Spam detection

mike0810 · September 10, 2016, 5:19pm

I was recently hit by a Spammer, one of our Users had a weak Password:

Is there any way to get an Alert Email when the Spamscore of Sent Email hits a specific Level and a certain amount of Emails have been sent?

Is there a way to force complex Passwords on Users?

Thanks!

mike0810 · September 13, 2016, 7:16pm

Bump?

Joe · September 13, 2016, 10:20pm

Some kinds of password policies can be enforced in Webmin, under Webmin->Webmin->Webmin Users->Password Restrictions

This will only apply to password activity within Webmin (so, the Change Passwords module can enforce it, but using passwd on the command line won’t…though you can configure that using the PAM cracklib module (which is enabled, by default, on RHEL/CentOS, but you can enforce stricter requirements, like longer passwords or other qualifications): http://linux.die.net/man/8/pam_cracklib

Outgoing email is not processed for spam, in the usual case. Virtualmin uses procmail to handle spam and virus scanning, and there are not hooks for outgoing mail to go through procmail. You’d need to use something like the example given here:

http://serverfault.com/questions/126282/postfix-check-outgoing-mail-for-spam#130437

Virtualmin uses Postfix, by default, so those examples are suitable for your system. A more complete discussion of the topic is here:

https://nacko.net/creating-an-outgoing-mail-relay-with-postfix-and-spamassassin/

Seems like maybe we should add an option to do this automatically in Virtualmin. It’s come up quite a few times…it surprised me the first time (I never really even thought about it being a problem, as I assume my users are reasonably trustworthy, but even trustworthy users can make dumb mistakes), but after seeing it requested a bunch, I’m no longer surprised. And, it’s really very simple to setup, since we already have all the code to handle SpamAssassin and ClamAV (which is among the hardest parts of what Virtualmin does…mail is a really stupidly hard problem, due to spam and viruses).

Joe · September 13, 2016, 10:22pm

Also note that you can edit the way mail flows in Postfix within Webmin. The master.cf file is editable in the Server Processes page in the Postfix module (the Postfix module in Webmin is excellent, with nearly complete coverage of all of the configurable options in Postfix).

mike0810 · September 14, 2016, 2:12pm

Hi Joe,

thanks for replying. I saw this post: https://www.virtualmin.com/node/29763 but when I try to validate the Regex (https://regex101.com) in never got any match.

Best would be a Regex to force the User to have at least one Uppercase in the String, one Number and one Special Character of Group !"§$%&/()=?*+’#_-:.;,`´<>

But I am not a Regex Specialist.

Thanks

mike0810 · September 14, 2016, 2:35pm

I found a regex which worked well with the validator: ^(?=.[a-z])(?=.[A-Z])(?=.\d)(?=.[!@#$%^&’])[^ ]{8,}$ but it had no effect in wether in the Virtualmin “Edit User” Menu (i was still able to use 1234 as Password) nor in the Usermin Frontend when I logged in as a User and tried to change my Password.

I could still user 12345 as new password.

Cheers