Koozali.org formerly Contribs.org

SME Server SPAM filtering best practices advice needed

SME Server SPAM filtering best practices advice needed
« on: July 02, 2015, 08:39:14 PM »
Hello,

I am looking for some assistance setting up my SME 8 server for optimum spam filtering.  Currently we get slammed with spam, so I attempted to make some changes which caused more issues than it was worth. I made the below changes and it caused me to get this message "Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient ***.com
The error that the other server returned was:
550 v=spf1 a -all"

I was able to remove my changes from the config and I have the emails flowing again.  My question is what do you see wrong with the below settings?

Thank you

SBLList=bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com:por                                                            n.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org

 RBLList=bl.spamcop.net:combined.njabl.org:dnsbl.ahbl.org:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net:list.dsbl.org:multihop.dsbl.org:psbl.surriel.com:zen.spamhaus.org


« Last Edit: July 02, 2015, 08:41:49 PM by howard5091 »

Offline ReetP

  • *
  • 2,973
Re: SME Server SPAM filtering best practices advice needed
« Reply #1 on: July 03, 2015, 12:27:46 AM »
Hi,

think we need a bit more information here.

Can you give a simple point list of what you did please ?

Hello,

I am looking for some assistance setting up my SME 8 server for optimum spam filtering.  Currently we get slammed with spam, so I attempted to make some changes which caused more issues than it was worth. I made the below changes and it caused me to get this message "Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient ***.com
The error that the other server returned was:
550 v=spf1 a -all"


Where were you sending to get the error 550 v=spf1 a -all  ?? Out from SME or in from an outside address e.g. gmail ?

Do you use Google as your upstream smarthost for outgoing mail ? I saw this :

https://support.google.com/a/answer/178723?hl=en

Note the following from that page :

"Publishing an SPF record that uses -all instead of ~all may result in delivery problems. See Google IP address ranges for details about the addresses for the Google Apps mail servers."

Your error shows '-all' ? Not sure if it is related at all.

Quote
I was able to remove my changes from the config and I have the emails flowing again.  My question is what do you see wrong with the below settings?

Thank you

SBLList=bogusmx.rfc-ignorant.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com:por                                                            n.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org

 RBLList=bl.spamcop.net:combined.njabl.org:dnsbl.ahbl.org:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net:list.dsbl.org:multihop.dsbl.org:psbl.surriel.com:zen.spamhaus.org

I think we need to figure out what is flowing in which direction first. The lists above are for blocking incoming mail.

Can you please post the output of

config show qpsmtpd

I believe you reset it as per your earlier thread but we should check, and we need to know what other changes you made.

B. Rgds
John
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Re: SME Server SPAM filtering best practices advice needed
« Reply #2 on: July 03, 2015, 03:41:52 AM »
I am sorry that I was not more clear with my post.  The issue was happening when I would send something from gmail or any other domain into our domain.   

I hope that helps.   

Thanks! 

Ps.  I will have to get you the config when I get back into work on Monday.   

Offline janet

  • ****
  • 4,812
Re: SME Server SPAM filtering best practices advice needed
« Reply #3 on: July 03, 2015, 04:54:29 AM »
howard5091

You main issue appears to me to be:
Google does not trust the bona fides of your mail server.
Ask your ISP to setup a sender policy framework (SPF) entry for you, & then google will believe you when you say who you are when their mail server talks to your mail server.
Read about it in the sme server Manual Appendix.


Unrelated to the above:
Personally I think you have too many RBLs configured for blocking mail from various sites, you will for sure block some legitimate mail.
Those are old recommendations, search the FAQ for the "conservative" settings (with lesser RBLs).

To help stop incoming spam you should also enable executable content blocking in server manager Email panel, at least block ZIPv1 files, you will/should then see a huge reduction in spam, as many email messages contain viruses etc pretending to be zip files & the messages purport themselves to be ham but are really spam.
Please search before asking, an answer may already exist.
The Search & other links to useful information are at top of Forum.

Offline ReetP

  • *
  • 2,973
Re: SME Server SPAM filtering best practices advice needed
« Reply #4 on: July 03, 2015, 08:03:25 AM »
Ps.  I will have to get you the config when I get back into work on Monday.

No probs. Away myself til then !!

B. Rgds
John
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation