Protect a Mail Server From Spam and Viruses
ISPmanager allows you to protect your mailboxes from unwanted emails. The control panel utilizes built-in tools provided by Exim, Greylisting SpamAssassin filters, and the antivirus ClamAV. To install them go to Settings → Features.
Exim tools
Exim allows configuring the rules to receive or reject emails from different senders. The system will accept emails from the senders that are allowed to send messages to the mail server and deny them from those who are blacklisted.
Allowed senders
To add a new rule to the whitelist:
.1Go to Spam filter → Whitelist → Add.
.2Enter an IP address, an email address, or a domain name in the Sender field. If you enter a domain name, all the mailboxes created on that domain will be added to the whitelist.
.3Click on Ok.
The whitelist is kept in /etc//whitelist.
Blacklisted senders
To add a new rule to the blacklist and reject unwanted emails:
.1Go to Spam filter → Blacklists → Add.
.2Enter an IP address, an email address, or a domain name in the Sender field. If you enter a domain name, all the mailboxes created on that domain will be added to the blacklist.
.3Click on Ok.
The blacklist is kept in /etc//blacklist.
DNSBL
DNSBL (DNS blacklist) is a list of domain names and IP addresses that are normally used for spam protection. This tool allows you to block messages from specific systems that have a history of sending spam.
Perform the following steps to add a DNSBL list:
.1Go to Spam filter → DNSBL list → Add.
.2Enter a blacklist in the DNSBL domain field.
.3Click on Ok.
Recommended black lists:
The DNSBL that you have added are kept in /etc//dnsbllist.
Greylisting
Greylisting is a prevention method that allows filtering out spammers with special programs.
The receiving mail server rejects a message, informs the sender that the message cannot be delivered immediately and asks to try again later. The sending server of a legitimate user will retransmit the message. Such mail servers are put on the white list and will be delivered without any delay. The servers that spammers use generally will not respond, because the spammer's goal is to disseminate millions of messages quickly and not have to keep track of those failed to reach their destination. In ISPmanager Graylisting is run by Postgrey.
To add a sender to the whitelist and do not check its emails with Greylisting:
.1Go to Spam filter → Whitelist (Greylisting) → Add.
.2Enter an IP address, an email address, or a domain name in the Sender field. If you enter a domain name, all the mailboxes created on that domain will be added to the whitelist.
The white list is kept in /etc/postfix/postgrey_whitelist_clients on CentOS and in /etc/postgrey/whitelist_clients on Debian and Ubuntu.
SpamAssassin
SpamAssassin is an email filter that uses text analysis to block known spam senders. Corresponding records are added to message headings so that a user can filter email messages into different directories of the mail program. The following is an example configuration for Mozilla Thunderbird:
.1Go to Tools → Email filters.
.2Select a mailbox in Filter for.
.3Click on Add.
.4Enter a Filter name.
.5Set up the filter:
.aClick on Subject and select Configure in the drop-down list.
.bEnter "X-Spam-Level" in the New email header field.
.cSelect Contains in the condition type.
.dSelect the spam level. The filter will be applied after the level is exceeded. You can use 1 to 10 symbols "*". The recommended level is 7 — "*******".
e. Click on Ok.
ClamAV
ClamAV is an antivirus that checks incoming email. Emails with infected files are rejected.
Check procedure
By default, the control panel performs the following operations:
- checks that a sender address is present in the ClamAv whitelist;
- checks that a sender address is present in the Exim whitelist;
- checks that a sender address is present in the Exim blacklist;
- checks that a sender address is present in the DNSBL-lists Exim;
- scans the email using ClamAv;
- runs SpamAssassin check