Image Spam

H

Hanspeter Kunz

Active Member
Proxmox Subscriber
Feb 5, 2018
16
0
41
53
Hi forum,

I am currently thinking about giving proxmox mailgateway a try. I checked the admin guide, to find out how exactly spam is detected. I see some details (rbl checks, razor2, bayesian). In particular I am interested in the way (if any) the mailgateway deals with image spam. Is there some more technical documentation where I can look this up?
Or has any of you experience with the proxmox mailgateway and image spam?

Best,
Hp
 
I am not aware of any image spam currently. Years ago we had OCR image detection, but the spam nowadays and this implementation does not fit together.

Do you have any example of such emails which you want to detect? Do not forget to increase you spam size checking, maybe spam-assassin is jut skipping your email because its too big.
 
Are you looking for something like the attached screenshot?

Anyhow how can I customize the values for specific rules? This is obviously spam and I get plenty of those mails (including radar warners and other stuff) and they're all ranked 3-4. I want to block them but sender mails keep changing, therefore blacklisting is not an option.

What about adding the option to change the weight / points values in the UI?
 

Attachments

  • Screen Shot 2018-02-13 at 10.09.04.png
    Screen Shot 2018-02-13 at 10.09.04.png
    584.3 KB · Views: 21
You can customize the spamassassin settings in the file /etc/mail/spamassassin/custom.cf

If you trust the DBL more then just raise the score, e.g.:

# https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html

# multi.uribl.com
# Contains an URL listed in the URIBL blacklist (default: 0 1.7 0 1.7)
score URIBL_BLACK 0 3.7 0 3.7

# dbl.spamhaus.org
# Contains a spam URL listed in the Spamhaus DBL blocklist (default: 0 2.5 0 2.5)
score URIBL_DBL_SPAM 0 4.5 0 4.5
# Contains a Phishing URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_PHISH 0 4.5 0 4.5
# Contains a malware URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_MALWARE 0 4.5 0 4.5
# Contains a botned C&C URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_BOTNETCC 0 4.5 0 4.5
# Contains an abused spamvertized URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_ABUSE_SPAM 0 4.5 0 4.5
# Contains an abused phishing URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_ABUSE_PHISH 0 4.5 0 4.5
# Contains an abused malware URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_ABUSE_MALW 0 4.5 0 4.5
# Contains an abused botnet C&C URL listed in the Spamhaus DBL blocklist
score URIBL_DBL_ABUSE_BOTCC 0 4.5 0 4.5
After your changes run
# spamassassin --lint -D
check for errors and restart the filter service
# systemctl restart pmg-smtp-filter.service
If that is not enough you can add a custom rule for header, uri and/or body:

body MY_BODY_1 /Von der Partnerin verlassen/
describe MY_BODY_1 Spam Protection Body-1
score MY_BODY_1 5

uri MY_URI_1 /example\.com/
describe MY_URI_1 Spam Protection Uri-1
score MY_URI_1 5

header MY_HEADER_1 Subject =~ /Subjext Text Match/
describe MY_HEADER_1 Spam Protection Header-1
score MY_HEADER_1 5

Hope that helps ....
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back