Topic: Email question

[ryan]

If the 'delegate email server' option is used, will all email including virtual domains and those domains listed in smtpd_check_rules file be forwarded as well?

I have SME 5.1.2 configured to use RBL to block any email sent from an IP listed in ordb or spamcop.  I now want to change my MX records so email going to the Exchange server passes through SME first.  

Exchange=mydomain.com
SME=phx1.mydomain.com (sub domain)

Must I make SME's domain mydomain.com, so it will naturally accept email for the domain?

OR, leave it as a sub domain and add mydomain.com as a virtual domain on SME?

OR, leave SME as a sub domain and add mydomain.com to the smtpd_check_rules file?  

Anyone have any advice?  I am assuming the RBL filter will continue to function when 'delegate email server' is in use?

I want to get this right since it will impact all email once the MX records are changed.  


Ryan

[Nathan Fowler]

Ryan, would you mind sharing how you did this:

"I have SME 5.1.2 configured to use RBL to block any email sent from an IP listed in ordb or spamcop. I now want to change my MX records so email going to the Exchange server passes through SME first. "

I've implemented some anti-spam techniques by taking advantage of some of the NS=UNKNOWN and UNKNOWN options in smtpd_check_rules, but I would love to use spamcop's RBL.

Thanks in advance,
Nathan

[Ryan]

Nathan,

I used the e-smith-obtuse-smtpd-maps-0.1.1-02.noarch.rpm and then modified my templates so it will function with ORDB and Spamcop databases.  I don't think this will work on SME 5.5, so I hope your using 5.1.2.

Here's what I did:

Install rpm mentioned above.

Romove the following templates from the directory:

/etc/e-smith/template/var/spool/smtpd/etc/smtpd_check_rules/16BlockDUL
/etc/e-smith/template/var/spool/smtpd/etc/smtpd_check_rules/16BlockRSS
/etc/e-smith/template/var/spool/smtpd/etc/smtpd_check_rules/16BlockRBL

Note you might want to move the '16BlockRBL' to another location instead of deleting.  '16BlockRBL' is the template I modified to work with ORDB and Spamcop.  '16BlockDUL' & '16BlockRSS' work with MAPs which is a pay service and you don't need them.

Now create a new template/file for ordb:

/etc/e-smith/template/var/spool/smtpd/etc/smtpd_check_rules/16Block_ordb

Paste the following contents (or edit your '16BlockRBL' to match this one) into your '16Block_ordb':  (do not include the CUT statements)
<>
{
    local %services = (smtpd => $smtpd);
    $OUT .= "";

    my $status = db_get_prop(\%services, "smtpd", "status");

    if (defined $status && $status eq "enabled")
    {
   my $rbl = db_get_prop(\%services, "smtpd", "RBL");

   if (defined $rbl && $rbl eq "block")
   {
       $OUT .= "# Block sites listed in the RealTime Blackhole list";
       $OUT .= " at relays.ordb.org\n";
       $OUT .= "noto:RBL.relays.ordb.org:ALL:ALL:";
       $OUT .= "550 Mail refused from host %I in MAPS RBL, ";
       $OUT .= "see http%C//www.ordb.org\n";
   }
    }
}
<>

Now create your spamcop template/file:

/etc/e-smith/template/var/spool/smtpd/etc/smtpd_check_rules/16Block_spamcop

Paste the following contents (or edit your '16BlockRBL' to match this one) into your '16Block_spamcop':
<>
{
    local %services = (smtpd => $smtpd);
    $OUT .= "";

    my $status = db_get_prop(\%services, "smtpd", "status");

    if (defined $status && $status eq "enabled")
    {
   my $rbl = db_get_prop(\%services, "smtpd", "RBL");

   if (defined $rbl && $rbl eq "block")
   {
       $OUT .= "# Block sites listed in the Spammer Black list";
       $OUT .= " at spamcop.net\n";
       $OUT .= "noto:RBL.bl.spamcop.net:ALL:ALL:";
       $OUT .= "550 Mail refused from host %I Known Spammer, ";
       $OUT .= "see http%C//spamcop.net\n";
   }
    }
}
<>

You now must activate the filter and templates with these commands:

/sbin/e-smith/db configuration setprop smtpd RBL block
/sbin/e-smith/signal-event email-update

Done!

This worked for me, I hope it works for you as well.

Ryan

[Ryan]

Nathan,

The formatting and spacing got messed up when the message posted, so I would edity your '16BlockRBL' file instead of pasting the contents.

Ryan

[Nathan Fowler]

Ryan, thank you very much.  This has been a tremendous help, and it is appreciated.  I've got some Reverse-lookup and MX matching rules matching the originating SMTP host as well as the mail-from address if you want them.  I wanted to do RBL badly, but didn't know how to implement spamcop and ordb, and MAPS is rather expensive and hard to get access to.

It is really appreciated,
Nathan

[Ryan]

Nathan,

Glad it helped.  I also set up 16Block_SBL for Spamhaus.org & 16Block_osirusoft for relays.osirusoft.com.  I don't think there is a limit, but I imagine you don't want to have to contact to many databases for each incoming email.

Both ordb.org and spamhaus.org have a email test that will tell you instantly if your blocking correctly using their RBL database.

Ryan

[Ryan]

Just remember if you add any 16Block_xxxxxx database sites, you have to issue the following to rewrite the template:

/sbin/e-smith/signal-event email-update

Good Luck,

Ryan

[Ryan]

Nathan,

Thanks for offering the MX stuff, but I tried it and it blocked to many legitimate domains.  Most Spam is filtered by using ordb, spamcop, osirusoft, and spamhaus.  What I would like to know is how to do this with 5.5?  My 5.1.2 servers are very stable and provide alot of services to my agency.  I can't upgrade unless I can duplicate a lot of 3rd party addons for 5.5 or later.  

Ryan

[Nathan Fowler]

Obtuse SMTPD is very easy to work with and is secure, I'm not sure what options are directly available for mail-front (SME 5.5+).  I'm still 4.1.2, I've not had a reason to upgrade (by upgrade, I mean distribution, I've since upgraded many packages such as Apache, PHP, OpenSSL, IMAP, and have been as current as possible in applying bug and security updates, etc).

I was checking out ordb and found the test message option, everything is working out great.  ordb looks very professional, however, spamcop.net looks a little "new".  What can you tell me about the other blocking mechanisms that you're using? I really do appreciate this information, I was thirsting for a working spam blocking mechanism outside of user-defined spam filtering and MX/NS blocking (which as you stated above, blocks too many legitimate messages).

In the future, if I discover any additional blocking mechanisms, I'll be sure to let you know.

Thanks again,
Nathan

[Ryan]

Nathan,

I have cut and pasted dozens of IPs from Spam messages from our Exchange server.  I can say that spamcop and osirusoft get the most hits of the 4.  Ordb gets the least, but it is extremely conservative.  You should try pasting some IPs from a spam message into ordb.  Ordb gives you the option to search all other non-ordb databases for any IP address or domain name.  This will give you an idea which databases get the hits.  Be careful, some sites simply block entire subnets when only a single violator exists on that subnet .  That is not cool in my opinion and why I am using the larger, more conservative database sites.  I will be changing my MX records to send all email through SME then to Exchange.  I anticipate reducing spam by at least 90% or more.  I have SME running at home with the 4 databases mentioned in the last email.  It works great and I am ready to move use it at work.  

Ryan

[Charlie Brady]

Ryan wrote:

>  I don't think this will work on SME 5.5,

For SME 5.5, have a look at rblsmtpd.

Charlie

[geert jansen]

Ryan,
> You now must activate the filter and templates with these
> commands:
>
> /sbin/e-smith/db configuration setprop smtpd RBL block
> /sbin/e-smith/signal-event email-update
Somehow backup mx does not seem to work anymore after the setprop command. How to undo this command to check if backup mx will again allow rcpt's to domains listed in my smtpd_check_rules?

Cheers,
Geert

[ryan]

geert,

Sorry, I don't know the command to undo the setprop..but you can uninstall the RBL rpms.  I would research this.

I suspect when you created your backup mx, you edited smtpd_check_rules file instead of creating a custom template.   Without using a custom template, your entries in smtpd_check_rules could have been wiped out when you set up your system to block spam using RBL.  I would confirm your backup mx entries exist or not in smtpd_check_rules?

ryan

[Geert Jansen]

ryan wrote:
>
> geert,
>
> Sorry, I don't know the command to undo the setprop..but you
> can uninstall the RBL rpms.  I would research this.
I tested the backup mx before when the two servers were connected via IPSEC VPN. After I installed your RBL rpms I tested the backup MX without the IPSEC VPN between the two servers. It appeared that the /ect/avmailgate.acl file for the Avmailgate virusscanner needed to be changed. I have then set up a custom template for this and the Avmailgate now treats the domain to backup as a local domain, and now recipients for the domain to backup are OK.
 
 
> I suspect when you created your backup mx, you edited
> smtpd_check_rules file instead of creating a custom
> template.
I did edit the custom template. It was the Avmailgate that put me on the 'wrong leg' here.

Thanks,
No Spam Today

[Renan Nepomuceno]

Hi Charlie,

           Sorry to disturb you, but how do I use this rblsmtpd on 5.5 I have only a few knowledge on this.
          Your help will be much appreciated.

Best Regards,
 renan