• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

need help with antispam filter

S

Sven L.

Regular Pleskian
Hello,

scenario:

90% of my customers are from spain. spanish mobile 3G connections and most home DSL not only use dynamic IP, but also IPs that at some point have been blacklisted.

one specific customer was complaining a lot that when sending emails from their mobiles to their offices (ex: from mobile1@domain.tld to hq1@domain.tld) they arrived marked as spam, so what we did was adding their internal email adresses to the whitelist

THE PROBLEM:

now, out of a sudden, some spamming mecanism is sending hundrets of emails where the destination email is = origin email. (ex: from hq1@domain.tld to hq1@domain.tld) and as you can guess, due the whitelist, all this emails are not filtered as spam, ever.

i have looked at the headers, the origin is always a different IP range and a different google.com account

how could i solve & filter this problem?
 
Last edited:
Have you enabled SPF mail filters? You can find that in your Server Settings -> Mail settings
If you have not and need help with this, let me know!
 
No, I am not using SPF filters and I cannot use that.

Why? Because as I already mentioned above, many of my customers have bad IPs and if I enable SPF they can't even send email anymore as the SMTP server blocks them.
 
Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing (Which is the exact problem you are having!!)
 
I have the same Problem.

The SPF could not work unless you set a spf like "v=spf1 ip4:xxx.xxx.xxx.xxx -all" for each domain . And then you have to set the filter SPF to deny when spf fail.

You can create specific rules for sa.

body RP10 /googleapps-espana.com/i
score RP10 20.0
describe RP10 Spam Agosto

body RP11 /googleapps-spain.com/i
score RP11 20.0
describe RP11 Spam Agosto

Greetings from spamin!!
 
sorry abdi i misunderstood you initially and thought you were talking about dns blackhole for some reason (stupid me) which I can't use due the problems with customer bad IPs

thx also to JavierAlonso for his post


could you both elaborate a little on SPF? some links to get me started how it is suposed to work and how to properly MAKE it work in plesk?
 
Please find my settings here-in attached and ensure you have this exact for SPF ...

spf.jpg
 
thx a lot abdi.

could you elaborate what each setting and it's value means? I don't usually configure something without knowing what it exactly does.
as said, if you could give me a link to some info or guide for someone who who has no idea how SPF works...
 
I am trying to read through all that info (and some more stuff I found online) and there rises one main concern:

As far as I understood the plesk SPF antispam protection is based around the fact that a sender is using an allowed sending IP that is allowed with the SPF DNS TXT record
so far so good, all our domains have the proper SPF TXT in the DNS records.

However, when going through the postfix maillog (and same happens with qmail) the origin IP of an email is not the IP of our server, but the IP where the customer is sending from (3G mobile phone, home DSL with dynamic IP, etc.) so the SPF check would always result in a fail.

Am I understanding this right? how can I avoid these problems?

also, which SPF spam protection setting would you recommend for testing purpose to start checking logs without changing yet towards customers?
 
so, in order to start some testing, i enabled the SPF protection, leaving all camps except the first empty and setting it to only show headers, not to block.

i can already see some interesting stuff in mail headers, but there is something that concerns me.

many (actually MOST) of the mails we receive (valid mails) come from servers that don't see to be SPF compliant, thus i see this header:
"Received-SPF: none (no valid SPF record)"

i am afraid to lose such mails if i set SPF protection to actually block.
any suggestions on this?


Sven
 
You must log in or register to reply here.

Similar threads

EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
987
EnriqueR
EnriqueR
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
2K
Change Maker
C
Ehud
Question Is Plesk Email SRS fully configured, or it requires an extension?
Replies
0
Views
2K
Ehud
Ehud
Alex Presland
Issue Emails forwarded by Plesk fail DKIM checks with certain attachments
2
Replies
21
Views
6K
Alex Presland
Alex Presland
A
Resolved Unwanted redirects to gmail, when receiving emails
Replies
5
Views
2K
arunda2
A
Back
Top