I'm running a Enhance -powered mail server in my stack, and I've been struggling with spam not being adequately caught by Rspamd. While Rspamd is integrated within Enhance, I’ve noticed that the default configuration seems quite basic and doesn’t catch enough spam.

I’m looking for advice from others who have fine-tuned their spam filtering settings. Specifically, I’d love to hear about any custom configurations, module recommendations (like RBLs, Bayesian filtering, fuzzy checks), or any other tips that have helped improve spam detection.

I know there has been talks about improvements in future upgrades of Enhance, but I am not sure I can wait that long without loosing customers to their daily frustration of spam being let through, without any proper means of filtering their mail.

    For users which request better spam filtering we configure SpamExperts, manually as mx, there is no integration from what I know. Or we also resell M365 for customers who afford it and require more functionality.

    ronald
    I think I get where you're coming from.

    That said, the only thing I can think of at this stage, would be offloading your mail services to another solution.
    Then again, im not sure how far down that rabbit hole one should go for shared email hosting...

    In all fairness, when was the last time you used web hosting email for anything but a pinch?

    Whatever the case, you could implement filtering like Proxmox Mail Gateway or similar third party to your email services, though I would avoid such types measures in shared environments, and as these tend to be make-or-break, in-that email is either done right, or not at all - otherwise, it will prove to be a never-ending pit of constant attention and hardship.

    NB, if you really want to offer mail services to live customers, then I'd recommend a solution like MXroute Reseller)(w/ whitelisting), otherwise, I really don't think email hosting is worth the hassles in a shared customer environment personally - but that's just me

    PS, I've been using Cloudron w/SoGo webmail along with Proxmox Mail Gateway for my personal emails, which has proven to be bullet-proof insofar as spam goes - though to be fair, that is not a customer environment, and moreso, that what little customers I do offer email to, are being hosted on MXroute

      JohnBee NB, if you really want to offer mail services to live customers, then I'd recommend a solution like MXroute Reseller)(w/ whitelisting), otherwise, I really don't think email hosting is worth the hassles in a shared customer environment personally - but that's just me

      Totally agree. After more or less 15 years, we're discontinuing the email service as it is more of a pain than a gain today. Here in enhance cluster we didn't create a mail server indeed. If a customer wants mail service now we only offer M365, and since then every single aspect is better (service, maintenance and profit), at least this is my experience.

      i'm still surprised of see many providrs who have discountinued the email service, or talks bad about providers who dare to offer email services...

      I just can't see how i would be able of that, i mean, for me, if the hosting services doesn't include mail, or the provider tells me "go pay extra to google or microsoft" i would just go to another provider s:

        josedieguez You can resell it, you don't "send them to google or microsoft", you activate 365 email instead of create yours. Price is bigger, but service is infinitely better.

        josedieguez this is exactly my experience too. Customers want the whole package and they are not willing to pay (or can't) 6 or 7 USD per mailbox.

        I was thinking on having a mailcow instance and move customers with special needs there. It's just a very intensive manual work.

        Having said that. I've had only very minor issues with spam. The last case was due to the spam settings not being saved to the enhance's redis db and thus not applying correctly.

        I believe more spam features are coming. Like the ability to learn spam. And more flexible blacklist options.

          I am not interested in a debate of whether to host email or not, and is clearly not the topic or question in this post.

          My larger clients are using professional mail services, but most of my customers are startups/entrepreneurs and small businesses where a email offering is required to be considered as their hosting provider.

          I have years of experience as a network and system administrator, I am an old fart, but only a few months as an Enhance admin - which is why I reached out. I refuse to believe the best solution is to close down the email offering.

          I will give Proxmox Mail Gateway a go.

            mendozal

            I was thinking on having a mailcow instance and move customers with special needs there

            Sounds sadistic lol

            ronald

            I will give Proxmox Mail Gateway a go.

            I think you'll like what PMG can bring to your mail services, insofar as security is concerned.

            That said, and if it were me(for whatever that's worth), I'd also consider adding an outbound relay to the mix - ie, smtp2go provides subaccounts with API to control /monitor outbound mail - and mores, that this combined with PMG could prove substantial in helping curb IP blacklisting with shared mail services.

            Good luck!

            I have got Proxmox Mail Gateway up and running for incoming mail and so far so good. Tempted to also use it for outgoing relay but I need to do some more testing first.

            As far as I can tell Enhance only support smart host relay globally, am I correct?

              ronald

              To leave no stone unturned, outgoing SMTP relay can be accomplished as follows;

              1. at the user client level - too easy
              2. at the mail server level - moderate to easy
              3. at the PMG level - no so easy

              That said, and should you choose to cover both in/and outbound with PMG, I would offer the following for your consideration;

              `To configure username/password authentication with SMTP2GO on PMG;

              1. Create necessary directories and copy templates:

                   mkdir -p /etc/pmg/templates
                   cp /var/lib/pmg/templates/main.cf.in /etc/pmg/templates/main.cf.in
              2. Edit /etc/pmg/templates/main.cf to include:

                   smtp_sasl_auth_enable = yes
                   smtp_sasl_password_maps = hash:/etc/postfix/smtp_auth
                   smtp_sasl_security_options = noanonymous
              3. Configure SMTP authentication:

                   nano /etc/postfix/smtp_auth
                   mail.smtp2go.com:2525 username:password
                   chmod 640 /etc/postfix/smtp_auth
                   postmap /etc/postfix/smtp_auth
              4. Sync PMG configuration and restart services:

                   pmgconfig sync --restart 1
                   systemctl restart postfix

              I have performed these steps/ tested and confirmed to work`

              NB, To my knowledge, it is not possible to edit ' /etc/pmg/templates/main.cf.in', as PMG will revert it the moment it is saved /restarted etc. And so you'll need to make changes to the template ' /etc/pmg/templates/main.cf.in'

              • best of luck!

              With PMG up and running for both incoming and outgoing e-mail, is like night and day. I now have proper SPF/DKIM and spam fighting techniques in play - where there seemed to be none on a vanilla Enhance mail setup.

              I hope this is something we will see improvements for at the Enhance -level soon, cause right now the vanilla e-mail setup for Enhance is not production ready.

                ronald
                Congratulations!

                I've grown quite fond of PMG since implementing it in my own service stack in recent past.
                That said, and after all of the trauma with alternative setups, we've all but forgotten what it was like to suffer with SPAM 🙂

                PS, there is also the matter of sa-learning with PMG that you may want to consider in the future

                Have you tried this thing called cPFence? I guess they include antispam in their solution too

                  For PMG you have to manually add each domain that you host on Enhance?

                    alenguav Have you tried this thing called cPFence? I guess they include antispam in their solution too

                    Yes, that’s correct. cPFence includes a server wide spam protection feature that users can enable with:

                    cpfence --enable-spam-protection

                    By default, it is off. When enabled, cPFence will automatically quarantine pure spam emails that do not contain infections or phishing links but are otherwise annoying or misleading or are trying to deceive and blackmail the user.

                    One of our users with mail servers have reported cPFence removing over 2,400 spam emails from a single account, significantly reducing inbox clutter.

                      Follow @enhancecp