| View previous topic :: View next topic |
| Author |
Message |
happy
n00b
Joined: 15 Jan 2003
Posts: 21
Location: California
|
 Posted: Tue Feb 10, 2004 7:57 pm Post subject: qmail dns spam abatement measures |
 |
|
Hello:
Just wondering who out there has had any success implementing spam abatement measures with qmail. Anyone?
I've got some experience with this under openbsd, and so far I've got the rbl's blocking some, but I'm also interested in doing reverse DNS checks. Has anyone got this working?
One essential resource I've found very interesting and helpful is Chris Hardie's "qmail Anti-Spam HOWTO", especially the section for sysadmin's:
http://www.chrishardie.com/tech/qmail/qmail-antispam.html#sysadminoptions
I understand Spamassassin is supposed to be pretty good also, but can be kind of resource hungry. I've read bogofilter is faster, but I haven't implemented either yet. Can anyone please share their experiences a little here?
Basically, any comments from out there on the qmail spam abatement front would be greatly appreciated.
Cheers,
Steven
_________________
For me, to pursue social justice is to liberate as many computers as possible from the tyranny of Microsoft. |
|
| Back to top |
|
 |
puke
Tux's lil' helper
Joined: 05 Oct 2002
Posts: 128
|
| Posted: Tue Feb 10, 2004 9:24 pm Post subject: |
|
|
I use qmail-scanner with Mail-SpamAssassin and rblsmtpd. rblsmtpd does the blacklist checks, so spam assassin doesn't have to.
/var/qmail/supervise/qmail-smtpd/run:
| Code: |
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
exec /usr/bin/softlimit -m 8000000 \
/usr/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb \
-u $QMAILDUID -g $NOFILESGID 0 smtp \
rblsmtpd -rdnsbl.njabl.org -rproxies.blackholes.easynet.nl -rcbl.abuseat.org \
-rrelays.ordb.org -rdnsbl.sorbs.net \
/var/qmail/bin/qmail-smtpd 2>&1
|
|
|
| Back to top |
|
|
happy
n00b
Joined: 15 Jan 2003
Posts: 21
Location: California
|
| Posted: Mon Feb 16, 2004 2:26 am Post subject: Not even a simple qmail-smtpd-run script will work... |
|
|
Shoot I'm just trying to implement the following, and it still won't work:
| Code: | #!/bin/sh
exec /usr/bin/softlimit -m 8000000 \
/usr/bin/tcpserver -H -R -v -p -x /etc/tcp.smtp.cdb \
-u $QMAILDUID -g $NOFILESGID 0 smtp \
sh -c 'test -z "$TCPREMOTEHOST" && echo "451 bad reverse DNS" \
|| exec /var/qmail/bin/qmail-smtpd 2>&1
|
What's up with that?
I'm thinking it might have something to do with the way the config files are pre-loaded for the stock r13 ebuild...
Looks like at this point if I want to implement custom anti-spam measures I might as well forget about using ebuilds for qmail for the time being, or wait until the gentoo team gets this issue resolved. I've already got a bug in... The problem as I see it is they are currently looking into implementing the spam-control patch, and that is like the mother of all patches. Do to the size of that one, I'm not sure how long it will be until we see something to work with... They've got their hands full with that one me thinks.
Rats. What to do...
_________________
For me, to pursue social justice is to liberate as many computers as possible from the tyranny of Microsoft. |
|
| Back to top |
|
|
puke
Tux's lil' helper
Joined: 05 Oct 2002
Posts: 128
|
| Posted: Mon Feb 16, 2004 11:28 am Post subject: Re: Not even a simple qmail-smtpd-run script will work... |
|
|
| happy wrote: | | Shoot I'm just trying to implement the following, and it still won't work |
Happy, the reverse DNS thing isn't a good idea. Lots of legitimate hosts that want to send you mail use different names than what their IP resolves to on DNS. You'll just end up bouncing lots of non-spam.
Instead, you should use the rblsmtpd as above, and install Spam Assassin and configure qmail-scanner. You can also use fprot and other anti-virii solutions with qmail-scanner. |
|
| Back to top |
|
|
EvilGrin
n00b
Joined: 27 Oct 2003
Posts: 23
|
| Posted: Mon Feb 16, 2004 11:42 am Post subject: |
|
|
Instead of using qmail-scanner you might want to check out qpsmtp. Its much more flexible and neater way of controling this.
http://develooper.com/code/qpsmtpd/
I'm unsure if its avalible via portage though. |
|
| Back to top |
|
|
puke
Tux's lil' helper
Joined: 05 Oct 2002
Posts: 128
|
| Posted: Mon Feb 16, 2004 11:52 am Post subject: |
|
|
| EvilGrin wrote: | | Instead of using qmail-scanner you might want to check out qpsmtp. Its much more flexible and neater way of controling this. |
This looks good, I will check it out. Thanks! |
|
| Back to top |
|
|
eagle_cz
Apprentice
Joined: 06 Jun 2003
Posts: 214
|
| Posted: Sun Feb 22, 2004 11:06 pm Post subject: |
|
|
ok i have problem with qmail and rbl ... i belive even when i will stand on my ears, it will not work
it doesn log any single msg, evenerror msg into log files..
here is my setup ... do you have any clue ?
ps ax
29691 pts/3 S 0:00 /usr/bin/tcpserver -h -p -v -R -H -x /etc/tcp.smtp.cdb -c 40 -u 201 -g 200 0.0.0.0 smtp rblsmtpd -rrelays.ordb.org -rrdnsbl.sorbs.net /var/qmail/bin/qmail-smtpd
cat /etc/tcp.smtp
172.20.:allow,RELAYCLIENT="",RBLSMTP="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
127.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
212.80.95.154:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" |
|
| Back to top |
|
|
puke
Tux's lil' helper
Joined: 05 Oct 2002
Posts: 128
|
| Posted: Mon Feb 23, 2004 1:28 am Post subject: |
|
|
| eagle_cz wrote: | do you have any clue ?
|
-H messes with the $tcpremotehost variable, so try getting rid of that.
Something should be logged, try:
| Code: |
tail /var/log/qmail/qmail-smtpd/current
|
Also I recommend you upgrade to the latest qmail emerge. It puts all configuration into conf files, seems annoying at first but now I've seen the light, it's a great idea.
You should also be running the qmail-scanner wrapper rather than the perl script directly, or you need to upgrade your qmail-scanner. |
|
| Back to top |
|
|
eagle_cz
Apprentice
Joined: 06 Jun 2003
Posts: 214
|
| Posted: Mon Feb 23, 2004 6:50 am Post subject: |
|
|
@4000000040399ede0bf2efe4 tcpserver: status: 3/40
@4000000040399ede0bf42c4c tcpserver: pid 7095 from 206.46.170.115
@4000000040399ede0c0026b4 tcpserver: ok 7095 ns.el-cha.cz:212.80.95.1:25 :206.46.170.115::56735
@4000000040399ede37171894 tcpserver: end 7095 status 0
@4000000040399ede37175ee4 tcpserver: status: 2/40
i will remove H and check it out. |
|
| Back to top |
|
|
eagle_cz
Apprentice
Joined: 06 Jun 2003
Posts: 214
|
| Posted: Mon Feb 23, 2004 7:01 am Post subject: |
|
|
ok it still doesnt work
i have qmail-1.03-r13
whitch one do you use ? |
|
| Back to top |
|
|
puke
Tux's lil' helper
Joined: 05 Oct 2002
Posts: 128
|
| Posted: Mon Feb 23, 2004 2:54 pm Post subject: |
|
|
| eagle_cz wrote: | ok it still doesnt work
i have qmail-1.03-r13 whitch one do you use ? |
I am using qmail-1.03-r15. You might want to try upgrading. It puts the config info into /var/qmail/control/conf-common and conf-smtpd, seems to make things much easier to troubleshoot.
Also you should try using recordio to log the SMTP conversations to syslog. Eg. insert recordio before qmail-smtpd.
From your logs, it doesn't look like rblsmtpd is doing anything. I get logs like the following:
| Code: |
@400000003fd58c4f30287fb4 tcpserver: status: 1/40
@400000003fd58c4f31227bcc tcpserver: pid 69 from 61.106.48.5
@400000003fd58c4f31229724 tcpserver: ok 69 :my.ip.add.ress:25 :61.106.48.5::48785
@400000003fd58c4f3277fd94 rblsmtpd: 61.106.48.5 pid 69: 451 spam source -- 1070520002
@400000003fd58c530cecdc5c tcpserver: end 69 status 0
@400000003fd58c530cecf7b4 tcpserver: status: 0/40
@400000003fd58e782b70cbd4 tcpserver: status: 1/40
@400000003fd58e782b7aa35c tcpserver: pid 25577 from 24.238.161.12
@400000003fd58e782c735b3c tcpserver: ok 25577 :my.ip.add.ress:25 :24.238.161.12::3994
@400000003fd58e790548da14 rblsmtpd: 24.238.161.12 pid 25577: 451 Blocked - see http://cbl.abuseat.org/lookup.cgi?ip=24.238.161.12
@400000003fd58e7a0549fb24 tcpserver: end 25577 status 0
@400000003fd58e7a054a167c tcpserver: status: 0/40
|
(You can use tai64nlocal to convert the timestamps to human readable format)
Hope that helps. |
|
| Back to top |
|
|
eagle_cz
Apprentice
Joined: 06 Jun 2003
Posts: 214
|
| Posted: Mon Feb 23, 2004 9:37 pm Post subject: |
|
|
ok here what i did
on a box, where qmail never been before i emerge qmail-r15
i run basic setup, then i make simlinks to svscan
then i got to /var/qmail/control and i change conf-smtpd like this
| Code: |
# Configuration file for qmail-smtpd
# $Header: /home/cvsroot/gentoo-x86/net-mail/qmail/files/conf-smtpd,v 1.1 2003/11/30 11:32:06 robbat2 Exp $
# Stuff to run before tcpserver
#QMAIL_TCPSERVER_PRE=""
# Stuff to run qmail-smtpd
#QMAIL_SMTP_PRE=""
# Stuff to after qmail-smtpd
#QMAIL_SMTP_POST=""
# this turns off the IDENT grab attempt on connecting
TCPSERVER_OPTS="${TCPSERVER_OPTS} -R"
# You might want to use rblsmtpd with this, but you need to fill in a RBL server here first
# see http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more details
QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} rblsmtpd -rdnsbl.sorbs.net"
# If you are interested in providing POP or IMAP before SMTP type relaying,
# emerge relay-ctrl, then uncomment the next 2 lines
#QMAIL_TCPSERVER_PRE="${QMAIL_TCPSERVER_PRE} envdir /etc/relay-ctrl relay-ctrl-chdir"
#QMAIL_SMTP_PRE="${QMAIL_SMTP_PRE} relay-ctrl-check"
# In /etc/courier-imap/authdaemonrc add the next line to the end:
#authmodulelist="${authmodulelist} relay-ctrl-allow"
# Then in /etc/courier-imap/{imapd,imapd-ssl,pop3d,pop3d-ssl}
# Add this at the end
#PRERUN="${PRERUN} envdir /etc/relay-ctrl relay-ctrl-chdir"
# This next block is for SMTP-AUTH
# This provides the LOGIN, PLAIN and CRAM-MD5 types
# the 'cmd5checkpw' used in $QMAIL_SMTP_AUTHCHECKPASSWORD supports CRAM-MD5
# and reads it's data from /etc/poppasswd
# see the manpage for cmd5checkpw for details on the passwords
# uncomment the next four lines to enable SMTP-AUTH
#QMAIL_SMTP_AUTHHOST=$(<${QMAIL_CONTROLDIR}/me)
#[ -z "${QMAIL_SMTP_POST}" ] && QMAIL_SMTP_POST=/bin/true
#QMAIL_SMTP_CHECKPASSWORD="/bin/cmd5checkpw"
#QMAIL_SMTP_POST="${QMAIL_SMTP_AUTHHOST} ${QMAIL_SMTP_CHECKPASSWORD} ${QMAIL_SMTP_POST}"
|
then i set up my domain in other files and finaly i run /etc/init.d/svscan start
qmail is up and run
| Code: |
5672 pts/0 S 0:00 /usr/bin/tcpserver -p -v -R -x /etc/tcprules.d/tcp.qmail-smtp.cdb -c 40 -u 201 -g 200 0.0.0.0 smtp rblsmtpd -rdnsbl.sorbs.net /var/qmail/bin/qmail-smtpd
|
here are TCP rules
| Code: |
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
#
#-----------------------------------------------------------------
# ALLOW EVERYONE ELSE TO SEND US MAIL
#
# Everyone else can make connections to our server,
# but not allowed to relay
# RBL lookups are performed
:allow
# If you are using qmail-scanner, this line here is the correct one to use
# instead (comment out the above ':allow' line FIRST) and applies that script
# to any mail coming in that is not from a host allowed to relay. You can
# change the value of the variable to any other value you desire to use custom
# scripts for example.
#:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
212.80.95.153:allow,RELAYCLIENT="",RBLSMTPD=""
212.80.95.145:allow,RELAYCLIENT="",RBLSMTPD=""
|
and that bloody log is still w/o single RBLSMTPD entry.
i already tried it on 3 machines..... im probably biggest idiot all around world, but it simply do not work out and and it do not log any singl error msg.
any comment before i will shot myself ? |
|
| Back to top |
|
|
puke
Tux's lil' helper
Joined: 05 Oct 2002
Posts: 128
|
| Posted: Mon Feb 23, 2004 11:07 pm Post subject: |
|
|
rblsmtpd only shows in the logs when it is rejecting a host because it is listed in the rbl. If you are getting mail connecting from hosts that are not listed in the rbl, the mail will be processed as usual and you will not see any reference to rblsmtpd in the logs.
For example, this shows some spam I just received, where the source wasn't listed under the rbl:
| Code: |
@40000000403a7e6721c51694 tcpserver: status: 1/40
@40000000403a7e6721d078a4 tcpserver: pid 22387 from 199.239.233.202
@40000000403a7e672f3c8974 tcpserver: ok 22387 :my.ip.add.ress:25 coffee01.tempdomainname.com:199.239.233.202::1419
@40000000403a7e690ec3423c tcpserver: status: 2/40
@40000000403a7e690ece5244 tcpserver: pid 3584 from 199.239.233.202
@40000000403a7e691c93e524 tcpserver: ok 3584 :my.ip.add.ress:25 coffee01.tempdomainname.com:199.239.233.202::1425
@40000000403a7e881706dfe4 tcpserver: end 3584 status 0
@40000000403a7e881706ff24 tcpserver: status: 1/40
@40000000403a7e8b22b2222c tcpserver: end 22387 status 0
@40000000403a7e8b22b23d84 tcpserver: status: 0/40
|
I guess you could test it with one of your clients by setting $RBLSMTPD to something, and seeing if rblsmtpd puts something in the logs. The man page for rblsmtpd says:
| Quote: |
If the $RBLSMTPD environment variable is set and is nonempty, rblsmtpd blocks mail. It uses $RBLSMTPD as an error message for the client. Normally rblsmtpd runs under tcpserver(1); you can use tcprules(1) to set $RBLSMTPD for selected clients.
|
|
|
| Back to top |
|
|
eagle_cz
Apprentice
Joined: 06 Jun 2003
Posts: 214
|
| Posted: Mon Feb 23, 2004 11:35 pm Post subject: |
|
|
h a
hu
eh
doh
it work
im about to cry... im sooo happy dweeb.... man i guess i will be nominated on Moron of gentoo 
thanks folk |
|
| Back to top |
|
|
|
Networking & Security
