Topic: Using Jesper Knudsen's SPAM filter

[mapangojoe]

Hello All.  I installed Jesper Knudsen's SPAM filter product.  It seems to be working, but here is my question.  I get regular spam for  Japan and Korea.  I don't know anyone there, and I don't care if I get mail from those countries.  I created a blacklist like

222.0.0.0/8

After creating the rule, server-manager accepts it, and I restart.  I occasionally still get SPAM from 222.xxx.xxx.xxx.  

Am I doing this wrong?  

How can I blacklist entire ranges?

I don't care to get mail from anywhere but the US and Canada!


Any suggestions would be great.

Chris Curtis

[idyll]

Hello.

Search on these forums and learn how to make use of the "mailrules" feature. This allows you to block at the SMTP level and imparts far less load on your CPU.

I have been able to block address ranges which are bogus and repeated in the thousands,  using this tool.

regards,

patrick

[adinobro]

If your only want emails from people you know then you can just setup a white list and block everyone not on it.

If you you want to pretent that people outside of America don't matter then I'll send you an email tell you how to do it. What would be the point. You've already stated that since I don't live in America or Canada I'm not worth talking to.

[mapangojoe]

adinobro posted.

>If you you want to pretent that people outside of >America don't matter then I'll send you an email tell >you how to do it. What would be the point. You've >already stated that since I don't live in America or >Canada I'm not worth talking to.

This is CRAP.  I use my Email for my business.  We are a small consulting company that only has the capacity to do local business.  I don't know anyone from those countries, and I only receive spam from them.   I'm sorry you have an inferrority complex, but I don't care to receive business related Email from those I will never do business with.  It's as simple as that.  

Get over the fact that some people want to have a CHOICE as to who they receive mail from.  It might not even have ANYTHING to do with YOU!

Have a nice weekend!

[mach1_4fun]

Chill guys...
I think that you took each other way out of context.
Asia is cool, I don't think anyone is knocking that, I actually lived in Japan for awhile and had a great time...

now lets get back on track:

I would try adding some more RBL's (real time blocklists) first.

I recomend the spamcop blocklist and the spamhaus blocklists if you dont already have them, dynablock is pretty good from my experience too.
jesper has a whole list on his site to get the exact URL's

if you really want to block email from a whole ip range, maybe doing that at the firewall level would be better?

Have a good weekend,
-M

[woyzeck]

How are you receiving your e-mails?  Are you using multi-drop or fetchmail?  If you are, I don't think that you would be able to use the black list or rbl feature as they check the ip address from which they are receiving the message.  If you are downloading your messages from an isp the ip address will always be your isp's ip address.  Will not work.

If you are using sme to receive e-mail directly as an smtp server, I am stumped.

Woyzeck

[mapangojoe]

How are you receiving your e-mails?  Are you using multi-drop or fetchmail?  If you are, I don't think that you would be able to use the black list or rbl feature as they check the ip address from which they are receiving the message.  If you are downloading your messages from an isp the ip address will always be your isp's ip address.  Will not work.

If you are using sme to receive e-mail directly as an smtp server, I am stumped.

Woyzeck

I'm stumped also.  I do receive directly from the internet.  I also did a search on mailrules and did not find anything I could grab onto.  

My next step is to learn how to modify my IPtables on SME and block the worst offenders that way.

Thanks to all who chimed in with assistance!


Chris Curtis

[djhomeless]

I know this is a bit off-topic so I appologise. Does anyone know the kind of performance hit you take when using multiple RBL's? Currently I use just one (spamcop), and my mail is quite fast.

I still receive SPAM, but very little. I know people use more than one, I'm just curious if anyone knows the kind of impact that will have with the speed/performance if you add more??

thanks,

Geoffrey

[kruhm]

Had the same problem. Install mailblocking contrib (http://www.dungog.net/sme/files/dungog-mailblocking-1.0-4.noarch.rpm) and then set up a mailblocking rule like this:
Reject from:*@*.jp to:*@*
and
Reject from:*@*.kr to:*@*

[mapangojoe]

I know this is a bit off-topic so I appologise. Does anyone know the kind of performance hit you take when using multiple RBL's? Currently I use just one (spamcop), and my mail is quite fast.

I still receive SPAM, but very little. I know people use more than one, I'm just curious if anyone knows the kind of impact that will have with the speed/performance if you add more??

thanks,

Geoffrey

Hello Geoffrey.  I had a customer using one of the $199 PC's from walmart as a web/mail server.  It was a 1.2GHz Duron with 128MB of RAM.  It ran for more than a year with no trouble.  I then added Stewert
s spam and AV filter.  After that I received a few calls from the customer complaining that the web/mail server had stopped responding.  One day I saw the server get bogged down.  

It had been receiving too much SPAM and phishing attacks for it's little 128 memory module to handle.  I promptly installed an additional 256MB of RAM and the issue has not come up again.  

So, now I know that the spam/av filter adds quite a bit of resource load on the system.  This system was doing two lookups for SPAM filtering.

[kirkf]

 

My next step is to learn how to modify my IPtables on SME and block the worst offenders that way.

Thanks to all who chimed in with assistance!


Chris Curtis

/sbin/iptables -I INPUT -s 222.0.0.0/8 -i ethX -j DROP

to drop all traffic,

or

/sbin/iptables -I INPUT -s 222.0.0.0/255.0.0.0 -p tcp --dport 25 -i ethX -j DROP

to drop mail traffic and allow the rest.

Put these in /etc/rc.d/rc.local if you want them to survive a reboot.

Kirk

[buknoy]

Hi all. Had the same problem but worst. I tried installing two SME 6.0.1 and one 6.5RC1 (updated to 6.6) with the same results -- the 40GB harddisk will be out of space in a span of two days. These boxes have no IBAY contents and I have no other user accounts and/or mailboxes.

I tried to turn of the mail service and the fast declining free space stopped. However, if I will permanently turn this off then I could no longer serve local mail service to my clients.

I also found out that my mail logs are filled with records of incoming and outgoing mail to unknown recipients making it bloat exponentially.

What's the best thing to do?

[mach1_4fun]

Sounds to me like a lot of double bouncing messages.

check out the howtos under www.sme.swerts-knudsen.dk I you can drop all of the double bouncers, I bet you have a lot of email waiting in your admin account.

 

[mapangojoe]

Hello, PROBLEM SOLVED.  I finally went to a whitelist only setup as someone had suggested in a post.  This has worked out great.  I have not received a single spam in a month.  One person called my office and let me know a message bounced, and we just added him to the white list. (we added all the local ISP's to the whitelist also).

If you run a small business, and only have local clients, a whitlist may solve your SPAM issue.  

Have a great weekend!!!!!!!!!!!!

Hello All.  I installed Jesper Knudsen's SPAM filter product.  It seems to be working, but here is my question.  I get regular spam for  Japan and Korea.  I don't know anyone there, and I don't care if I get mail from those countries.  I created a blacklist like

222.0.0.0/8

After creating the rule, server-manager accepts it, and I restart.  I occasionally still get SPAM from 222.xxx.xxx.xxx.  

Am I doing this wrong?  

How can I blacklist entire ranges?

I don't care to get mail from anywhere but the US and Canada!


Any suggestions would be great.

Chris Curtis

[Smitro]

Is there a version for 6.5RC1 some where?

This installation only supports SME 6.0.x  - Exiting...