Spam prevention tweaking

N

Nisamudeen

Active Member
Apr 28, 2017
35
2
28
38
Hi,

We have two proxmox antispam gateway servers in production, Both are configured to have DNSBL block list with "sbl.spamhaus.org;xbl.spamhaus.org;zen.spamhaus.org" , Grey listing spam protection are also enabled.
Now known spammers are already blocked. Meanwhile our users are getting lots of marketing mails with wired subjects. While checking case by case I could see these senders are not listing in block list, all have valid, spf, RDNS and hello. How we can block these kind of emails ?

We need only legitimate emails received.

Some of example subjects that are passed.
These 3 Guys All Grew - Hear Their Stories
Smart Marketing 2019 - einfach outsourcen und Kosten sparen
Verliere 1 kg =?utf-8?Q?=C3=BCber?= Nacht durch diesen Trick
1 Tasse am Morgen verbrennt 3 kg Bauchfett


How we can also enabled detailed debugging log with proxmox antispam gateway, so that we can also see subject of emails in logs that are being relayed through the server.
 

Attachments

  • mail proxy configuration.png
    mail proxy configuration.png
    28.2 KB · Views: 62
See my Advancing PMG thread. Your Blacklists are a bit few ones and they also overlap (zen is enough and includes sbl and xbl, you just generate feed traffic in your setup). Grey listing I would not recommend to use. I recommend additional blacklists, rulesets and additional settings to improve RBL, GREET and Spam check.

For debugging I also posted header_checks in the Advancing Thread how you can add this informations in the logging. It's not supported by PMG yet.
 
Nisamudeen said:
Hi,

Thx for the update. I am now going through https://forum.proxmox.com/threads/advancing-proxmox-mail-gateway-especially-spam-and-virus-detection.44152/

I will provide feedback on this.


What about adding subject level check? Like we do in an ordinary relay server?

http://mattshaw.org/news/how-to-filter-mail-with-postfix-header_checks/

Or configuring spamassasin and amavisd for subject level blocking ? Possible to add more subjects to it ?
Click to expand...

You‘re welcome.

Yes, that’s one of the links I used to add Subject to logfile, you can also find in my Advancing Thread.

PMG doesn‘t use Amavis and you should not mix. However, if you want to tweak the shipped KAM rules with PMG or the extra rules, I used (they are for german mails/spam optimized, I saw in the forum someone with rules for russian mails/spam, so you should google and consider other SA rulesets), you can also add your own SA header or body checks.
 
  • Like
Reactions: Nisamudeen
Nisamudeen said:
We need only legitimate emails received.
Click to expand...

.... maybe in another life you can ;) I run mailservers for more then 10 years, and I can not achieve your target - and I try !

But you can do something to reduce the spam level:

- train your users to move their own spams in a dedicated folder and put amavis or other tool to learn from this
- use a dedicated dns server only for your mail server, then create your own dns zone for countries that is very unlikely to need to receive mails (as a stupid example could be trinidad-tobago - no offense )
- on internet you can find many source to use for ip adress classes alocated to each country (this lists can be also used to block any mail connection from country xxx, via a null route)
- use a smart firewall - spammers will start first to check your open ports (block any such atempt and add their IPs on a black-list)
- most of the spam emails will have a unsubscribe link (I reject any such mails in my own case)
- try to convince your user to not use any html mail viewer (so the spammers will not know that their load was accepted and for this reason they will send more)
- use if you can some fake mail servers (without using for sending mails - any IP who will try to connect will be a spammer, so you can block also this IPs)
- limit in your max smtp new connection from the same ip / time unit (any decent mail server will not need to try to send the same mail for more then 2 / 10 seconds)

.... and more thngs like this.

Good luck!
 
As an addition:

1. you just would need your users to move spam to a spam folder, in my advancing thread I provide an adjustable script then to read the spam (and if liked ham) folder and push the results to sa-learn on PMG

2. a bit easier you could also use <countrycode>.countries.nerd.dk as blocklist for each country, you would like to reject

3. a great idea, there are threads in this forum on how to setup fail2ban, maybe that would help, another idea of mine would be to create mailboxes or a catchall for unregistered addresses and directly learn that as spam, another idea, scrollout f1 has is to create a blacklist from this spamtraps, however, for all of them, did not find yet an easy solution

4. unsubscribe link filtering is a bit hardcore, there is also a list unsubscore of sites which ignore unsubscribe requests, however for me they have too much false-positives

5. same a bit hardcore in current times, however, some still read mail with pine and surf with lynx, but you should reject measure pixels, maybe with other tools or by prevent loading of images by default

6. wow, great thing, need to script to get the IPs on the blocklist, but great idea

7. recently did this with many spam mails coming in and can confirm, that works well. however with my adjustments to PMG didn’t see the need to do so currently.

For @guletz wouldn’t it be a great idea on all your trap and catching solutions to provide your own blacklist? Finally also for the Proxmox team would be a great thing (like Barracuda and others do) to provide such a service (e.g. to subscribers) to fetch their filter lists, confirmed spam, similar traps etc. and provide a list based on that
 
Hi @heutger ,

I read your post about spam fighting, and I thank you for this !

heutger said:
2. a bit easier you could also use <countrycode>.countries.nerd.dk as blocklist for each country, you would like to reject
Click to expand...

- yes but sometime, you do not want to block a entire <countrycode>, but only some sub-domains.<countrycode> , so in this case dns is better(for any mail bloking, a dns server is the cheapest and fast solution)

heutger said:
3. a great idea, there are threads in this forum on how to setup fail2ban, ....
Click to expand...

- fail2ban is not so efficient, in my case I am able to catch only few spammers / day, but is it very efficient to use a VM with CHR Mikrotik

heutger said:
6. wow, great thing, need to script to get the IPs on the blocklist, but great idea
Click to expand...
- I have a script for this(with a minor bug, but I can send it if you want)

heutger said:
For @guletz wouldn’t it be a great idea on all your trap and catching solutions to provide your own blacklist?
Click to expand...

- I can not do this(lack of time, and I do not have IT resurces for that)

Good luck!
 
  • Like
Reactions: heutger
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back