Topic: using qmail to block spam...

[John Lewis]

This article: http://www.mandrakesecure.net/en/docs/spam.php

gives instructions on how to configure qmail to deny messages from the Open Relay database and blackhole zones.

Is this something that can be done with SME V5?  We're getting a ton of spam messages, and I'd like to cut out some of the more obvious ones at the server level...

Is ucspi-tcp installed by default with SMEv5?
Where would I find this qmail-smtpd/run file to edit?

Is this trick possible???  What are the impacts?

Specifically, the article suggests:

If you use the qmail MTA, you can use the rblsmtpd program which is part of the ucspi-tcp package. You will need to change the default /var/qmail/supervise/qmail-smtpd/run file from:

#!/bin/sh
QMAILDUID=id -u qmaild
NOFILESGID=id -g qmaild
exec /usr/bin/softlimit -m 2000000 \
/usr/bin/tcpserver -v -p -x /etc/tcprules.d/qmail-smtp.cdb \
-u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 2>&1

to:

#!/bin/sh
QMAILDUID=id -u qmaild
NOFILESGID=id -g qmaild
exec /usr/bin/softlimit -m 2000000 \
/usr/bin/tcpserver -v -p -x /etc/tcprules.d/qmail-smtp.cdb \
-u $QMAILDUID -g $NOFILESGID 0 smtp /usr/bin/rblsmtpd \
-r relays.ordb.org \
-r inputs.orbz.org \
/var/qmail/bin/qmail-smtpd 2>&1

This tells qmail to invoke rblsmtpd prior to qmail-smtpd to make sure that the server sending the message isn't in one of the RBL databases. By default, qmail does not do any RBL lookups.

[Charlie Brady]

John Lewis wrote:

> Where would I find this qmail-smtpd/run file to edit?

SME5 does not use qmail-smtpd. We use obtuse-smtpd as the SMTP daemon.

You'll find an RPM in my contrib directory which adds RBL lookup to the obtuse smtpd configuration. Note, however, that abuse.net no longer allows no-cost lookups via their RBL DNS, so you'd need to adjust the RBL lookup to use one of the newer free services.

Remember that contrib RPMs come with no warranty and no support.

Regards

Charlie

[Gene Cooper]

Hi Charlie,

Thanks for the info and the contrib.

Is there a document anywhere on that .rpm or should we just install it on a test box?  Is it safe to install on a production machine for testing?

I'm sorry, though I have a great interest in controlling SPAM, I've never messed with BHLs (and I've heard a few scary things).

TIA,

G

[Patrick]

My two cents (for what its worth),

SPAM is a huge problem!  It would be great if SME came with blocking controls and features built-in.  Or an easy to install/setup e-smith-spam.rpm "add on" with a panel allowing global qmail anti spam configuration of RBH lists, and admin/user defined "known spammers".  Along with ways of simply 'dropping' all the spam instead of sending a bounce or 'undeliverable' back to the spammer - that's just wasted time/bandwidth.

I know that Stephen Noble and others are busy working on panels using procmail, etc., but as of now these apps aren't quite up to the task of dealing with the tremendous onslought of SPAM which even my small business (10-15 users) gets each day.

At this point I am using an app 'contributed' to me by a member of this user community (which is great), but it doesn't tie in to RBH lists - which makes keeping up with the thousands of spammers a very difficult chore.

Anyway, I look forward to improvements in SME 5.1 and beyond in there area of qmail SPAM controls, etc.  Thanks for listening.

Regards,
Patrick

[stephen noble]

Patrick wrote:
>
> My two cents (for what its worth),
>
> SPAM is a huge problem!  It would be great if SME came with
> blocking controls and features built-in.  Or an easy to
> install/setup e-smith-spam.rpm "add on"


i've developed the e-smith-procmail-spam rpm
which is working ok so far
 
> I know that Stephen Noble and others are busy working on
> panels using procmail, etc., but as of now these apps aren't
> quite up to the task of dealing with the tremendous onslought
> of SPAM which even my small business (10-15 users) gets each
> day.

it uses the freely available, comprehensive  and continually updated recipies at
http://alcor.concordia.ca/topics/email/auto/procmail/
+ a few added bits of my own for paraniod mode porn detection at my kids school

your free to use the e-smith-procmail rpm, use geek mode and include the recipies from concordia.ca

i'm offering the spam rpm as a addon to the commercial version which offers a few checkboxs for inceasingly paranoid detection.

detected mail is tagged and is either  sorted to a spamfolder, deleted of forwarded to an alias for review.

i think this is pretty neat stuff and i'll have to put my prices up, so get in quick

stephen noble
it.dungog.net

[stephen noble]

http://groups.yahoo.com/group/dungog_net/files/readme/readme-procmail.html

Summary:
A module to enable users to enable procmail themselves and to
edit their own procmail rules via a web form. No knowledge of
procmail is needed. The supported version gives admin the ability to add global rules also via a web form, and to make per user or global email delivery changes.

Now includes Spam Blocking with over 10,000 recipies updated to December 2001, it includes some protection against known email viruses and words associated with porn.


patrick, thank you for your feedback and suggestions

regards
stephen noble
it.dungog.net

[Gwenael]

Hi,

I  installed the rpm (esmith 4.1.2)  but i can't see the link "mail filter" or dungog.net title.
I try to uninstall rpm (user panel, admin panel,  and procmail) and reinstall all the rpm (the latest). Nothing.

But users can edit rules for procmail. But admin not (login: admin, root --> nothing).

How can i see admin page for procmail rules???

Thanks in advance,

regards,

Gwenaël

[stephen noble]

>How can i see admin page for procmail rules???

you need the commercial version for the admin panel
sales.dungog.net

>But admin not (login: admin, root --> nothing).

mail for admin needs to be forwarded to another user
this is an e-smith setting
see email retrieval or other email settings ?

regards
stephen noble

[Patrick]

Stephen,

Sounds like you've got the bases covered...I'm almost ready to 'jump in' and give your procmail SPAM killer another try.  

Thanks for all your efforts in this area, we will all be better off for it - good work!

Regards,
Patrick

[stephen noble]

thanks patrick

http://groups.yahoo.com/group/dungog_net/files/readme/readme-procmail.html

has been updated considerably
* links to simple explanation  on using minimal regular expressions for more specific matching
* advice for multidrop users
* my filtering strategy

stephen noble