Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: bjoyce on September 06, 2007, 08:25:20 AM
-
Hi,
Wow, hasn't spam gone through the roof in the last few months.
I updated my SME7.2 yesterday to hopefully help reduce the amount of spam. This has worked however,
I have been receiving email from hotmail.com and ozemail.com.au domains before the update but now they are being rejected as they are in a spam list. Has anyone else had issues?
I have read that the RBL processes the email before sa does so white lists wont work. Is this the case?
In the doco I see how to add to an RBL but not how to remove one. Is removing the offending list the answer?
Also after the update all the users with forwarding email set have been changed back to deliver locally. (I have added this to the bug tracker 3378.)
Regards Brad
-
Hi again,
Thought I might add some more specific infromation.
In this post http://forums.contribs.org/index.php?topic=29803.0 Ray says how to add RBL's to the config and how to turn off RBL but not how to remove 1 list from RBL's. Can someone tell me how this is done?
Ta
Brad
-
Brad,
If you follow ray's example, but make a slight mod, you can remove which ever list you want.
Here is a snip from the topic you referenced
Use dnsbl.sorbs.net instead.
config setprop qpsmtpd RBLList sbl-xbl.spamhaus.org,whois.rfc-ignorant.org,dnsbl.sorbs.net
(the above should all be on one line)
config setprop qpsmtpd DNSBL enabled
signal-event email-update
if you leave one or more of the lists out of the "config setprop qpsmtpd rbbllist" line. and follow the rest, the list will not be used for blocking
-
Thanks Crazybob
before I do this, is there a way to allow specific address past the RBL module?
Brad
-
Not that I know of
Bob
-
This is bizarre, I have tested the blocked email (hotmail.com) again and now it goes through yet I have not modified the qpsmtpd settings.
The RBL (www.uceprotect.net) must have update hotmail.com, yep I just checked it and now its not blocked.
Is there a better list than uceprotect?
Brad
-
Brad,
Here iis the full howto written by Ray. http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/Spam%20blocking%20HOWTO%20using%20qpsmtpd%20&%20RBL%20for%20sme%20server.htm
Near the end is a list of if rbl lists
Bob
-
bjoyce
No list is "better" than another. They do have different rules for listing though.
Entries on RBL lists change all the time, as IP's become listed and delisted.
Note also that mail coming from a hotmail address (or any other large email system), will most likely come from a number of different servers with different IP's. One of those IP's may be listed whereas others are not listed, so therefore some mail from hotmail (or other large systems) addresses gets blocked and some does not. It just depends which email server was actually used to route the piece of email that was sent.
You must make a site policy decision about which RBL lists to use, and which ones not to use. Read about the listing criteria on each lists web site.
Eg spamcop will block all hotmail so if you want to receive email from hotmail accounts then definitely do not use the spamcop list etc etc.
A very conservative choice of RBL's is only
zen.spamhaus.org and whois.rfc-ignorant.org
I noticed that some free accounts like hotmail & gmail & smaller ISP's are getting listed on dnsbl.sorbs.net, so that's not recommended if you want to reliably receive email from those accounts.
The lists referred to in my howto are a little dated now although mostly valid with a couple of exceptions. There are lots of new lists, see the Wiki (upgrading to sme7 ?) for the default settings used in sme7.2, which are not enabled by default so choose wisely.
Start with just the two lists I suggested above, wait a while eg two or three weeks, before adding an additional list, then wait another few weeks, before adding another list. Only add one list at a time and then wait and see what effect that has and if you receive reports of "wanted" email being blocked.
Remove the list if it blocks wanted email. Adding or removing one list at a time allows you to assess the effect of doing so.
-
Brad
You can use the panel that Darrell May created to add white & black entries, to manage situations where particular senders email addresses or IP's get listed on RBL's and you wish to circumvent that listing.
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/dmay/smeserver/7.x/testing/smeserver-wbl/
smeserver-wbl-0.0.1-a8.dmay.noarch.rpm
Use the panel wisely though, or you will just defeat the purpose of using RBL's in the first place.
-
Hi Ray,
thanks for the info on the wbl rpm from Darrell May. I have installed it and got the panel working OK. Could you possibly point me to some documentation that tells me about the panel? I would like to know what the different stages he refers to are.
'connect' 'helo' etc
Brad
-
bjoyce
Search the forums for the contrib release announcement.
See here
http://lists.contribs.org/pipermail/devinfo/2007-January/009489.html
Read about qpsmtpd plugins, see this link
http://wiki.qpsmtpd.org/plugins?DokuWiki=a25f3183eb13e9fb70c3d9c95d44bd99
and also the documentation in
/usr/share/qpsmtpd/plugins/......
search google, and/or read devinfo mail list archives to trace the development work, go back a year or two as it was all happening then for sme7.
Search these forums on those terms.
Also look in the Wiki as there is a good article about the plugins.
http://wiki.contribs.org/Email#Default_Plugin_Configuration
The qpsmtpd plugins (filters) will reject messages if a match occurs.
By entering white entries you can tell qpsmtpd plugins not to process messages from that address/IP, therefore avoiding rejection (if there was likely to be a match).
-
Here is some more discussion of the default DNSBL lists included in SME: http://wiki.contribs.org/Updating_to_SME_7.2#DNSBL_Servers (note that DNSBL is disabled by default).
Here is another list I found discussing the pros and cons of various dnsbl services: http://www.asspsmtp.org/wiki/DNSBL#DNSBL_Providers
I've never used dmay's whitelist plugin -- mostly because I could never find any docs, either...My first suspicion would be that the 'connect' stage corresponds to 'dnsb', 'helo' corresponds to 'rhsbl' (but I'm just guessing!)
-
mmccarn
I've never used dmay's whitelist plugin -- mostly because I could never find any docs, either...My first suspicion would be that the 'connect' stage corresponds to 'dnsb', 'helo' corresponds to 'rhsbl' (but I'm just guessing!)
It's not that scary to use, very simple really. Be brave, experiment a little and find out how it works.
See additional links I added to earlier post ie
Search the forums for the contrib release announcement.
See here
http://lists.contribs.org/pipermail/devinfo/2007-January/009489.html
Read about qpsmtpd plugins, see this link
http://wiki.qpsmtpd.org/plugins?DokuWiki=a25f3183eb13e9fb70c3d9c95d44bd99
and also the documentation in
/usr/share/qpsmtpd/plugins/......