Spamblocker Help

M

mmsitech

Verified User
Joined
Oct 1, 2003
Messages
17
Hello, I'm hoping someone can help me....

I've got Spam Assassin installed and updated it with the SpamBlocker exim.conf file. But heres my problem.

When a message gets labeled as spam, it does get diverted to the SPAM Folder, but no autoreply gets sent. I tested it by sending a message from a mail server I have set up at home.. where the Dynamic IP address range is listed on SORBS list so it should get labeled as SPAM.

in my exim log, I received this:

2005-01-09 12:01:58 1CngRy-00047Z-DE <= [email protected] H=web41412.mail.yahoo.com [xx.xx.xx.xx] P=smtp S=2609 [email protected] T="Fwd: Hey Dude" from <[email protected]> for [email protected]
2005-01-09 12:01:59 1CngRy-00047c-PN <= [email protected] U=mail P=spam-scanned S=5108 [email protected] T="Fwd: Hey Dude" from <[email protected]> for [email protected]
2005-01-09 12:01:59 1CngRy-00047c-PN => /home/mmsi/.spamassassin/spam <[email protected]> F=<[email protected]> R=domain_filter T=address_file S=5265
2005-01-09 12:01:59 1CngRy-00047c-PN Completed


Should I be seeing something that gets send to the sender telling them how to get removed from my spam list?


I setup a page for users to get removed from and changed the example.com references in the exim.conf file. Did I miss a place somewhere?
heres where I replaced example.com:


# deny using from address in blacklist_domains blacklist
# but do bypass all checking for whitelisted host names
deny message = to unblock $sender_host_name see http://www.goheretogetunblocked.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
sender_domains = +blacklist_domains

# deny using hostname or IP in bad_sender_hosts blacklist
# but do bypass all checking for whitelisted host names
deny message = to unblock $sender_host_name see http://www.goheretogetunblocked.com/
# only for domains that do want to be stested against RBLs
domains = +use_rbl_domains
hosts = +bad_sender_hosts

# Deny unless sender address can be verified:
# This statement requires the sender address to be verified before any
# subsequent ACL statement can be used. If verification fails, the incoming
# recipient address is refused. Verification consists of trying to route the
# address, to see if a bounce message could be delivered to it. In the case of
# remote addresses, basic verification checks only the domain.

require verify = sender

# Deny stuff from insecure hosts & spammers. No exceptions for known users.
# but do bypass all checking for whitelisted host names
deny message = to unblock $sender_host_name see http://www.goheretogetunblocked.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
# only smtp.dnsbl.sorbs.net = 127.0.0.5
dnslists = sbl-xbl.spamhaus.org : \
relays.ordb.org : \
dnsbl.sorbs.net=127.0.0.5

# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted host names
deny message = to unblock $sender_host_name see http://www.goheretogetunblocked.com/
hosts = !+relay_hosts
domains =+use_rbl_domains
!authenticated = *
# dnslists not including spam.dnsbl.sorbs.net
dnslists = bl.spamcop.net : \
dnsbl.njabl.org : \
cbl.abuseat.org : \
dnsbl.sorbs.net!=127.0.0.6

deny message = to unblock $sender_host_name see http://www.goheretogetunblocked.com/
domains =+use_rbl_domains
# rhsbl list is name based
dnslists = rhsbl.sorbs.net/$sender_address_domain


See anything obvious that I did wrong?
Thx
 
Messages marked by SpamAssassin made it past the SpamBlocker blocklists for one reason or another. SpamBlocker will NOT notify anyone marked by SpamAssassin.

In fact you should NEVER notify the sender of spam that you've received and filtered out spam from him/her. If you do, since spam usually has forged return paths, you're just spamming someone else.

Have you enabled SpamBlocker for any domains by adding any domain names from your /etc/virtual/domains file to your /etc/virtual/use_rbl_domains file? If so, you should be seeing blocked (as opposed to returned) emails in the /var/log/exim/rejectlog.

Have you restarted exim since you've made changes to your exim.conf file? If not, do it now:

In linux:

# service exim restart

Jeff
 
It seems the blocking works only if I add the full host.
Ex:
I cannot add
*.proxad.net
or
proxad.net

It only blocks it when it has the full host -
lns-vlq-44-poi-82-252-142-25.adsl.proxad.net

Is there a way to have it block the entire domain, or other parts like I've tried?
 
Presuming you're writing about SpamBlocker, you can put the IP# or "ehlo" name of the host you want to block into /etc/virtual/bad_sender_hosts or you can put the domain name (everything to the right of the "@" symbol in the "From" address) into /etc/virtual/blacklist_domains.

Jeff
 
The simplest way, if you're going to require SpamBlocker for all your sites, is to remove use_rbl_domains completely and replace it with a symbolic link to domains.

But if you want to be able to automatically add all domains but allow their removal later you'll need to use the post-create script.

Jeff
 
thank you jeff, I ll do so.

Also, can you give me a hint on how to activate uri(bl) / surbl filtering with the spamassassin ?
(or maybe it will become useless when rbl filtering will be active ?)
 
Actually I don't believe in SpamAssassin, so i don't keep up-to-date on it as perhaps I should.

Recently SpamAssassin has been letting through much more spam than it's been blocking.

At least that's my experience; your mileage may vary.

Jeff
 
I do use SpamAssassin... I run it in the DA standard configuration.

I recommend SpamBlocker.

Of course, since I wrote it :) .

Jeff
 
jlasman said:
The simplest way, if you're going to require SpamBlocker for all your sites, is to remove use_rbl_domains completely and replace it with a symbolic link to domains.

But if you want to be able to automatically add all domains but allow their removal later you'll need to use the post-create script.

Jeff
Click to expand...

Post create script? Where is that located?

Dont need a post create script. All you need is a simple script that adds new domains created on the server and removes domains from use_rbl_domains everytime a domain is deleted from the server.

The scipt runs on the hour and sends and email to the root user when a domain is added or removed. We wrote it ourselves.

-or-

Instead of fiddling with use_rbl_domains all you really need it the following;

Code: 
  ######################################################################
  # RBL checks
  ######################################################################
  #
  # If the connecting host is in one of a select few DNSbls, then
  # reject the message.  Be careful when selecting these lists; many
  # would cause a large number of false postives, and/or have no
  # clear removal policy.
  #
  deny
    dnslists    = zombie.dnsbl.sorbs.net : \
                  relays.ordb.org : \ 
                  cbl.abuseat.org : \
                  korea.services.net : \
                  nigeria.blackholes.us: \
                  taiwan.blackholes.us : \
                  malaysia.blackholes.us : \
                  singapore.blackholes.us
    message     = $sender_host_address is listed in $dnslist_domain\
                  ${if def:dnslist_text { ($dnslist_text)}}
          	  !hosts = +relay_hosts
          	  !authenticated = *

And thats it.
 
Yes, you can certainly change the SpamBlocker section of DA's exim.conf file, for your special use; it was written to be all-purpose.

We still recommend use of the use_rbl_domains file because it gives you more flexibility.

A future version of the exim.conf file (perhaps a commercial version) will allow you to select specific blocklists on a per-domain basis, but that's a bit down the road.

Jeff
 
You must log in or register to reply here.
Back
Top