[RELEASE] SpamBlocker released

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
I should have beta4 in production by the end of the week; all it's waiting for now is for me to get it in sync with the latest from DA. I'll be writing John in a moment.

Jeff
 

tdldp

Verified User
Joined
May 9, 2005
Messages
169
Problem ???

Hi jeff, here i have this time a real trouble with spamblocker.

Certainly due to my lack of knowledge, i have found no method yet to get round this .
Let me explain :

We have regurlaly a listed IP which blocks us sending mails (this is because the ip has been used by wanadoo users to spam others, and as we have at our work a changing ip for security needs, we have regurlaly listed ip's)
To prevent us from being blocked when sending emails. i added as you can see in my last post our host, in whitelist_from.

Since that another trouble occured.
I have set my adress as catchall, some of our clients having trouble visibly to spell our adress correctly. it was preferable to be sure we get all mails in, even if there is a typo or spelling error.
Problem i have 2 adresses that have been in some manner, added in international spamming lists, and we now get, 6 times an hour, mails to those 2 adresses that land in my mailbox. Fortunately, spamassassin does his job correctly, and it detects it as spam (normal : XBL , Spamcop listing)

What i'd like to know is, how can i block in a specific list : blacklist_to, specific destinatory adresses, so that it is refused by server ??? Is this case planned in future spamblocker version ???This case can be pretty problematic, and it would be good to be able in first check that the adress is in a blacklist with catchall usage.

Your return, or eventual help would be appreciated ;)

yours

Tdldp
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Re: Problem ???

tdldp said:
We have regurlaly a listed IP which blocks us sending mails (this is because the ip has been used by wanadoo users to spam others, and as we have at our work a changing ip for security needs, we have regurlaly listed ip's)
To prevent us from being blocked when sending emails. i added as you can see in my last post our host, in whitelist_from.
I'm confused. The whitelist_host list is a list of systems you want to be able to send you mail; it has nothing to do with whether or not you can send email to other systems.
Since that another trouble occured.
I have set my adress as catchall, some of our clients having trouble visibly to spell our adress correctly. it was preferable to be sure we get all mails in, even if there is a typo or spelling error.
Problem i have 2 adresses that have been in some manner, added in international spamming lists, and we now get, 6 times an hour, mails to those 2 adresses that land in my mailbox. Fortunately, spamassassin does his job correctly, and it detects it as spam (normal : XBL , Spamcop listing)

What i'd like to know is, how can i block in a specific list : blacklist_to, specific destinatory adresses, so that it is refused by server ??? Is this case planned in future spamblocker version ???This case can be pretty problematic, and it would be good to be able in first check that the adress is in a blacklist with catchall usage.
SpamBlocker doesn't offer this in the most recent versions (even the one coming out shortly), but you can do it easily enough by forwarding the specific email addresses to /dev/null. Read elsewhere in the forums for instructions on how to set up a forwarder to a directory.

Jeff
 

tdldp

Verified User
Joined
May 9, 2005
Messages
169
Re: Re: Problem ???

jlasman said:
I'm confused. The whitelist_host list is a list of systems you want to be able to send you mail; it has nothing to do with whether or not you can send email to other systems.
Well weirdly enough and i'll take a concrete example :
we have 5 users in our company, and we send each other mails...
Let's say at time X we get ip : XXX.XXX.XXX.1
this ip is listed in XBL SBL or spamcop.
When sending an email, error 550 from the server : to unblock $sender_host_name see http://www.site.fr/spam.php
Grrrr... This doesn't arrange us :
2 immediate solutions :
Changing IP,
adding our host in whitelist.

Toke second solution, as we can't change every now and then our ip adress, and this worked. We can send anytime, with any ip (even if listed) emails to ourselves and to our clients.

Now if there is another solution in order that our host is always allowed to send mail without checking RBL, i'll appreciate solution.
I may not know yet that other solution exists, that is why i'm asking ...

jlasman said:
SpamBlocker doesn't offer this in the most recent versions (even the one coming out shortly), but you can do it easily enough by forwarding the specific email addresses to /dev/null. Read elsewhere in the forums for instructions on how to set up a forwarder to a directory.

Jeff
My problem is not to forward a specific email adress. (this adress is not suppose to exist, and those who send emails to this adress are spammers, and nothing else.)
I think that in some case, it could be good to block a destination adress known to be used by spammers, just as spamblocker blocks mail from known hosts.... I'm too newbie to traduce that in script, though i'm trying to and trying to learn. That is why i ask help or a lane to follow...
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Re: Re: Re: Problem ???

tdldp said:
We can send anytime, with any ip (even if listed) emails to ourselves and to our clients.
Now I understand. Yes, this will whitelist your domain name for the same server. However it won't whitelist your domain name for anyone listed on other servers using the blocklisted IP#.
Now if there is another solution in order that our host is always allowed to send mail without checking RBL, i'll appreciate solution.
Get the IP# delisted or move to a different IP#.
My problem is not to forward a specific email adress. (this adress is not suppose to exist, and those who send emails to this adress are spammers, and nothing else.)
I think that in some case, it could be good to block a destination adress known to be used by spammers, just as spamblocker blocks mail from known hosts.... I'm too newbie to traduce that in script, though i'm trying to and trying to learn. That is why i ask help or a lane to follow...
It can certainly be done in SpamBlocker, but we don't do it at this time.

Jeff
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
[RELEASE] SpamBlocker Version 2 released

SpamBlocker Version 2 has been released.
Please see the new thread in this same forum:

[RELEASE] SpamBlocker Version 2 released

I'll leave this thread open for a few days in case there are any final questions, but I'll lock it soon and begin to respond to the new thread for the new version.

Thanks for your continued interest in SpamBlocker; I'm sure you'll find the new version features to your liking.

Jeff
 

tdldp

Verified User
Joined
May 9, 2005
Messages
169
Re: Re: Re: Re: Problem ???

jlasman [/i][B]Get the IP# delisted or move to a different IP#.[/B][/QUOTE] Well i'd love to said:
It can certainly be done in SpamBlocker, but we don't do it at this time.

Jeff
Can this be indeed thought of, in future versions, not the V2 as this one is released but maybe a V2.1 ;o) ???
Meanwhile, where could i find information on blacklisting a specific destination adress (i will make migration to V2 asap, but i'd like to have found a solution to my problem in same time in order to do the 2 steps in one...) If you know of a doc zone i could find info into i'd appreciate your return ;)

Thks again for your great job ...

Tdldp
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
tdldp,

You wrote:
I think that in some case, it could be good to block a destination adress known to be used by spammers,
But you don't explain why we should block destination addresses. Just what problem would it resolve that isn't resolved by the forward to /dev/null?

I really haven't studied how to do it; so you should start by studying how exim ACLs work. Your best place to start is probably the exim.org website.

It will require customization of exim.conf.

Jeff
 

tdldp

Verified User
Joined
May 9, 2005
Messages
169
Found a solution

Before jeff stops this thread, i'll just post the solution to the problem i faced, as it could interest others :

A simple ACL rule that blocks destination adress is following :
Code:
# refuse mail to any identified adress in any local domain, regardless of source
  deny  recipients = lsearch;/etc/virtual/destination_block
        message = The destination adress is not accepted by our services - Stop spamming us.
It must be placed in exim.conf after following lines :
Code:
######################################################################
#                               ACLs                                 #
######################################################################

begin acl

# ACL that is used after the RCPT command
check_recipient:

# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
  accept  hosts = :

# Deny for local domains if local parts begin with a dot or
# contain @ % ! / |
  deny  domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]

# allow local users to send outgoing messages using slashes
# and vertical bars in their local parts but blocks outgoing
# local parts that begin with a dot, slash, or vertical bar
# but allows them within the local part.  The sequence \..\
# is barred. The usage of @ % and ! is barred as before. The
# motiviation is to prevent your users (or their virii) from
# mounting certain kinds of attacks on reverse sites.

  deny  domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
and just before :
Code:
# accept email from anyone in the whitelist_from list
  accept domains      = +whitelist_from
A file, listing of destinations to be blocked, named : destination_block
must be created under /etc/virtual/ near the files created by default by spamblocker...

Works fine for me, and help me reduce 98% spam that had managed to get through spamblocker in a specific catch-all account situation.
 
Last edited:

interfasys

Verified User
Joined
Oct 31, 2003
Messages
2,099
Location
Switzerland
That could be very helpful against domain names contacts spammers if we could forward those messages to the spam folder.
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
tdldp,

Personally, if I were going to include the code, I'd probably want to put it after the whitelist code; by definition whitelists should supercede any blocklists.

Or shouldn't they? If not, then for what reason?

Jeff
 

tdldp

Verified User
Joined
May 9, 2005
Messages
169
jlasman said:
tdldp,

Personally, if I were going to include the code, I'd probably want to put it after the whitelist code; by definition whitelists should supercede any blocklists.

Or shouldn't they? If not, then for what reason?

Jeff
I'd do the same as you jeff, but apparently the config i use needs it this way... Maybe i haven't explained correctly situation. (i'm noob, french, and my english a bit rusted)

I use default exim 4.52, with spamassassin 3.1.0.
Our account has a catchall pointing on my adress, as some of our clients are misstyping regulars.
Our main problem is that in france, wanadoo (ISP) is a regular ip blocked addict. Thus as we get pretty often, blocked ip's, the only solution i had in order to contact clients using our servers mailing service, was either :
- get the ip delisted (but this is not instant, does not always work, and does not protect us when we change of ip),
- change ip (but this is impossible if we are under maintenance time and it does represent 75% of our online time, and of our company's working time),
and finally :
- get our domain whitelisted_from by default.

But the main problem in this case, is that whitelisted_from is the whitelist by default for all spamblocker, thus bypassing all further check. In this present case, we get allowed to send to our box, and to our clients (who are in majority, wanadoo clients, and thus accept our incoming mails due to lack of security of this isp : Hey, they sell their antispam and antivirus solution like that), but this also allows externals to send us spam again (as we are in whitelist, we bypass all further spamblocker checks). Fortunately spamassassin does his job correctly, but what i dislike is that spammers, that send to specific unavailable adresses (but who get sent after to catchall account) get their message processed on the server, thus using ressources in clamav, and spamassassin checking.

The solution i used, is in the scheme the following :
- If destination adress is known in a blacklist, (know spammers destination adress, which we do not use, and has no reason to exist) deny processing, may it come from an admin, local or external.
- If server Admin or server main domain sends mail (contact in whitelist) send mail even if host or ip is blacklisted (due to isp blacklisting history), receive mail normally
- if local domain sends / receive, process normally.
- If receive from external, start by checking destination blacklist, before doing any check, then process normally.

Up to know this scheme works for us (98% blocked) except following case :
spam destination adress is existant (thus not in destination blacklist) and destination domain (host) is in whitelist.
In this unique case, spam gets sent normally, but then clamav and spamassassin do their work and we receive headers normally.

This may not be so clear, but it works in our "very" specific case.
It may not be a standard, (and i would understand) but if i posted the solution, it is bcause, others may face our problems, and as i hadn't find answer in these forums, i propose mine...

Please do note, i am not advanced enough, to judge, appreciate, or critic. I just needed a solution to my specific problem. I still do think that up to now : the association : Spamblocker (exim) / SA / ClamAV is the best mail scanning solution and i pretty much appreciate the core solution you provide the DA community...
My next aim, migrate to V2 :=) and wait impatiently that DA proposes spamblocker by default.

Tdldp
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
Okay, now I understand your position and why you did what you did.

Yes, whitelist_from is for everyone; that was quite intentional as a design decision; doing everything on a domain by domain basis using exim.conf would require that the entire exim.conf file be rewritten each time a domain is added/deleted.

Yes, we could write it all into a separate program, and have all the mail go through that problem. As it would make exim completely nonstandard, for our company it would be a support nightmare.

Your french is much better than mine :) .

SpamBlocker 2 is a simple upgrade, and if you buy SpamBlocker Plugin when it becomes available, it's even easier :) .

I'm not sure what you mean about SpamBlocker becoming a part of DA, since it has been for over a year.


Jeff
 

Titam

Verified User
Joined
Apr 29, 2005
Messages
190
I installed it, and now i have something strange.

2005-12-02 09:55:01 1Ei6h3-00044N-7x H=relay-av.club-internet.fr [194.158.96.107] F=<register@hollinae.com> temporarily rejected after DATA: failed to expand ACL string "${if >{$demime_errorlevel}{2}{1}{0}}": unknown variable name "demime_errorlevel"

So, i look after, and registrer@hollinae.com isn't exist as email adress, so it's blocked, and it's good but the error message "
temporarily rejected after DATA: failed to expand ACL string "${if >{$demime_errorlevel}{2}{1}{0}}": unknown variable name "demime_errorlevel" " is not normal I think.

Thank you for you help
 

ju5t

Verified User
Joined
Sep 14, 2005
Messages
395
Location
Amsterdam
Dovecot is no MTA if I'm not mistaken. So Spamblocker will keep on working within Exim.

Anyway, whats with Dovecot? Are DA planning on replacing the current IMAP/POP3 software?
 

sullise

Verified User
Joined
Mar 4, 2004
Messages
519
Yup...shortly. At least give clients a choice. :) Exim blows monkey chunks IMHO.
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
sullise said:
Exim blows monkey chunks IMHO.
You might as well find another control panel, now, then, sullise, since dovecot doesn't replace exim.

Both Onno and I have been extremely busy and I'm finally trying to catch up with what I can on the 443 messages I never saw on the forums because of my trip and the aftermath.

But SpamBlocker will work fine with exim even after dovecot is installed.

And, btw, private messages on this forum are never a good way to reach anyone who you've got an email address for; some of us just don't have time to log in to the forum when we're busy.

Except in unusual circumstances I log into the forum at least once a day, but when I'm at the office I get email in realtime.

Jeff
 
Top