Blocking Spam Efficiently

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
User avatar
LVTS
New user
New user
Posts: 16
Joined: 2019-05-30 11:44
Location: England
Contact:

Blocking Spam Efficiently

Post by LVTS » 2019-05-30 23:40

Hello there,

I have recently been receiving a lot of Spam in one of my email accounts. I have configured some settings in order to block the spam, and this works for most of it.

However, there is this one specific person/scam company that is not giving up. They keep changing all of their details (Email Address, IP Address, Email Subject) ect in order to bypass my blocking filters. It's one of those Porn emails in which they claim to have my password and want me to pay them some Bitcoin so they don't share something with all of my friends.

I have blocked their Email Address in the settings, but they keep changing it once they figure out they are getting rejected. I have also configured some rules on the subject of the email message but they now also keep changing the email subject which bypasses my filter. Their IP Address has also been blacklisted in my Windows Firewall and HMailServer but they keep changing it or using a VPN ect.

What can I do in order to block this spam? They send emails very regularly and my mailbox is just getting clogged up with their Junk as you are able to see in the image below:

Image

I have also just run the Diagnostic Test if you would like to see my current configuration. I have attached this below.

Code: Select all

2019-05-30   Hmailserver: 5.6.7-B2425

DOMAINS

   "Domain1.com" - agxxx.luxxxxxxxxx.net          Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: True    
                   Max message size:        0   Header:   Relaxed  Plus addressing: False
                   Max size of accounts:    0   Body:     Relaxed
                                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\mail.pem
                                                Selector:    key1

   "Domain2.com" - luxxxxxxxxx.com                Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: True    
                   Max message size:        0   Header:   Relaxed  Plus addressing: False
                   Max size of accounts:    0   Body:     Relaxed
                                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\Domain2.com.pem
                                                Selector:    key1

   "Domain3.com" - maxxxx.luxxxxxxxxx.net         Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: True    
                   Max message size:        0   Header:   Relaxed  Plus addressing: False
                   Max size of accounts:    0   Body:     Relaxed
                                                Algorithm: SHA256  Greylisting:     False
                                                Private key: c:\mailer.pem
                                                Selector:    key1
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 25     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :   True !! 'Spam tests' not enabled !!
     POP3:   True                              Antivirus:   True !! ANTIVIRUS NOT CONFIGURED !!
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       - False
     Local To External    -  True              Local To External    - False
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


IP: 0.0.0.0 - 255.255.255.255     Priority: 10     Name: Internet

  Allow connections                         Other
     SMTP:   True                              Antispam :   True !! 'Spam tests' not enabled !!
     POP3:   True                              Antivirus:   True !! ANTIVIRUS NOT CONFIGURED !!
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


IP: 182.64.151.245 - 182.64.151.245     Priority: 0     Name: 182.64.151.245

  Allow connections                         Other
     SMTP:  False                              Antispam :  False
     POP3:  False                              Antivirus:  False
     IMAP:  False                              SSL/TLS:    False


IP: 185.137.111.125 - 185.137.111.125     Priority: 0     Name: 185.137.111.125

  Allow connections                         Other
     SMTP:  False                              Antispam :  False
     POP3:  False                              Antivirus:  False
     IMAP:  False                              SSL/TLS:    False


IP: 185.137.111.136 - 185.137.111.136     Priority: 0     Name: 185.137.111.136

  Allow connections                         Other
     SMTP:  False                              Antispam :  False
     POP3:  False                              Antivirus:  False
     IMAP:  False                              SSL/TLS:    False


IP: 185.137.111.96 - 185.137.111.96     Priority: 0     Name: 185.137.111.96

  Allow connections                         Other
     SMTP:  False                              Antispam :  False
     POP3:  False                              Antivirus:  False
     IMAP:  False                              SSL/TLS:    False


IP: 192.168.1.1 - 255.255.255.0     Priority: 0     Name: LOCAL NETWORK

  Allow connections                         Other
     SMTP:   True                              Antispam :   True !! 'Spam tests' not enabled !!
     POP3:   True                              Antivirus:   True !! ANTIVIRUS NOT CONFIGURED !!
     IMAP:   True                              SSL/TLS:     True

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    - False
     External To External -  True              External To External -  True


   !!  Warning:  DEFAULT DOMAIN is SET  !! - "EXTERNAL.TLD"
------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: True       Max invalid logon attempts:      3
                              Minutes Before Reset:         2880  (48.00 hours, 2.00 days)
                              Minutes to Autoban:         525600  (8,760.00 hours, 365.00 days)

There is a total of 4 auto-ban IP ranges.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins: 60   Plain Text:         True  Bind: 
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                      EXTERNAL.TLD  (ok)       Disc. on invalid:   True  Delivered-To hdr: False
                     Port: 587                 Max number commands: 100  Loop limit:           5
                     Req Auth: True *User Entered*                       Recipient hosts:     15
                     Con. Sec.: None
  Routes:
     No routes defined.

POP3
  No. Connections: 0

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:           False        Use Spamassassin:   False
  Add X-HmailServer-Spam:     True    Check HELO host:   False    
  Add X-HmailServer-Reason:   True    Check MX records:  False    
  Add X-HmailServer-Subject: False    Verify DKIM:       False    

  Spam delete threshold: 5         Maximum message size: 1024

DNSBL ENTRIES:
                  zen.spamhaus.org      Score: 3     Result: 127.0.0.2-8|127.0.0.10-11
                    bl.spamcop.net      Score: 3     Result: 127.0.0.2

SURBL ENTRIES:
                   multi.surbl.org      Score: 3

GREYLISTING:
  Greylisting:  False

WHITELISTING
   No entries
-----------------------------------------------------------------------------------------------

ANTIVIRUS:  No application configured.

  Block Attachments: False
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   No entries
-----------------------------------------------------------------------------------------------

SSL/TLS
             SSL 3.0 :  False
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               0.0.0.0         / 25    / SMTP   -   None                
               0.0.0.0         / 110   / POP3   -   None                
               0.0.0.0         / 143   / IMAP   -   None                
               0.0.0.0         / 587   / SMTP   -   None                
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_2019-05-30.log
    Error:    C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2019-05-30.log
    Event:    C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
    Awstats:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -    True
                        IMAP        -    True
                        TCPIP       -    True
                        DEBUG       -    True
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MSSQL Compact

IPv6 support is available in operating system.

ERROR: Backup directory has not been specified.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  C:\Program Files (x86)\hMailServer\
Database folder: C:\Program Files (x86)\hMailServer\Database
Data folder:     C:\Program Files (x86)\hMailServer\Data
Log folder:      C:\Program Files (x86)\hMailServer\Logs
Temp folder:     C:\Program Files (x86)\hMailServer\Temp
Event folder:    C:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MSSQLCE
Username=           
PasswordEncryption=1
Port=              0
Server=             
Internal=          1
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v1.95, Hmailserver Forum.


Many Thanks.
Attachments
Capture.PNG

palinka
Senior user
Senior user
Posts: 822
Joined: 2017-09-12 17:57

Re: Blocking Spam Efficiently

Post by palinka » 2019-05-30 23:48

Looks like you're not running spamassassin. It will definitely flag those messages.

Here's a great how-to on training spamassassin. https://hmailserver.com/forum/viewtopic ... 20&t=26866

User avatar
LVTS
New user
New user
Posts: 16
Joined: 2019-05-30 11:44
Location: England
Contact:

Re: Blocking Spam Efficiently

Post by LVTS » 2019-05-31 00:02

palinka wrote:
2019-05-30 23:48
Looks like you're not running spamassassin. It will definitely flag those messages.

Here's a great how-to on training spamassassin. https://hmailserver.com/forum/viewtopic ... 20&t=26866
Hello there,

Thank you very much for your response!

I have installed SpamAssassin to my Windows Server 2016 Machine. However, entering the local hostname and the default port 783 and clicking the 'test' button appears that my Spam Assassin installation is not functioning. I also took a look at the article in which you kindly linked in your previous response but I don't really understand it as it does not have any details about installing SpamAssassin.

I downloaded SpamAssassin from this website: https://www.jam-software.com/spamassassin/

Many Thanks.

palinka
Senior user
Senior user
Posts: 822
Joined: 2017-09-12 17:57

Re: Blocking Spam Efficiently

Post by palinka » 2019-05-31 00:13

Somewhere here there is a tutorial on installing spam assassin and running it as a service. I'd look for it but i have a kid concert to go to. Im sure you can find it easily enough.

User avatar
LVTS
New user
New user
Posts: 16
Joined: 2019-05-30 11:44
Location: England
Contact:

Re: Blocking Spam Efficiently

Post by LVTS » 2019-05-31 00:38

palinka wrote:
2019-05-31 00:13
Somewhere here there is a tutorial on installing spam assassin and running it as a service. I'd look for it but i have a kid concert to go to. Im sure you can find it easily enough.
Hello there!

No worries, I was able to follow the steps from this article: https://www.hmailserver.com/forum/viewtopic.php?t=28133

I believe that I have successfully installed SpamAssassin now. When I enter the details in the SpamAssassin box for HMailServer and click on the test button I get the following result, as opposed to an error message before:

Image

We'll just need to see if the spammers are able to send me any further emails. Hopefully, everything has gone to plan.

Thank you very much for your assistance on this matter.
Attachments
Capture.PNG

User avatar
LVTS
New user
New user
Posts: 16
Joined: 2019-05-30 11:44
Location: England
Contact:

Re: Blocking Spam Efficiently

Post by LVTS » 2019-05-31 00:44

Just another quick update - I sent an email from my Gmail account with the following contents:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X.

------------=_5CF05C11.2E62AF3F--

This is supposed to be a test and indeed this email was blocked by SpamAssassin

"The response from the remote server was:
554 Tagged as Spam by SpamAssassin"

Thank you so much for your help again!

palinka
Senior user
Senior user
Posts: 822
Joined: 2017-09-12 17:57

Re: Blocking Spam Efficiently

Post by palinka » 2019-05-31 00:48

That was the link i meant to suggest. Good luck with everything. There's lots to learn here.

User avatar
SorenR
Senior user
Senior user
Posts: 3133
Joined: 2006-08-21 15:38
Location: Denmark

Re: Blocking Spam Efficiently

Post by SorenR » 2019-05-31 01:11

LVTS wrote:
2019-05-31 00:44
Just another quick update - I sent an email from my Gmail account with the following contents:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X.

------------=_5CF05C11.2E62AF3F--

This is supposed to be a test and indeed this email was blocked by SpamAssassin

"The response from the remote server was:
554 Tagged as Spam by SpamAssassin"

Thank you so much for your help again!
You have now ventured forth to a new life long quest :mrgreen: SPAMFIGHTING :twisted:
SørenR.

The quantum rule of insecurity which states that the act of observing how vulnerable a host or service is changes the insecurity level of the service.

Technoman
New user
New user
Posts: 26
Joined: 2019-05-26 09:16

Re: Blocking Spam Efficiently

Post by Technoman » 2019-06-06 01:41

Can someone be kind enough on here who has this running to make a YouTube video in setting up spamassain PLEASE
much appreciated

User avatar
jimimaseye
Moderator
Moderator
Posts: 7950
Joined: 2011-09-08 17:48

Re: Blocking Spam Efficiently

Post by jimimaseye » 2019-06-06 09:14

Technoman wrote:
2019-06-06 01:41
Can someone be kind enough on here who has this running to make a YouTube video in setting up spamassain PLEASE
much appreciated
I wont. Everyone else manages to follow my easy-step guide and succeed. I feel its enough.
HMS 5.6.6 B2383 on Win Server 2008 R2 Foundation, + 5.6.7-B2415 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

Technoman
New user
New user
Posts: 26
Joined: 2019-05-26 09:16

Re: Blocking Spam Efficiently

Post by Technoman » 2019-06-06 19:20

jimimaseye wrote:
2019-06-06 09:14
Technoman wrote:
2019-06-06 01:41
Can someone be kind enough on here who has this running to make a YouTube video in setting up spamassain PLEASE
much appreciated
I wont. Everyone else manages to follow my easy-step guide and succeed. I feel its enough.
Thanks for the reply, no problem, i have followed every step of the way that is mentioned and each time i click on test i get "unable to connect to the specified spamassasin server"? I wonder why I am the only one having these issues plus i have tried reinstalling it several times and re peating the steps but still the same error. Any extra steps i can take to perhaps solve my issues? if it helps im running this on windows 7 with firewalls disabled.

User avatar
mattg
Moderator
Moderator
Posts: 19810
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Blocking Spam Efficiently

Post by mattg » 2019-06-07 01:35

Where is your spamassassin installed (ip address)
What IP address do you have in your spamassassin settings in hMailserver?
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Technoman
New user
New user
Posts: 26
Joined: 2019-05-26 09:16

Re: Blocking Spam Efficiently

Post by Technoman » 2019-06-07 03:29

mattg wrote:
2019-06-07 01:35
Where is your spamassassin installed (ip address)
What IP address do you have in your spamassassin settings in hMailserver?
Ok thanks mattg, the problem was it needed to be started manually by cmd. its working now thanks so much.

Post Reply