SpamBlocker 3.2.3-RC now ready for testing

Status
Not open for further replies.

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,113
Location
California
Edited 06-Sept-2009:
Edited today to add a feature to the list which i forgot to post yesterday. New features and changes are shown below in bold. I don't guarantee I've found everything :).

The latest Release Candidate of the NoBaloney SpamBlocker TechnologyTM exim.conf file is now ready for testing. I'm testing it on one server today, and on all our shared servers tomorrow.

I hope you'll join me in testing it as well; I'm hoping that it's close to the final code which I'll release soon.

Here are some changes and additions to this version of SpamBlocker:

Version 3 of the NoBaloney SpamBlocker TechnologyTM exim.conf file (and all future versions) only supports DirectAdmin servers running Maildir (and therefore, Dovecot).

By default ClamAV is implemented in code but commented out.

By default SpamAssassin is implemented in code but commented out.

By default sender verification is not required; it's commented out.

These new additions have been tested only a short time, but I'd like some input on how well they work for you:

New code has been included to deny Mailer-Daemon messages unless they're for domains for which we host mail. This should get rid of at least some collateral spam.

New code has been included to deny all email where "helo" is not a fully qualified domain name, unless sender is authenticated.

Vacation and Autoresponder code has been modified to not reply to mail from the following senders:
*-request@*
owner-*@*
postmaster@*
listmaster@*
mailer-daemon@*
root@*

The acl_check_helo acl has been added to deny all incoming email which pretends to be from your own hostname. Note that this will only work if you've taken out the hostname and IP# currently in the code and added yours. Some downloads may keep you from getting emails from me, as earlier uploads may have my server in the code. Note that the wrong name/IP# won't break exim; it will just break the test for whether or not someone is pretending to be you.


The new release candidate may be downloaded here.

Jeff
 
I've made a change to the original post above; I've listed the acl_check_helo feature, and I've emboldened the features and changes. Note that all downloads of all versions of the release-candidates made before the timestamp on this post may prevent you from receiving email from my main email server.

Jeff
 
Running 3.2.3-RC for a couple of days now with sender verification required, spam assassin, public white lists disabled. No issues and have not seen much change in behavior from the previous RC - which is GOOD - very GOOD!
 
Sorry for possible stupid questions:

It is better than SpamAssasin?
Where I can found more info about it ? To read.
 
@scsi:

host1plus is writing in a SpamBlocker forum; I'd presume that's what he's referring to.

host1plus:

I think it's better. I wrote it because I really feel that blocking spam based on reputation of the server sending it is a lot more efficient than running a perl script on evey email that comes in.

The three places you can read about Spamblocker are these forums, my download site, and here. Note that the latter website describes both SpamBlocker blocking and SpamAssassin, as both are in the same SpamBlocker exim.conf file.

Jeff
 
I am testing on one server, but it seems spam rate is not different. Before using this, I made 3 MX records, with the lowest and highest records point to a server that is not responded.

Just activated Spam Assassin, and let's see if there is any difference.
 
Hi jlasman

I just tested your configuration file against Anti-Spam Filtering Test of DnsStuff, which it sends a non valid email. The result was that the message delivered to my inbox and it didn't marked as spam.

The results from dnsstuff :

An email has been sent to the address you provided. This email contains a forged "Received:" header with invalid domain names, and an IP address that appears on several RBLs. If you receive the email in your inbox and it is not marked as spam, contact your email administrator.

It is possible that you will never receive the email for a few reasons, such as selecting a server which is currently down or misconfigured for the test, or because your anti-virus software did intercept and discard the message.

Accepted Response
Yes (250) 250 OK id=1MtHPi-00040j-VG

I am using exim.conf.3.2.3-RC
 
An email has been sent to the address you provided. This email contains a forged "Received:" header with invalid domain names, and an IP address that appears on several RBLs. If you receive the email in your inbox and it is not marked as spam, contact your email administrator.

The blocking in SpamBlocker technology blocks only based on the reputation of the IP# which actually sent the email to you. Unless they forged the IP# actually sending the email to your server (I suppose someone may know how to do that; I've never figured out how), we won't block them. Why? Because we'd have to accept and read the entire email to check the headers added by sending servers, and we know they're easily (and often) forged; there's no reason to waste resources on that. You can make changes to exim.pl to do that kind of filtering after you accept email if you want.

You can add blocking code to exim.pl and call it with an ACL you use after the email is received, or you can use SpamAssassin to filter such email. I don't believe it's necessary to read each email before sending it on to SpamAssassin, which will read it again.

Jeff
 
Thanks. I'm now testing one last possibility to add, but I'm not happy with it, and I'm probably going to make this RC final within a week.

Jeff
 
hi

i'm using version 2 currently, i'm getting hit with upto 10 spams a second at certain intervals, would the new implementations help much with server load do you think?
 
It works better for me. Do you have SpamBlocker set to run for all incoming email?

In other words, is your /etc/virtual/use_rbl_domains a symbolic link to /etc/virtual/domains.

If not you may want to try that. We no longer give our clients the option of using SpamBlocking or not; there's just too much spam these days.

Jeff
 
Do you have SpamBlocker set to run for all incoming email?

In other words, is your /etc/virtual/use_rbl_domains a symbolic link to /etc/virtual/domains.

yes i do. i'll give this one a try, many thanks. and yes there's just so much spam it's ridiculous.
 
are there any updates on this?

It would be great to see a final version!
 
Our main office system server (running on an old version of Mandriva LE 2005) had a motherboard failure a week ago last saturday.

We decided to replace it with Kubuntu (because we've always run KDE). We rebuilt with new hardware within two days, and we had a great backup system which did NOT fail us.

But the new version of KDE fscks. Big time. Almost two weeks later we still can't get it to run a day without major failures.

Unfortunately our tracking system, customer system, and our files management system, all depend on kontact and korganizer.

So today is the last day I'm trying to make it work (I'm now reinstalling KMail because it can no longer send mail, and that's what the KDE forum recommends for the specific problem I'm having. And because of the number of files we have, it takes about two hours simply to make a backup :(.

So yes, I'd like to see the final version, too.

Jeff
 
i don't wanted to stress you.
I appreciate the work you do, and it's done when it's done....

Hope you get your problems solved fast and reliable!
 
Thanks. I finally have kmail working again this morning but it's going to take at least the day to catch up on my emails.

And for some reason neither my main drives nor the two online backups I create have my support mailboxes on them :(.

It's a good think I have an offline backup; I'll be getting that set up and the backus restored within the next hour or so. It's a few days behind the others, so I may have lost some emails, but at least I'll have most of my archive.

Yes, even with three to four current backups you can still have problems. And just for the (offtopic) record, if you're not already using KDE4 on your desktop, and have been thinking about upgrading from KDE3 to KDE4, don't. Try to move toward Gnome instead; I know I now wish I had. (Hard for us; we use KDE apps as part of our own workflow system.) I waited 'til 4.3 was out because I keep hearing that KDE4 is usable but I don't think it is.

Jeff
 
Status
Not open for further replies.
Back
Top