SpamBlocker 3.2.5-RC now ready for testing

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,113
Location
California
SpamBlocker 3.2.5-RC is now ready for testing. We hope this will be a short testing period and we can go live with it quickly.

We've reworked the code to block backscatter spam yet again. It's much simpler now; we just don't accept mailer-daemon mail if there's no place to send it on the server. Please test to see if this works for you.

Note that it's probably in violation of whatever RFC requires all mail from mailer-daemons be accepted, but the suggestion came from the exim-users list, and I think it's the best to go with for now.

We'd really like some testing this week so we can go live with this in a week or so.

Don't forget to check out the MUST-READ-FIRST and the ReadMe-SpamBlocker.3.2.5-RC files for an overview of this latest release candidate and customization instructions.

Don't forget to check all the EDIT locations in the file to make sure it works in your environment.

The new file, and the ReadMe files, may be found here.

Please try it and let me know your experiences.

Thanks.

Jeff
 
A few things:
  • cbl.abuseat.org & dnsbl.njabl.org are already included in zen
  • I still think it would be good to reverse the RBL rule. Include all domains by default and add exceptions to the rbl file
 
I still think it would be good to reverse the RBL rule. Include all domains by default and add exceptions to the rbl file

If possible I would like this included as well as spamblocker has proven to me to be v.effective with dealing with spam. The clients that ask to be removed from spamblocker (there only has been two in four years) soon phone up and ask to be reinstated after being flooded with spam.

regards,

Jon
 
I still think it would be good to reverse the RBL rule. Include all domains by default and add exceptions to the rbl file.

I agree...

I think it makes a lot more sense to have all users/domains added the the RBL checklist by default and then only the few customers that do not want this service to be listed in a exclusion file: /etc/virtual/no_rbl_scanning
 
It's not even 10:30 in the morning here, but nevertheless, before answering this question I had to go to the fridge and pick up a tall cool one.

I'd like it as well. And yes, the spam situation has changed in the years since I brought out the first version of SpamBlocker (which at release will be called the SpamBlocker Technology* exim.conf file). In those days we offered spam-blocking on request; now we either require it or default to it.

However...

The problem is that if I make the change everyone doing an install will have to rework their files. More work on install because the new file will simply not work unless you make the file change (exim won't run).

It's easy enough for me to make the change from the use_rbl_domains file to the rbl_exceptions file, but it's a lot of work to implement, especially if you still have separate domains and use_rbl_domains files, and even more so if you have a lot of servers.

It will make it a lot harder for DirectAdmin to use it as their new standard.

That all said, I'm going to think harder about this.

So...

Let's close off this topic in this thread (leaving the thread open for other notes). I've opened a new thread, complete with poll, here.

Jeff

*SpamBlocker Technology is a trademark of NoBaloney Internet Services
for our exim.conf file for DirectAdmin. The exim.conf file itself is distributed
under the GNU GENERAL PUBLIC LICENSE, Version 2, June 1991.
 
So far, so good. The only thing that I had to change was to uncomment the line:

hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
 
Your choice. If you uncomment that one (I do) be sure to comment the one beneath it, and also to restart exim.

Jeff
 
I don't know how many different configs there are out there but I wonder if it might be helpful to put something at the start of the file kinda like this:

Code:
# Do NOT use this exim.conf Exim configuration file unless you
# make the required modifications to your Exim configuration
# following the instructions in the README file included in this
# distribution.
#
# At the very least, search through the file and look for all instances of the
# term: EDITME and make a decision about each item that you find.

And then stick EDITME in the comments above each item that people tend to get stuck on along with a quick explanation about what their choices are.

In my case, the code seems to work fine out of the box save that one edit mentioned earlier but if there are a lot of potential gotchas in it for others, it might be nice to have them all pointed out with an easy way to find all the potential sticky points. Maybe this is a moot point. I've noticed that as this file evolves, there seem to be less and less edits required. (great job, Jeff) In the beginning, it was tougher to find all the stuff that needed to be edited.
 
# RC 3,2,5 11-APR-2010
# Mailer-Daemon messages must be for us
accept senders = :
domains = +relay_domains
Wouldn't it make more sense to have that after the RBLs?
Seems like it's too easy for spammers to just add an empty return path in order to get through
 
@webquarry,

At first glance, it looks like it might be a good idea. Ii don't know how easy it is for anyone to spoof an empty return path. I'll check some samples to see where it's usually put.

Jeff
 
@webquarry,

Do you mean the MUST-READ-FIRST and ReadMe files aren't good enough :) ?

In dropping all the comments I used to put at the top of the exim.conf file I was trying to streamline it. Perhaps I was over-enthusiastic. I'll consider it.

Jeff
 
Since I've turned on that rule, I've seen tons of spam go straight to the mailboxes and they all had an empty return patch (<>), so it must not be that difficult :).
 
I finally converted my personal server to dovecot and am now trying Spamblocker3.

So far so good but its only been a few minutes. My biggest concern is legit email getting rejected.
 
For me it's quite good at false positives. We do get them occasionally; generally less than once a week, and we whitelist the mailserver when that happens.

Be sure you have your block notices offering a page where folk whose email has been blocked can visit your site and ask you to unblock them.

Jeff
 
I've just had a nice wave of 2000 spams and they were all blocked by different rules before reaching the Mailer-Daemon, so putting it at the bottom of the list, near the other ones that accept +relay_domains is working great for us.
 
Back
Top