[RELEASE] SpamBlocker released

[blacknight]

I
John and Mark have indicated that they may include it in a future version of DA, and I've given that my blessing.

The advantage of having it included in DA would be that DA would control the contents of the added files.

If it is included in a future release of DA I hope there will be an option to switch it off.

 

[nobaloney]

I had a client that was literally receiving hundreds of spam per day that he had to download over a dialup connection to weed out the good from the bad emails and this solution here has made it sooo much easier for him now not to mention for me too.

In fact, the reason we began work on SpamFilter was because one of our important clients started using a Blackberry for remote email. We've saved him hundreds of spam downloads a day.

Jeff

 

[nobaloney]

Re: Re: [RELEASE] SpamBlocker released

If it is included in a future release of DA I hope there will be an option to switch it off.

When installed, SpamBlocker, by default, is turned off for all domains. You have to turn it on for it to work.

I'd expect that DA would set it up the same way.

Jeff

 

[nobaloney]

The install went great, worked like a charm. Thanks for the hard work. The amount of work that you put in was apparent.

Thanks <blush>.

I do have a question about it. I have been having a problem with people using my server to send spam, will this conf file filter outgoing mail as well as incoming?

SpamBlocker blocks email from servers in blocklists. You don't want your server in blocklists.

You'll have to use some other method to keep people from spamming through your server.

One idea is to not allow anyone to use your server to send mail. That's actually not a bad idea.

Another is to not rent webspace or email only accounts to spammers. That's perhaps a bit tougher, but definitely worth doing.

Jeff

 

[nobaloney]

Thanks for releasing this... but I was wondering, what advantage does it have over SpamAssassin etc?

I think this has already been well answered, but to make it "official" :

SpamBlocker blocks email from known spamming IP#s before it gets to your server. Saves a lot of bandwidth.

Saves a lot of machine cycles as SpamAssassin doesn't have to check email it doesn't get .

Saves a lot of download data transfer from your DA server to your clients' desktop systems.

Jeff

 

[nobaloney]

and, how does this work? Does it check validity of email adresses from blacklists at bl.spamcop.net, dnsbl.njabl.org, etc and then either let it pass or not pass?

Yes, SpamBlocker uses block lists. You can look at the source code to see the block lists it uses.

Jeff

 

[twhiting9275]

Absolutely wonderful code here! This has cut my spam down from 50-100 mails a day (yeah, that many) to maybe 1-2.

I've included a modification that will work with mailscanner, as well as regular exim. In addition, I included an example spam.php , as seen @ http://www.linux-tech.net/spam.php (image included). Simple I know, but hopefully it helps.

Great job, keep up the good work!

 

[rhoekman]

This config file let's spammers use the smtp server as a relay without authentication. Just to let you know.

I have commented out and added the following line so users have to authenticate when they want to send it thru the server.

#hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1

hostlist relay_hosts = 127.0.0.1

Further no complaints here it works like charm!

 

[LyricTung]

This config file let's spammers use the smtp server as a relay without authentication. Just to let you know.

I have commented out and added the following line so users have to authenticate when they want to send it thru the server.

#hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1

hostlist relay_hosts = 127.0.0.1

Further no complaints here it works like charm!

I'm a lil confused by this. The line you commented out seems to only allow those who have accomplished popb4smtp auth and localhost. The line you added would allow SMTP from localhost only (no authenticated net connections.) I see no open relay with the original code. Am I missing something?

 

[rhoekman]

I was able to send email without authentication, no popb4smtp auth enabled. Try to disable popb4smtp and sent something via smtp on the server. Let me know so we can verify this, thanks!

 

[LyricTung]

I was able to send email without authentication, no popb4smtp auth enabled. Try to disable popb4smtp and sent something via smtp on the server. Let me know so we can verify this, thanks!

I disabled auth of any kind in my mail client.
I copied /dev/null to /etc/virtual/pophosts to make sure it was empty.
I tried to send mail through the server.

/var/log/exim/exim_mainlog:

2004-06-02 13:55:41 H=bear.dum.net [208.XXX.XX.15] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2004-06-02 13:55:41 H=bear.dum.net [208.XXX.XX.15] incomplete transaction (RSET) from <[email protected]>

I'm guessing that your IP was listed in /etc/virtual/pophosts when you tested it. I think the default time your IP remains permitted to relay is 30 minutes.

 

[rhoekman]

I'll look into this.. Some of my clients could use it without authentication and relay tests showed it was getting thru. Odd..

 

[rhoekman]

Ok, you are right.. It is not relaying by default. I tested relaying from another pc while my laptop was still pulling email from the server. So the IP of the router was in pophosts. My bad.

 

[nobaloney]

Absolutely wonderful code here! This has cut my spam down from 50-100 mails a day (yeah, that many) to maybe 1-2.

Glad to hear it; we block over 10,000 spams daily with SpamBlocker.

I've included a modification that will work with mailscanner, as well as regular exim.

I'll take a look at your modification. May I merge it into the "official" tree?

I've planned on adding mailscanner and virus checking, but I've been very busy.

Jeff

 

[twhiting9275]

Go for it, I technically didn't add much other than what was added to the config files the first time, but it seems to work for me

 

[sander815]

if i use this exim.conf, without any domains on the /etc/virtual/use_rbl_domains list, does it work the same way as the original exim.conf?

 

[twhiting9275]

The only way to get someone to use the extra "features" of this configuration is to put them in that list, so yeah, I'd say it does.

 

[nobaloney]

Well, perhaps not quite, but almost exactly the same.

We do some checking a bit differently than DA does.

You can certainly compare our file against the DA default file. We've documented everything fully.

Jeff

 

[sander815]

i got it running
if i want some server on the whitelist, is it enough to have its domain?
or do i need the ipadress or full server name only?

f.i. g69119.upc-g.chello.nl ? it got blocked, but that mail should not be blocked

does exim need a restart when i add domians/ips or when i add a domain to use_rbl_domains?

 

[nobaloney]

f.i. g69119.upc-g.chello.nl ? it got blocked, but that mail should not be blocked

We always put in the fqdn (fully qualified domain name) of the server we want to whitelist.

does exim need a restart when i add domians/ips or when i add a domain to use_rbl_domains?

Nope. The only time you need to restart exim is when you make a change to exim.conf (or for example, when you install the new exim.conf).

Jeff