Spam to non-local users still getting through
2 posts • Page 1 of 1
Spam to non-local users still getting through
by ehavemann » Sat Aug 16, 2008 5:45 pm
I've got Sender Domain Check enabled with the Refuse Mail option, and I've got SPF checks enabled to set the spam flag. I've also got "Use tarpitting" enabled on the Miscellaneous tab of the Spam Filtering section of Settings. I log all mails that get past these and other checks to a "goodmal.log" file. Yet when I review this log file, I'm still getting many spams attempting to deliver to non-existent users@mydomain.com. This includes randomusers@mydomain.com in quantities that far exceed the time and # of failed delivery parameters I set up. I thought that the Sender Domain Check alone should stop this in its tracks even before it enters the mail server, yet they're still getting through. Any ideas, anyone?
- ehavemann
- Posts: 26
- Joined: Fri Dec 14, 2007 6:15 pm
Re: Spam to non-local users still getting through
by Code Crafters » Mon Aug 18, 2008 1:47 pm
We recommend the following setup for your SPAM filtering:
Basic Filtering:
1) Make sure you’re running version 2.62.
2) Run the SPAM wizard from the dialog admin interface for medium level protection.
3) Disable Sender Domain Check (this will become new default setting in update 2.63).
4) Change grey listing first setting from 60 mins to 1 min (this will become new default setting in update 2.63).
5) Set up any black / white listing that you need. The relaying exemption option will allow any authenticated users to bypass SPAM filtering.
Advanced Filtering:
6) If you want to also do Bayesian filtering, this take a bit of setting up but is by far the most effective SPAM filter available today.
a) Set up Bayesian filtering to use only the Auto-Learn from Users training method. Add participating users and appropriate SPAM / non-SPAM folders to the Bayesian settings.
b) Get Participating users to sort their mail into SPAM / non-SPAM folders where Bayesian will automatically learn from them periodically.
c) You need to disable rejecting (deleting) the email on all SPAM filters so that the SPAM flag is set and the mail is allowed to pass through.
d) Set up Content Filtering with the Preset Content Filter Rule (Add Preset button) “SPAM Identifierâ€. This rule will mark SPAM detected mails with <SPAM> in the subject so that they can be more easily identified and moved to the SPAM folder. Bayesian is a learning system so once it is well trained (minimum of 1000 SPAM and 1000 non-SPAM mails) you can set this content filter rule to also place mails in the SPAM account directory but don’t do this until you are happy it is training accurately and you must then check your SPAM folder for false positives (mails wrongly marked as SPAM that aren’t really SPAM) and move them appropriately.
You can also set SMTP limits on the number of mails sent per IP per day to avoid abusive DOS and account guessing SPAM attacks. Just be aware that if your SMTP logs show all mail coming from a single IP (e.g. your router) then this option isn't appropriate. You can also add black list entries for IPs / senders in the SPAM settings.
Basic Filtering:
1) Make sure you’re running version 2.62.
2) Run the SPAM wizard from the dialog admin interface for medium level protection.
3) Disable Sender Domain Check (this will become new default setting in update 2.63).
4) Change grey listing first setting from 60 mins to 1 min (this will become new default setting in update 2.63).
5) Set up any black / white listing that you need. The relaying exemption option will allow any authenticated users to bypass SPAM filtering.
Advanced Filtering:
6) If you want to also do Bayesian filtering, this take a bit of setting up but is by far the most effective SPAM filter available today.
a) Set up Bayesian filtering to use only the Auto-Learn from Users training method. Add participating users and appropriate SPAM / non-SPAM folders to the Bayesian settings.
b) Get Participating users to sort their mail into SPAM / non-SPAM folders where Bayesian will automatically learn from them periodically.
c) You need to disable rejecting (deleting) the email on all SPAM filters so that the SPAM flag is set and the mail is allowed to pass through.
d) Set up Content Filtering with the Preset Content Filter Rule (Add Preset button) “SPAM Identifierâ€. This rule will mark SPAM detected mails with <SPAM> in the subject so that they can be more easily identified and moved to the SPAM folder. Bayesian is a learning system so once it is well trained (minimum of 1000 SPAM and 1000 non-SPAM mails) you can set this content filter rule to also place mails in the SPAM account directory but don’t do this until you are happy it is training accurately and you must then check your SPAM folder for false positives (mails wrongly marked as SPAM that aren’t really SPAM) and move them appropriately.
You can also set SMTP limits on the number of mails sent per IP per day to avoid abusive DOS and account guessing SPAM attacks. Just be aware that if your SMTP logs show all mail coming from a single IP (e.g. your router) then this option isn't appropriate. You can also add black list entries for IPs / senders in the SPAM settings.
- Code Crafters
- Posts: 943
- Joined: Mon Sep 10, 2007 2:35 pm
2 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 22 guests