Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: crazybob on January 02, 2015, 06:32:28 PM
-
I am getting a fair amount of spam form a variety of .click domains.
Is there an easy way to block all .click domains?
The IPs seem to be from the US
TAI
Bob
-
Bob
Do you have RBL lists enabled ?
Show us output of
config show qpsmtpd
-
qpsmtpd=service
Bcc=disabled
BccMode=off
BccUser=maillog
DNSBL=enabled
LogLevel=6
MaxScannerSize=25000000
RBLList=bl.spamcop.net:zen.spamhaus.org
RHSBL=enabled
RelayRequiresAuth=disabled
SBLList=multi.surbl.org:rhsbl.sorbs.net
TlsBeforeAuth=1
access=public
qplogsumm=disabled
setprop=qpsmtpd
status=enabled
I would like to block all .click domains if possible.
I am finding they are using things like .click, and .link and to me and my users this stuff is all spam.
Thanks
-
Bob
That looks OK.
Try installing the smeserver-wbl contrib, although it's effectiveness can vary. Configure it via the server manager panel that is added when the contrib is installed
-
Try installing the smeserver-wbl contrib, although it's effectiveness can vary. Configure it via the server manager panel that is added when the contrib is installed
Check the bug tracker for some issues with wbl / whitelisting
http://bugs.contribs.org/show_bug.cgi?id=8747
http://bugs.contribs.org/show_bug.cgi?id=8321
http://bugs.contribs.org/show_bug.cgi?id=8327
http://bugs.contribs.org/show_bug.cgi?id=8319
With those fixes it seems to work OK.
I think there is a new build with these in testing, but please check.
B. Rgds
John
-
I do have the smesrver-wbl contributed installed.
In the black list area I entered @*.click in both fields, and it has no effect. Can I enter just click in those lists?
The white list does not appear to be giving any issues. I am not sure which version I am ruining
Server I SME8.1 fully updated
-
Have a look here for the required format :
http://wiki.qpsmtpd.org/doku.php?id=plugins
The two plugins are :
check_badmailfrom
Format :
user@spammer.com
@very.bad.spammer.net
check_spamhelo
Format :
hotmail.com
aol.com
yahoo.com
localhost
localhost.localdomain
friend
I am not sure you can use '*' in the hostname.
To get the patches you may need to use a testing repo - I need to check and will post back later.
B. Rgds
John
-
I asked this very question awhile back ... how to block an entire TLD ... I too would want to block not only .click, but .rock and even .info. But there doesn't seem to be a way to do this currently.
-
crazybob
I am getting a fair amount of spam form a variety of .click domains.
Is there an easy way to block all .click domains?
The IPs seem to be from the US
If you can look at those messages & obtain the sending IP, you can block incoming IPs with this
http://wiki.contribs.org/SME_Server:Documentation:FAQ:Section05
Mail can be sent via different mail servers, so you will therefore have to configure multiple sending IPs, & you may have to setup quite a few, with the risk of blocking other wanted domains that are using the same servers.
Otherwise follow the advice given by ReetP re
check_badmailfrom
&
check_spamhelo
but you will have to enter domain names in the form
@abc.click
@123.click
@xyz.click
etc
So examine your logs for troublesome domains, & rather than excluding all of .click, exclude the errant sub domains one by one.
-
Funnily enough I just found this on a google for
Qpsmtpd block tld
http://forums.contribs.org/index.php/topic,47808.msg236493.html#msg236493
Seems that plugin may sort you out.
Also
http://blog.steve.org.uk/tags/qpsmtpd/
I'll check tomorrow... Think you need to manually configure qpsmtpd to use it
Let us know how you get on.
B. Rgds
John
-
ReetP
I checked that thread.
From this obsoleted & closed SME 7.x forum, CharlieBrady made this post http://forums.contribs.org/index.php/topic,47808.msg236493.html#msg236493
which said
This qpsmtpd plugin allows a badmailpatterns file to be used for "wildmat format" sender addresses:
ftp://ftp.canl.nc/Sharewares/Linux/Network/courrier/anti-spam/qpsmtpd/check_badpatterns..txt
The link that Charlie refers to requires a user & password to access it.
Anyone know how to look at that ?
Maybe Charlie .... are you reading this.... ?
Thanks
-
Janet - thanks. Yes, I can't access it now I have looked.
OK, had a longer look at this :-)
I note that in /usr/share/qpsmtpd/plugins there is one called check_badmailfrom_patterns which may be either a) similar or b) do the job.
From the plugin :
Patterns are stored in the format pattern\sresponse, where pattern
is a Perl pattern expression. Don't forget to anchor the pattern
(front ^ and back $) if you want to restrict it from matching
anywhere in the string.
^streamsendbouncer@.*\.mailengine1\.com$ Your right-hand side VERP doesn't fool me
^return.*@.*\.pidplate\.biz$ I don't want it regardless of subdomain
^admin.*\.ppoonn400\.com$
So I am not sure if something like these would work (a bit of a stab in the dark !):
^*\.info$
I kludged a bit of code from the plugin to test as follows - you can try it to see if it works 'as expected'. Put the code in a file called domaintest.pl - amend the contents of $user and $domain to test and you should be able to run it on the CLI with perl domaintest.pl :
#!/usr/bin/perl
use strict;
my $user = 'John';
my $domain = 'blog';
my @badmailfrom = ('^*.info$', '^*.test$');
my ($self, $transaction, $sender, %param) = @_;
my $host = lc ($domain);
my $from = lc($user) . '@' . $host;
for (@badmailfrom) {
my ($pattern, $response) = split /\s+/, $_, 2;
next unless $from =~ /$pattern/;
$response = "Your envelope sender is in my badmailfrom_patterns list"
unless $response;
print $response;
}
To enable this plugin you will need to generate some custom templates.
The actual file that dictates which plugins are loaded is :
/var/service/qpsmtpd/config/peers/0
Try a template fragment here :
mkdir /etc/e-smith/templates-custom/var/service/qpsmtpd/config/plugins
echo "check_badmailfrom_patterns" >> /etc/e-smith/templates-custom/var/service/qpsmtpd/config/plugins/31check_badmailfrom_patterns
And we need a symlink :
mkdir /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
ln -s ../../plugins/31check_badmailfrom_patterns 31check_badmailfrom_patterns
signal-event email-update
Check that the plugin is there :
cat /var/service/qpsmtpd/config/peers/0
Then you need a file for your patterns :
touch /var/service/qpsmtpd/config/check_badmailfrom_patterns
Then manually add your patterns to this file.
Please note that I make no guarantees about the above - test at your own risk. I'm no real coder so it is all done on a best guess estimate ! Please let us know if it works and it can be added to the wiki.
This could also be templated and added as part of the WBL contrib I guess - if you would like to see it then please open a bug