SpamBlocker-Powered exim.conf, Version 4

Code:
2012-08-23 11:50:45 1T4Zfv-0001OS-Tp <= [email protected] H=smtpauth20.prod.mesa1.secureserver.net [64.202.165.36] P=smtp S=15773569 id=0ee501cd8146$b91928a0$2b4b79e0$@com T="FW: Waverly Quarterly" from <jmullen@sender> for [email protected]
2012-08-23 11:50:46 1T4Zfv-0001OS-Tp => bob.smith <[email protected]> F=<[email protected]> R=virtual_user T=virtual_localdelivery S=15773687
2012-08-23 12:01:09 H=(pps.com) [7.8.5.33] F=<> rejected RCPT <[email protected]>: We didn't send the message
While it's certainly okay for you to obscure your information it makes it somewhere between hard and impossible for anyone else to see what's going on.

I can't tell with any certainty that there aren't any relevant lines between line 2 and line 3, but Line three appears to be the Exchange 2003 server saying it didn't send the message. Why would it say that? What message didn't it send? There's nothing in line one or line two that would indicate there was anything to do with a message sent from Exchange.

If you're positive these three lines are the only ones that are a part of this delivery, then the explanation must be somewhere in the Exchange server logs.

Jeff
 
Hello Jeff,
Let's say there is a domain working on server1. The mailing of this domain working on server2, which server has spamblocker 4 installed on it. So the MX record of the domain points to server2.
When an email arrives from server1 to the domain (in the name of the domain itself), server2 reject it with this error message:
[xx.xx.x.x] rejected EHLO or HELO domain.tld: Bad HELO - Host
impersonating domain name [domain.tld]

I'd like to abolish this block, so I tried to add the domain to whitelist_hosts and whitelist_hosts_ip lists, but the mails arriving from server1 are still blocked.
How can I authorize allow this domain?
Thanks a lot!
Robert
 
That might be not the best solution, but....

Code:
echo "server2_IP" > /etc/virtual/friendly_ips

open /etc/exim.conf and find line #EDIT#25: and below change

Code:
    deny message = Bad HELO - Host impersonating domain name [$sender_helo_name]
        condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
        hosts = ! +relay_hosts
  accept

to

Code:
    deny message = Bad HELO - Host impersonating domain name [$sender_helo_name]
        condition = ${if match_domain{$sender_helo_name}{+local_domains}{true}{false}}
        hosts = ! +relay_hosts : ! /etc/virtual/friendly_ips
  accept


restart exim.
 
Hi ALex, thanks for the help, but can I use the /etc/virtual/whitelist_hosts_ip insted of /etc/virtual/friendly_ips. Am I right?
 
Alex (and others),

Shall we change our code so that whitelisting a host comes before all other checks, such as helo check?

Jeff
 
Jeff,

with the issue with Helo, I think the best solution would be get the list something similar to

11.22.33.44: domain.com

it would mean, that host with IP 11.22.33.44 is allowed to use domain.com in HELO, even the domain is hosted on the server to which 11.22.33.44 connects to. I tried to modify condition section, but to succeed I'd need a little more time, as my modification did now work as I wanted. So I posted that solution, which you can all see here. Anyway... if to move whitelisting before all other checks, as I see it, we would need to log the action, so we could easily understand why and where the IP is whitelisted. I quite rarely whitelist customer's IPs, though I whitelist some IPs, and if any IP misuse the white list, I'd like to be able in the shortest time to see who and how.
 
I've always felt limited by the lack of documentation of what would happen if I put comments into my whitelist and blacklist files. Have you ever tried that? I suppose I could add logging to all whitelist actions.

Like you, I tend to use others' examples when working on conditions; I find them a bit obtuse. But you can get help on Exim's mailing list.

Jeff
 
Personally I did not try it yet, but it's said here:

If an item in a domain, host, address, or local part list is an absolute file name (beginning with a slash character), each line of the file is read and processed as if it were an independent item in the list, except that further file names are not allowed, and no expansion of the data from the file takes place. Empty lines in the file are ignored, and the file may also contain comment lines:

  • For domain and host lists, if a # character appears anywhere in a line of the file, it and all following characters are ignored.

  • Because local parts may legitimately contain # characters, a comment in an address list or local part list file is recognized only if # is preceded by white space or the start of the line. For example:
Code:
not#[email protected]   # but this is a comment

http://www.exim.org/exim-html-current/doc/html/spec_html/ch10.html

New for me, and nice to know that includes are allowed in such lists files as well as comments.
 
Thanks for finding that, zEitEr. Once you've tried it, let me know it works :) .

Jeff
 
Hi Jeff,

So when we add a new HD and mount it on: /home2 or on /home3 shouldn't we have a $home variable instead of a hard coded /home ?


# {!eq {$received_protocol}{local}} \
# {exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
# {<{$message_size}{100k}} \
# } {1}{0}}"

#COMMENT#57:
virtual_localdelivery:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 770
envelope_to_add
directory = /home/${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}/imap/${domain}/${local_part}/Maildir
maildir_format

#COMMENT#56:
local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory = /home/$local_part/Maildir/
directory_mode = 770

Thanks,

-Alon.
 
Probably. Is multiple /home directories a built-in feature of DirectAdmin, or a published workaround? If a published workaround, then published by DirectAdmin staff/developers, or someone else?

My understanding is that there isn't currently such a variable. Is there? If not, then how do we find the proper home directory?

Jeff
 
/etc/default/useradd has the option of modifying the /home dir for new users.

/etc/default # vi useradd

# useradd defaults file
GROUP=100
HOME=/home3
INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
CREATE_MAIL_SPOOL=yes



I've added a new HD and mounted it on /home2
A new user I created was added onto /home2 with no prob.
I've added new email account via DA, and found new dirs in /home2/username1/imap/domain.net/admin/Maildir .
So it all seem like it is pointed to the right place.
However, when tried to send an email to a newly created email account, I got a bounce back.
The /var/log/exim/mainlog showed:

2012-09-18 02:43:25 1TDkyL-0004dO-Ll == [email protected] R=virtual_user T=virtual_localdelivery defer (13): Permission denied: cannot
create /home/username1/imap/domain.net/admin/Maildir

So what am I missing as far as Exim learning to know where the homedir is?

Should we have such a variable in the /usr/local/directadmin/data/users/user.conf so that DA can tell Exim to look for it?
 
What you need to do is tell exim to search in two places. It's probably possible to do that, but I don't know how.

Since I don't need it and don't have the time now, I'm not going to do it now. Perhaps it'll be in my next version, but not in this one, and I'm still a bit away from my next version. So this is where community involvement comes into play.

If someone else finds out how to do it, and creates and test the patch, I'll put it into my code and John can put it into DirectAdmin's version of the code.

Alternatively ask John if he can research it and do it now, in which case I can also put it into my code.

I'd like to see it done, but for me it's a time/need issue right now.

Jeff
 
Thanks for bringing this to our attention. I think I wouldn't want to use this by default because of the overhead but I must publish a link to both of these.

Jeff
 
Hi Jeff,

i've a question for you.

Today i was notice a customer with a problem with badoo.com emails.

I did check exim mainlog and was blocked:

Code:
2012-09-29 14:12:43 H=cluster1037.monopost.com [159.253.178.63] F=<[email protected]> rejected RCPT <[email protected]>: Email blocked by rhsbl.ahbl.org

I told him about this issue and if really wanted to ignore the blacklist to add *@badoo.com to whitelist in SpamAssassin setup.

The problem is that email is still blocked cause as far as i did understood the check in exim.conf is done before SpamAssassin and is not checked that whitelist. Am i correct?

What should i suggest him? Cause would be nice that every user can choose what want blocked or not, while this customer would receive @badoo.com emails maybe another one is ok with that domain blacklisted (or even dont care about it).

Any suggestion?

Thanks

Regards
 
The problem is that email is still blocked cause as far as i did understood the check in exim.conf is done before SpamAssassin and is not checked that whitelist. Am i correct?

What should i suggest him? Cause would be nice that every user can choose what want blocked or not, while this customer would receive @badoo.com emails maybe another one is ok with that domain blacklisted (or even dont care about it).

SpamBlocker works based on the server sending the email, and it doesn't even allow the email onto the server. So of course SpamAssassin whitelisting won't help because the email won't get on the server, so SpamAssassin never sees it.

So yes, you're correct.

You can whitelist in the /etc/virtual/whitelist_domains file by adding (on a line of it's own) badoo.com.

In the past there were two commercial SpamBlocker control plugins available; I don't know if either of them are still available. The problem is that they can only be used by the server administrator; otherwise one user could whitelist or blacklist for the entire server.

Personally I like to use the shell to modify the SpamBlocker files; that way my editors always save a copy, but you can of course add the files to the DirectAdmin admin-level File Editor, and control them through the DirectAdmin control panel.

I'm not going to redesign SpamBlocker to allow per domain blocking/unblocking; to do so is likely possible but complex. Perhaps you or someone else will want to make that project.

Note for anyone who wants control you can disable SpamBlocker, and let them use SpamAssassin or the Spam Filters to filter out spam on the per-domain level, but by then you're already accepting it on the server, so you can't block it and if senders are blocked they won't be notified, so in that case false positives will never be brought to the sender's attention.

Jeff
 
Back
Top