Option to Reject, not just Delete/Block all spam in Spamassassin setup

flips

Verified User
Joined
Jan 21, 2020
Messages
5
Hi! In "SpamAssassin Setup" it would be nice to have an option to Reject (as in bounce/discard with message) spam.
(When it's just deleted, it looks to the sender that it's accepted, in a way the recipient email address is confirmed as existing.)
I know it's a matter of debate what's the best way, but having an option for rejecting would be nice.
(Currently one has to use Sieve in RoundCube to Discard with Message, and then one has to set it up per email account.)
 

mxroute

Verified User
Joined
Sep 24, 2019
Messages
32
This is an important distinction. Right now these are the options:

1. Inbox it
2. Redirect to catchall
3. Send to spam folder
4. Delete it

Inbound spam can sometimes increase exponentially based on successful receipt of an email. By accepting the email first, the default configurations declare the mailbox to be a valid recipient for the message.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,541
Location
Maastricht
(When it's just deleted, it looks to the sender that it's accepted, in a way the recipient email address is confirmed as existing.)
Keep in mind that bouncing is also kind of confirming. Spammers do spoofing, which is the reason we disabled bounce messages. They spoofed mail adresses, then send spam to the server. The server bounced it as spam, sending it to the spoofed email adresses, which not all block them. Next to that, you can get a blockade in the dynamic spamfilter from outlook/hotmail/live and you won't be able to get out of that easily.
This is something to take into consideration when you're looking for a serverwide solution.

When it's just deleted, it's not sure if it's existing or just deleted so 50%. As long as the receipient does not sees/reveives the spam (because deleted) the spammer, seems a better solution to me.
When sending to inbox or spambox it can be read by the receiver, which might trigger hidden confirmation sections.

Just my 2 cents.
 

mxroute

Verified User
Joined
Sep 24, 2019
Messages
32
Keep in mind that bouncing is also kind of confirming. Spammers do spoofing, which is the reason we disabled bounce messages.
Yeah, that can be problematic for sure. Rejecting at SMTP time is definitely the better option to bouncing.
 

flips

Verified User
Joined
Jan 21, 2020
Messages
5
An option to add certain senders to a "reject list" would be nice.

Lots of spammers send using correct SPF and DKIM, and I want to reject some of these non-spoofed senders ...
(I tested this by rejecting/failing specific senders for specific accounts using Sieve, and there is a decrease in spam sent over time, as compared to blacklisting/ignoring.)
 

mxroute

Verified User
Joined
Sep 24, 2019
Messages
32
There is already.
You can use the /etc/virtual/blacklist_domains and blacklist_senders for this, even use wildcards.
Good to know, but would be better at the per user level than global per server. Would be more equal to cPanel in that way which is what people have come to expect as somewhat of a standard in how user level SA configs are treated.

For example the amount of spam from .monster domains is incredible right now. I blocked it globally for a time, but once one customer bought a .monster domain now every customer has to be subject to it unless other reject conditions are met, which with DA’s defaults are really just RBL conditions unless using ESF which is just too heavy handed for users to not be able to override at their level.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,541
Location
Maastricht
Good to know, but would be better at the per user level than global per server.
Didn't you check or am I missing something? This option is also already present at user level via Spamassassin. You need to have Spamassassin installed though.
 

flips

Verified User
Joined
Jan 21, 2020
Messages
5
There is already.
You can use the /etc/virtual/blacklist_domains and blacklist_senders for this, even use wildcards.
Blacklist doesn't reject at SMTP time?
Everything I blacklisted in user_prefs end up as accepted and thrown away in the log, IIRC

Or is blacklist_senders a different option, and I've been using blacklist_from or something?
 

mxroute

Verified User
Joined
Sep 24, 2019
Messages
32
Didn't you check or am I missing something?
These are the current options users have to choose from in how spam is handled, as spam is defined by their user preferences:

1. Inbox it
2. Redirect to catch-all
3. Send to spam folder
4. Delete the spam

Where as the functionality me and @flips are looking to see implemented would be more on par with how cPanel handles things that are absolutely defined as spam by the user preferences. I'll go over it a bit:

My cPanel account on ghost.mxroute.com has just added jarland@gmail.com to user_prefs as a blacklisted item. The actual item written to the user_prefs file by the control panel is this:

Code:
blacklist_from jarland@gmail.com
Now I'm going to telnet to ghost.mxroute.com and attempt to deliver an email to me@jarland.me while claiming to be sending from jarland@gmail.com. While this violates SPF, that won't be relevant, the filter in the user_prefs is what will cause this event:

Code:
 [root@gateway] ~ # telnet ghost.mxroute.com 25
Trying 138.201.205.224...
Connected to ghost.mxroute.com.
Escape character is '^]'.
220-ghost.mxroute.com ESMTP Exim 4.92 #2 Thu, 06 Feb 2020 19:11:21 +0000
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
HELO gateway.mxroute.com
250 ghost.mxroute.com Hello gateway.mxroute.com [104.251.123.3]
MAIL FROM: jarland@gmail.com
250 OK
RCPT TO: me@jarland.me
250 Accepted
data
354 Enter message, ending with "." on a line by itself
Subject: What's up?
Disregard this
.
550 "The mail server detected your message as spam and has prevented delivery."
quit
221 ghost.mxroute.com closing connection
Notice that ghost.mxroute.com did not deliver a bounce message to jarland@gmail.com nor did it deliver or delete it after accepting it, but it directly rejected it at SMTP time sending a failure code to the sending server after it processed the entire content through SpamAssassin's rules, including the local user's individual rules. This is something I would like DirectAdmin to be able to do, but is not currently set up for such a scenario. DirectAdmin will take that blacklisted email and inbox it, redirect it to catch-all, deliver to the spam folder, or accept it and delete it. However, all of these options involve spammers counting the email account among those that work and accept their emails.

For many users this results in exponentially increased spam over time, for which all but the last option DA offers result in increased inode usage if not regularly cleaned, which becomes an increasingly difficult job due to the exponential increase over time. With the growth of DA users after the cPanel pricing fiasco, you'll see the increased inode usage creep up on all of the shared hosting providers with high tenancy per server in 3-5 years where they were able to curb it previously by stating a global SpamAssassin reject score in WHM and users were able to reject more email outright. Couple this with a significant number of catchall accounts on each server and the timeline may be even sooner.
 
Last edited:

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,541
Location
Maastricht
Blacklist doesn't reject at SMTP time?
Everything I blacklisted in user_prefs end up as accepted and thrown away in the log, IIRC

Or is blacklist_senders a different option, and I've been using blacklist_from or something?
Sorry, I forgot you were looking for a user option to reject.
I was referring to blacklist_domains which is serverwide. As far as I know this is blocked by Exim when incoming.

These are the current options users have to choose from in how spam is handled
Yep, correct. I was referring to the "Email Blacklist" section, but that section does not reject but also only marks it as spam.

I was put on the wrong foot by the first line there which says:
This is the list of email address that will be blocked.
But in fact it will be marked as spam and then being handled as the one of the 4 choices set up. My mistake.
 
Top