E-Mail Working of Spamfilter Option

Discussion in 'Installation/Configuration' started by sunghost, Jul 28, 2016.

  1. sunghost

    sunghost Member

    Hi,
    i have a question about E-Mail and the Spamfilter Option. I can choose a Spamfilter on Mail-Domain and later in Email-Mailbox again. Must i configure both or is selected Option for Mail-Domain overwriting Mailbox if set to "not enabled" ?
    thx
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You can set it either in the domain or the mailbox, in case that it is set in both places, then the mailbox overrides the domain setting.
     
    ganewbie likes this.
  3. DDArt

    DDArt Member

    On this note, I, for one domain still get a lot of viruses coming in, even though I raised from Trigger Happy to delete spam, and now raised on both email and domain priority from 5 to 10.

    Even with these settings and rbl :
    Even Server Config -> Mail -> Real Time BlackHole List: "zen.spamhaus.org,b.barracudacentral.org,bl.spamcop.net,truncate.gbudb.net"
    Any feedback or suggested is welcomed.
     
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Are you using 3rd party clamav signatures, eg. those from sanesecurity?
     
  5. DDArt

    DDArt Member

    No I do not have anything 3rd party enabled. I always thought and assumed that it would update itself whenever I update the other packages. if there is a non-destructive third-party option to update and have a better antivirus results I would not mind doing that.

    Taking a closer look, my clamav does update, daily and after tweaking the delete spam looks like my email from a particular domain has dropped dramatically including the infected ones. I will keep a close eye on it because I would easily get 5-6/daily...
     
    Last edited: Aug 2, 2016
  6. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    The spam scanner can catch some virus email as well, but if your concern really is viruses, spend some more time on the virus scanner (clamav). Clamav doesn't do a wonderful job out of the box, there are third party definitions available that help a bunch, and it's not terribly difficult to setup, eg. this post shows how on debian: https://www.howtoforge.com/communit...-being-sent-from-my-server.72631/#post-341905

    Note that sanesecurity has quite a few rule sets, and they rate them according to the likelyhood of false positives. The more rulesets you use, the move viruses you'll catch, but you will have some false positive matches start hitting, so you have to balance out how many rulesets you use with how much time you want to spend managing it (eg. identify false positives that your mail hits and remove those from the scanner, which for clamav-unofficial-sigs that means saving the messages and setting ham_dir to point to their location).
     

Share This Page