Page 13 of 21 FirstFirst ... 31112131415 ... LastLast
Results 241 to 260 of 408

Thread: SpamBlocker-Powered exim.conf, Version 4

  1. #241
    Join Date
    Jun 2007
    Location
    California
    Posts
    498
    How do you know it's not working? Have you looked in your /var/log/rejectlog?

    Did you add and configure the files required in /etc/virtual ?

    Note that while I can certainly help you troubleshoot as a service, it would be less expensive to have me install the package. Then you can do a diff on my install vs yours.

    Information here (nobaloney.net).

    Jeff
    Serving the DirectAdmin community since 2003
    See Additional posts under user nobaloney

    directadmin@nobaloney.net +1 951 643-5345
    Contract DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    http://www.nobaloney.net
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  2. #242
    Join Date
    Feb 2012
    Posts
    41
    Quote Originally Posted by NoBaloney2 View Post
    Did you add and configure the files required in /etc/virtual ?
    Ops, that was the problem, sorry for the noise

  3. #243
    Join Date
    Feb 2012
    Posts
    41
    I noted some mobile clients use the IP address in the HELO, and so if the check is enabled they are blocked before they authenticate.
    I fixed this adding a "condition = ${if eq{$interface_port}{25}}" in the acl_check_helo:

    Code:
    # deny if the HELO is an IP address
        deny message = HELO is an IP address (See RFC2821 4.1.3) - Please use port 587 for auth
             condition   = ${if eq{$interface_port}{25}}
             condition   = ${if isip{$sender_helo_name}}
    In this way if they use port 587 they are not blocked.

  4. #244
    Join Date
    Jun 2007
    Location
    California
    Posts
    498
    Good idea. I'll soon be starting a section here (perhaps just a thread, perhaps a subforum) for the next version of SpamBlocker exim.conf. Please put the suggestion when I open it up for suggestions.

    Thanks.

    Jeff
    Serving the DirectAdmin community since 2003
    See Additional posts under user nobaloney

    directadmin@nobaloney.net +1 951 643-5345
    Contract DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    http://www.nobaloney.net
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  5. #245
    Join Date
    Jan 2009
    Posts
    10
    Quote Originally Posted by Derevko View Post
    I noted some mobile clients use the IP address in the HELO, and so if the check is enabled they are blocked before they authenticate.
    I fixed this adding a "condition = ${if eq{$interface_port}{25}}" in the acl_check_helo:

    Code:
    # deny if the HELO is an IP address
        deny message = HELO is an IP address (See RFC2821 4.1.3) - Please use port 587 for auth
             condition   = ${if eq{$interface_port}{25}}
             condition   = ${if isip{$sender_helo_name}}
    In this way if they use port 587 they are not blocked.
    Thanks a lot.

    If not this line in your config file, Android 3.0 users can't setup their mails.
    It fixes the "Server unexpected error", "Connection Error" on Android (3.0) devices.

  6. #246
    Join Date
    Jun 2007
    Location
    California
    Posts
    498
    Don't forget to post this when I ask for suggestions for the next version of SpamBlocker.

    Jeff
    Serving the DirectAdmin community since 2003
    See Additional posts under user nobaloney

    directadmin@nobaloney.net +1 951 643-5345
    Contract DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    http://www.nobaloney.net
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  7. #247
    Join Date
    May 2004
    Location
    Turkiye
    Posts
    139
    Hi All, I'm receiving spam mails from a same domain lately, I'll block it but I want figure out how it passes those filters first. Spamassassin thinks it's a local mail so the score is always below zero but I believe spamblocker denies hosts pretending to be my host.

    I'm using spamblocker 4.1. I pasted the header below so can you tell me if it passes the spamblocker or it's just dumb spamassassin?
    Return-path: <aj3hamr3EpRGrvfSJoK@konuk.net>
    Envelope-to: oneof@mydomains.com
    Delivery-date: Fri, 16 Mar 2012 11:35:15 +0200
    Received: from mail by myhost.mydomain.com with spam-scanned (Exim 4.73)
    (envelope-from <aj3hamr3EpRGrvfSJoK@konuk.net>)
    id 1S8TYz-0005Ve-KZ
    for oneof@mydomains.com; Fri, 16 Mar 2012 11:35:15 +0200
    X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on myhost.mydomain.com
    X-Spam-Level:
    X-Spam-Status: No, score=-1.4 required=3.0 tests=BAYES_00,DKIM_SIGNED,
    DKIM_VALID,DKIM_VALID_AU,FROM_LOCAL_NOVOWEL,HK_RANDOM_ENVFROM,HTML_MESSAGE,
    MISSING_MID,RP_MATCHES_RCVD,SPF_NEUTRAL autolearn=no version=3.3.2
    Received: from m5-81.konuk.net ([184.173.135.81])
    by myhost.mydomain.com with esmtp (Exim 4.73)
    (envelope-from <aj3hamr3EpRGrvfSJoK@konuk.net>)
    id 1S8TYz-0005VO-6q
    for oneof@mydomains.com; Fri, 16 Mar 2012 11:35:09 +0200
    DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; s=knet; d=konuk.net;
    h=Subject:MIME-Versionate:Sender:To:Content-Type:From:List-Unsubscribe;
    bh=/+kl0GqQhSJ1UmL5YllGhPFWG6+u8ILPoQBi8w6rfBk=;
    b=rUXb8LJUWdpLI9Fd4Q3xIWdQvdYFfd1ik5mt46/F2ejokmbEMoHpGUJgoz2XNUPZo66QprEyDx0M
    /NtEa4rBm43qRIuZsc3S3IZDQFSD6lCDSOCHjdH4MlFLRsE1T9qQDgjLP+PVruaX4nxLyQM+Kch7
    Iw9k0PXUb27Qm4MDeF4=
    X-RCPT-To: "oneof@mydomains.com"
    Subject: re:
    MIME-Version: 1.0
    Date: Fri, 16 Mar 2012 11:35:59 +0200
    X-Mailer-SenderId: TC8mGg
    Sender: QzVhVkVG@myhost.mydomain.com
    To: "oneof@mydomains.com"@myhost.mydomain.com
    Content-Type: multipart/alternative;
    boundary="----=_NextPart_000_00klrsU0_275wrcqG8nScdug3g6Tq75.26mlV0fH7kcTdf879"
    From: "=?iso-8859-9?B?YmFrYXIgbf1z/W4gPw==?=" <aj3hamr3EpRGrvfSJoK@konuk.net>
    List-Unsubscribe: <http://www.konuk.net/system/unsubscribe.php?adress=oneof@mydomains.com&aid=JfWPCc&lang=Tr&m=209>,<mailto:unsubscribe@konuk.net?subject=unsubscribe-oneof@mydomains.com>
    Errors-To: "oneof@mydomains.com"
    Message-Id: <E1S8TYz-0005Ve-KZ@myhost.mydomain.com>
    Also this konuk.net domain is a spammer, they even have a website which tells that they can send spam mails for your for a price. But their ip addresses and domain are clean on blacklist, how could this happen?

    Thanks
    Last edited by enginaar; 03-16-2012 at 10:57 AM.

  8. #248
    Join Date
    Jun 2007
    Location
    California
    Posts
    498
    If it's on your server it's passed SpamBlocker, SpamBlocker refuses to accept emails from hosts classified as sending spam by the various RBLs it uses.

    SpamBlocker blocks only on sender reputation and it's effectiveness changes from time to time. Are you using my latest version? If so have you enabled all the RBLs?

    The reason we have the local blacklists and whitelists is specifically you can add a server or sender.

    Jeff
    Serving the DirectAdmin community since 2003
    See Additional posts under user nobaloney

    directadmin@nobaloney.net +1 951 643-5345
    Contract DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    http://www.nobaloney.net
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  9. #249
    Join Date
    May 2004
    Location
    Turkiye
    Posts
    139
    Thanks Jeff, I believe it's the latest, version 4.1, and I enabled all RBLs, but the thing here that I can't believe is this domain publishes itself as relay smtp service which sends spam mails for its clients and it's still not in any of these RBLs. Is there a way to make it listed?

    Also in this e-mail header, which is delivered without any blocks, spamassassin marked it as a local delivery. I'm checking spamblocker's exim.conf file and at the EDIT 25 section, it seems like it has the ability to block if HELO pretends to be my host. Is it possible it can get confused?

  10. #250
    Join Date
    May 2004
    Location
    Turkiye
    Posts
    139
    I'm sorry, I feel stupid, I was rechecking spamassassin rules and I realized that I've confused FROM_LOCAL_NOVOWEL with FROM_LOCAL, that's why I though it was a local delivery and has a minus score. I'm sorry for bothering.

  11. #251
    Join Date
    Jun 2007
    Location
    California
    Posts
    498
    No problem.

    Jeff
    Serving the DirectAdmin community since 2003
    See Additional posts under user nobaloney

    directadmin@nobaloney.net +1 951 643-5345
    Contract DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    http://www.nobaloney.net
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  12. #252
    Join Date
    Apr 2007
    Posts
    264
    About larger emails + attachments...

    It seems like when u set message_size_limit = 100M in exim.conf
    and use ClamAV and you set the scan-limit to 1000K (condition = ${if >={$message_size}{1000k} {1}{0}}) in exim.conf , the email still goes through clamd.

    Because if u don't set the StreamMaxLength in clamd.conf equal to message_size_limit in exim.conf it generates errors like:
    in receiving mail server log
    2012-05-03 16:36:59 1SPx9M-0002GW-5Y malware acl condition: clamd: unable to send file body to socket (127.0.0.1:3310)
    2012-05-03 16:36:59 1SPx9M-0002GW-5Y H=blablabla [123.456.789.110] F=<bla@blablabla> temporarily rejected after DATA
    and in clamd.log
    WARNING: INSTREAM: Size limit reached, (requested: 30305991, max: 26214400)
    and in mail log on sending email server
    2012-05-03 12:54:06 SMTP error from remote mail server after end of data: host blablabla [789.456.123.112]: 451 Temporary local problem - please try later
    2012-05-03 12:54:06 bla@bla.bla <bla@bla.bla> R=lookuphost T=remote_smtp defer (-46): SMTP error from remote mail server after end of data: host blablabla [123.456.789.110]: 451 Temporary local problem - please try later

    But why would exim still send the email through clamd if the email is larger than the 1000K anyway ?


    This was both a question and a howto fix these errors for those who need it

  13. #253
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    I don't know. Perhaps you can check it by setting extremely low limits (in bytes), and then using exim -bh to simulate a message and see what's triggered.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  14. #254
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,482
    I did search, but wanted to make sure.

    I've just change to 4.1, and some clients are complaining about not being able to send mail using Outlook. Seems that the HELO response is to blame:
    eg
    2012-07-25 09:19:08 H=114.xxx.189.80.dyn.plus.net (JackiePC) [80.189.176.xxx] F=<office@xxxx> rejected RCPT <alanemberson@xxx.com>: R1: HELO should be a FQDN or address literal (See RFC 2821 4.1.1.1)
    2012-07-25 09:19:11 H=114.xxx.dyn.plus.net (JackiePC) [80.189.176.xxx] incomplete transaction (QUIT) from <office@xxxxxx>
    So, do I advise them to use port 587 (going by #4 in http://www.directadmin.com/forum/sho...t=36481&page=1 )?

  15. #255
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Yep, and also use authentication for smtp connection

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  16. #256
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,482
    How do you tell what port is used? As this client says they are still getting the "HELO should be a FQDN or address literal" even on port 587.
    I guess going by the logs, this "P=esmtpa" determines the port and/or authentication? As that goes through ok.

  17. #257
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Again, authentication needed.

    Thats the way to solve the error.

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  18. #258
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,482
    If the worst comes to the worst, apart from more spam getting through, are there any other drawbacks in removing this check to allow anyone on port 25?

  19. #259
    Join Date
    Oct 2004
    Location
    London, UK
    Posts
    6,641
    Well, im not totally sure but would be allow everyone to send form you server, so, you would be an open relay and you would be set as "spammer" ip soon.

    Maybe im wrong, wait for other reply/confirmation about that.

    Regards
    SeLLeRoNe - Andrea Iannucci
    DevOps Engineer - System Administrator
    If you need my support write me an E-Mail to Support@CrazyNetwork.it

  20. #260
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,482
    I mean a more relaxed HELO condition, sorry, had a bad day, didn't explain clearly. That's if you can? Although, I see !authenticated = * in the helo acls, so there's no way not to use port 587, unless like me, connections have a valid ptr/rDNS record (I can send via port 25 no problems).
    Last edited by Peter Laws; 07-27-2012 at 06:00 PM.

Page 13 of 21 FirstFirst ... 31112131415 ... LastLast

Similar Threads

  1. Which version of Exim is SpamBlocker compatible with?
    By Christopher in forum SpamBlocker4
    Replies: 2
    Last Post: 01-04-2013, 11:40 AM
  2. Replies: 4
    Last Post: 02-23-2012, 04:40 PM
  3. SpamBlocker-Powered exim.conf Version 4 changelog
    By nobaloney in forum SpamBlocker4
    Replies: 2
    Last Post: 06-19-2011, 02:51 PM
  4. Spamblocker Version
    By chrisrandell in forum SpamBlocker
    Replies: 8
    Last Post: 05-03-2009, 04:36 PM
  5. Turning Spamblocker on in exim.conf
    By louie55 in forum E-Mail
    Replies: 4
    Last Post: 01-31-2005, 06:19 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •