Page 6 of 21 FirstFirst ... 4567816 ... LastLast
Results 101 to 120 of 408

Thread: SpamBlocker-Powered exim.conf, Version 4

  1. #101
    Join Date
    Dec 2004
    Posts
    292
    Is pop/imap before SMTP suppose to work with this version of spamblocker? I'm having troubles with it.

    Keefe

  2. #102
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097
    Quote Originally Posted by jlasman View Post
    I believe we should whitelist all of their listed domains, and you should use SpamAssassin to make decisions after that.
    That's not how they see it.

    Code:
    Skip greylisting for all listed IPs (none - high)	All listed hosts are expected to pass greylisting so you are only avoiding delays, not affecting what gets blocked.
    Skip blacklisting for all listed IPs (none - high)	All listed hosts are known to send legitimate email and should not be blacklisted.
    Skip spam filtering for medium and high ranked IPs.	These are trusted to send spam rarely enough that they are not worth filtering.
    I think exim.conf should be modified to only whitelist IPs belonging to the medium and high categories
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  3. #103
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    11,023
    Quote Originally Posted by keefe007 View Post
    Is pop/imap before SMTP suppose to work with this version of spamblocker? I'm having troubles with it.

    Keefe
    Sure, it's supposed to work.

    Run:

    Code:
    # ls -l /etc/virtual/pophosts 
    # ls -l /etc/virtual/pophosts_user
    and

    Code:
    # ps aux | grep da-popb4smtp
    What results?
    With regards, Alex.

    Professional Server Management for web hosting companies and individuals
    Hourly Support, Disaster Recovery, Server Hardening, Monthly Subscription
    Directadmin installation and optimization

    Click here if you need a Linux Admin

  4. #104
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Quote Originally Posted by interfasys View Post
    That's not how they see it.

    Code:
    Skip greylisting for all listed IPs (none - high)	All listed hosts are expected to pass greylisting so you are only avoiding delays, not affecting what gets blocked.
    Skip blacklisting for all listed IPs (none - high)	All listed hosts are known to send legitimate email and should not be blacklisted.
    Skip spam filtering for medium and high ranked IPs.	These are trusted to send spam rarely enough that they are not worth filtering.
    I think exim.conf should be modified to only whitelist IPs belonging to the medium and high categories
    Feel free to make the modification if you wish, on your systems. Then report to us later on how it works out.

    Personally I don't mind whitelisting all, because the filtering is done for all emails by SpamAssassin, and the rules in SpamAssassin determine what gets filtered, not the rules in SpamBlocker. SpamBlocker doesn't filter; it blocks. I give all whitelisted entries a chance to be examined by SpamAssassin. Perhaps if you don't use SpamAssassin you might want to make the change.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  5. #105
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Quote Originally Posted by keefe007 View Post
    Is pop/imap before SMTP suppose to work with this version of spamblocker? I'm having troubles with it.
    My recollection is that it works for submissions on port 25 but not for submissions on port 587, which must use plaintext authentication.

    You can check that supposition yourself.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  6. #106
    Join Date
    Aug 2004
    Location
    uk
    Posts
    1,582
    Quote Originally Posted by jlasman View Post
    Are you asking about using an RBL whitelist, or the simple text-based whitelists I've included?

    As for the former, I've not yet found any problems at all; the RBL groups seem to do their homework well.

    As for the latter, we've found that spammers never write to be whitelisted.

    Using the latest SpamBlocker powered exim.conf file, Version 4, the spam that gets through to to SpamAssassin is less than six per day on my main email address, and of that, over half is caught by SpamAssassin.

    Anyway, that's what works for us.

    Jeff
    I got this reply from the dnswbl admin. He was friendly.
    > I dont mind sending other reports, but would appreciate if you can give me a
    > config example on how to only whitelist medium and above. I changed to
    > "dnslists = list.dnswl.org&0.0.0.2" and I hope is fine.

    Yes, that will match both med and high. Mail from addresses listed at none and low should
    not bypass a content filter, and some people would also scan mail from med sources. All mail
    should be checked for malware, some anti-virus software will also catch phishing spam.
    So mail servers in the none group can be sources of spam but are there because they send large amounts of legit email.

    I am talking about the RBL whitelist sorry if was confusion.

    If you can confirm or not if bypass content filters (like spamassassin) then that should give me a better understanding thanks.

  7. #107
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097
    dnslists = list.dnswl.org&0.0.0.2 works fine and only whitelists servers that can be trusted. Lots of ISPs are sending spam, no point in whitlisting them imho, unless you have an aggressive blacklisting policy.

    @Chris, that rule only allows the message to go to the next step (DATA), so it will still be scrutinized by all the message filtering tools that you have put in place in that ACL.
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  8. #108
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Yes, lots of ISPs are sending spam. But in general we want our users to be able to get mail from ISPs. Can you give me an example of some of the ISPs my setting whitelists but yours doesn't, so I can look into it further?

    Thanks.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  9. #109
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097
    Chris should have some IPs since he's been hit by bad Apples.
    It would be difficult for me to determine what the differences are without doing a thorough log analysis.
    Maybe the rule could be split in two, one would accept the message, the other would write something in the logs.
    Millions of customers use the mail servers provided by their ISP. The chances of these sending spam or malware is quite high, thus the classification.
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  10. #110
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    I understand your point. But I see it differently.

    Here's the order in which happens:

    All whitelists get processed first.

    Then blacklists.

    So if you do it your way, a lot of mail from ISPs is going to be blocked because a few senders are sending spam. In the case of ISPs it's unlikely individual IP#s are going to be sending mostly spam, and if they , they're probably not going to be in the whitelist.

    If we block ISP mailservers we get a lot of unblock requests. We choose to whitelist ISP servers and only block non-ISP servers, because whitelisted servers still go through SpamAssassin.

    You can certainly choose differently.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  11. #111
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097
    But if you only blacklist non-ISP servers, there is no need to whitelist them, they will reach the DATA acl unless one of them has become blacklisted for one reason or another.
    That's why I mentioned that for this setup to work, one has to be careful with his blacklisting policy.
    To be honest, I'm not that worried about ISPs, but email marketing companies are on the "none" level list and that's a bigger threat.
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  12. #112
    Join Date
    Aug 2004
    Location
    uk
    Posts
    1,582
    If I understand Jeff correct he is saying without the dns whitelist he was seeing false positives on spamblocker, legit isp's been blocked by RBL.

    I have never had a false positive reported to me using spamblocker but I dont use the more risky rbl's like spamcop and I use the safe sorbs list.

    However for me if a false positive occurs, I feel its better to just manually add to the whitelist file than to let spam through the dns whitelist. It is a choice I guess.

    So the whitelist bypasses the blacklist rbl's but does not bypass spamassassin, which raises another problem. Spamassassin is quite cpu intensive compared to spamblocker, so whilst spamassassin may catch these emails it does so at higher cost on the server.

  13. #113
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Quote Originally Posted by interfasys View Post
    But if you only blacklist non-ISP servers, there is no need to whitelist them, they will reach the DATA acl unless one of them has become blacklisted for one reason or another.
    I blacklist using the lists you see in the Spamblocker-powered exim.conf file. From time to time ISP servers DO get blacklisted. Whitelisting first keeps that from happening.
    That's why I mentioned that for this setup to work, one has to be careful with his blacklisting policy.
    But we really can't be careful with our blacklisting policy unless we take the trouble to create our own blacklists. If we use blocklists we didn't create (and we create only the plaintext ones in our own files), then we're at the mercy of the blacklist providers. So I find it important to whitelist. It has saved me a lot of unblock requests and it keeps my clients happy.
    To be honest, I'm not that worried about ISPs, but email marketing companies are on the "none" level list and that's a bigger threat.
    You make an important point, and I think it important to disclose my reasoning:

    There are plenty of marketing companies out there who believe in the U.S.-based CAN-SPAM law. I don't like the law, but it exists, and businesses use it (and marketing companies use it) to send to lists that aren't opt-in lists. And yes, they do get whitelisted by whitelist companies. Just as they get whitelisted locally by you, if you implement solutions such as DKIM, since they follow the DKIM rules.

    But here are some important facts:

    1) Lots of legitimate businesses, with legitimate opt-in lists, use these marketing companies to send their mail. Opt-in mail. Mail that their subscribers in some cases even pay for, and even if they don't, expect to get, and want to get.

    2) I get, and probably you get as well, more complaints from clients who don't get mail they should get than from clients who get some spam.

    3) SpamAssassin does a fairly good job of managing these emails, and as long as your clients set SpamAssassin to pass the emails through, they can manage them without your involvement.

    4) And one thing these marketing companies have in common, is that in my tests, they DO stop sending mail when you follow their instructions for removal. Some of them even maintain double-opt-in policies, and if you report their clients who don't use double-opt-in (but lie and say they do), will stop hosting those lists. I've been testing this over the last few years and I find it's true.

    Quote Originally Posted by Chrysalis View Post
    If I understand Jeff correct he is saying without the dns whitelist he was seeing false positives on spamblocker, legit isp's been blocked by RBL.
    Yes. Google and Hotmail, specifically, but others as well. And they all have anti-spam policies and many even make it hard to use them to send spam, but spammers still manage them from time to time and they get blocked. So I do want to blocklist them. If you don't, then of course you're welcome to adjust the ACLs any way you want.
    I have never had a false positive reported to me using spamblocker but I dont use the more risky rbl's like spamcop and I use the safe sorbs list.
    I do. Not often, but occasionally. Often then from clients who get upset and ask me to stop using SpamBlocker on their email. Which then means more mail for SpamAssassin to manage. My recollection is that SpamAssassin checks all mail even if it's turned off for a domain; it just uses a very high trigger score.
    However for me if a false positive occurs, I feel its better to just manually add to the whitelist file than to let spam through the dns whitelist. It is a choice I guess.
    It is a choice, but as I wrote above, clients are more willing to complain about one false positive than ten pieces or more of spam. And my job is to keep my clients happy, which in turn will keep me happy. Since we started using whitelists we haven't had one client leave because of spam; we haven't had one client ask us to stop using SpamBlocker on his/her account.
    So the whitelist bypasses the blacklist rbl's but does not bypass spamassassin, which raises another problem. Spamassassin is quite cpu intensive compared to spamblocker, so whilst spamassassin may catch these emails it does so at higher cost on the server.
    Of course. That's why it's important to keep clients willing to let us block spam for them.

    We find that over 90% (I've posted actual numbers in the past) is blocked before it gets to our servers, and we've not had a problem with SpamAssassin using to much in the way of resources. If you do, then of course change your whitelist configuration.

    On a happier note, have you noticed a decrease in spam? Some reports say there's been over a 30% drop in measured spam since the first of December. I'm not counting, but I do notice less spam coming into our servers.

    Note that I'm willing to continue this discussion but unless we start seeing more incoming spam instead of less, it's unlikely I'll make additional changes.

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  14. #114
    Join Date
    Oct 2003
    Location
    Switzerland
    Posts
    2,097
    Thanks for sharing Jeff
    I do see your point about making customers happy and I've been bitten in the past because a whitelist wasn't enabled. People notice when they don't get their emails anymore, but couldn't care less about the spambox filling up.
    I think the best solution for these two levels would be greylisting. Better safe than sorry.

    I'm personally not to worried about high server load since I'm using dspam which is both very efficient and flexible (users move their messages to teach the filters), but I'm wondering what the increase in load is like with spamassassin.

    I did notice a decrease in spam since the end of last year. It always gets me worried that there is something wrong with my configs . It makes it difficult to play with live samples, especially if you're using nolisting.

    I guess we just have to be patient, new botnets will rise and databases are stolen every day...
    Olivier
    interfaCentre - We design custom hosting solutions

    Custom apps, scripts and configurations for easy and secure access to all hosting services
    Full Personal Information Management suite with mobile synchronisation
    PHP, Ruby, Node.js and Python hosting with 1-click app install

  15. #115
    Join Date
    Aug 2004
    Location
    uk
    Posts
    1,582
    I had a user getting about 15k a day in spam, and spamblocker was off, noticed cpu usage was hovering around 30% average. enabled spamblocker on his account and it dropped to 5%. The machine is a dual core amd X2 5600+. So that may give an idea.

    I accept Jeff's reasoning and am glad he took the time to explain exactly how its working.

    The only greylisting script I have found that would possibly be viable for a across the board all OS DA setup is a perl script, most of the other's are OS dependant and also rely on mysql.

  16. #116
    Join Date
    Dec 2005
    Posts
    148
    Code:
    EDIT#38:
    Sender verification denies incoming email unless the domain of
    the sender address can be verified.  By default we do NOT require
    sender verification.
    But when I look at the exim.conf file,
    Code:
    #EDIT#38:
      require verify = sender
    That's not commented out by default. Shouldn't it be commented out if we do NOT require sender verification?

  17. #117
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Which should I change? The documentation or the behavior? I recommend changing the documentation and leaving the behavior. Only the domain is checked, and not the full email address.

    Anybody feel differently?

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  18. #118
    Join Date
    Jun 2004
    Posts
    74

    Smile

    [QUOTE=jlasman;188063]SpamBlocker-Powered exim.conf, Version 4 is ready!

    snip

    New: Installation is available

    snip

    what is your best guess time till installation completion from time of order ?

  19. #119
    Join Date
    Jun 2003
    Location
    California
    Posts
    26,123
    Usually within one business day. Orders placed over the weekend (as yours was) are managed as if they came in on Monday.

    Always feel free to call or write with any follow-up questions. (User hostu actually called as I was composing this reply.)

    Jeff
    +1 951 643-5345
    Third-Party DirectAdmin administration and support
    Dedicated Servers, Dedicated Reseller Accounts
    NoBaloney Internet Services div. Qnito Incorporated
    848 North Rainbow Blvd., Suite #3789
    Las Vegas, NV 89107-1103

  20. #120
    Join Date
    Jun 2004
    Posts
    74
    you are one seriousfunny guy !! makes me think of a roundcube,,,, thanks for the quick reply and chat....

    chuck



    Quote Originally Posted by jlasman View Post
    Usually within one business day. Orders placed over the weekend (as yours was) are managed as if they came in on Monday.

    Always feel free to call or write with any follow-up questions. (User hostu actually called as I was composing this reply.)

    Jeff

Page 6 of 21 FirstFirst ... 4567816 ... LastLast

Similar Threads

  1. Which version of Exim is SpamBlocker compatible with?
    By Christopher in forum SpamBlocker4
    Replies: 2
    Last Post: 01-04-2013, 11:40 AM
  2. Replies: 4
    Last Post: 02-23-2012, 04:40 PM
  3. SpamBlocker-Powered exim.conf Version 4 changelog
    By nobaloney in forum SpamBlocker4
    Replies: 2
    Last Post: 06-19-2011, 02:51 PM
  4. Spamblocker Version
    By chrisrandell in forum SpamBlocker
    Replies: 8
    Last Post: 05-03-2009, 04:36 PM
  5. Turning Spamblocker on in exim.conf
    By louie55 in forum E-Mail
    Replies: 4
    Last Post: 01-31-2005, 06:19 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •