Protection from spam on servers with ISPmanager
The problem of protecting the server from spam often comes before us even now, despite the long history of dealing with it. The ISPmanager control panel allows you to use almost all the achievements developed in this area. Among them:
How to use all these tools to most effectively solve the problem of unwanted correspondence?
Gray lists - one of the most basic and probably the most effective tool in the fight against spam. It is from them that you should start setting up the mail protection system. Gray lists allow you to cut off spam by delaying the reception of letters by the mail server. This method works because the senders of advertising mailings, as a rule, are not concerned about the quality of the delivery of letters and do not check whether each of the sent letters was delivered or not. For them, the most important thing is to send the maximum number of letters in the shortest possible time.
The mail server, when you turn on the gray list mode, rejects each incoming letter and asks the sending server to retry sending after some time. And since spammers usually do not store letters in the queue, such letters are not sent again. This way of dealing with spam is very effective and cuts off most of the unwanted correspondence.
')
To enable the gray list mode, it must be activated in the "Features" section. To create a list of “verified” addresses of senders for which the initial rejection of mail will not be made, you need to go to the “Greylisting” section, click the “Create” button, and in the window that opens, specify the sender's settings, letters from which will not be rejected:
Sender type - this field determines which parameter is used to evaluate the sender of the e-mail message. Possible options:
Sender - value corresponding to the specified sender type (for example, 123.45.67.89, 123.45.67.0/24, somedomain.com or mail@example.org).
Recipient Type - determines by which parameter to evaluate the recipient of the mail message. This field is not available if Postgrey is used for Greylisting. Possible options:
If you need to completely disable the gray lists for any of the mail domains or individual mailboxes, you need to go to the Domain Names section or Mailboxes, select a domain or mailbox, click the Edit button, and in the window that opens uncheck the box next to “Enable Greylisting”.
The main disadvantage of this method of combating spam is the delay in receiving mail by the server from several minutes to several hours, depending on the settings of the sending server. Therefore, if the speed of receiving mail is critical for you and your users, then you should use the gray list mode with great care.
After the gray list mode, you should refer to the DNSBL (they are also the DNS blacklist or “DNS Black Lists”) - constantly updated lists of addresses of servers from which spam was noticed. If you have ever used ad blockers like AdBlock +, then the DNSBL operation will seem familiar to you. Black lists are filled by many companies around the world, which allows you to create the most comprehensive and current list of spam servers.
To add DNSBL servers, in the “Spam protection” section, select the “Dnsbl blocking” option, click the “Create” button there and add a new block list. In the "Block list" field, you must specify the domain name of the block list. Periodically from this server the base of “problem” addresses will be updated, receiving of mail from which side should be avoided.
The most comprehensive list of block list addresses can be found at www.dnsbl.info/dnsbl-list.php
It is worth paying attention to the complexity of controlling the composition of the DNSBL lists, since they are replenished automatically, without your knowledge. This can lead to problems with receiving mail from servers that you might consider legal and valid. Therefore, if it is important for you to receive mail from any "controversial" addresses, or else absolutely from all addresses, then this method of protection may not be suitable for you.
The last option is to protect the server from spam at the stage of receiving mail and the easiest one. You simply make a list of addresses of previously known "problem" senders, and any letters from these addresses are no longer received by your server.
To add unwanted senders to the black list, in the ISPmanager control panel, go to the Black List page in the Anti-Spam section and click the Create button there.
In the field "Sender" you need to specify the IP address of the mail server, or the mail domain, or email address.
After most of the spam is filtered out at the stage of receiving mail by the server, the means of analyzing the already received mail comes into play. SpamAssassin is one of the most popular server spam recognition solutions. SA analyzes mail already received by the server for compliance with the basic criteria for spam letters (characteristic headers, words, design, etc.). A letter, after passing all the tests, is given a certain grade, on the basis of which the letter is considered normal, or sent to spam.
To enable SpamAssassin on the server, you must activate it in the "Features" section. After that, a subsection with the corresponding name will appear in the section “Protection against spam”. In this section you can customize the behavior of SpamAssassin:
Required score - the number of points, after which the letter will be classified as spam. By default, this value is 5. It is undesirable to underestimate it too much, otherwise many normal emails can be marked as spam and subsequently rejected by users' mail clients.
Assessment to start can be left at the default level. The added label is required for more convenient configuration of mail filters by users. It is advisable not to leave the field empty and set some characteristic label. You can leave something like “[SPAM]”.
To combat outgoing spam on the server, you can use the limit on the number of sent letters per unit of time. The ability to establish such restrictions will be only when using the Exim mail server.
To set a limit for any user, mail domain or mailbox, you need to open the "Message Limit" form and specify how many letters can be sent by this addressee per hour. When this limit is reached, all subsequent shipments will not be sent until the next hour.
In version 4.4.8 of the ISPmanager panel, you can now enable DKIM for your mail domains. DKIM is a digital signature authentication method for a mail server that signs all email sent from it. This does not affect directly protecting your server from spam, but it allows you to improve your reputation with other mail servers and avoid many problems with mail delivery.
You can install DKIM in the "Features" section. It should be noted that while the activation of DKIM through the ISPmanager panel is possible only if you use the Sendmail mail server.
- Gray Lists (Greylisting)
- DNSBL
- Black lists
- Spamassassin
- DKIM
How to use all these tools to most effectively solve the problem of unwanted correspondence?
Gray Lists (Greylisting)
Gray lists - one of the most basic and probably the most effective tool in the fight against spam. It is from them that you should start setting up the mail protection system. Gray lists allow you to cut off spam by delaying the reception of letters by the mail server. This method works because the senders of advertising mailings, as a rule, are not concerned about the quality of the delivery of letters and do not check whether each of the sent letters was delivered or not. For them, the most important thing is to send the maximum number of letters in the shortest possible time.
The mail server, when you turn on the gray list mode, rejects each incoming letter and asks the sending server to retry sending after some time. And since spammers usually do not store letters in the queue, such letters are not sent again. This way of dealing with spam is very effective and cuts off most of the unwanted correspondence.
')
To enable the gray list mode, it must be activated in the "Features" section. To create a list of “verified” addresses of senders for which the initial rejection of mail will not be made, you need to go to the “Greylisting” section, click the “Create” button, and in the window that opens, specify the sender's settings, letters from which will not be rejected:
Sender type - this field determines which parameter is used to evaluate the sender of the e-mail message. Possible options:
- IP-address - the IP-address of the mail server from which this message was sent will be checked. IP addresses can be specified in whole blocks using wildcards.
- Domain name - the mail domain from which the letter was sent will be checked.
- Email Address - the sender's email address will be checked.
Sender - value corresponding to the specified sender type (for example, 123.45.67.89, 123.45.67.0/24, somedomain.com or mail@example.org).
Recipient Type - determines by which parameter to evaluate the recipient of the mail message. This field is not available if Postgrey is used for Greylisting. Possible options:
- The general rule - this rule will be applied to all incoming mail, regardless of the recipient. General rules can be created only by the administrator of the control panel.
- The domain name - in accordance with this rule, will be checked the value specified in the email address of the recipient of the message after the "@" symbol. It must match one of the mail domains on the server. Rules for processing recipient domain names can be added by both administrators and control panel users.
- E-mail address - this rule will be applied to mail sent to a specific mailbox located on the server. This field is also available for both administrators and control panel users.
If you need to completely disable the gray lists for any of the mail domains or individual mailboxes, you need to go to the Domain Names section or Mailboxes, select a domain or mailbox, click the Edit button, and in the window that opens uncheck the box next to “Enable Greylisting”.
The main disadvantage of this method of combating spam is the delay in receiving mail by the server from several minutes to several hours, depending on the settings of the sending server. Therefore, if the speed of receiving mail is critical for you and your users, then you should use the gray list mode with great care.
DNSBL
After the gray list mode, you should refer to the DNSBL (they are also the DNS blacklist or “DNS Black Lists”) - constantly updated lists of addresses of servers from which spam was noticed. If you have ever used ad blockers like AdBlock +, then the DNSBL operation will seem familiar to you. Black lists are filled by many companies around the world, which allows you to create the most comprehensive and current list of spam servers.
To add DNSBL servers, in the “Spam protection” section, select the “Dnsbl blocking” option, click the “Create” button there and add a new block list. In the "Block list" field, you must specify the domain name of the block list. Periodically from this server the base of “problem” addresses will be updated, receiving of mail from which side should be avoided.
The most comprehensive list of block list addresses can be found at www.dnsbl.info/dnsbl-list.php
It is worth paying attention to the complexity of controlling the composition of the DNSBL lists, since they are replenished automatically, without your knowledge. This can lead to problems with receiving mail from servers that you might consider legal and valid. Therefore, if it is important for you to receive mail from any "controversial" addresses, or else absolutely from all addresses, then this method of protection may not be suitable for you.
Black list
The last option is to protect the server from spam at the stage of receiving mail and the easiest one. You simply make a list of addresses of previously known "problem" senders, and any letters from these addresses are no longer received by your server.
To add unwanted senders to the black list, in the ISPmanager control panel, go to the Black List page in the Anti-Spam section and click the Create button there.
In the field "Sender" you need to specify the IP address of the mail server, or the mail domain, or email address.
SpamAssassin
After most of the spam is filtered out at the stage of receiving mail by the server, the means of analyzing the already received mail comes into play. SpamAssassin is one of the most popular server spam recognition solutions. SA analyzes mail already received by the server for compliance with the basic criteria for spam letters (characteristic headers, words, design, etc.). A letter, after passing all the tests, is given a certain grade, on the basis of which the letter is considered normal, or sent to spam.
To enable SpamAssassin on the server, you must activate it in the "Features" section. After that, a subsection with the corresponding name will appear in the section “Protection against spam”. In this section you can customize the behavior of SpamAssassin:
Required score - the number of points, after which the letter will be classified as spam. By default, this value is 5. It is undesirable to underestimate it too much, otherwise many normal emails can be marked as spam and subsequently rejected by users' mail clients.
- Add in the field "Subject" - a label that will be added to the header of the letter defined as spam.
- Report type - allows you to customize the SpamAssassin filter performance report:
- Add the original letter to the report - the body of the filtered letter will be attached to the report on the filter.
- Add report to the message header - the filter report will not be created. The title will be added to the letter, specified by you in the "Add in the" Subject "field. This field is missing if you have Exim installed.
- Add a letter to the report in text / plain format - a spam letter will be added to the filter report in text / plain format.
Assessment to start can be left at the default level. The added label is required for more convenient configuration of mail filters by users. It is advisable not to leave the field empty and set some characteristic label. You can leave something like “[SPAM]”.
Message limit
To combat outgoing spam on the server, you can use the limit on the number of sent letters per unit of time. The ability to establish such restrictions will be only when using the Exim mail server.
To set a limit for any user, mail domain or mailbox, you need to open the "Message Limit" form and specify how many letters can be sent by this addressee per hour. When this limit is reached, all subsequent shipments will not be sent until the next hour.
DKIM
In version 4.4.8 of the ISPmanager panel, you can now enable DKIM for your mail domains. DKIM is a digital signature authentication method for a mail server that signs all email sent from it. This does not affect directly protecting your server from spam, but it allows you to improve your reputation with other mail servers and avoid many problems with mail delivery.
You can install DKIM in the "Features" section. It should be noted that while the activation of DKIM through the ISPmanager panel is possible only if you use the Sendmail mail server.
Source: https://habr.com/ru/post/155043/
All Articles