The Best configuration for Spam

onismart
Posts: 15
Joined: Thu Oct 31, 2013 2:25 pm

The Best configuration for Spam

Postby onismart » Mon Nov 13, 2017 2:32 pm

Hello,

I have MailEnable Enterprise Edition V9.77 on Windows server 2012 R2.

I have the Spam settings as shown in the attached file. To the best of all I can do was that but we still get high volume of spam mails.

Please, help on what other thing I could do.

Thanking you.
Attachments
spam.png
spam.png (82.53 KiB) Viewed 361 times

aahq
Posts: 183
Joined: Sat Aug 07, 2010 11:08 am

Re: The Best configuration for Spam

Postby aahq » Tue Nov 14, 2017 6:09 am

Hi,

The last time I looked the inbuilt anti spam of ME was not very configurable and the standard ClamAV engine very primitive. I just turned the inbuilt Anti Spam Engine off and put in Spam Assassin on top.

If really serious about antispam then you will use one of the recommended third party products (check the forum). Otherwise, I have a lot of posts on this (scripting MTA pickup event for antispam, blocking exes etc). Be warned... if you can't get behind the engine of ME and understand it just stick to the third party products.

One non intrusive easy antispam start is to put your ClamAV on steroids by using www.sanesecurity.com Clamav addons (if you wish to enter the dark side).

Scott

Maranda
Posts: 16
Joined: Mon Dec 11, 2017 8:10 pm

Re: The Best configuration for Spam

Postby Maranda » Mon Dec 11, 2017 8:55 pm

Following are my Spam Settings, on my setup together with Greylisting they block 99/100% of spam.

spamsettings.jpg
spamsettings.jpg (169.85 KiB) Viewed 292 times


1) Set DNSRBL (dnsrbl.org), SpamhausZEN (if applicable) and SpamCop as both DNS/URL blacklists, set DNS to reject and URL to be marked as spam.
2) Set Greylisting to 5 minutes, or leave the default 4.

Regarding AV/Clamd/SpamAssassin I highly advise against using 'em, for one and very simple reason... resource usage they're highly inefficent and use an abominous amount of resources irregardless of the availability on your system.
Just to do nothing both SA and Clamd together would use around/over 700MB of RAM and grow much further from that on a busy box. Which essentially is not worth the bucket since you could solve that with the following global filter:

avsettings.jpg
avsettings.jpg (169.25 KiB) Viewed 292 times


^ "Where the message has attachments" rule contains by default all the most dangerous extension that are mostly used as vectors for rootkits/malware/viruses etc. and deleting message and notifying the sender is the best practice possible instead of wasting resources, and it's not rocket science either to setup tbh.

After you can simply disable both AV and SA extensions (if you were using those) into Extensions > Message Filter.

Best regards,
Marco

Who is online

Users browsing this forum: No registered users and 3 guests