Spam protection on servers with ISPmanager
The problem of protecting the server from spam often confronts us even now, despite the long history of fighting it. The ISPmanager control panel allows you to use almost all the achievements developed in this area. Among them:
How to use all these tools to most effectively solve the problem of unwanted correspondence?
Gray lists are one of the most basic and probably the most effective tool in the fight against spam. It is from them that it is worth starting the setup of the mail protection system. Gray lists allow you to cut spam by delaying the reception of letters by the mail server. This method works due to the fact that senders of advertising mailings, as a rule, are not concerned about the quality of delivery of letters and do not check whether each of the sent letters was delivered or not. For them, the most important thing is to send the maximum number of letters in the shortest possible time.
The mail server, when you turn on gray list mode, rejects each incoming message and asks the sending server to resend it after a while. And since spammers usually don’t store letters in the queue, such messages will not be sent again. This method of combating spam is very effective and cuts off most of the unwanted correspondence.
To enable the gray list mode, you need to activate it in the "Features" section. To create a list of "verified" addresses of senders for which the initial rejection of mail will not be performed, go to the "Greylisting" section, click the "Create" button and specify the sender parameters in the window that opens, letters from which will not be rejected:
Sender type- in this field it is determined by what parameter it is necessary to evaluate the sender of the mail message. Possible options:
Sender - a value corresponding to the specified type of sender (for example, 123.45.67.89, 123.45.67.0/24, somedomain.com or mail@example.org).
Recipient type - determines by what parameter to evaluate the recipient of the mail message. This field is absent if Postgrey is used for Greylisting. Possible options:
If you need to completely disable the gray list mode for any of the mail domains or individual mailboxes, you need to go to the "Domain Names" or "Mailboxes" section, select the domain or mailbox there, click the "Change" button and in the window that opens uncheck the box next to “Enable Greylisting”.
The main disadvantage of this method of combating spam is the delay in receiving the mail server from several minutes to several hours, depending on the settings of the sending server. Therefore, if the speed of accepting mail is critical for you and your users, then you should use the gray list mode with great care.
After the gray list mode, you should turn to DNSBL (they are also DNS blacklist or “DNS Black Lists”) - constantly updated lists of server addresses from which spam has been noticed. If you've ever used ad blockers like AdBlock +, then the DNSBL flowchart will seem familiar to you. Black lists are filled in by many companies around the world, which makes it possible to compile the most comprehensive and up-to-date list of spam servers.
To add DNSBL servers, in the "Anti-spam" section, select "Block dnsbl", click on the "Create" button and add a new block list. In the "Block list" field, you must specify the domain name of the block list. From time to time, the database of “problem” addresses will be updated from this server, receiving mail from which side should be avoided.
The most complete list of block list addresses can be found at www.dnsbl.info/dnsbl-list.php
It is worth paying attention to the complexity of controlling the composition of DNSBL lists, since they are updated automatically without your knowledge. This can lead to problems with receiving mail from servers that you might consider legal and permissible. Therefore, if it is important for you to receive mail from any "controversial" addresses, or even absolutely from all addresses, then this method of protection may not be suitable for you.
The last option to protect the server from spam at the stage of receiving mail and the simplest of them. You simply make a list of addresses of previously known "problem" senders, and any letters from these addresses are no longer accepted by your server.
To add unwanted senders to the black list, in the ISPmanager control panel, go to the "Black List" page in the "Spam Protection" section and click the "Create" button there.
In the "Sender" field, you need to specify the IP address of the mail server, or the mail domain, or email address.
After most of the spam has been filtered out even at the stage of receiving mail by the server, the tools for analyzing already received mail come into play. SpamAssassin is one of the most popular server-side solutions for recognizing spam emails. SA analyzes mail already accepted on the server for compliance with the main criteria for spam emails (characteristic headers, words, formatting, etc.). After passing all the tests, the letter is given a certain rating, based on which the letter is considered normal, or sent to spam.
To enable SpamAssassin on the server, you need to activate it in the "Features" section. After that, a subsection with the corresponding name will appear in the "Anti-spam" section. In this subsection, you can configure the behavior of SpamAssassin:
Required rating- the number of points after exceeding which the letter will be classified as spam. By default, this value is 5. It is undesirable to underestimate it too much, otherwise many normal emails can be marked as spam and subsequently rejected by users' email clients.
For starters, you can leave the grade at the default level. An added label is required for more convenient user filtering of mail filters. It is advisable not to leave the field blank and set some characteristic label. You can leave something like "[SPAM]".
To combat outgoing spam on the server, you can use the limit on the number of emails sent per unit of time. The ability to set such restrictions will only be possible when using the Exim mail server.
To set a limit for any user, mail domain or mailbox, you must open the "Message Limit" form, there you must indicate how many letters can be sent by this addressee per hour. Upon reaching this limit, all subsequent shipments will not be sent until the next hour.
From the ISPmanager panel from version 4.4.8, it is now possible to enable DKIM for your mail domains. DKIM is a method of authentication of a mail server by digital signature, with which all letters sent from it are signed. This does not directly affect the protection of your server from spam, but it allows you to improve the reputation of other mail servers and avoid many problems with mail delivery.
You can install DKIM in the "Features" section. It is worth noting that while DKIM activation through the ISPmanager panel is possible only if you use the Sendmail mail server.
- Gray Lists (Greylisting)
- DNSBL
- Black lists
- Spamassassin
- DKIM
How to use all these tools to most effectively solve the problem of unwanted correspondence?
Gray Lists (Greylisting)
Gray lists are one of the most basic and probably the most effective tool in the fight against spam. It is from them that it is worth starting the setup of the mail protection system. Gray lists allow you to cut spam by delaying the reception of letters by the mail server. This method works due to the fact that senders of advertising mailings, as a rule, are not concerned about the quality of delivery of letters and do not check whether each of the sent letters was delivered or not. For them, the most important thing is to send the maximum number of letters in the shortest possible time.
The mail server, when you turn on gray list mode, rejects each incoming message and asks the sending server to resend it after a while. And since spammers usually don’t store letters in the queue, such messages will not be sent again. This method of combating spam is very effective and cuts off most of the unwanted correspondence.
To enable the gray list mode, you need to activate it in the "Features" section. To create a list of "verified" addresses of senders for which the initial rejection of mail will not be performed, go to the "Greylisting" section, click the "Create" button and specify the sender parameters in the window that opens, letters from which will not be rejected:
Sender type- in this field it is determined by what parameter it is necessary to evaluate the sender of the mail message. Possible options:
- IP address - the IP address of the mail server from which this message was sent will be checked. IP addresses can be specified in whole blocks using masks.
- Domain name - the mail domain from which the message was sent will be checked.
- Email Address — The sender's email address will be checked.
Sender - a value corresponding to the specified type of sender (for example, 123.45.67.89, 123.45.67.0/24, somedomain.com or mail@example.org).
Recipient type - determines by what parameter to evaluate the recipient of the mail message. This field is absent if Postgrey is used for Greylisting. Possible options:
- General rule - this rule will apply to all incoming mail, regardless of the recipient. General rules can only be created by the administrator of the control panel.
- Domain name - in accordance with this rule, the value specified in the e-mail address of the message recipient after the "@" symbol will be checked. It must correspond to one of the mail domains on the server. Rules for processing recipient domain names can be added by both administrators and users of the control panel.
- E-mail address - this rule will be applied to mail sent to a specific mailbox located on the server. This field is also available for administrators and users of the control panel.
If you need to completely disable the gray list mode for any of the mail domains or individual mailboxes, you need to go to the "Domain Names" or "Mailboxes" section, select the domain or mailbox there, click the "Change" button and in the window that opens uncheck the box next to “Enable Greylisting”.
The main disadvantage of this method of combating spam is the delay in receiving the mail server from several minutes to several hours, depending on the settings of the sending server. Therefore, if the speed of accepting mail is critical for you and your users, then you should use the gray list mode with great care.
DNSBL
After the gray list mode, you should turn to DNSBL (they are also DNS blacklist or “DNS Black Lists”) - constantly updated lists of server addresses from which spam has been noticed. If you've ever used ad blockers like AdBlock +, then the DNSBL flowchart will seem familiar to you. Black lists are filled in by many companies around the world, which makes it possible to compile the most comprehensive and up-to-date list of spam servers.
To add DNSBL servers, in the "Anti-spam" section, select "Block dnsbl", click on the "Create" button and add a new block list. In the "Block list" field, you must specify the domain name of the block list. From time to time, the database of “problem” addresses will be updated from this server, receiving mail from which side should be avoided.
The most complete list of block list addresses can be found at www.dnsbl.info/dnsbl-list.php
It is worth paying attention to the complexity of controlling the composition of DNSBL lists, since they are updated automatically without your knowledge. This can lead to problems with receiving mail from servers that you might consider legal and permissible. Therefore, if it is important for you to receive mail from any "controversial" addresses, or even absolutely from all addresses, then this method of protection may not be suitable for you.
Black list
The last option to protect the server from spam at the stage of receiving mail and the simplest of them. You simply make a list of addresses of previously known "problem" senders, and any letters from these addresses are no longer accepted by your server.
To add unwanted senders to the black list, in the ISPmanager control panel, go to the "Black List" page in the "Spam Protection" section and click the "Create" button there.
In the "Sender" field, you need to specify the IP address of the mail server, or the mail domain, or email address.
Spamassassin
After most of the spam has been filtered out even at the stage of receiving mail by the server, the tools for analyzing already received mail come into play. SpamAssassin is one of the most popular server-side solutions for recognizing spam emails. SA analyzes mail already accepted on the server for compliance with the main criteria for spam emails (characteristic headers, words, formatting, etc.). After passing all the tests, the letter is given a certain rating, based on which the letter is considered normal, or sent to spam.
To enable SpamAssassin on the server, you need to activate it in the "Features" section. After that, a subsection with the corresponding name will appear in the "Anti-spam" section. In this subsection, you can configure the behavior of SpamAssassin:
Required rating- the number of points after exceeding which the letter will be classified as spam. By default, this value is 5. It is undesirable to underestimate it too much, otherwise many normal emails can be marked as spam and subsequently rejected by users' email clients.
- Add in the subject line the label that will be added to the header of the message defined as spam.
- Report type - allows you to configure a report on the operation of the SpamAssassin filter:
- Add the original letter to the report - the body of the filtered letter will be attached to the report on the filter.
- Add a report to the message header - a report on the filter’s operation will not be created. The header will be added to the letter, which you specified in the field “Add in the field“ Subject “. This field is missing if you have Exim installed.
- Add a letter to the report in text / plain format - a spam message will be added to the report on the filter in text / plain format.
For starters, you can leave the grade at the default level. An added label is required for more convenient user filtering of mail filters. It is advisable not to leave the field blank and set some characteristic label. You can leave something like "[SPAM]".
Message limit
To combat outgoing spam on the server, you can use the limit on the number of emails sent per unit of time. The ability to set such restrictions will only be possible when using the Exim mail server.
To set a limit for any user, mail domain or mailbox, you must open the "Message Limit" form, there you must indicate how many letters can be sent by this addressee per hour. Upon reaching this limit, all subsequent shipments will not be sent until the next hour.
DKIM
From the ISPmanager panel from version 4.4.8, it is now possible to enable DKIM for your mail domains. DKIM is a method of authentication of a mail server by digital signature, with which all letters sent from it are signed. This does not directly affect the protection of your server from spam, but it allows you to improve the reputation of other mail servers and avoid many problems with mail delivery.
You can install DKIM in the "Features" section. It is worth noting that while DKIM activation through the ISPmanager panel is possible only if you use the Sendmail mail server.