SpamBlocker-Powered exim.conf, Version 4

It seems the changes in 4.1 are not documented anywhere and v4 is not available anymore. Any chance of adding the changes to the official Changelog thread?
 
Well, it's not official, it's just here on these forums :). Officially I don't do an official one, though I probably should, on my own site.

Sorry for the oversight, though. Added.

Jeff
 
Hi I have found I am getting spammed like the others with the empty return paths. About 2 months now. I deleted all mail today from mail queue that was this spam and there are 3 pages again already. I read these posts and thought this will fix this spam problem. I looked at my exim.conf and it is not this one. I want to use spamblocker-powered exim.conf 4.1 if possible to block this spam. I looked at my direct admin it is older version DirectAdmin 1.34.2. I am using Dovecot, and there is SpamAssasin running as well as filters. I'm thinking how hard will this be to do? Do I need to upgrade DirectAdmin first to accomplish this? Or merely the exim.conf files? I also found the exim.pl file not sure if it's the correct one. Here is some mail queue listings in the Directadmin Mail Queue from no-one, to address that aren't even on the server at all.

1Qe1As-0004qT-IM 2h 1.7K <> yes [email protected]

1Qdzmk-0003py-6q 3h 32K <> yes [email protected]

1Qdznw-0003qK-EQ 3h 3.3K <> yes [email protected]

1Qe00W-0003uG-L4 3h 32K <> no [email protected]

1Qdyjq-0003BD-IW 4h 2.0K <> yes [email protected]

1QdytA-0003JW-1X 4h 6.9K <> yes [email protected]

1Qdz42-0003Q4-SV 4h 2.1K <> yes [email protected]

1Qdz4j-0003QO-6H 4h 2.1K <> yes [email protected]

1QdzG0-0003UR-NB 4h 2.1K <> yes [email protected]

1QdzHf-0003Uv-LI 4h 6.9K <> yes [email protected]

1QdzME-0003WW-GI 4h 6.9K <> yes [email protected]

1QdzU4-0003eS-1S 4h 2.3K <> yes [email protected]

1QdxuS-0002m1-9N 5h 6.3K <> yes [email protected]

1Qdy5A-0002rd-DR 5h 7.5K <> no [email protected]

1Qdy5P-0002rn-4o 5h 2.1K <> yes [email protected]

1Qdy5Y-0002rx-3t 5h 6.9K <> no [email protected]

1Qdy85-0002ul-KE 5h 7.0K <> yes [email protected]

1Qdyfi-00037j-IN 5h 6.9K <> yes [email protected]

1QdyhP-0003Ah-6r 5h 2.2K <> yes [email protected]

1Qdx0e-0002GZ-TY 6h 6.9K <> yes [email protected]

1QdxRZ-0002VO-Jg 6h 2.1K <> yes [email protected]

1QdxRg-0002VU-ME 6h 1.8K <> yes [email protected]

1QdxSt-0002Vl-OT 6h 1.8K <> yes [email protected]

1QdxbY-0002at-Do 6h 6.9K <> yes [email protected]

1QdxcT-0002b5-Tv 6h 2.9K <> no [email protected]

1Qdxiq-0002dm-TC 6h 6.9K <> yes [email protected]

1Qdvzj-0001cT-Ny 7h 11K <> no [email protected]

1Qdw70-0001gZ-Qo 7h 3.0K <> no [email protected]

1QdwL3-0001nL-EQ 7h 3.1K <> no [email protected]

1QdwWD-0001tQ-3z 7h 7.0K <> yes [email protected]

1Qdwdt-0001vj-1b 7h 2.1K <> yes [email protected]

1Qdwfl-0001yx-MP 7h 6.9K <> no [email protected]

1QdwjW-000218-7g 7h 7.0K <> yes [email protected]

1QdwlC-00022R-3C 7h 6.9K <> yes [email protected]

1Qdwnf-000230-7Z 7h 3.2K <> yes [email protected]

1QduzL-000164-DL 8h 2.1K <> yes [email protected]

1Qdv4K-0001Aw-7H 8h 2.2K <> yes [email protected]

1Qdv7i-0001CT-Eg 8h 7.0K <> yes [email protected]

1QdvCX-0001Eh-3T 8h 2.2K <> yes [email protected]

1QdvE4-0001FF-Nd 8h 2.1K <> no [email protected]

1QdvJd-0001JY-Id 8h 7.0K <> yes [email protected]

1QduHB-0000fu-O1 9h 2.2K <> yes [email protected]

1QduTt-0000np-Pz 9h 7.0K <> yes [email protected]

1QduUr-0000o6-Ld 9h 16K <> yes [email protected]

1QduZj-0000sp-17 9h 3.2K <> no [email protected]

1Qdufy-0000vC-0H 9h 16K <> yes [email protected]

1QdtPb-00009v-2y 10h 2.6K <> yes [email protected]

1QdtSv-0000BK-1e 10h 7.0K <> yes [email protected]

1QdtWt-0000Ck-TH 10h 15K <> no [email protected]

1Qdtjn-0000KM-QY 10h 6.9K <> yes [email protected]

What to do?

Thanks!
 
First of all delete all those emails from your queue.

hard is in the mind of the beholder. You don't need to update DirectAdmin, but you probably should. You've already got Dovecot, a prerequisite. You've also got SpamAssassin, which is optional. You don't see whether or not you've got ClamAV; that's optional as well.

If you don't think you can install it yourself, you can always have someone install it for you. I'm the author of the SpamBlocker Version 4 exim.conf file for DirectAdmin; if you'd like more information on having us install it for you, you can check here (nobaloney.net).

Jeff
 
Updating to SpamBlocker-Powered exim.conf, Version 4.1

OK, I have installed clam av. It stopped most spam. Started rejecting emails. Then I got back scatter problem. Then I went ahead and update Direct admin to current one. I want to continue in hopes spam blocker will "deny" instead of reject to prevent the back scatter problem. I update to current exim.pl, I have configured exim.conf to my servers settings, using the new SpamBlocker-Powered exim.conf, Version 4.1. I have made the files that didn't exist before, and removed the one not needed anymore. Do I need to still update dovecot patch is my question? Thanks!
 
ok, I assume I update dovecot patch, it said it had a recent patch, but I update anyway. Then I restart exim. The logs say "2011-07-14 14:16:02 1QhQSA-0008FK-9I malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamav/clamd (No such file or directory)".

So I look and it does not exist there, So I find where it is and change the location in exim.conf to point to the clamd. Then I restart exim and new error says:"2011-07-14 14:25:51 1QhQbf-0008S1-9k malware acl condition: clamd: unable to connect to UNIX socket /usr/local/sbin/clamd (Permission denied)".

So I go back to prior exim.conf until I know what next to do.

:(
 
Autoreply in SpamBlocker

Today I experienced a problem on one of our servers. A customer set a autoresponder on a postmaster address. Today they sent a newsletter with postmaster as sender. A lot of autoreplies came back because of vacations, but our customers autoresponder reacted on this. The process of auto replying was looping and thousands of emails were received/sent.

I assumed there was some protection for this and afaik that worked in the past. Comparing our exim.conf with our prior exim.conf (SB2.1.1) confirmed that if I understand correctly.

In SB2.1.1:
Code:
## vacation transport
uservacation:
  driver = autoreply
  file = /etc/virtual/${domain}/reply/${local_part}.msg
  from = "${local_part}@${domain}"
  log = /etc/virtual/${domain}/reply/${local_part}.log
  no_return_message
  subject = "${if def:h_Subject: {Autoreply: ${quote:${escape:$h_Subject:}}} {I am on vacation}}"
  text = "\
        ------                                                           ------\n\n\
        This message was automatically generated by email software\n\
        The delivery of your message has not been affected.\n\n\
        ------                                                           ------\n\n"
  to = "${sender_address}"
  user = mail
  #once re-added May 16, 2008:
  once = /etc/virtual/${domain}/reply/${local_part}.once
  once_file_size = 100K
  once_repeat = 2d

But in SB4 the once and once_* options are commented out, or removed.

I'm sure there is a good reason why the once options are removed, but I don't know them and don't want to add them back in without discussing this here in the forums.

Any input on this?
 
I don't see any reason why it should not be there.

Code:
once = /etc/virtual/${domain}/reply/${local_part}.once
once_file_size = 100K
once_repeat = 2d

To explain it a little bit further.

Once is the file recipients are stored. If it's not set, it will send a message each time. If the file exceeds 100K the first recipient is dropped from the list and the last one is added.

The once_repeat option specifies the time between new messages. So if a new message is received after 2 days, the sender will receive a new auto reply.

So yes, you are right this is the part you would be looking for.

Jeff is the one who could explain why he has removed this. I don't see any harm.
 
I don't remember why I've removed them. I have been thinking of reinserting them.

More comments?

Jeff
 
testing my configuration

Is there a way I can test my exim configuration? I have registered with Barracuda and got a success with the recommended command line test. But email from an IP I know is listed with a "poor" reputation by Barracuda is received by the server without problem. This is a new server, running Spamblocker4, and does not have much email traffic at the moment because I have not started migrating accounts over yet previous Spamblocker2 server. Everything looks OK and I can not see any error messages in the logs. But is there anyway I can check my configuration is correct before I start the migration wholesale. Proof positive that any of the block lists are working would be fine as then I will be happy to migrate.

Thank you


Jonathan
 
Yes, you can use exim -bh to simulate running email from a given (blocked) ip#, to see what happens to it.

Jeff
 
Hi, I'm not sure my configuration at this point, I think I have it as before, but not for sure. I may need to start from scratch again. However now spam blockers are actually working as well as virus scanner which is great.
Also we are off the back scatter list finally.
Very few spam gets by, usually only Russian emails I can't read.

A person I know that is in Australia cannot get through any emails from there to any of us.

One reason was this she said to me,

The reason for the problem:
5.1.0 - Unknown address error 550-'Email blocked by SPAMCANNIBAL - to unblock see http://www.spamcannibal.org' .

The other was this for someone else here that uses a forward at same domain...

An error was detected while processing a file of BSMTP input.
The error message was:

421 Lost incoming connection

The SMTP transaction started in line 0.
The error was detected in line 3.
0 previous messages were successfully processed.
The rest of the batch was abandoned.
421 Lost incoming connection
Transaction started in line 0
Error detected in line 3


Are these problems on her end, my end or both?
Any clues?
 
Jeff, the new version 4 settings with spam blockers ain't working for me.
Since I upgraded from v3 my box is receiving a load of spam.

I activated at b.baracuda.org...
The rest costed money if I read it correctly..


My question is...
Can I use the same urls and order I had with v3 ?
Can just replace the urls in the code ?


Thanks
 
Sure but if we removed them there was a reason; perhaps they no longer work, or block everything, or charge.

I don't know why SpamBlocker Version 4 doesn't work for you; for me it works so well that I've stopped working on it.

Jeff
 
hmm... I went through the mail log and actually haven't seen a line containing "Email blocked by" at all :eek:

Is it possible a port on our server, needed for communicating with those spam lists, is blocked ?

Or maybe exim is using a different conf file alltogether :eek:
 
You should be checking the rejectlog. It should be easier to check; it only includes rejected email.

It's unlikely you're blocking DNS; your server couldn't even deliver email if you're blocking DNS. And the blocklists all work through DNS.

More likely you haven't set up your domains to actually use the blocklists properly as explained in the ReadMe file:
BLOCK SPAM FOR ALL DOMAINS NOT IN EXCLUSION LIST:
Instead of a file at /etc/virtual/use_rbl_domains, create a
symbolic link from /etc/virtual/use_rbl_domains to /etc/virtual/domains
and
Populate the file at /etc/virtual/skip_rbl_domains as an exclusion
list, copying the domain names as they appear in /etc/virtual/domains
to /etc/virtual/skip_rbl_domains

BLOCK SPAM ONLY FOR DOMAINS IN INCLUSION LIST:
Maintain a file at /etc/virtual/use_rbl_domains, copying the domain
names as they appear in /etc/virtual/domains to
/etc/virtual/use_rbl_domains
We can troubleshoot and fix your file for you for a small fee; for information look here (nobaloney.net) and order Installation.

Jeff
 
Hi Jeff,

I didn't find in version 4

acl_connect:
accept hosts = *
delay = 3s - this line

is there a reason?
 
Back
Top