How to strengthen outgoing spam filtering??

A

alveox

New Member
Sep 20, 2021
2
1
1
41
Hi, already use PMG for couple month and it work great.
2 week ago lots of our user password is breached, they got some covid19 relieve spam email redirecting to a deface and they input their user and password there..
Last week i tried to route my outgoing through the PMG, its working and some of the spam coming from our internal mail server is captured, but many still escape.

Question is how to strengthen this outgoing filtering??

For example here is one of SA status from the spam that cannot be capture by PMG..

Sep 19 00:07:16 mx2 pmg-smtp-filter[18863]: C278B61461CC3D4CBF: SA score=0/5 time=0.827 bayes=undefined autolearn=no autolearn_force=no hits=ALL_TRUSTED(-1),AWL(-0.729),HTML_MESSAGE(0.001),KAM_BLANKSUBJECT(0.25),KAM_DMARC_STATUS(0.01),KAM_INFOUSMEBIZ(0.75),MISSING_HEADERS(1.207),TVD_SPACE_RATIO(0.001)

Is there something i can do to somehow blok this kind of email??
 
Last edited:
  • Like
Reactions: kez
alveox said:
2 week ago lots of our user password is breached, they got some covid19 relieve spam email redirecting to a deface and they input their user and password there..
Click to expand...
* I would strongly suggest to change all users passwords in that situation
alveox said:
For example here is one of SA status from the spam that cannot be capture by PMG..
Click to expand...
here I would check - either in the logs of PMG (if the spammer uses the original e-mail address as MAIL FROM), or in the downstream-server's logs which account sent the mail - and lock that account (or change the password)

else - You could consider disabling autowhitelist and setting 'ALL_TRUSTED' to 0 in the custom spam scores

but I'm pretty sure that this is not a good way to deal with this - rather change the passwords

I hope this helps!
 
Thanks for that, last month we got that kind of problem too. And we enforce all user to change their password and also forcing to a more secure password. To be honest, its kinda hectic as not all person is tecky enough to change their own password (sad, usually old people)..

about ALL_TRUSTED(-1),AWL(-0.729)

how is the AWL work? Why PMG not blocking some user when he spam like 5k email on 3 hours.
The spamer is sending the email on 1 AM, no one is working/monitoring the server at that time. (no 24/7 NOC)
 
alveox said:
how is the AWL work?
Click to expand...
that's explained quite well in the SpamAssassin wiki: https://cwiki.apache.org/confluence/display/SPAMASSASSIN/AutoWhitelist
if it's creating wrong results for you (in the case of a hacked e-mail account, which suddenly starts spamming, I think it will) - just disable it (GUI->Configuration->Spam Detector->Use auto-whitelists)

alveox said:
Why PMG not blocking some user when he spam like 5k email on 3 hours.
Click to expand...
this is not implemented in pmg - some users use postfwd and integrate it - search in this forum - e.g. https://forum.proxmox.com/threads/sender-rate-limit-x-mails-hour.84086/#post-370196

I hope this helps!
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom