Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: ryan on February 04, 2003, 12:18:39 AM
-
I am running 5.1.2 set up to use ordb, spamcop, spamhaus, and orisufoft to block spam with obtuse smtpd. Can I do this with mailfront on 5.6? My setup has effectively eliminated spam. I can't upgrade to 5.6 unless I can use the above blacklists. Any assistance is appreciated.
ryan
-
You may want to consider some of the alternative anti-spam solutions. The problem with relay blacklists is that you're basically letting one person determine who can and can't send you mail. Many times, a whole subnet will be blocked due to one bad server, or the list doesn't get updated when the problem is fixed, or the maintainer will even use it for personal revenge reasons. http://isp-lists.isp-planet.com/isp-tech/0210/msg00530.html has some interesting points. If you're getting tons of spam from one server or something, go ahead and blacklist it. But personally, I wouldn't rely on someone else's judgement to determine whether or not my mail is valid.
If you still want to go ahead with it, as of .80 mailfront supports sender and recipient pattern matching on all SMTP front-ends. http://untroubled.org/mailfront/NEWS
I think that's basically the same thing as smtprules, though I'm not certain.
-
Thanks for replying Bill,
I have had good luck with RBL lookups. I carefully selected those that I believe have an adequate control process for reporting spam. I also want ordb lookups to block email from known open relays. I looked at the links you sent, but I have not found any info describing the syntax to have mailfront do rbl lookups. One option maybe the rblsmtpd program.
If necessary, I will not upgrade SME at this time. With spam being such a problem, I will wait until rbl lookup is added to SME or possibly look at using Redhat for a mail server. Anyone know if mailfront can easily be removed and replaced with obtuse-smptd on 5.6?
Another issue I have to deal with is I currently masq IPSEC 50 and 500 through SME 5.1.2. As of right now, no modules have been written to allow the new kernel/iptables to do this.
Thanks again,
ryan
-
ryan wrote:
>
> I have had good luck with RBL lookups. I carefully selected
> those that I believe have an adequate control process for
> reporting spam. I also want ordb lookups to block email
> from known open relays. I looked at the links you sent, but
> I have not found any info describing the syntax to have
> mailfront do rbl lookups. One option maybe the rblsmtpd
> program.
I'm glad to see that you actually checked into the lists before you started using them. Many people just accept them as gospel and block away... I assumed that you were using smtpd_check_rules for relay checking. Exactly how are you doing it (as I have no firsthand experience with it)?
-
In addition to checking out how to report a spammer, I cut and pasted IP addresses from spam emails into ordb's online open relay test. This ordb test also allows you to submit the IP to MANY other rbl databases. I choose 3 that seemed to be conservative, yet blocked most of the IPs I submitted. It has been running for 6 months now..not a single complaint regarding an illegitimate block.
On the other hand, the reverse host/mx lookup blocked alot of legitmate email since many do not configure reverse lookups.
I helped another person set up rbl lookups, see these posts....the second is only a warning of a problem with the first post. Let me know if you need more info.
ryan
http://forums.contribs.org/index.php?topic=15603.msg60018#msg60018
http://forums.contribs.org/index.php?topic=15603.msg60018#msg60018
-
Ryan, I can help you masq IPSEC, I do it on 4.1.2, it's pretty easy. Are you just wanting to masquerade IPSEC?
-
Nathan,
I did masq IPSEC on 4.1.2, 5.0, and 5.1.2. I am needed to make IPSEC masq work on a 5.6 test box. You know how to do this for multiple IPSEC connections at the same time?
Thanks,
ryan
-
Ryan, I have been using various noto and deny lines to reject e-mail from know spammers, while also blocking all unknown@unknown connections except those specifically excepted and all domains except .com .net .org and .us due to huge amounts of spam.
Do you use any of these techniques along with the RBL's? What exactly does your template look like that you have vertually eliminated all spam?
Thanks!
Tom Carroll
-
I have upgraded to 5.6. I installed e-smith-mailfront with the rbl feature. Now using the following to filter spam:
spamcop
spamhaus
spes
njabl
dsbl (not multi or unconfirmed)
wirehub.net
These filter about 98-99 percent of spam. Out of 700 spams blocked per day, a dozen or so make it in to my agency. I can reduce this number with aggressive reporting to SpamCop (i am paid member).
Good luck,
ryan
-
All I can say is THANKS! This is working out a whole lot better than what I had ever done on my own machine. I actively report SPAM to spamcop, so this is really nice I get to benefit from all that hard work.
I now look forward to upgrading to SME 5.6. But first I have to go and ask about three 100gb drives... :(
Thanks again guys!
Tom