How to harden spam detection

Kan

Well-Known Member
Dec 21, 2016
86
5
48
54
Hello,

I see there are 2 parameters I can modify :
- Backscatter score (default value : 0)
- Heuristic score (default value : 3)

How should I modify these parameters to harden filters ? Thx
 
Ok for bounced mails but the mailgateway i installed does not block a good percentage of spam. Some mails are pure spam and it passes through filters. How can I have filters more strict ?
 
I use the closest DNS available. Hetzner DNS servers since the ded hosts are running with their networks.
 
use your own DNS resolver - Hetzner does not work

EDIT: (the first 3 are Hetzner DNS Server)
# dig +short @213.133.98.98 2.0.0.127.zen.spamhaus.org
# dig +short @213.133.99.99 2.0.0.127.zen.spamhaus.org
# dig +short @213.133.100.100 2.0.0.127.zen.spamhaus.org
# dig +short @mylocaldns 2.0.0.127.zen.spamhaus.org

127.0.0.4
127.0.0.10
127.0.0.2

# dig +short txt @213.133.98.98 2.0.0.127.zen.spamhaus.org
# dig +short txt @127.0.0.1 2.0.0.127.zen.spamhaus.org

"https://www.spamhaus.org/sbl/query/SBL2"
"https://www.spamhaus.org/query/ip/127.0.0.2"
 
Last edited:
use your own DNS resolver - Hetzner does not work

EDIT: (the first 3 are Hetzner DNS Server)
# dig +short @213.133.98.98 2.0.0.127.zen.spamhaus.org
# dig +short @213.133.99.99 2.0.0.127.zen.spamhaus.org
# dig +short @213.133.100.100 2.0.0.127.zen.spamhaus.org
# dig +short @mylocaldns 2.0.0.127.zen.spamhaus.org

127.0.0.4
127.0.0.10
127.0.0.2

# dig +short txt @213.133.98.98 2.0.0.127.zen.spamhaus.org
# dig +short txt @127.0.0.1 2.0.0.127.zen.spamhaus.org

"https://www.spamhaus.org/sbl/query/SBL2"
"https://www.spamhaus.org/query/ip/127.0.0.2"
I don't understand your message. Can you explain it please ?

I've just installed bind on the PMG server as you suggested (and Tom). What should I do next ?
 
I don't understand your message. Can you explain it please ?
That was just to show that Hetzner DNS does not work with (Spamhaus) DNSBL in response to @DerDanilo message.

If you have installed and configured bind as I explained than you are ok. The mailgateway should now detect the spam.

This commands should always return the IP of your local DNS:
# dig o-o.myaddr.l.google.com -t txt +short
# dig -t a whoami.v4.powerdns.org +short
# dig -t txt whoami.v4.powerdns.org +short
# dig -t txt whoami-ecs.v4.powerdns.org +short
# dig -t a whoami.akamai.net +short


Test/Result with Spamhaus:
# dig +short 2.0.0.127.zen.spamhaus.org
127.0.0.4
127.0.0.10
127.0.0.2

Test/Result with URIBL
# host -tTXT 2.0.0.127.multi.uribl.com
2.0.0.127.multi.uribl.com descriptive text "permanent testpoint"
 
  • Like
Reactions: DerDanilo
Today morning I've got more spams than yesterday :( (after installing bind as suggested)

How can I verify if the server really checks DNSBL ?
 
Today morning I've got more spams than yesterday :( (after installing bind as suggested)

How can I verify if the server really checks DNSBL ?
What is the output of the test commands above? (if "dig" is not available install the dnsutils package with "apt-get install dnsutils")
Do you have any URIBL_BLOCKED in your mail.log since you changed your dns?
 
What is the output of the test commands above? (if "dig" is not available install the dnsutils package with "apt-get install dnsutils")
Do you have any URIBL_BLOCKED in your mail.log since you changed your dns?
The dig command returns exactly what you described in your post. I think this is OK.

I have a lot of lines like this one in mail.log BEFORE bind install :
Feb 26 16:36:00 mailgateway pmg-smtp-filter[1792]: 2226B55A94295F9DB40: SA score=3/5 time=0.651 bayes=undefined autolearn=no autolearn_force=no hits=DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_IMAGE_RATIO_02,HTML_MESSAGE,JMQ_SPF_NEUTRAL_ALL,KAM_HTMLNOISE,RDNS_NONE,SPF_PASS,T_REMOTE_IMAGE,URIBL_BLOCKED
But none after.

Is there any others parameters to modify ?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!