[RELEASE] SpamBlocker released

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
EDIT 26 December 2006:

SpamBlocker3 is going into Beta Testing today. It optionally includes ClamAV, for those who've wanted Anti-Virus built into DA.

In order to help us support SpamBlocker as we move forward we've created several new sub-forums; be sure to check out the complete list here.

Note that there are both forums and threads on that page, including this thread, which I've moved into the new subforums today.


EDIT 29 Oct 2004:

The second free DA version of SpamBlocker has just been released as Version "RSS-1.2da".

The modifications, (taken from the modifications log) are:

RSS-1.2da 29-Oct-2004

Modified to change use of sbl.spamhaus.org list to use of sbl-xbl.spamhaus.org list.

Modified to add bad_sender_hosts check; see modification instructions.

I highly recommend the update, as it allows you to block by IP# or by hostname in addition to by "From" address.

But it's NOT currently included in DirectAdmin.

Should you decide to use it you MUST make all the modifications you made to the original file, so that anyone who get's a false positive bounce will be able to visit your website to be unblocked.

In addition, you'll also need to add a new file at /etc/virtual/bad_sender_hosts, to be populated by the IP#s and hostnames you want blocked.

End of edits.

I've just released the Free DA version of SpamBlocker.

John and Mark have indicated that they may include it in a future version of DA, and I've given that my blessing.

The advantage of having it included in DA would be that DA would control the contents of the added files.

But you can certainly use it as-is; I do. The file is at:

http://www.nobaloney.net/downloads/spamblocker/DirectAdmin/

and is well documented. Be sure to read the documentation completely before using it to replace /etc/exim.conf on your system, and be sure to keep a copy of your original exim.conf file in the event you'll need to revert.

It does require some well documented file additions to /etc/virtual/ but it should be quite easy to install into your DirectAdmin server.

The license under which exim.conf.spamblocked is released may be found at:

http://www.nobaloney.net/downloads/gnu-gpl-v2.txt

Please post to let me know about your experience with it.

Thanks.

Jeff
 
Last edited:

jeffery

Verified User
Joined
Jan 13, 2004
Messages
279
Thanks Jeff, I will test it out~ :)

I have just read your "README" at the top of the conf, it seems a little bit complicated..
:p
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
It's really quite simple.

Please ask me any questions you might have.

Here is okay for now; when I release the generic exim version (for exim but not DA) I'll probably start my own forum for it.

Maybe you can write simplified instructions once you understand it.

Jeff
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
SpamAssassin to block as well as filter?

What do you think of using SpamAssassin in to block as opposed to just mark?

What I really want to do is block spam at rcpt time (sorry if you're not very familiar with smtp and/or exim language) for listing in various blocklists (which is what the exim.conf.spamblocked file I released last night does) AND at data time for certain scores in spamassassin.

It would require that you use exim with exiscan, but Chris has already done a good job of enabling that, and I'd be building on the work he's done with more custom exim.conf files.

What do you think about that?

SpamAssassin currently (by default) marks as spam, anything that scores 5.0 or above. What score do you think we should use to block?

Thanks for any input, to help make this a better project.

Jeff
 

jeffery

Verified User
Joined
Jan 13, 2004
Messages
279
Sorry I still have no time to squeeze for testing it.. :p

I will try my best to have it tested, and give you some feedback!


SpamAssassin can detect spam quite successfully, but it's not too flexible for customization. For example, till now there is no clear guide to control the way of spamassassin does. At least I have googled for half an hour and can't find one suitable..


Comparing with the blocklist can still have a hole, they can send the email with fake address like bob@somewhereelse.com, which is hard to catch.


5.0 is not a bad idea, if it is really a spam message, it is caught by a high score. If it's a *SMART* spam, score 1.0 may still unable to catch it.

:)
 

LyricTung

Verified User
Joined
May 17, 2004
Messages
62
Well, I created the necessary files in /etc/virtual, changed the @example.com addresses, dropped in the exim.conf and restarted exim. Now, when trying to send a test message to a domain on that server I get the following:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

tweedle@dum.com
local delivery failed

The following text was generated during the delivery attempt:

------ tweedle@dum.com ------

An error was detected while processing a file of BSMTP input.
The error message was:

421 Lost incoming connection

The SMTP transaction started in line 0.
The error was detected in line 3.
0 previous messages were successfully processed.
The rest of the batch was abandoned.
421 Lost incoming connection
Transaction started in line 0
Error detected in line 3
_________________________
Any ideas? After replacing with original default config file it works fine.


SOLUTION: Since I am not running Spam Assassin, it was necessry to comment out the Spam Assassin portion of the DIRECTORS CONFIGURATION. All works fine now with the spamblocked exim.conf file.
 
Last edited:

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
What OS? You're using Exim 4.24, as I am, and the file works successfully for me.

Are you sure you didn't accidentally change anything else? (use a "diff" to see)

If you edited it on a Windows system did you remember to ftp it back to the server as ascii?

Did you find any log output referring to that email?

I don't have time to do anything tonight, but I'm willing to check on your server if you're willing to let me.

Let me know by email if you'd like me to test this for you.

Jeff
 

LyricTung

Verified User
Joined
May 17, 2004
Messages
62
Thanks for your reply! It seems to be a BSMTP and Spam Assassin error when spamc is not running :)
 

LyricTung

Verified User
Joined
May 17, 2004
Messages
62
Great job on this! I'm running FreeBSD 4.9, DA Exim 4.24.
I've been examining logs since yesterday evening and I don't think a piece of spam has made it through.

I made 2 changes to the config and life is now happy:

1. Comment out Spam Assassin in the Directors Configuration. Since I'm not running Spam Assassin, the error in my post above was being generated.

2. Comment out: Require sender_verify. While I would like to believe that all mailserver/dns admins do things properly, I know from experience, they don't. This line was causing fits with outsourced domain mail and I didn't want to immediately start trying to whitelist everything. I'm gonna try to work to build a starting whitelist and turn it back on.
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Thanks for bringing to my attention that I didn't make a great enough deal of it using SpamAssassin as set up by DirectAdmin.

I'll change the included documentation to show that.

Jeff
 

dr2web

Verified User
Joined
Sep 26, 2003
Messages
12
Location
Texas
Jeff,

The install went great, worked like a charm. Thanks for the hard work. The amount of work that you put in was apparent.

I do have a question about it. I have been having a problem with people using my server to send spam, will this conf file filter outgoing mail as well as incoming?

Thanks again for all that you have done.
 

i2iweb

Verified User
Joined
Feb 26, 2004
Messages
45
Location
Dallas, TX
I can send/receive mail fine but my headers only show the following:

Received: from mail by santacruz.i2iwebsolutions.com with spam-scanned (Exim 4.24)
id 1BSeYc-000LFX-EP

I am using Freebsd 4.9 with spamassasin. Is this header above normal?
 

thoroughfare

Verified User
Joined
Aug 11, 2003
Messages
575
Thanks for releasing this... but I was wondering, what advantage does it have over SpamAssassin etc?

Thanks,
Matt :)
 

sander815

Verified User
Joined
Jul 29, 2003
Messages
474
yes, want to know too

and, how does this work? Does it check validity of email adresses from blacklists at bl.spamcop.net, dnsbl.njabl.org, etc and then either let it pass or not pass?
 

LyricTung

Verified User
Joined
May 17, 2004
Messages
62
This exim.conf file will reject mail coming from known spam servers as verified against the blacklists you see in the file. It does this before continuing on with delivery and finally sending it over to SpamAssassin for message scanning.

The advantage: SpamAssassin uses system resources to complete it's tasks. SpamAssassin only gives a "SpamRating" and sends the message on to the recipient (unless you have something else installed to reject/sort/etc.)

This config file rejects a massive amount of Spam (according to my log files) with no (as far as I can tell) false positives. Anything that gets through the blacklists is then sent on to SpamAssassin.

SpamAssassin doesn't work so hard and user mailboxes aren't full of messages marked as ***SPAM***.
 

LyricTung

Verified User
Joined
May 17, 2004
Messages
62
i2iweb: That's how my header looked after I installed SpamAssassin from the DA scripts folder. In order to get the SpamAssassin headers, spamd needs to run, I think. I got it all working by:

1. Add: spamd_enable="YES" to /etc/rc.conf

2. Add: spamd.sh file to /usr/local/etc/rc.d folder and chmod file to 744. Mine looks like this:

#!/bin/sh
#
# Startup / shutdown script for SpamAssassin daemon

case "$1" in
start)
/usr/local/bin/spamd -a -d -r /var/run/spamd.pid && echo -n ' spamd'
;;

stop)
/bin/kill `cat /var/run/spamd.pid` > /dev/null 2>&1 && echo -n ' spamd'
;;

*)
echo "Usage: `basename $0` {start|stop}" >&2
;;
esac

exit 0

3. search the /etc/exim.conf for spamc. Replace this:

/usr/bin/spamc

to

/usr/local/bin/spamc

4. I rebooted my server because of the changes to rc.conf :)
 

sander815

Verified User
Joined
Jul 29, 2003
Messages
474
do i need spamassassin for this script to work? i thought it was either spamassasin or this script?
 

LyricTung

Verified User
Joined
May 17, 2004
Messages
62
This config is set-up by default to work in conjunction with SpamAssassin. If you wish to use just the blacklists in this exim.conf and not use SpamAssassin, you will need to comment out these lines in this exim.conf. You'll find them under the "Directors Configuration" section. Just put the # sign in front of each line as below:

# Spam Assassin
# spamcheck_director:
# driver = accept
# condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{
0}}"
# retry_use_local_part
# transport = spamcheck
# no_verify
 

i2iweb

Verified User
Joined
Feb 26, 2004
Messages
45
Location
Dallas, TX
Thanks for the info LyricTung...

I had a client that was literally receiving hundreds of spam per day that he had to download over a dialup connection to weed out the good from the bad emails and this solution here has made it sooo much easier for him now not to mention for me too.

Thanks,

Kevin
 
Top