Topic: Fighting spam with SME dedicated DNSBL

[brianr]

Interesting as it works with one "-" on my 8.2 server. I all cases I have corrected the Howto to reflect two "-"

9.1 here.

PS where can i find your spamassassin modifications? I've looked at your perl and the qpsmtpd plugin, but would like to eyeball the spamassassin bits as well.

[Knuddi]

The SpamAssassin additions will only appear when the server has contributed to the system and thereby the common DNS Blacklist. This means at least 50 spam samples right now.

When that happens you will get a smeoptimizer.cf file with DNS setting which will placed in the /etc/mail/spamassassin directory.

/Jesper

[brianr]

The SpamAssassin additions will only appear when the server has contributed to the system and thereby the common DNS Blacklist. This means at least 50 spam samples right now.

When that happens you will get a smeoptimizer.cf file with DNS setting which will placed in the /etc/mail/spamassassin directory.

/Jesper

Very clever - do i get a prize as well? 

Looking at the MySQL DB I'd say I was half way to that already!!

[holck]

I just installed the contrib. The log-file show messages like these:

Code: [Select]

7-10-2016, 11:18:12 - Cannot deliver spam report (500 read timeout)
7-10-2016, 11:18:12 - Providing 0 spam reports
7-10-2016, 12:18:02 - Providing spam report - Last: 2016-10-07 10:04:45
7-10-2016, 12:18:12 - Cannot deliver spam report (500 read timeout)
7-10-2016, 12:18:12 - Providing 0 spam reports
7-10-2016, 13:18:02 - Providing spam report - Last: 2016-10-07 10:04:45
7-10-2016, 13:18:12 - Cannot deliver spam report (500 read timeout)
7-10-2016, 13:18:12 - Providing 0 spam reports
There is also an error message in /var/log/qpsmtpd/current:

Code: [Select]

@4000000057f780a70c73bc8c 31088 smeoptimizer plugin (deny): Cannot insert into log - Duplicate entry '2016-10-07 13:01:49' for key 'PRIMARY'

Suggestions?

[brianr]

I've also got one of those:

Code: [Select]

7-10-2016, 08:34:25 - Executing: sv t qpsmtpd
7-10-2016, 08:56:01 - Providing spam report - Last: 0
7-10-2016, 08:56:02 - Providing 2 spam reports
7-10-2016, 09:56:02 - Providing spam report - Last: 2016-10-07 08:47:54
7-10-2016, 09:56:02 - Providing 2 spam reports
7-10-2016, 10:56:01 - Providing spam report - Last: 2016-10-07 09:41:13
7-10-2016, 10:56:02 - Providing 6 spam reports
7-10-2016, 11:56:01 - Providing spam report - Last: 2016-10-07 10:51:22
7-10-2016, 11:56:02 - Providing 5 spam reports
7-10-2016, 12:56:01 - Providing spam report - Last: 2016-10-07 11:40:19
7-10-2016, 12:56:03 - Providing 6 spam reports
7-10-2016, 13:56:02 - Providing spam report - Last: 2016-10-07 12:49:18
7-10-2016, 13:56:12 - Cannot deliver spam report (500 read timeout)
7-10-2016, 13:56:12 - Providing 0 spam reports
[r

[Knuddi]

@Holck & Brianr,

I have used the timestamp as key in the table and it seems that its not unique enough (I guess I should have known that...). Should not cause you any problems though and is not the cause for the "500 Read Timeout" issue. This is related to the Raid Battery in the server that picks up the reports is dead and the server now wants all writes to be comitted to disc before ack. This means a VERY slow server. Again, should not cause you any problems but just some replacement work on my side...

/Jesper

[brianr]

@Holck & Brianr,

I have used the timestamp as key in the table and it seems that its not unique enough (I guess I should have known that...). Should not cause you any problems though and is not the cause for the "500 Read Timeout" issue. This is related to the Raid Battery in the server that picks up the reports is dead and the server now wants all writes to be comitted to disc before ack. This means a VERY slow server. Again, should not cause you any problems but just some replacement work on my side...

/Jesper

Autoincrement is the only safe way to go....

[Knuddi]

I agree - and also now in the new codebase

[brianr]

I agree - and also now in the new codebase

Have you got a mechanism to update our DBs, or will we need to start again?

[Knuddi]

I might - Lets see whether it works. The script will at the next run modify the table and use id with auto increment.

[brianr]

I might - Lets see whether it works. The script will at the next run modify the table and use id with auto increment.

Seems to have worked - I can see autoincrement field "id" now...although I would question whether 6 sig figures is enough - remember the increment will not drop back after the table is emptied.  I'd go for 11...for extra safety.

[Knuddi]

All the log records are deleted as they have been delivered - all which is important is that they are unique.

[brianr]

All the log records are deleted as they have been delivered - all which is important is that they are unique.

Aha - i've never thought about it - i suppose the autoincrement will wrap round when it gets to 99,999?

[holck]

During the last, few days, one of my users has received a large number of spam messages. They promote all kinds of things - dating sites, company services etc.  They come from different IP addresses, and with different "From:" addresses. Interestingly, the "From:" addresses often show ordinary, Danish names, all different. Apparently the blacklists at Spamhaus and other places have not been able to register them yet.

At my work, we use Microsoft's Office 365, and have also seen a large amount of spam recently.

Jesper, Denmark

[Knuddi]

I have also seen these in high volume across user on many danish domain. Did a lot of Bayes training and had to esemi-manually build dedicated rules for these.