Too Much Spam

Too Much Spam

Postby cristo369 » Mon Jun 07, 2010 6:22 pm

Hello, my company has been using AMS for a year now, with great success. However recently one user been complaining about SPAM. While the average per user is 1 to 5 a day, this user logs about 20 to 50 a day. Does anyone have any suggestions for getting to the cause of this.


regards
cristo369
cristo369
 
Posts: 10
Joined: Tue Oct 27, 2009 2:12 pm

Re: Too Much Spam

Postby Code Crafters » Tue Jun 08, 2010 8:25 am

We recommend the following SPAM setup:

Basic Filtering:
1) Make sure you’re running version 2.70.
2) Run the SPAM wizard from the dialog admin interface for medium level protection.
3) Set up any black / white listing that you need. The relaying exemption option will allow any authenticated users to bypass SPAM filtering.

Advanced Filtering:
4) If you want to also do Bayesian filtering, this take a bit of setting up but is by far the most effective SPAM filter available today.
a) Set up Bayesian filtering to use only the Auto-Learn from Users training method. Add participating users and appropriate SPAM / non-SPAM folders to the Bayesian settings.
b) Get Participating users to sort their mail into SPAM / non-SPAM folders where Bayesian will automatically learn from them periodically.
c) You need to disable rejecting (deleting) the email on all SPAM filters so that the SPAM flag is set and the mail is allowed to pass through.
d) Set up Content Filtering with the Preset Content Filter Rule (Add Preset button) “SPAM Identifier”. This rule will mark SPAM detected mails with <SPAM> in the subject so that they can be more easily identified and moved to the SPAM folder. Bayesian is a learning system so once it is well trained (minimum of 1000 SPAM and 1000 non-SPAM mails) you can set this content filter rule to also place mails in the SPAM account directory but don’t do this until you are happy it is training accurately and you must then check your SPAM folder for false positives (mails wrongly marked as SPAM that aren’t really SPAM) and move them appropriately.
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm

Re: Too Much Spam

Postby cristo369 » Tue Jun 08, 2010 5:00 pm

Hello Chris;
I have done that, I would really like to know if there is a way to check if my server has been compromised.

Regards
cristo369
cristo369
 
Posts: 10
Joined: Tue Oct 27, 2009 2:12 pm

Re: Too Much Spam

Postby Code Crafters » Thu Jun 10, 2010 8:24 am

As long as you have SMTP authentication enabled and no SMTP relaying safe IPs (same page in settings as SMTP authentication - SMTP relaying tab), then only proper users with a username / password can relay mail to external email addresses not hosted on your Ability Mail Server. However, anyone can (and should be able to) send emails to your local addresses and that's where SPAM / content / antivirus filtering comes in to try and block most of the unwanted mails. You can also check your SMTP logs for any suspicious activity that may show abusive SPAM-ing (possibly from a real user of your system with a username / password).

If you send you mail server domain to chris@code-crafters.com I'll check that your mail server has SMTP authentication properly enabled and isn't therefore an open relay.
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm

Re: Too Much Spam

Postby cristo369 » Mon Jun 14, 2010 7:41 pm

What do you mean by "no SMTP relaying safe IPs." Are you saying, do not list any IP's in the following section: "Services->SMTP->Relaying Access->Safe IP's:Allways Allowed Relaying?"
Also, I tried to enable the Grey List Filter (With Default Settings), then all users who tried to send email via SMTP/SSL would get a failure message. I thought SPAM filtering only affected port 25(non-SSL) communication.

Regards;
Cristo369
cristo369
 
Posts: 10
Joined: Tue Oct 27, 2009 2:12 pm

Re: Too Much Spam

Postby Code Crafters » Mon Jun 14, 2010 8:19 pm

Yes, SMTP relaying safe IPs are IPs which are allowed to bypass SMTP authentication so assign them very sparingly (e.g. for a LAN computer used for sending emails via a script that can't use SMTP authentication).

SPAM affects all SMTP mails (including SSL delivered mails). However, you can tick the first option in SPAM filtering to allow people using SMTP authentication or other relaying access to skip SPAM filtering. Grey listing works by deliberately refusing every unknown mail sender with a temporary fail message. Real SMTP servers will resend a temp failed mail and on the second attempt (within the start / end window - e.g. 1 min to 3 hours) will be safe listed against all future grey list checks and not blocked in future. This is excellent at reducing SPAM by 80% on it's own. Bayesian is the most effective with up to 99.5% of all SPAM when well trained (e.g. over 1000 SPAM / 1000 non-SPAM mails learned).
Code Crafters
 
Posts: 943
Joined: Mon Sep 10, 2007 2:35 pm


Return to General

Who is online

Users browsing this forum: No registered users and 26 guests

cron