Protect a mail server from spam and viruses

ISPmanager allows you to protect your mailboxes from unwanted emails. The control panel utilizes built-in tools provided by Exim, Greylisting and SpamAssassin filters, and the antivirus ClamAV.  To install them go to Settings → Features. Learn more in Install a mail server.

Exim tools


Exim allows configuring the rules to receive or reject emails from different senders. The system will accept emails from the senders that are allowed to send messages to the mail server and denies them from those who are blacklisted. 

Allowed senders 

To add a new rule to the whitelist: 

  1. Go to Spam filterWhitelist Add.
  2. Enter an IP address, an email address, or a domain name in the Sender field. If you enter a domain name, all the mailboxes created on that domain will be added to the whitelist. 
  3. Click on Ok.

The whitelist is kept in /etc/<exim directory>/whitelist.

Blacklisted senders 

To add a new rule to the blacklist and reject unwanted emails: 

  1. Go to Spam filterBlacklistsAdd.
  2. Enter an IP address, an email address, or a domain name in the Sender field. If you enter a domain name, all the mailboxes created on that domain will be added to the blacklist. 
  3. Click on Ok.

The blacklist is kept in /etc/<exim directory>/blacklist.

DNSBL

DNSBL (DNS blacklist) is a list of domain names and IP addresses that are normally used for spam protection. This tool allows you to block messages from specific systems that have a history of sending spam.

Perform the following steps to add a DNSBL list:

  1. Go to Spam filterDNSBL listAdd.
  2. Enter a blacklist in the DNSBL domain field
  3. Click on Ok.

Recommeded black lists:

The DNSBL that you have added are kept in /etc/<exim directory>/dnsbllist.

Greylisting


Greylisting is a prevention method that allows filtering out spammers with special programs. 

The receiving mail server rejects a message, informs a sender that the message cannot be delivered immediately and asks to try again later. The sending server of a legitimate user will retransmit the message. Such mail servers are put on the white list and will be delivered without any delay. The servers that spammers use generally will not respond, because the spammer’s goal is to disseminate millions of messages quickly and not have to keep track of those failed to reach their destination. In ISPmanager Graylisting is run by Postgrey.

To add a sender into the whitelist and do not check its emails with Greylisting:

  1. Go to Spam filterWhitelist (Greylisting)Add.
  2. Enter an IP address, an email address, or a domain name in the Sender field. If you enter a domain name, all the mailboxes created on that domain will be added to the whitelist. 

The white list is kept in /etc/postfix/postgrey_whitelist_clients on CentOS and in /etc/postgrey/whitelist_clients on Debian and Ubuntu.

SpamAssassin


SpamAssassin is an email filter that uses text analysis to block known spam senders. Corresponding records are added into message headings so that a user can filter email messages into different directories of the mail program. The following is an example configuration for Mozilla Thunderbird:

  1. Go to ToolsEmail filters.
  2. Select a mailbox in Filter for.
  3. Click on Add.
  4. Enter a Filter name.
  5. Set up the filter:
    1. Click on Subject and select Configure in the drop-down list.
      %D0%B4%D0%BE%D0%BA2 - Protect a mail server from spam and viruses

      How to create a filter rule

    2. Enter “X-Spam-Level” in the New email header field.
    3. Select Contains in the condition type.
      %D0%B4%D0%BE%D0%BA2 - Protect a mail server from spam and viruses

      How to create a filter rule

    4. Select the spam level. The filter will be applied after the level is exceeded. You can use  1 to 10 symbols “*”. The recommended level is 7 — “*******”.
      %D0%B4%D0%BE%D0%BA3 - Protect a mail server from spam and viruses

      How to create a filter rule

  6. Click on Ok.

ClamAV


ClamAV is an antivirus that checks incoming email. Emails with infected files are rejected. 

Check procedure 


By default, the control panel performs the following operations:

  • checks that a sender address is present in the ClamAv whitelist;
  • checks that a sender address is present in the Exim whitelist;
  • checks that a sender address is present in the Exim blacklist;
  • checks that a sender address is present in the DNSBL-lists Exim;
  • scans the email using ClamAv;
  • runs SpamAssassin check.
info@mustanhost.com
8.00-20.00