Back to Community Threads
3
Mitigating spam
Question asked by Brian Henson - 4/29/2015 at 3:03 PM
Unanswered
One of our users is getting a fairly large amount of spam. I want to help reduce the amount of spam that comes in.
Currently, any spam messages with a weight of more of 20 or more are sent to user's junk e-mail folders.
Under SMTP Blocking, Incoming Weight Threshold is enabled and set to 30.
Greylist and Outgoing weights are not enabled
Spam Checks include:
Enabled for Filtering:
Bayesian Filtering (weight 3)
DomainKeys (-2 pass weight, 2 fail weight)
DKIM (-2, 2)
URIBL: SURBL (4)
URIBL: URIBL (4)
Enabled for Filtering, Incoming SMTP blocking, and Outgoing SMTP blocking:
SPF (-2, 30)
Reverse DNS (30)
Enabled for Filtering and Incoming SMTP blocking
RBL: Five-Ten (3)
RBL: HostKarma - Blacklist (4)
RBL: HostKarma - Brownlist (3)
RBL: HostKarma - Whitelist (-4)
RBL: RHSBL (3)
RBL: SORBS - Abuse (2)
RBL: SORBS - Dynamic IP (3)
RBL: SORBS - Proxy (1)
RBL: SORBS - Socks (1)
RBL: SpamCop (4)
RBL: Spamhaus - PBL (2)
RBL: Spamhaus - PBL2 (2)
RBL: Spamhaus - SBL (5)
RBL: Spamhaus - XBL (5)
RBL: Spamhaus - XBL2 (5)
RBL: UCEProtect Level 1 (1)
RBL: UCEProtect Level 2 (2)
RBL: UCEProtect Level 3 (3)

17 Replies

Reply to Thread
3
CCWH Replied
4/30/2015 at 11:08 AM
Do you use Bruce's FANTASTIC guide:
 
 
If not...go for it!
1
Brian Henson Replied
10/22/2015 at 1:34 PM
So the problem I'm still having is that there's a lot of spam coming in that passes all of our filters except RHSBL (which seems to flag EVERYTHING as spam).
 
I think our weight settings are fine, but we need some better filters.
0
Bruce Barnes Replied
10/22/2015 at 1:52 PM
New antispam document link -- please use this link for all future downloads: https://portal.chicagonettech.com/kb/a171/smartermail-antispam-settings-document.aspx
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
2
Derek Sims Replied
10/23/2015 at 6:07 PM
@Brian
 
RHSBL has been shutdown, and to get people to stop using their service, they return a positive result for every query.
 
See: www.ahbl dot org/content/last-notice-wildcarding-services-jan-1st
0
Brian Henson Replied
10/29/2015 at 11:20 AM
@Derek
Good to know.
 
@Bruce
 
I've updated our filtering to match your document, but we still have a lot of spam getting through. I even increased the weight of the Bayesian filter, JWSPAMSPY and UCEPROTECT LEVEL 2 up to 15 each, so failing any one of them will put a message in the spam filter. But we're getting a lot of spam that is passing every single filter.
 
Are there other blacklists I should look at?
0
Bruce Barnes Replied
10/29/2015 at 12:17 PM
Did you ENABLE GREYLISTING, according to the settings?
 
Did you DISABLE the ability for users and domains to override spam settings?
 
What do you have WHITELISTED - ideally, it should be NOTHING.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Brian Henson Replied
4/7/2016 at 3:48 PM
Bruce,
 
Greylisting is enabled.
 
Spam settings can be overridden by users, but I've checked each user account and none of them are overriding them.
 
I have our internal network's subnet whitelisted. Nothing else.
0
Bruce Barnes Replied
4/7/2016 at 5:25 PM
Disable the user's ability to override spam setti gs and make certain that nothing is white listed. If you allow users to override spam settings, youcare shooting yourself in the foot because you, effectivelly, loose all control.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Brian Henson Replied
4/8/2016 at 8:20 AM
I'm concerned that removing our IP addresses from the white list could cause problems. We use SmarterMail as a back-end SMTP service for our web apps in addition to our standard office email system.
 
I can remove the ability to override spam settings, but that does nothing to address the spam we're currently already getting. None of the users have overridden the system spam settings thus far but we're still getting quite a bit of spam.
0
Bruce Barnes Replied
4/8/2016 at 12:02 PM
Configure you web apps to use,SMTP authentication. Whitelisting will end up getting you blocked by Yahoo!, Outlook hosted domains, Comcast, and many other major providers because they are all tightening down on spam. The rules have changed, and we all must comply or face non-delivery.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Brian Henson Replied
4/11/2016 at 11:00 AM
OK, good to know. Will work on that.
 
In the mean time, I'm still trying to figure out what else we can do to reduce incoming spam volume.
1
Are you a service provider or a single company ?
Users as individuals, or users as a corporate email system ?
 
Who is having the problem :
Mostly a single user ?
multiple users, same domain ?
multiple users, multiple domains ?
 
Once you get on the list of spammers, there is no getting off, it will only increase. Even with the best filtering. Its like trying to catch water with a strainer, and a bunch of paper towels lining the strainer. Eventually you reach saturation and its starts flowing.
 
We have a few clients that complain about spam, but are constantly signing up for "free" things like daily inspirational quotes, publishers clearing house contests, and a bunch of other things.  They cant seem to understand the relationship about signing up for stuff and then getting bombarded with junk.
 
I put together a plan for one of our clients (a school) to migrate everyone to new email addresses on the domain as many of the staff were getting bombarded with junk. Its a strict plan that i can share with you the procedure. Part of the plan includes user training, and a list of new policies and in addition an "acceptable use policy" explaining that the companies email is to be used for company/business purposes only, and not personal things. ( "airline miles", "daily coupons", etc)  And if they do need to sign up for something a new temporary email address is created for it till it is determined to be legitimate.
Its a little extra work, but it makes a tremendous difference.
 
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
0
Hemen Shah Replied
4/12/2016 at 7:27 AM
Agreed with Curtis,
As we say spam but many a times most of mails are marketing related and as part of my job i keep informing customers to hit unsubscribe from mails which are not useful which is helping me a lot.
 
Thanks
1
Brian Henson Replied
5/5/2016 at 8:44 AM
Curtis,
 
We use SmarterMail as our internal corporate email system. Our users are our employees.
 
We have multiple domains but only one that our employees use and it's the one that gets spam.
 
My boss (the CEO) gets the most spam, but his email has also been around the longest (since the 90s). I expect him to get more spam than our other users if for no other reason than how long his email address has been around, but we have a few other users that also get quite a bit of spam.
 
I started off using Bruce's antispam settings PDF, but when this wasn't enough I upped the weighting of both the bayesian filter and UCE Protect Level 2, so that failing either one would send a message straight to the spam folder.
 
We are getting a lot of messages that are obviously spam, that any human user would immediately identify as spam, but they're still getting through.
2
Matthew Leyda Replied
5/5/2016 at 9:13 AM
Curtis,
Take a look at Protected Sky (psky.me) This is a newer RBL that seems to have a low false positive and has worked well for us.
 
Name  Protected Sky - Yellow
Description Protected Sky - Yellow
Weight  10
Hostname bad.psky.me
Required Lookup Value(s) 127.0.0.3
 
Name  Protected Sky - Red
Description Protected Sky - Red
Weight  30
Hostname bad.psky.me
Required Lookup Value(s) 127.0.0.2
 
Matt
Kendra Support http://www.kendra.com support@kendra.com 425-397-7911 Junk Email filtered ISP
1
Bruce Barnes Replied
5/5/2016 at 3:31 PM
Great find, Curtiss. I'll test, and potentially, add this to my antispam document.
Bruce Barnes ChicagoNetTech Inc brucecnt@comcast.net Phonr: (773) 491-9019 Phone: (224) 444-0169 E-Mail and DNS Security Specialist Network Security Specialist Customer Service Portal: https://portal.chicagonettech.com Website: https://www.ChicagoNetTech.com Security Blog: http://networkbastion.blogspot.com/ Web and E-Mail Hosting, E-Mail Security and Consulting
0
Linda Pagillo Replied
5/9/2016 at 8:12 AM
Hi Brian. We offer a free anti-spam program called Declude. I feel it will really help you because we include a filter that will catch pre-tested spam. If you are interested, please check it out at http://mailsbestfriend.com/downloads. If you have any questions about it, I will be happy to help. Thanks.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Recommended SPAM SettingsSmarterMail > Antispam and Antivirus
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
Cannot Send Email MessagesSmarterMail > Troubleshooting
Spam and Security Checks for IPv6 SystemsSmarterMail > Antispam and Antivirus
My spool is full of pending messages. What do I do?SmarterMail > Troubleshooting