What are the best Spam settings?

maybl8

What are the best settings for stopping most of the spam?
I have been getting allot of political emails over the last week and they are getting through to my inbox.

Also what is the best way to get an email that has been rejected that you want in your inbox?

ETNyx

Unfortunately there is no magic bullet. I do not have 2 server targeted exactly same. Move those messages to spam folder, to learn them as spam (preferably use SoGo in some MUAs this does not work). Check those messages rspamd score and maybe tune those symbols (but slowly). You can lower your spam threshold in MC’s UI. Maybe it’s time to introduce AI into spam detection to widen you surface detection?

maybl8

ETNyx
What settings do your have. Just as a reference for me.
I send all spam to the junk folder for learning.
How long should it take to learn something?

ETNyx Maybe it’s time to introduce AI into spam detection

Does mailcow have instructions for this?

ETNyx

maybl8 What settings do your have. Just as a reference for me.

Two instance on default values, on one instance we fought spam campaign raising

BAYES_SPAM = 6 (+2 I think)
IP_REPUTATION_SPAM = 5 (+1 I think)
BAD_REP_POLICIES = 3 (+1 I think)

(if you change this start slowly +1, wait, evaluate, and again, you do not want make false positives)

maybl8 I send all spam to the junk folder for learning. How long should it take to learn something?

BAYES_SPAM is the one you will find from learning what is spam. To you time question,.. That depend on configuration, if I recollect it right MC has cut off this to some really small value so should be pretty instant (usually requires hundreds of collections), but when you have small sample pool you will see those rarely,.. also worth considering auto-learning, so biggest spam already caught should be learned,.. also you need to feed your spam folder continuously, pool is scrubbed after some time (expiration)

maybl8 Does mailcow have instructions for this?

Do not think so check https://docs.rspamd.com/modules/gpt/

zx1100e1

I’d say 99% of my spam gets flagged at postscreen level, never making it to rspamd.

I have a dozen or so burned email addresses. These addresses were part of data breaches or otherwise made it to the internet shit list.

These are listed (one per each line) in data/conf/postfix/recipient_access

An example entry;

email@domain.com 550 Permanent failure for one or more recipients.

Once the file is created, you will have to run postmap on it (from within the postfix container).

docker exec -it mailcowdockerized-postfix-mailcow-1 bash
postmap /opt/postfix/conf/recipient_access

In data/conf/postfix/recipient_access/extra.cf I have the following to reference this file.

smtpd_recipient_restrictions =
  check_recipient_access hash:/opt/postfix/conf/recipient_access,
  check_recipient_mx_access proxy:mysql:/opt/postfix/conf/sql/mysql_mbr_access_maps.cf,
  permit_sasl_authenticated,
  permit_mynetworks,
  check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf,
  reject_invalid_helo_hostname,
  reject_unauth_destination

Essentially added the check_recipient_access line to the top of what’s currently in main.cf.

Here’s an example of a spam attempt.

NOQUEUE: reject: RCPT from mail-eastus2azon11021117.outbound.protection.outlook.com[52.101.57.117]: 550 5.7.1 <email@domain.com>: Recipient address rejected: Permanent failure for one or more recipients.; from=<FBFjeWmcbVdIFQKwJBtVS@nosjkewqew4.onmicrosoft.com> to=<email@domain> proto=ESMTP helo=<BN8PR05CU002.outbound.protection.outlook.com>

The next log entry is a disconnect message.

As these are effectively burned email addresses, I never expect to receive any legit email on them ever again and shit canning them before they waste too many resources seems like a good way to go. I can’t remember when but many years ago (15 years?, maybe more) I started using different emails for everything. With the catchall, they still arrive in the same mailbox.

WARNING, using this method there is no quarantine, the message in its entirety is discarded because it’s never received.

As the admin I can do that 🙂. For other users there’s sub addressing option - https://docs.mailcow.email/manual-guides/mailcow-UI/u_e-mailcow_ui-sub_addressing/ . Mailbox_address+{sometag}@domain.com. Not exactly the same as a completely random email addr, but good enough.

My typical pattern is entityname_{epoch_time}@domain.com. Where entity name is the name of the business im interacting with, epochtime is epoch time that email address was generated.

Most other spam gets blocked also at postscreen by spamhaus scores. This was discussed in a different thread and I believe you already have this implemented.