[RELEASE] SpamBlocker released

Well, I'm not sure that's faster than installing one file and creating three directories...

but if you think so... :)

To each his/her own.

The Anti Virus solution you mention filters viruses, but still accepts them on the server.

Our solution will block them at data time; so they won't end up on your server with you wondering what to do about them.

Either way, SpamBlocker works!

Jeff
 
I enabled the spamblocker script yesterday, now i'm getting some weird stuff.

Mail from one of my domains is being redirected (?) to my email adress... somehow...

The mail is directed to [email protected], but it ends up in my mailbox.

Excerp from my maillog:
2004-08-11 09:56:16 1Buny3-0005yU-NF => bart <[email protected]> F=<[email protected]> R=virtual_user T=virtua...

bart is my account. my account is in no way related or linked to user(@domain.com).

Any ideas? Problem is only with this domain afaik, and not all mail gets 'redirected' to my account, i think.
 
jlasman said:
Our solution will block them at data time; so they won't end up on your server with you wondering what to do about them.

Either way, SpamBlocker works!

Jeff
Click to expand...

That sounds good - when can we see a solution?

regards

Jon
 
I don't have a date yet.

i was to have worked on it this week, but I had some car problems, some servers that needed work, and a bad cold that keeps me away from the computer a lot of hours.

:(

I hope, soon.

Jeff
 
Thanks for all your hard work on this project, I just installed the new DA exim package so I guess I'm not using spamblocker as well :-)
 
In the new DA exim package you should find an exim.conf file that includes DA.

Don't forget to create the necessary directories (see the comments in the exim.conf file) if they're not there already.

But by default no domains make use of SpamBlocker; you'll have to put domain names into /etc/virtual/use_rbl_domains.

(You don't have to restart anything.)

Jeff
 
whitelist_from not working ?

Are there any other special way of adding ip addressess to whitelist_from file to work?

I try to add

*@domain.com
dslxx-xx-50293.adsl.xxnet.net.tr
81.2xx.1x6.117
mailsrv.domain.com
domain.com

not working still mail from this ip adress is blocked.

I also try to add domains just like this into whitelist_from file

whitelist_from [email protected]
whitelist_from 1.1.1.1
whitelist_from *@domain.com

Its still not working

I double checked permissions etc
-rw-r--r-- 1 mail mail 111 Aug 17 17:15 /etc/virtual/whitelist_from

No solution

I checked exim.conf line bye line nothing wrong I found

what am I doing wrong?

I just want to whitelist an ip address and accept mail from it for all my domains in use_rbl_domains file
 
It's possible it doesn't work properly by IP#; I'll check into it.

If it needs a change to make it work with IP#s, I'll make the change and announce it in this thread.

Jeff
 
EDITED for my own stupididty!!!!!!!

i named the whitelist file wrong, lol

thanks for the mod!
 
Last edited:
can someone post an example of text that goes in black list.

I got nailed with Span Assassin, Spam Blocker with about 10 emails from Rx companies and othe BS. Some how they all got through and i want them gone.

These all text messages are trickey, eh. is there a way to block emails that use the whole "mort.gage looan" technique.

Im just learning this spam blocking thing, lots of fun!!!!

:confused: :confused: :confused:
 
tricky

The short answer is that you take a look at the headers of offending spam and find the mailserver that sent it and add the name of that mailserver to /etc/virtual/blacklist_domains .

The problem here is "How does one decipher the headers?" With all of the relaying and spoofing that goes on it's very difficult, for me atleast, to decipher and figure out what mailserver to block. Usually I just find IP addresses andd throw them in the blacklist_domains file. But I don't even know if that really works or not.

Can someone explain how to read a header that contains some BS? Or better yet give a web resource that will help? Here is an offending header. What do I add to the blacklist_domains file?

Received: from mail by lucie.bli.net with spam-scanned (Exim 4.24)
id 1BxefY-000GkW-C0
for [email protected]; Wed, 18 Aug 2004 21:36:56 -0700
Received: from lns-th2-4f-81-56-240-210.adsl.proxad.net ([81.56.240.210])
by lucie.bli.net with smtp (Exim 4.24)
id 1BxefS-000GkO-F1
for [email protected]; Wed, 18 Aug 2004 21:36:52 -0700
Received: from 12.48.190.46 by web019.mail.yahoo.com; Wed, 18 Aug 2004 22:35:07 -0700
From: "Carla Cummins" <[email protected]>
To: [email protected]
Subject: [email protected]
Date: Thu, 19 Aug 2004 02:33:07 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--93560288463485817"
X-CS-IP: 248.84.138.42
X-lucieblinet-MailScanner: Found to be clean, Found to be clean, Found to be clean, Found to be clean
X-lucieblinet-MailScanner-SpamCheck: spam (blacklisted), spam (blacklisted), spam (blacklisted), spam (blacklisted)
X-Username: [email protected]
Resent-To: "[email protected]" <[email protected]>
Resent-From: Carl Ratliff <[email protected]>
Resent-Date: Wed, 18 Aug 2004 21:49:01 -0700
Resent-Message-ID: <[email protected]>
X-Username: [email protected]
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on lucie.bli.net
X-Spam-Level: ****
X-Spam-Status: No, hits=4.6 required=8.0 tests=CLICK_BELOW,EXCUSE_3,
HTML_60_70,HTML_IMAGE_ONLY_04,HTML_LINK_CLICK_HERE,HTML_MESSAGE,
MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,REMOVE_PAGE
autolearn=no version=2.63
X-lucieblinet-MailScanner-Information: Please contact the ISP for more information
 
I just spent 30 minutes looking for already created black lists and found this one with over a million.

bigblacklist

I unzipped it and it is a tone of folders all catagorized by genre of spam and insite are list of domains and urls.

I guess i just copy and paste all domains and IPs in list format with no special code into the blacklist_domains File???

I can find nothing on this on the web. google groups is even being a bitch about returning what i want!!!!!!!well I guess its time to experiment

any info is greatly appreciated!
 
motobrandt, you seem to be running Mailscanner. You have to get rid of it before you use Spamblocker (meaning undoing all the changes you have done and removing those folders you did create).

Add you domains to the rbl file, activate spamassassin (follow DA instructions), activate clam (there is a good howto) and that's it.
 
interfasys said:
motobrandt, you seem to be running Mailscanner. You have to get rid of it before you use Spamblocker (meaning undoing all the changes you have done and removing those folders you did create).

Add you domains to the rbl file, activate spamassassin (follow DA instructions), activate clam (there is a good howto) and that's it.
Click to expand...
What??? Why do I have to get rid of Mailscanner? Everything seems to be working fine. Except the fact that I don't truly know how to read a header or what to put in the blacklist_domains file.

Do tell me what the issue with Mailscanner is.

Thanks,
Brandt
 
Where did you get your exim.conf file?

Do you have my SpamBlocker code in your eixm.conf file, as well as the MailScanner code?

I suppose you could use both, but I don't know if anyone has properly implemented it.

Anyway, to get the name of the server to block:

The top "Received:" line that's accepting email from an outside email is the line that's got the name of the mailserver you want to stop.

Someone has brought to my attention that IP#s may not be working in the blocklist; I'm not sure, because I use names and not IP#s.

So I'll be checking further as time permits and make any required changes.

Jeff
 
Jeff,
I am using the original spamblocker exim.conf (not sure if it has changed over the last couple months) I added this at the top for Mailscanner.

spool_directory = /var/spool/exim.in
queue_only = true
queue_only_override = false
no_message_logs
log_file_path = /var/log/exim/%s

And I commented out the spamassassin stuff as it's already running under mailscanner.

# Spam Assassin
#spamcheck_director:
# driver = accept
# condition = "${if and { {!def:h_X-Spam-Flag:} {!eq {$received_protocol}{spam-scanned}} {!eq {$received_protocol}{local}} } {1}{0}}"
# retry_use_local_part
# transport = spamcheck
# no_verify

errrr.... well this stuff isn't commented out. It's just down from that last stuff.

# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# Spam Assassin
begin transports

spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc
use_bsmtp
user = mail
# must use a privileged user to set $received_protocol on the way back in!

Do you want to see the whole file? or does it matter to you?
:rolleyes:
 
motobrandt said:
I am using the original spamblocker exim.conf (not sure if it has changed over the last couple months) I added this at the top for Mailscanner.
Click to expand...
I presume you read the comments in the SpamBlocker exim.conf file and created the necessary directories. I also presume you restarted exim after you installed the new exim.conf file and after each change you made.
Do you want to see the whole file?
Click to expand...
That depends what you want me to help you with :) . In my last post I gave you information on what needs to be in the blocklist, and where to find it. Do you need any other information or help from me?
or does it matter to you?
Click to expand...
I was wondering how you implemented it because I'm working on my implementation. However my implmentation will working during data time, so I most likely won't use MailScanner.

Jeff
 
vincenzobar said:
I just spent 30 minutes looking for already created black lists and found this one with over a million.
Click to expand...
it's not one list; it's lots of them.

As currently implemented, the spamblocker blocklist works on domains taken from from-addresses. I'll soon be isuing an update that also works with hostnames. bigblocklist appears to have domains from from-addresses, so the domains should work, though the IP#s won't.

(I'm still studying whether or not IP#s will work in the hostnames blocklist.)

However you should know that exim will parse these lists in realtime each time an email comes in. Do you really want to slow down your server searching over a million?

I wouldn't do it this way.

If I were going to do it (and I'm most likely not) I'd create my own DNS blocklists. There are instructions for doing this; you can google for them if you decide to do it.

Note however that this method requires hostnames, not from-domains, so this list may be useless, depending on how it was created. It does NOT require you know the IP#s; only that you know how to send back an arbitrary IP# that explains the meaning for the block.

Jeff
 
Ok these few questions should be all i need before i fully understand this 'ish.


Code: 
Return-path: <[email protected]>
Envelope-to: [email][email protected][/email]
Delivery-date: Fri, 20 Aug 2004 16:09:08 -0400
Received: from mail by server.Innerearaudio.com with spam-scanned (Exim 4.24)
	id 1ByFhD-0005Am-Tf
	for [email][email protected][/email]; Fri, 20 Aug 2004 16:09:08 -0400
Received: from localhost by server.Innerearaudio.com
	with SpamAssassin (2.64 2004-01-11);
	Fri, 20 Aug 2004 16:09:07 -0400
[b]From: Hot Flashes Be Gone <[email protected]>[/b]
To: <[email protected]>
Subject: Is there relief from menopause?            
Date: Fri, 20 Aug 2004 14:08:32 -0800
Message-Id: <[email protected]>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on 
	server.Innerearaudio.com
X-Spam-Level: *****
X-Spam-Status: Yes, hits=5.9 required=5.0 tests=CLICK_BELOW,EXCUSE_16,
	FREE_SAMPLE,FROM_ENDS_IN_NUMS,HTML_30_40,HTML_IMAGE_ONLY_12,
	HTML_MESSAGE,HTML_TAG_BALANCE_TABLE,HTML_TITLE_UNTITLED,HTML_WEB_BUGS 
	autolearn=no version=2.64
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_41265A63.F66B82C8"

the bolded From: Hot Flashes Be Gone <[email protected]> Is this what you are taling about!

do I enter this into blacklist_domains or use_rbl_domains and do i type it in the file like this:

[email protected]
or
[email protected]

All i have read on the net is all this perl code like S=amazon;hotmail to be entered into files. I have spent 3 days researching on the net and have found nothing useful and im the only computer geek of all the people i know in person. this sux :-(

I see in this thread it talks about enabling SpamBlock in conf but all i did was copy paste and according to my header it seems to be working, i think, but i still get a butt load of spam and SpamAssassin is catching it all. I have read through all the code but can't understand it well enough to figure out what to do exactly ( i need my hand held- *what a b!tch i am when it comes to this stuff*)

Also in reading this post - what do you mean enter domains in use_rbl_domains. My domains like www.underwater-design.com or the ones i don't want coming through. if its for non wanted then whats the black list for? I am so confused, I think my brain is fried!

BTW i have aol IM and am vincenzobar if you think IM would be easier to solve this and clarify my questions!
 
You must log in or register to reply here.
Back
Top