Page 4 of 4

Posted: Fri Jun 18, 2004 2:01 pm
by Anonymous
Arf wrote:Opinion Question: Do you think it would be better not to send back the error message that states that they are being rejected because they are on an RBL?



Yes, You can change the following one it lines

R<?>$+ $#error $@ 5.7.1 $: "Mail from " $&{client_addr} " Email blocked using spamhausxbl - see <http://www.spamhaus.org/>"


for

R<?>$+ $#discard $: discard


This works more or less to use /dev/null.

But the problem is, if the IP blocked is the your client, this never goes to know that this blocked the IP, and he think that its server doesn't send the emails. :o

Posted: Fri Jun 18, 2004 2:32 pm
by Charlie
Arf wrote:Okay, now that I feel a little more in control of this, I have another question or two.

Burning Question: Is there a way to check against the RBL without giving the sender the benefit of a return letter? So far, certain RBLs are working very well and I'm not getting any complaints. So why use the bandwidth? Why not vaporize these emails? But how?

Opinion Question: Do you think it would be better not to send back the error message that states that they are being rejected because they are on an RBL? If I were a spammer/hacker this would make me more angry and make me try other nasties against the rejecting domain. So why not provide an error message that says something line, "Mail Server Error. Please contact the recipient by another means and report to this to their Sys-Admin." This will foil the spammer with giving them a reason that would make them seek revenge while also alerting any legitimate users that there's a problem that they might wish to rectify. What-d-ya-think?


When you use sendmail.cf RBL feature to block an IP, the MTA meaning your sendmail does not send any emails to the sender. It simply does not "accept" the connection from the user saying the IP is blocked. there is no bandwidth usage.

In another note most professional spammers spammers use compromised systems /open proxies to connect to your server. They do not get angry when you reject them, but will try to find another victim

Also according to RFC if a SMTP server "accepts" an email for delivery, it must make reasonable effort to deliver it to the final recipient. It shouldnot simply discard the email without sending back a notice to the sender!
RFCs may not work great when it comes to SPAM, but imagine that every system admin decides to implement his/her own set of rules and return bogus errors codes, etc ignoring RFCs.

/C/

Posted: Fri Jun 18, 2004 2:45 pm
by darklite
The mail setup is getting better and better.

First Line of defence: RBL in sendmail
Second Line of defence: SpamAssassin
Third Line of Defence: WiKi Custom Lists
Forth Line of defence: ClamAV

Im going to add back Arfs offering just behind SpamAssassin to clear even more spam. Then allow the user to filter their mail also.

If only there was a way of punishing computer users who leave spam viruses on their computers ;)

Posted: Fri Jun 18, 2004 3:02 pm
by Arf
I knew I could count on this group for some great input.

Schpilkus, I can only illustrate to you by my resistance how leery I am to compile anything on my server that I don't fully understand. It is not the program that concerns me, it's not understanding how the compile program works and what I would do if the program screwed up my mail system. I am looking forward to the day when Alabanza provides it. For some, like yourself, SA is as close to a perfect solution as possible and I'd encourage it's use. I use it on my CPanel server and I like it as it comes as part of CPanel and is supported by the NOC if it should get hosed.

Also, I like the control I can get using other more low level options that I can understand. With SA, I would lose some granularity of logging and other aspects of email control that I 'want'.

I hope this helps you understand why one might not put this on their server **even if they wanted to**.

Posted: Fri Jun 18, 2004 3:11 pm
by Charlie
darklite wrote:The mail setup is getting better and better.

First Line of defence: RBL in sendmail
Second Line of defence: SpamAssassin
Third Line of Defence: WiKi Custom Lists
Forth Line of defence: ClamAV

Im going to add back Arfs offering just behind SpamAssassin to clear even more spam. Then allow the user to filter their mail also.

If only there was a way of punishing computer users who leave spam viruses on their computers ;)


It's getting better. Still you need to reject emails at MTA level if the user does not exist. I have reserved the second Line of defence for a Milter or access.db to reject emails addressed to non existent users. Why do I need to pipe them through SA and ClamAV.

/C/

Posted: Fri Jun 18, 2004 6:01 pm
by sixpackmx
[quote="CharlieAlso according to RFC if a SMTP server "accepts" an email for delivery, it must make reasonable effort to deliver it to the final recipient. It shouldnot simply discard the email without sending back a notice to the sender!
RFCs may not work great when it comes to SPAM, but imagine that every system admin decides to implement his/her own set of rules and return bogus errors codes, etc ignoring RFCs.

/C/[/quote]

Bravo!! Systems Implementations always should be based on a specific RFC. That's why I never liked the default alabanza autoresponse to bounce e-mail, it was not bouncing, but replying email.

Bouncing: Rejeceting the message in MTA level with a specific error code.

Posted: Thu Mar 17, 2005 11:16 pm
by RobW
Finally got my head around this and plucked up courage to edit the sendmail.cf... we used the following entries for user friendly replies:

Code: Select all

# DNS based IP address spam list list.dsbl.org
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.list.dsbl.org. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.list.dsbl.org. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused - see http://dsbl.org
/listing?"$&{client_addr}

# DNS based IP address spam list bl.spamcop.net
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.bl.spamcop.net. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.bl.spamcop.net. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused - see http://spamcop.
net/bl.shtml?"$&{client_addr}

# DNS based IP address spam list sbl.spamhaus.org
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.sbl-xbl.spamhaus.org. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.sbl-xbl.spamhaus.org. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused - see http://www.spam
haus.org/query/bl?ip="$&{client_addr}

# DNS based IP address spam list relays.ordb.org
R$*                     $: $&{client_addr}
R::ffff:$-.$-.$-.$-     $: <?> $(host $4.$3.$2.$1.relays.ordb.org. $: OK $)
R$-.$-.$-.$-            $: <?> $(host $4.$3.$2.$1.relays.ordb.org. $: OK $)
R<?>OK                  $: OKSOFAR
R<?>$+                  $#error $@ 5.7.1 $: "550 Mail from " $&{client_addr} " refused - see http://ordb.org
/lookup/?host="$&{client_addr}



Cheers
Rob

Posted: Thu Feb 09, 2006 12:20 pm
by Guest
theunknownhost wrote:Effectiveness of DSBL and Spamhaus:
moo
I'm a bit confused and I'm hoping someone here can enlighten me. First of all _thank you_ for the previous instructions, it really simplified the setup process.

I setup both lists on a server (host2) using the sendmail.cf file.

I then tried to send a message from a computer that has a black listed IP Address by accessing an emal account on a different server (host1)

i.e.

black listed PC (using outlook) ----> connected to email account on host1 ----> sent to email account on host2

The message was still successfully delivered to the recipient on host2 even though the originating IP is listed. This was a bit frustrating so I tried another approach.

I then sent a message:

black listed PC (using outlook) ----> connected to email account on host2 ----> and I received the proper connection refused error message.

However, wouldn't this suggest that the lists are in fact only effective against outgoing and not incoming messages from blacklisted IP's?

Posted: Fri Feb 10, 2006 11:22 pm
by spliffman
I had contacted my AM and had ala install the RBL's for me. I have noticed no difference in the amount of spam and we are still getting periodically blocked by comcast. I can't even find where ala put this.

1) where does ala put this information? (since the sendmail.cf is supposedly off limits)

2) which log contains the refused connections? So that I can tell if it is even working.

3) We need to all get together or have alabanza represent us and stop all this blocking -- does somebody want to setup a universal whitelist -- an RWL???

Posted: Fri Feb 10, 2006 11:30 pm
by m2
spliffman wrote:I had contacted my AM and had ala install the RBL's for me. I have noticed no difference in the amount of spam and we are still getting periodically blocked by comcast. I can't even find where ala put this.

1) where does ala put this information? (since the sendmail.cf is supposedly off limits)

2) which log contains the refused connections? So that I can tell if it is even working.

3) We need to all get together or have alabanza represent us and stop all this blocking -- does somebody want to setup a universal whitelist -- an RWL???


1. I think the RBLs are in sendmail.cf

2. grep the current maillog:

Code: Select all

grep 'sender listed in' /var/log/maillog | more


m2

Posted: Sun Feb 12, 2006 11:36 am
by spliffman
I had gotten this from my AM in response to my request: "RBLs have been installed by our sys admins on both of your servers."

But, there were absolutely no RBL's of any kind anywhere. I guess they got put on someone elses boxes by mistake :roll: (They would not have lied to me) Same spit -- different day!

I followed the info in this thread; (thanks durandel) installed them myself; and they work great! caught over two hundred in the first minute (dictionary attack and valid email still getting thru)

Hint: If you have Homesite, it is a great editor for stuff like this.

DITYIHMSL?

Posted: Sun Mar 05, 2006 4:25 am
by Greg