs.net*2,
dnsbl.dronebl.org,
ip4.bl.zenrbl.pl,
apikeyhidden.combined.mail.abusix.zone*2,
rhsbl.rbl.polspam.pl,dnsbl.spfbl.net,
spam.dnsbl.anonmails.de,
dnsbl.justspam.org,
rbl.rbldns.ru,
bl.0spam.org,
0spam.fusionzero.com,
rbl.metunet.com,
all.s5h.net,
rhsbl.rbl.polspam.pl,
dnsbl.zapbl.net,
black.dnsbl.brukalai.lt,
black.junkemailfilter.com,
all.spamrats.com,
dnsbl.tornevall.org,
dnsbl-3.uceprotect.net,
bl-h3.rbl.polspam.pl

We also made a VirusTotal-API-Checkscript. But this is not allowed in commercial usage without paying. So it was more a proof of concept.
https://forum.proxmox.com/threads/virustotal-api-integration.113194/#post-489113

Greylisting is enabled and also SPF and Before Queue Filtering

At least we use Mail Filter in different Levels for different Domains. Sharpest blocks already at Spam Level 5.
1664202677975.png
Was enabled after feeding the PMG-Database with tons of known E-Mail-Adresses and Domains from Customers Contacts...
 
  • Like
Reactions: hata_ph
Hi, just found out this topic.
So as requested by @ozgurerdogan

- Custom ClamAV-Signatures added, inspired from here https://forum.proxmox.com/threads/more-clamav-signatures-via-databasecustomurl.93206/
- Business Linux Editionfrom AVAST for 3 Years.
We have about 200k in/out E-Mails per month, not that much. This is current month virus/scam detection-Chart.


View attachment 41598

View attachment 41599
Currently we use this DNSBL-Sites-List with Threshold "3"
wl.mailspike.net*-1,
list.dnswl.org*-1,
score.senderscore.com=127.0.[0..255].80..100]*-1,
zen.spamhaus.org*2,
bl.spamcop.net*2,
psbl.surriel.com*2,
spamrbl.imp.ch*2,
noptr.spamrats.com*2,
escalations.dnsbl.sorbs.net*2,
bl.score.senderscore.com*1,
bl.spameatingmonkey.net*2,
rbl.realtimeblacklist.com*2,
dnsbl.dronebl.org*2,
ix.dnsbl.manitu.net*2,
b.barracudacentral.org,
truncate.gbudb.net,
bl.blocklist.de,
nomail.rhsbl.sorbs.net*2,
badconf.rhsbl.sorbs.net*2,
zombie.dnsbl.sorbs.net*2,
smtp.dnsbl.sorbs.net*2,
dnsbl.dronebl.org,
ip4.bl.zenrbl.pl,
apikeyhidden.combined.mail.abusix.zone*2,
rhsbl.rbl.polspam.pl,dnsbl.spfbl.net,
spam.dnsbl.anonmails.de,
dnsbl.justspam.org,
rbl.rbldns.ru,
bl.0spam.org,
0spam.fusionzero.com,
rbl.metunet.com,
all.s5h.net,
rhsbl.rbl.polspam.pl,
dnsbl.zapbl.net,
black.dnsbl.brukalai.lt,
black.junkemailfilter.com,
all.spamrats.com,
dnsbl.tornevall.org,
dnsbl-3.uceprotect.net,
bl-h3.rbl.polspam.pl

We also made a VirusTotal-API-Checkscript. But this is not allowed in commercial usage without paying. So it was more a proof of concept.
https://forum.proxmox.com/threads/virustotal-api-integration.113194/#post-489113

Greylisting is enabled and also SPF and Before Queue Filtering

At least we use Mail Filter in different Levels for different Domains. Sharpest blocks already at Spam Level 5.
View attachment 41600
Was enabled after feeding the PMG-Database with tons of known E-Mail-Adresses and Domains from Customers Contacts...
Did you used paid clamav signature ?

Do you know why default clamav signature are not efficient ? Seems weird to me that I need to get unofficial signature to get a proper protection
 
Hi, just found out this topic.

Did you used paid clamav signature ?

Do you know why default clamav signature are not efficient ? Seems weird to me that I need to get unofficial signature to get a proper protection
We never used paid CLAMAV Signatures.... did even not recognize that there exist any.
We had very good experience with the custom unofficial signatures....
 
I was just about to install PMG but now confused... A friend told me that I have to add rules to have better results but I guess it will still not enough...
Just wanted to update here about that I have been running PMG for couple days and till now I am happy with it. So need some attention for installing and adjusting detailed configuration. So I highly can recomment it for anyone still trying to decide about it. :)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!