Generally, we are able to manage posts which have spam content. Most existing users, they are quite benign. I think we are lucky so far with that we do little to no moderation (maybe only fixing some typos and moving to the right category) 🙂

In this specific case, the issue was the profile page had spam content. This is a bit more elaborate and I am not sure how @SPRADEEP even came across it. I think if we have a script to clean up profiles which are over 2 weeks old and have not posted anything and have some junk profile, we can delete them. I can't imagine it's hard to spot junk in profiles with some basic word matching.

@girish thank you for your answer

Good notes to follow up when we look into email in the next release.

IIRC, whitelist setting is a bit dangerous because it allows "spoofed" emails as it pretty much bypasses all the SPF/DMARC/DKIM checks. Meaning, Cloudron does not reject mail if those checks do not pass because there are too many misconfigured mail servers out there. Instead we tag the failures and allow spamassassin to score the rules. whitelisting makes spamassassin bypass the checks altogether.

@d19dotca Sadly, they do match. I'm guessing it's something with my current setup that's acting funny. I'll ignore it for now since I plan on migrating either to the new Contabo server that I got or upgrading my current one at DO to Ubuntu 20.04. I just thought it was a wrong setting on my part.

Thank you for looking into this and for sharing the custom spam rules! I know you've put a lot of time into that 👍

2443c4d7-ec13-4149-add3-28e1e7ad48ed-image.png

I end this thread because I now have a more specific one going.

@girish said in Anyone else see many connections denied due to "Mail from domain <domain> is not allowed from your host" repeatedly from spammy IPs?:

A bit of a wild guess: mail from is usually <> for bounce mail. So, this seems like some poor denial of service or maybe those IPs know that some mail software misbehaves with such carefully crafted mail.

Ah very interesting, I appreciate that insight. It was definitely strange when I saw it happening - so many requests at once. I'll keep an eye out for it. Sounds like it's all good then as far as Cloudron is concerned. 🙂 Thanks Girish.

@d19dotca This looks pretty good. I am testing it now 🙂

There is a "Spam" filter type in next release - 6.4

Okay... I may be on the side of this working properly again. lol. Maybe I've been wrong this whole time in thinking it wasn't working correctly.

So coincidentally I was checking the mail server logs and saw another example of the same message go through to the same recipient from the same mail server, it was listed in the logs as "just now" so I quickly checked mxtoolbox and found that only 4 at that time had been listed, none of which were ones I was using.

Here is how it looked at the very moment I checked when it was "just now" in the logs:

69bc5a02-12ca-420e-958a-27405c21f7ed-image.png

07b937c4-4840-4c14-887b-7513acc87251-image.png

Edit: Checking about 6 minutes later, I see the blocklists have aleady been updated for more (Spamhaus Zen in this case would have caught it if it were about 5 minutes earlier):

4522d168-dc21-498f-845b-885cfe0a73a1-image.png

So I guess we can probably mark this as resolved, as I now see conclusive evidence that the various blocklists used just didn't have it listed until a few minutes after the message was received. I guess in order for it to adapt so quickly this spam attack on one of my users from those mail servers must be right at the beginning of a spam wave. Kind of neat actually to see how real-time these lists are. haha.

@girish - this is not possible to do unfortunately in Cloudron it seems, but kindly tell me if I'm doing something wrong here.

The redirect works for filtering out spam, in other words only non-spam messages get through to the endpoint email using a filter like this:

# rule:[Forward non-spam messages] if allof (not header :contains "x-spam-status" "Yes,") { redirect "<externalEmailAddress>"; }

However, all messages marked as spam still save in the mailbox regardless of any filters I set to discard them. In my case, I want the spam messages to be discarded/deleted automatically as there's no sense in them remaining in the "forwarding only" mailbox. It seems maybe there's a priority filter going on elsewhere in Cloudron that's overriding my sieve filter?

Using a filter like this:

# rule:[Discard spam messages on arrival] if allof (header :contains "x-spam-status" "Yes,") { discard; stop; }

... will still save the email in the Spam folder. I've tried variations of it too but no-dice. Basically I can't get any filters to work when it's an identified spam message, only filters when it's NOT spam.

Here's a way to reproduce it:

Set this filter in Roundcube: # rule:[Discard spam messages on arrival] if allof (header :contains "x-spam-status" "Yes,") { discard; stop; }

Send a message to the email account using the GTUBE string which SpamAssassin automatically marks with 1000 points, it's basically a test for spam filters: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

See if the message is really discarded per the sieve filter or if it's still arriving in the Spam folder. In my cases, they still arrive in the Spam folder which seems to be incorrect behaviour.

Edit: I wrote a dedicated bug for this instead: https://forum.cloudron.io/topic/5189/can-t-discard-spam-messages-on-arrival-using-sieve-filters/1

Nevermind, I did not realize sendgrid setup was only for sending email, I see the other parts to setup for receiving email now. Please disregard.

@girish Will do

I really like the blackllist checking being built-in. Frankly, I'd also be a fan of getting notifications about it. I suppose UX-wise, perhaps this is the appropriate sort of thing to trigger a yellow status on email.

@girish Ok

@marcusquinn Thank's Marcus, I'll follow your advice to check the reputation BEFORE, and if reputation is poor, just delete and purchase new one.

Should be interesting that ISP's do themself this control and tell BEFORE the IP reputation.

Personally, I'm migrating away from GMail, and wouldn't recommend it, although I appreciate it's difficult to cut those ties for some.

Another possible solution: would be to forward to any other email service that does support POP3 but doesn't have spam filtering. That way, you're not sending email to GMail, it's pulling and filtering. Appreciate that a 3 mailserver setup is odd though, but then so is GMail.

I think it's worth just having a POP3 post in Feature Requests though, purely as a way to allow for any other 3rd party email someone wanted to do this with. I can see privacy advantages in POP3 as well, if one didn't want emails stored on their Cloudron and just locally. I wouldn't like to see POP3 ignored as without advantage, when if privacy is a concern, that could be a legitimate use-case.

added a Feature Request for #2 -- please upvote https://forum.cloudron.io/topic/5027/pop3-gmail-polling-support

(still an issue - also possibly related to https://forum.cloudron.io/topic/4921/bayes_00-rule-set-for-some-mail-to-mailing-list-no-mailbox/1 ?)

@d19dotca
We got improvement after the 500 mail for day, feed to our ML filter, BAYES normally need less information, but if you don't have enough fresh data it will always be too late.

OK, with @NCKNE 's help we got this figured out. Cloudron has a anti-spoof check where we don't allow external servers to send email with FROM address set to any incoming domain. In this case, a backup MX is relaying email to Cloudron and it is correctly detected as spoof-ed email.

The workaround is to simply whitelist the MX's IP in the SPF record. With this Cloudron has the "authorization" that the server is allowed to relay such email and accepts the mail. I have added a section in our doc here - https://cloudron.io/documentation/email/#alternate-mx

@iamthefij Well the you can make it so you're not discoverable unless you message the person. Thats pretty anonymous

@d19dotca Currently, there is no way. The SA settings are set in stone. I can open up our mail addon git repo tomorrow so you can get a better idea of how we have implemented it.

But overall, our idea was that customers don't have to deal with implementation details like SA (for example, maybe we use rspamd later) and that spam detection should just work. If you have SA expertise, I am happy to incorporate your suggestions into the default settings.

@girish I just wanted to add another reason why we need better spam control exposed to admins... I just had a client who had their home IP address blacklisted by Spamhaus in their PBL because of the range of IP it was found in, even though they were not spamming at all (since the PBL blocks IP ranges). I have asked for it to be delisted but it'd be awesome if in the future I could just whitelist the IP address or something like that to quickly resolve it for them.

Update: Just found https://cloudron.io/documentation/email/#blacklist-domains-and-ips which is for blacklisting but I extrapolated from that and found the related whitelist files too, so used that. This needs to be added to the docs. I will see if I can submit that change in the git for you guys. 🙂 With that said though, it'd still be nice to see this exposed in the UI so if an admin is on the road / unable to SSH to the server, it can be easily whitelisted still.

@necrevistonnezr said in How does spam work with special mail folders?:

@girish Wouldn't it make sense to create hardlinks instead of symlinks for these folders so that you don't have duplicate folders? Ar am I overlooking something?

The cloudron backup logic does not understand hardlinks. It would then end up taking backup of your junk folder twice. This is unlike symlinks which is ignored by the backup code. Neither the symlink nor the contents of a symlink are backed up.

This does bring up an important point that if you move your mail server to a different server, you have to remember to create this symlink by hand again!