The Best configuration for Spam

Discussion forum for Enterprise Edition.
Post Reply
onismart
Posts: 18
Joined: Thu Oct 31, 2013 2:25 pm

The Best configuration for Spam

Post by onismart »

Hello,

I have MailEnable Enterprise Edition V9.77 on Windows server 2012 R2.

I have the Spam settings as shown in the attached file. To the best of all I can do was that but we still get high volume of spam mails.

Please, help on what other thing I could do.

Thanking you.
Attachments
spam.png
spam.png (82.53 KiB) Viewed 9398 times

aahq
Posts: 183
Joined: Sat Aug 07, 2010 11:08 am

Re: The Best configuration for Spam

Post by aahq »

Hi,

The last time I looked the inbuilt anti spam of ME was not very configurable and the standard ClamAV engine very primitive. I just turned the inbuilt Anti Spam Engine off and put in Spam Assassin on top.

If really serious about antispam then you will use one of the recommended third party products (check the forum). Otherwise, I have a lot of posts on this (scripting MTA pickup event for antispam, blocking exes etc). Be warned... if you can't get behind the engine of ME and understand it just stick to the third party products.

One non intrusive easy antispam start is to put your ClamAV on steroids by using www.sanesecurity.com Clamav addons (if you wish to enter the dark side).

Scott

Maranda
Posts: 27
Joined: Mon Dec 11, 2017 8:10 pm

Re: The Best configuration for Spam

Post by Maranda »

Following are my Spam Settings, on my setup together with Greylisting they block 99/100% of spam.
spamsettings.jpg
spamsettings.jpg (169.85 KiB) Viewed 9329 times
1) Set DNSRBL (dnsrbl.org), SpamhausZEN (if applicable) and SpamCop as both DNS/URL blacklists, set DNS to reject and URL to be marked as spam.
2) Set Greylisting to 5 minutes, or leave the default 4.

Regarding AV/Clamd/SpamAssassin I highly advise against using 'em, for one and very simple reason... resource usage they're highly inefficent and use an abominous amount of resources irregardless of the availability on your system.
Just to do nothing both SA and Clamd together would use around/over 700MB of RAM and grow much further from that on a busy box. Which essentially is not worth the bucket since you could solve that with the following global filter:
avsettings.jpg
avsettings.jpg (169.25 KiB) Viewed 9329 times
^ "Where the message has attachments" rule contains by default all the most dangerous extension that are mostly used as vectors for rootkits/malware/viruses etc. and deleting message and notifying the sender is the best practice possible instead of wasting resources, and it's not rocket science either to setup tbh.

After you can simply disable both AV and SA extensions (if you were using those) into Extensions > Message Filter.

Best regards,
Marco

Post Reply