There are several features included in Plesk to help combat spam. Some features are enabled by default, others are off or can be tweaked to work more effectively.
Global SettingsThe first settings that can be tweaked are found in Plesk under the Settings >> Mail Server Settings page. Enabling all of them is recommended if you’re trying to negate as much spam as possible.
Firstly ensure that Verify incoming mail is ticked under the DomainKeys spam protection – this enables your mail service to check the Domain Key attached to emails that are sent from a server that supports this option.
Next make sure that Switch on SPF spam protection is enabled and set the SPF checking mode to Reject mail when FPS resolves to fail (deny). This will allow SPF checking to be used which is quite widely supported and will help stop a lot of general spam.
Lastly in this section, tick the box for Switch on spam protection based on DNS blackhole lists and enter sbl.spamhaus.org;bl.spamcop.net into the DNS zones for DNSBL service box. This lets your mail server check the sender against databases of known spammers and block them based on that knowledge.
Now navigate to the Spam Filter page for Plesk by going to Settings >> Spam Filter Settings. Make sure that Switch on server-wide SpamAssassin spam filtering is ticked, this will perform most of the additional ’email content specific’ checks. You can tweak how sensitive this is by changing the The score that a message must receive to qualify as spam value. It’s set to 7 by default but 5 is a good value to use that will catch more spam without being overzealous (the lower the number, the more sensitive the spam filter).
Per DomainThe last setting is domain dependant and is disabled by default, but is something that many people enable without realising the massive impact it will have on how much spam email you receive.
Navigate to the Mail section for the domain in question and then go into the settings section. In here you should find an option labeled What to do with mail sent to nonexistent users. This essentially means that any email sent to this domain for an address that doesn’t exist, will go to the address specified in the box next to it. This will increase the amount of spam you receive exponentially and should be disabled, instead use email aliases on the respective addresses.
DoneAnd that’s it, you’ve now tweaked Plesk to minimise spam as much as possible. If you continue receiving large volumes of spam after these changes then try lowering the Spamassassin number we covered earlier. Unfortunately it’s almost impossible to stop all spam automatically but this should at least stop as much as possible before it reaches you.