Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: mikeyr on March 25, 2009, 06:17:17 PM
-
We have an SME server behind a Barracuda Spam firewall. Spammers hit both the spam blocker and the SME server (which has a FQDN ) at the same time with spam. The Barracuda catches the spam but the SME with Spamassassin running does not. The question is: Can the SME server be set to only listen for port 110 traffic from a specific IP address? If so then I could set the SME box to only accept port 110(inbound) mail from the Barracuda.
Thanks in advance, Mike
-
My bad, I should have said I was wanting port 110 traffic to only come from one IP address. I have no need for mail to come from any where except the Barracuda box.
-
hi
welcome here..
I'm sorry but.. you are saying you need SME's port 110 to accept traffic from a single ip?
as far as I understand from your first post, you have both barracuda and SME listening on wan on port 25.. isn't it?
please, clarify your setup and what you wish to achieve.
meanwhile, please take the time to read carefully the documentation.
Finally, in the future, please use the "search" link above before posting.. 99% of your question have been already answered ;-)
Ciao
Stefano
-
No most common setup would be to have the MX record point to the IP address of the Barracuda box which will filter and then forward all clean emails to the SME server on standard port 25. This way the SME server should/will only see filtered emails.
I use the SME server as spamfilter infront of an Exchange server and it catches close to all spam and marks all the rest perfectly (moved to "Exchange Junk E-mail folder")
-
We have a Barracuda box that is for monitoring spam on the inbound mail to our server. The server has a FQDN(mail.xxx.com) and therefore is also visable to the outside world as does the Barracuda(xxx.com). Mail being sent to mail.xxx.com goes directly to the SME server and if it is spam is not being detected as such and is being delivered to the customer. The same mail is also being sent to xxx.com which is going to the Barracuda and is being blocked. I would like to set the SME server to accept inbound mail ONLY from the IP address of the Barracuda and disregard anything to mail.xxx.com. I did do numerous searches but did not find any answers to my specific question. Thank you.
-
hi
as knuddi suggests, point your mx to barracuda.
anyway, could you please post the result of
config show spamassassin
config show qpsmtpd | grep disabled
thank you
Stefano
-
The mx record is pointing to xxx.com. There is NO mx for mail.xxx.com. However, there is a FQDN for mail.xxx.com.
# config show spamassassin
spamassassin=service
BayesAutoLearnThresholdNonspam=0.10
BayesAutoLearnThresholdSpam=4.00
DNSAvailable=yes
MessageRetentionTime=1
OkLanguages=all
OkLocales=all
RejectLevel=10
ReportSafe=0
Sensitivity=custom
SkipRBLChecks=0
SortSpam=enabled
Subject=[SPAM]
SubjectTag=enabled
TagLevel=4
UseBayes=1
status=enabled
config show qsmtpd | grep disabled
has nothing in it.
-
1. Why do you need to have SME open from outside when you have the barracuda?
2. Is a manual IPTables filter ok for a solution?
3. mail.xxx.com <-- no MX record? how to receive mail?
barracuda<-->sme<-->lan
or
sme<-->barracuda<-->lan
Which one do you want to implement?
-
The question is: Can the SME server be set to only listen for port 110 traffic from a specific IP address? If so then I could set the SME box to only accept port 110(inbound) mail from the Barracuda.
Port 110 is used for clients connecting to collect mail from mailboxes using the POP protocol. You can learn what protocol uses port 110 by running this command 'grep 110 /etc/services'.
-
yes... port 25 is the one that he really needs.
-
Looking for Barracuda<--->sme<--->lan
Yes, an iptable entry might work.
Spammers are sending mail directly to the mail.xxx.com address and it just so happens to be the same box as xxx.com, therefore mail servers are running.
-
Just create a firewall rule on your firewall that prohibits inbound traffic on port 25 from reaching your SME server.
-
Blocking inbound port 25 traffic totally will also block the inbound traffic from the Barracuda won't it? I just want the sme server to listen for inbound mail from the Barracuda.
-
mikeyr
you can't have 2 servers listening on 25 at the same time with the same address.. so block inbount traffic directed to port 25 on SME wan IP
Ciao
Stefano
-
Even though I do not understand why you do not fix this via DNS settings you can alter your iptables to only accept SMTP connection from your barracuda box. Now you have an entry on your SME server that states (seen with iptables --list):
target prot opt source destination
ACCEPT tcp -- anywhere smeserver.domain tcp dpt:smtp
You need to alter the "source" from "anywhere" to be the IP address of your Barracuda box. I am not sure how to do this cleanly in SME but I am sure someone else know.
-
you can have 2 servers listening on 25 at the same time with the same address..
I think you mean "can't".
-
I use the SME server as spamfilter infront of an Exchange server and it catches close to all spam and marks all the rest perfectly (moved to "Exchange Junk E-mail folder")
maybe the spammers are getting smarter but I find that the filter doesn't catch anywhere near as much as it used to, a lot seems to slip by, emails sent by people using Foxmail (very popular email client used in China) more often than not end up in the junkmail folder also, I know there is a compliance issue with Foxmail (other mail servers seem to pass their mail ok though) but it's hard to try and re-educate so many users and get them to use something different
-
I think you mean "can't".
indeed, I've corrected :-)
thank you
Stefano
-
jookin,
Surely they are getting smarter - all the time. Tuning the spamfilter is a continuous job I am afraid. What I have done with success is to:
1) Enable DCC (/etc/mail/spamassassin/v310.pre)
2) Utilize the unofficial clamav signatures (http://wiki.contribs.org/Email#Anti_Virus)
3) reject emails with score above 9 and tags above 5
4) install the server-manager module that allows whitelistning - sometimes its needed
If there are certain SA rules that creates the false positives then you might want to increase their score.
-
What I have done with success is to:
Thanks, I will look into your suggestions (I value your feedback) I don't post here much but I have been a continuous user ever since E-Smith 4.0 and have used a few of your contribs over the years, thanks for taking the time to reply, appreciate your advice :)