How to scan outgoing emails for spam?


I want to setup an outgoing spam filter. I’ve scoured the internet for far too long and have tried numerous times to figure it out and am having no luck. I can read the Postfix and SpamAssassin manuals until my eyes bleed but it just makes my brain hurt and doesn’t really sink in.

I’m looking for a simple step by step guide to doing this with the following software:

Ubuntu 16.04
Virtualmin Pro 5.0.3
Postfix 3.1.0
SpamAssassin 3.4.1
Dovecot 2.2.22

I basically have the same issue as this person:

  1. If a site or mail account gets hacked and sends spam I want to prevent it from sending by scanning it for spam. Potentially even disabling sending by that email address if too much spam gets sent until I manually enable it again.
  2. If someone forwards all their email, to their gmail account for example, I want to prevent spam from forwarding. If someone forwards a large amount of spam gmail blocks sending to them from the server. The server doesn’t scan it for spam for some reason.

Though not currently on OVH I have been in the past and had the same issue which I solved by using a hackish script running on a cron to remove the line form the mail log and email me about it so I can investigate myself so that OVH didn’t block email on my server. But this is obviously far from ideal.

What would be better is if I could configure SpamAssassin to scan outgoing email for spam and email me so I manually can approve or disapprove the email from sending. Perhaps also this could help improve the spam filter on the server. Maybe even it could be set to approve or disapprove all outgoing email, and maybe even optionally all incoming email.

Maybe I should just make a feature request for this where there would be an interface within Virtualmin/Webmin somewhere to see such emails and approve or disapprove them. However, I can’t really wait that long since the email, hackers and spam isn’t going to stop and wait.

cPanel has an option to turn on scanning of outgoing email by the looks of it:

I can’t find A way to do it with Virtualmin so easily. I have found several different “guides” on how to do it but none of them are quite clear enough for me to be able to accomplish it. None of them are step by step and none of them work, possibly due to being for older software versions, or just me not being able to understand it.

I don’t have money to pay for an external email service or use spamxperts or anything like that so I won’t be doing that. But maybe some sort of extra SpamAssassin rules could be installed somehow, but I’m not entirely sure about how to do that or which ones to use.

Any help would be much appreciated!


I would really like to find a way to do this also.

Vote +1

This is outside the scope of this control panel. One thing could be done and that is blocking PHP mail function so if WP or some other CMS gets hacked it will reduce the chance to send spam. Other solution is to use external service like SpamExperts or some other software where you have dedicated team of people who will make changes and updates on daily basis and because of that this service cant be free. Why so frequent changes? Because spam is changing rapidly and people who send spam are always trying to avoid detection. Thats why any software without frequent updates will fail to prevent inbound and outbound spam.

There is one more solution with but i never tried as its pointless in my opinion. How small number you will set per account - 50, 100, 1000 email per hour? The norm is around 500/h and even smaller limit is more than enough to put your IP and/or domain on every major blacklist. Just few reports and your IP is on the list.