If you use Plesk, you can better protect your email service from spam, message overload and user password problems with a few simple tweaks.
You can make all of these changes by navigating to the Server -> Mail Preferences tab in Plesk.
Maximum Letter Size
Various studies put the average email size below 100KB. So one thing you can do is limit the size of emails coming into you server. I’ve seen other data suggesting the average attachment size is less than 1 MB.
I recommend a setting of 5 MB or lower.
Setting a low attachment size prevents large emails from clogging up mail boxes, reducing issues with a single email filling up a users quota and causing bounces.
Users often choose simple passwords which are easily guessed by attackers. Fortunately, Plesk provide an easy way to prevent this.
Just check the box that says “Check the passwords for mailboxes in the dictionary”.
This will force users to select good passwords when setting up their accounts.
If you need to send email through your server, I recommend using only SMTP authentication. POP3 – based authentication has some security issues and I’ve seen it exploited by some attackers. To use SMTP Authentication, your clients will need to check “this server requires authentication” or something similar in their email clients.
Using this setting reduces the chance an un-authorize user can send email using your server.
Leave this off unless you have purchase the add-on Kaspersky or Dr. Web license. Many server providers install this add-on but it requires an additional license. Leaving it enabled simple consumes resources and can contribute to email delivery problems.
DomainKeys and SPF
Unless you have a specific need DomainKeys or SPF, leave them disabled. I have found many email delivery issues caused by the sender’s server not configuring their keys or SPF records correctly. If you want to assure that emails get to your users, I recommend these be set to off.
DNS Blackhole Lists
Real time blacklists (RBLS) can be very helpful at combating some spam. I recommend the following blacklists:
You enter these like this in the text box:
You can find other blacklists to use but using these three provides very broad coverage. Do not use too many lists or ones that are slow to respond. If you have a very busy email server, then just use one or two the the recommended lists.
Use Long Names
To allow a user name like “info” to be used on more than one domain in Plesk, you must check “Only use of full POP3/IMAP mail accounts names is allowed.” Your users will then need to use their full email:
as their username.
While most of these are simple options, I often see them omitted on servers. You can easily set these items by logging into the Plesk control panel. With these settings, you gain a little more protection against items that may disrupt email service.