SpamBlocker2.1.1 released

Another question:
SpamBlocker doesn't seem to check emails that go to a Catch-All E-Mail.
Is this correct ?
 
Last edited:
That # exim -C /config/filenew -bV line, I ran to check, as was advised by your SpamBlocker txt file.
You need to replace /config/filenew with the path to the new exim.conf file you're installing, to test it for syntax, before you install it.

For example, if you uploaded the spamblocker file to /home/admin, first cd to the /home/admin directory, then edit the file and change it according to instructions and rename it to exim.conf.

Then run:
Code:
# exim -C /home/admin/exim.conf -bV
Then, when it passes, copy it over the working copy:
Code:
cp /home/admin/exim.conf /etc/exim.conf
and restart exim.

Remember the # mark at the beginning of each line is simply to remind you that you run the command as root; you do NOT type it in.

Jeff
 
Aaaaah :)

Code:
# whereis exim.conf
exim: /usr/sbin/exim /etc/exim.conf /etc/exim.cert /etc/exim.key /etc/exim.pl /usr/share/man/man8/exim.8.gz
[root@da ~]# exim -C /etc/exim.conf -bV
Exim version 4.67 #1 built 31-Jul-2007 22:10:38
Copyright (c) University of Cambridge 2006
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (September 21, 2004)
Support for: crypteq iconv() Perl OpenSSL move_frozen_messages Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Size of off_t: 8
Configuration file is /etc/exim.conf

Looks okay (as in: no errors), thanx ;)
Perhaps it would be handy to enrichen the SpamBlocker help/instruct files with this info :)


Could you also look into my post #21 please ?
 
Last edited:
Perhaps it would be handy to enrichen the SpamBlocker help/instruct files with this info :)
What help/instruction files ;) ?

The README files are designed for experienced system administrators. Unfortunately. Generally my responses are as well :( .

After SpamBlocker3 is released I'll try to take some time to write better instructions; perhaps a manpage.
Could you also look into my post #21 please ?
I will, and I'll respond.

Jeff
 
SpamBlocker doesn't seem to check emails that go to a Catch-All E-Mail.
First of all, let me say that catchall email just doesn't work anymore on today's Internet; just too many spammers sending too much spam to nonexistent address; too many so-called dictionary attacks against domains. Getting rid of catchall accounts will probably lower the mail traffic on your server to less than 10% of what it is now. Really.
Is this correct ?
SpamBlocker works based on sender reputation; it checks servers to see if they're in any of several blocklists. It doesn't even consider the recipient...

except ...

that it checks first to see if the recipient is whitelisted in one of several whitelists, and if it is, the SpamBlocker checking is bypassed.

So you should check to make sure the target of your catchall email isn't in any of the whitelists:
Code:
# grep USERNAME /etc/virtual/whitelist_*
where you should replace USERNAME with the username you're looking for.

Jeff
 
That is strange...

I hear your argument on the catchall. I already turned it off..

But what I don't understand is that if I turn it on, I receive loads of spam, which would most likely be blocked if it was sent directly to my existing email box =/
It gave me the idea that somehow this catch-all option bypasses Spamblocker..
 
I turned off catchall on all domains over the last 6 months.

It means less work for your SMTP server as well.. as the spammer gets a reject immediately and isn't sending tonnes of stuff down your line.

I don't think it bypasses Spamblocker, it just loads up the server... also SpamBlocker whilst good isn't a 100% solution... and as such you'll still see email sit in the catch-all accounts.

Just due to it's nature it gets hit much harder (review ya logs) and as such you're likely to see it grow in size rapidly.
 
k, so say a spam message that didn't get caught, would go through..
If such a message would be sent to all the non-existing email addresses, with catch-all on, there would be like 50 of those spam mails in ones box..
k, I get that.


New thing though.. why would an email with the word "viagra" get through SpamBlocker..
header said:
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Wed, 22 Aug 2007 14:09:37 +0200
Received: from fw1.sanomabp.hu ([81.0.89.154])
by my.box.host with esmtp (Exim 4.67)
(envelope-from <[email protected]>)
id 1INp1l-0008Ll-Op
for [email protected]; Wed, 22 Aug 2007 14:09:37 +0200
Received: from [81.0.89.154] by corpspool.clara.net; Wed, 22 Aug 2007 14:12:04 +0000
Message-ID: <01c7e4c6$6ab569c0$9a590051@efvhyr>
From: "Roger Adams"
To: <[email protected]>
Subject: RE: Ever counted how much you spend for meds?
Date: Wed, 22 Aug 2007 14:12:04 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C7E4C6.6AB569C0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.2106.4
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.2106.4
X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

body in txt said:
Viagra Pro (SALE 50%)



- Increase S*e*x Drive
- Boost Sexual Performance
- Fuller & Harder Erections
- Increase Stamina & Endurance
- Quicker Recharges
- Improved sildenafil citrate formula
- Works in less than 15 minutes
- Best p*r*i**ce on the internet


BUY NOW
 
why would an email with the word "viagra" get through SpamBlocker

Because Spamblocker does not check content. See Jeff's previous post.

SpamBlocker works based on sender reputation; it checks servers to see if they're in any of several blocklists.
 
Ah right.. sorry abt that.

So I'd need to have SpamAssassin behind it to have it more solid ?

(shame, lol)



And is there a way to report our spam-mails to all those used rbl's in one go ?

I could block the senders email address or the used smtp-servers ip, but I don't know what to do, since all of them could have been abused/missused by the actual bad-guy
 
Last edited:
There is a difference between spam filters and spam blockers. A spam blocker will not accept the email from the sender server and therefore bounces it back to the server that sent it. A spam filter accepts the email and then examines it and then does something with it. But because it has already accepted the email it cannot be bounced back to the sending server.

Now here is my opinion. Spam filters should never be used because many of them catch legitimate email and put it in a spam box along with the spam. Many people never look at there spam box and therefore they never know about mail they should have received. At the same time the sender never knows that the person never got it and so they think the recipient is just ignoring them.

I suspend people weekly because of overdue invoices. The customer never got the invoice notice because of a spam filter. Suddenly their business is shut down because of a spam filter. Had they been using a spam blocker instead we would at least know that they never got the invoice notice and therefore tried other means of contacting them before shutting them down. Legitimate business email often looks like spam because of the nature of the email.

Spam filters also increase the load on the server.

All email should either be accepted of rejected but never filtered.
 
Good point floyd :)

So then users should be able to mark emails as spam (I don't bother asking them abt hosts, ip's senders, etc.. They just see it as an email and it's not their job to go techie (in their opinion ;))

So do u think users should be able to forward or mark their spam and we hosters should add that spam (ip/sender/host/w/e) to the blocklists ?
 
I think you are still missing the point of Spamblocker.

and we hosters should add that spam (ip/sender/host/w/e) to the blocklists

You don't add them to a blocklist unless you decided to maintain your own blocklist. Spamblocker uses publicly available blocklists that are already out there.

If a user gets spam they themselves can report it to blocklists and then the blocklists admins can decide if they want to add them.

If a user decides to use Spamassassin then they cannot hold you responsible for not getting important email and they should be informed of such.
 
Ow, I thought I would add them to one of these files:
/etc/virtual/bad_sender_hosts
/etc/virtual/blacklist_domains
/etc/virtual/blacklist_senders
 
why would an email with the word "viagra" get through SpamBlocker..
Because SpamBlocker doesn't care about content. Spam is NEVER about content; it's about consent.

So SpamBlocker blocks on reptuation of the sending server.

True, we block based on content, but we have to be careful when we do; while one user might consider every message with the word viagra in it to be spam, another may think it very important to his marital happiness ;) .

If you want to block on content you can do that with DirectAdmin Spam Filters and with SpamAssassin.

Jeff
 
Maybe a rare question

Is there a way to stop spamblocker to send emails back to spammers. It means avoid to answer to the sender the deny message. (email block by spmahaus, to unblock see http://...). What I am looking for is that spamhaus blocks and delete the spam emails but does not answer back, it means much less work for exim (half of work) even if this means that some emails could be "lost without notice". I´ve haven´t seen a thread about this. Sory if this is a naif question.
 
No, it's actually more work for exim to discard the message; to do that it has to accept it and then delete it. It's much more efficient for it to just send the reason and then drop the connection.

You could of course leave the message section blank, but if you did the only thing you'd save is one packet, and there'd still be a deny message; the deny message actually comes from the sending server after your exim server shuts the connection.

Jeff
 
Spamblocker how is it processing...

Is spamblocker rejecting the message before or after the Data command?
 
I'm using spamblocker 2.1.1 and my spam messages don't go to spam folder. they are mailed to me with ***SPAM*** on their subject although i checked redirect to spam folder from da panel.
 
Back
Top