[RELEASE] SpamBlocker released

[nobaloney]

whitelist_from looks at the email address the server is using to connect; the "mail from" address.

EDIT 11/30/04:

The above statement is in error; I don't recall why I was thinking it at the time.

The whitelist_from needs to have the canonical name or IP address of the sending server to be whitelisted. Full instructions are in the exim.conf file, and below in a post I wrote dated 11/30/40.

Our tests show it works, but we'll be happy to test further once a few more people have replied to this thread telling us of their experiences.

Our experience has been that sbl-xbl.spamhaus.org works well for us without making exceptions for our own (authenticated) users, but you can of course move it.

After the first issue is resolved we'll bring out our next version, and we'll move sbl-xbl.spamhaus.org to the section that bypasses checking for known authenticated senders.

You can do it yourself first, if you'd like.

If you make any changes to exim.conf be sure to restart exim afterwards.

Jeff

 

[jjma]

whitelist_from looks at the email address the server is using to connect; the "mail from" address. Our tests show it works, but we'll be happy to test further once a few more people have replied to this thread telling us of their experiences.

I've updated to the latest version (two weeks ago) and last night came across my first problem. Our client had sent out a competition newletter and last night was the deadline for the winners to contact them. According to the client alot of the emails seemed not to be getting through to them... so I checked the rejectlog and noticed that the majority of blocks were being made on one isp: ntlworld.com (uk isp provider).

One of the winners used my 'remove me from your spam list' form to contact me and I added his email address to the whitelist. I emailed back to ask him to contact our client again but he was still being rejected by exim?

This is a snippet of our log file:

Legend: "<AT> = @"

2004-11-29 22:03:15 H=mailhost.ntl.com (mta05-winn.mailhost.ntl.com) [212.250.162.8] F=<a.westerman1<AT>ntlworld.com> rejected RCPT <amber<AT>iofilm.co.uk>: to unblock mailhost.ntl.com see http://www.launchsite.co.uk/contact/email.php

Other blocks:


2004-11-29 17:02:18 H=mailhost.ntl.com (mta13-winn.mailhost.ntl.com) [212.250.162.8] F=<flaxmers<AT>ntlworld.com> rejected RCPT <amber<AT>iofilm.co.uk>: to unblock mailhost.ntl.com see http://www.launchsite.co.uk/contact/email.php


2004-11-29 16:56:47 H=mailhost.ntl.com (mta09-winn.mailhost.ntl.com) [212.250.162.8] F=<p.trickett<AT>ntlworld.com> rejected RCPT <amber<AT>iofilm.co.uk>: to unblock mailhost.ntl.com see http://www.launchsite.co.uk/contact/email.php

Our Whitelist:

a.westerman1<AT>ntlworld.com

Eventually I had to remove the clients domain from the "use_rbl" file so that the competition winners could progress.

regards

Jon

 

[nobaloney]

Jon,

I've tested the whitelist_from function and it appears to work properly for me.

It appears you're using whitelist_from incorrectly.

Here's the instructions for whitelist_from, taken from the exim.conf file:

# 3) Add a file /etc/virtual/whitelist_from                          #
#    This file should contain the fully-qualified hostnames or IP#s  #
#    of servers that you DO want to be able to get email from even   #
#    if they're otherwise caught by blocklists.  Your own domain     #
#    need not be listed here to enable you to get unblock requests,  #
#    whitelisting of email to your "errors" address will be handled  #
#    separately, below.                                              #

Here are some further comments on whitelisting, from further down in the exim.conf file:

# You'll need the full name of their server to unblock them, by      #
# putting the server name into the /etc/virtual/whitelist_from       #
# file.  There are two ways you can get this information:            #
#                                                                    #
# 1) You can create a form that will ask them for the address        #
#    they're trying to reach, the address they're sending the email  #
#    from, and the canonical name of their email server.  Since they #
#    may not know the name of their email server, this must be       #
#    optional, and if they leave it blank you'll have to find their  #
#    attempt to send email in your exim /var/log/exim/rejectlog file #
#    and get the name of the server from there.                      #
#                                                                    #
# 2) You can ask them to send you an email from the same address     #
#    that they were blocked from, but to (for example)               #
#    "[email protected]" (but changing it to an address you want to #
#    use, at one of your domains). When they send you the email you  #
#    should be able to find the name of their server in the headers  #
#    of the incoming email.                                          #
#                                                                    #
# Either way, you'll need to put the canonical name of their         #
# nameserver into your /etc/virtual/whitelist_from file.             #

I previously wrote:

whitelist_from looks at the email address the server is using to connect; the "mail from" address.

That's an error in thinking on my part when I wrote the post .

I'll edit it now.

Jeff

 

[jjma]

Should this have been in the whitelist_from file instead:

mailhost.ntl.com

regards

Jon

 

[nobaloney]

If that's what the reverse DNS of the IP# refers to, then yes.

Jeff

 

[different]

hello.
this is my situation..

even I add the domain to whitelist_from..
if their ip is on the list of any RBL list..
the exim will reject their connection...

so I had to add this line to my deny messege block..
!sender_domains = +whitelist_from

deny message = to unblock $sender_host_name at $dnslist_domain see $dnslist_text
hosts = !+relay_hosts
domains =+use_rbl_domains
!authenticated = *
# dnslists not including spam.dnsbl.sorbs.net
dnslists = sbl.spamhaus.org : \
relays.ordb.org : \
bl.spamcop.net : \
dnsbl.sorbs.net!=127.0.0.6
!sender_domains = +whitelist_from

if I don't add this line... even I add all address to whitelist_from, if they are on RBL list... the server seems will reject them...

 

[nobaloney]

whitelist_from is supposed to be a list of qualified hostnames or IP#s, not of domain names.

If it is, then these two lines, beginning at line 471, should accept all emails from any domains in the whitelist_from file:

# accept email from anyone in the whitelist_from list
  accept domains      = +whitelist_from

I could add a separate lists for domain names, but I don't think that's as good a test.

Should I?

Consensus, anyone?

Jeff

 

[xgeek]

Hi Jeff,

I am using your spamblocker conf 1.2d as well as spamassassin.
Do I need to change the spamassassin parts to match the instructions in the DA Knowledge base found here?
http://help.directadmin.com/item.php?id=36
or is your spamassassin config more uptodate?

Many thanks
Stephen

 

[cprompt]

I could add a separate lists for domain names, but I don't think that's as good a test.

Should I?

Consensus, anyone?

Jeff

Whitelisting a whole domain by name only seems a drop in the level of protection that your script provides. I think once server admins realise that they need to whitelist mail servers and not email addresses then it's easy enough to look at your exim logs and see which server is getting blocked that you want to allow mail from. I have had to unblock some servers myself and have found it straightforward.

 

[nobaloney]

I am using your spamblocker conf 1.2d as well as spamassassin.
Do I need to change the spamassassin parts to match the instructions in the DA Knowledge base found here?

The exim.conf file as I deliver it on my website (and as far as I know, as DA still delivers it) has SpamAssassin turned off by default.

To turn it on you must follow the instructions in the DA knowledge base.

Jeff

 

[jjma]

If that's what the reverse DNS of the IP# refers to, then yes.

Jeff

I have another client who sends her mail through her isp, Btconnect, there range of ips goes from

81.13.0.0/255
81.134.0.0/255
81.135.0.0/255 and on and on....

I think her ip address is dynamic if that is important in resolving this problem, and her error messages were as follows.


2005-01-11 10:12:34 H=host81-133-190-6.in-addr.btopenworld.com [81.133.190.6] F=<[email protected]> rejected RCPT <[email protected]>: to unblock host81-133-190-6.in-addr.btopenworld.com see http://www.launchsite.co.uk/contact/email.php

2005-01-11 10:12:35 H=host81-133-190-6.in-addr.btopenworld.com [81.133.190.6] incomplete transaction (QUIT) from <*@scot-canoe.org>

2005-01-11 14:02:15 plain authenticator failed for host81-134-107-102.in-addr.btopenworld.com [81.134.107.102]: 535 Incorrect authentication data (set_id=*@scot-canoe.org)

2005-01-11 14:02:16 H=host81-134-107-102.in-addr.btopenworld.com [81.134.107.102] F=<*@scot-canoe.org> rejected RCPT <*@scot-canoe.org>: to unblock host81-134-107-102.in-addr.btopenworld.com see http://domains/contact/email.php

2005-01-11 14:02:16 H=host81-134-107-102.in-addr.btopenworld.com [81.134.107.102] incomplete transaction (QUIT) from <*@scot-canoe.org>

I added the following hostnames to whitelist from:

host81-133-190-6.in-addr.btopenworld.com
host81-134-107-102.in-addr.btopenworld.com

plus

host81-133-185-144.in-addr.btopenworld.com
host81-133-185-41.in-addr.btopenworld.com

the email is still being bounced. What am I missing here?

Thanks

Jon

 

[nobaloney]

Does she get the error message when she uses your server to send email to people not on your server?

Or when she sends email to addresses on your server?

Either her ISP has seriously misconfigured their DNS or she's NOT using her ISP's server, but rather her own server.

Why do I believe that?

Because the IP# is blocked by Sorbs' Dial Up List.

If she's really using her ISP's mail server then her ISP needs to get her IP address out of the Sorbs list of dialup IP#s.

If she's using her own system to send you mail from a dialup network you could reconfigure exim.conf to use individual Sorbs lists instead of using the combined lists the way I do, but you'll get a lot more spam.

Jeff

 

[jjma]

I'll check and get back to you.

regards

Jon

 

[interfasys]

I have problems with Spamcop's rbl.

Two important emails have been blocked this week because some of a couple ISP's smtp servers have been blacklisted.

Just an example:

Two hours ago, I got an email just fine.
Now the sender is blocked.
I check spamcop, it tells me that there are no reports and that this server will be delisted in 15 hours.

I think it's a bit too sensitive.


So my suggestion is the following:

Could Spamblocker be tuned to check for a number of hits against rbls?

If the server is blacklisted in n rbls, then block it.

I don't have enough experience to be able to judge if this is a good idea or not.

 

[nobaloney]

Could Spamblocker be tuned to check for a number of hits against rbls?

Probably. Go for it.

I'm not going to do it. I've got something else in mind for the commercial version:

The commercial version of SpamBlocker will allow each domain to decide which specific RBLs to use.

Jeff

 

[sky]

Hi
Thx for SpamBloker that i have just configured on a server.

I just wanted to majke shure all whas as simple as it seems :
- Activate spamassasin
- Create the directory /etc/virtual/bad_sender_hosts
- change the etc/exim.conf with your exim.conf file

I dont have any error i think, but, just to feal safe, i wanted to ask
Im not getting many email any more so, that is a realy good ,ews !!!

I whas thinking that it would perhaps be good for teting to send a email each time a spam is block so whe can be shure that is seams to be working.
When where feal shure, whe just have to desativate it. (like a 1 for email send and a 0 dor no email send)

Just a idea, i dont know if it is hard
But, it seams great work !! bravo !

Another question :
I dont understand what to put in the /etc/virtual/bad_sender_hosts ?
Do i add line by line the domain, or, ip domain?

Thx for your help.
Sky

 

[nobaloney]

Sky,

I thought the instructions for bad_sender_hosts are clear enough:

This file should contain the IP#s or "ehlo" names of hosts
of hosts or so-called legal spammers and other spam sources
that don't always get caught in blocklists, but whom you want
to keep from sending spam to domains on your server for which
you've enabled spamblocking.

Please let me know specifically what you don't understand.

Jeff

 

[interfasys]

Is there a database online with known legal spammers?

I hate the kornet DC and would love to block them.

 

[nobaloney]

Not that I know of.

Anyone else?

Jeff

 

[sky]

Hi jlasman.
I mean, i resolve the domain i whant to block, then, i put one by line in the block file?

Thx, i dont now the word ehlo... Not very frensh

Thx for your attention!
Sky