Topic: adjusting spam filters

[demonx]

I've added my internal domain to the whitelist because email from my users was frequently being labeled a spam. That solved that problem but now I'm seeing spam coming through from non existent users of that same domain. Is there a way to make the server check for the user account before allowing the mail to come through?

[bpivk]

demonx do you have a webpage that can send mail (cms webpages) because this sounds like a hacked script

[demonx]

For one thing address books on workstations are frequently hijacked when workstations become infected. The emails I'm talking about are generally going to and existing account or account alias on my domain. If the server could check incoming mail and when the senders email address is the same as its own domain it should reject or drop the email if theres no such user. My old server worked that way but SME doesn't appear too. I'm using version 7.1 of SME. The server is behind a firewall with all but the necessary ports being blocked. Its used for email only. I do use SME for file and print but those are all separate servers from the mail server and are completely firewalled off from the internet.

[mmccarn]

on SME 7.1.3 if you set server-manager:Configuration:E-mail:Change e-mail delivery settings: E-mail to unknown users to "Reject" then qpsmtpd should reject all email addressed to non-existent users.

On older versions the 'return to sender' setting did the same thing -- that is, reject the message at the smtp level so that the sender would get a nice notice from their own smtp server id someone misspelled an email address on your server...

I would also recommend configuring RBLs and Bayes autolearning (sonoracomm has a how-to on email setup that's very good).

The qpsmtpd 'greylisting' plugin is included on SME but not enabled - this, too, would probably kill most of the spam you're seeing...