Questions regarding STARTTLS and server-side email filtering. All,
A couple of questions related to email matters:
1: This moths issue of Bruce Schneier's newsletter included a pointer to this article: https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks. My VPS is running Postfix for outbound emails. What can/should I do with regard to enabling the STARTTLS flag?
2: My email address is more than a decade old and as such, is on every spam list in the country - I literally get hundreds of spam emails daily. I have always been concerned about using a server-based spam tool for fear of a non-spam message being trapped and have disabled all server-side filtering. Is this still a valid concern? What are best practices with regard to filtering? Do these methods allow some (relatively easy) means for checking the messages that have been blocked?
Thank you.
Howdy,
Let's start with question #2 -- that's actually all configurable.
If you look in Server Configuration -> Spam and Virus Delivery, you can configure what happens when spam is detected.
It can be placed in a spam folder if you like. And you can also configure it to delete spam if a certain spam score is reached, if you like.
Will that do what you're after?
-Eric
Eric,
As always, thank you for taking time to reply.
I assume you are referring to VirtualMin -> Server Configuration? I do not see the Spam and Virus Delivery option. Could this be because I have disabled those servers and/or services? If so, which ones should I enable?
With regard to configuration: I use POP to access my email. Is there a configuration that would allow me to download suspected spam to my spam folder? Otherwise, checking it becomes tedious.