Koozali.org: home of the SME Server

blacklisthosts mechanism

Offline piran

  • ****
  • 502
  • +0/-0
blacklisthosts mechanism
« on: December 10, 2006, 05:57:14 PM »
I've been effectively managing with...
Code: [Select]
pico /var/service/qpsmtpd/config/whitelisthosts
signal-event email-update

...does the same functionality hold switching the colours? ie
Code: [Select]
pico /var/service/qpsmtpd/config/blacklisthosts
signal-event email-update

I've tried this but it doesn't 'seem' to be working.
My site does not (yet have to) use SpamAssassin (SA).

Offline kruhm

  • *
  • 680
  • +0/-0
blacklisthosts mechanism
« Reply #1 on: December 11, 2006, 02:25:57 AM »
I don't think there is a blacklisthosts. Although qpsmtpd is very plugable and I don't see why you couldn't create one (or sponsor one if it's out of reach).

At the same time, SME has a ip block per service as per the FAQ:

db configuration setprop smtpd DenyHosts xxx.xxx.xxx.xxx,xxx.xxx.xxx.xxx
signal-event remoteaccess-update

Offline piran

  • ****
  • 502
  • +0/-0
blacklisthosts mechanism
« Reply #2 on: December 11, 2006, 02:47:29 AM »
I don't think there is one either after scouting around the white one.
The facility you mentioned would be impractical in my situation, there
is already a highly effective 4000 line masq iptables file doing suchlike.
In any case I wanted to specify a domain (earthlink.net) not an IP.
Was investigating other options and defensive vectors before anything
might escalate unduly. The incoming intensity has inexplicably deepened
but is under SME7's perfect control;~) I'm just a careful sort and wanted
to know if there was a 'black' flavoured listing I might bring into the mix.

Offline kruhm

  • *
  • 680
  • +0/-0
blacklisthosts mechanism
« Reply #3 on: December 11, 2006, 06:13:49 AM »
"In any case I wanted to specify a domain (earthlink.net) not an IP."

Then you need to use the:
/var/qmail/control/badmailfrom

just add: @earthlink.net

no need to signal-event (expand or restart)

Offline byte

  • *
  • 2,183
  • +2/-0
blacklisthosts mechanism
« Reply #4 on: December 11, 2006, 02:59:59 PM »
This is how I do it so you don't lose the changes on reboot.

create you own template

/etc/e-smith/templates-custom/var/qmail/control/badmailfrom


Add the domains that you want to block in the form of spammer@spam.com or a whole domain @spam.com

Then finish off with a

signal-event email-update
--[byte]--

Have you filled in a Bug Report over @ http://bugs.contribs.org ? Please don't wait to be told this way you help us to help you/others - Thanks!

Offline piran

  • ****
  • 502
  • +0/-0
blacklisthosts mechanism
« Reply #5 on: December 11, 2006, 06:45:51 PM »
byte---- done

kruhm---- Nice idea but hasn't seemed to have done the job.
Strange but I DID expect it to work! Here is some of the log...
Code: [Select]
2006-12-11 17:20:13.399393500 26167 trying to get config for badmailfrom
2006-12-11 17:20:13.399857500 26167 Plugin check_badmailfrom, hook mail returned DECLINED,
2006-12-11 17:20:13.400013500 26167 getting mail from <brandon05sh@earthlink.net>
2006-12-11 17:20:13.400153500 26167 250 <brandon05sh@earthlink.net>, sender OK - how exciting to get mail from you!
...however the various RBLs caught the attempt. Contents of the badmailfrom file...
Code: [Select]

#spamer@spamdomain.com
#@spamdomain.com
# pico /etc/e-smith/templates-custom/var/qmail/control/badmailfrom/10RiffRaff
# /sbin/e-smith/expand-template /var/qmail/control/badmailfrom
# service qmail restart
# signal-event email-update

# mindspring
@earthlink.net

# wandering persistent spammers
@mirajpartnership.co.uk

Offline piran

  • ****
  • 502
  • +0/-0
blacklisthosts mechanism
« Reply #6 on: December 12, 2006, 02:32:59 AM »
Code: [Select]
2006-12-12 01:21:18.335916500 31453 running plugin (mail): check_badmailfrom
2006-12-12 01:21:18.336113500 31453 trying to get config for badmailfrom
2006-12-12 01:21:18.350063500 31453 Plugin check_badmailfrom, hook mail returned DECLINED,
2006-12-12 01:21:18.350243500 31453 getting mail from <brandon6gob@earthlink.net>
2006-12-12 01:21:18.350403500 31453 250 <brandon6gob@earthlink.net>, sender OK - how exciting to get mail from you!

The contents of badmailfrom are as indicated in my previous post.
Have I not formatted or activated the badmailfrom template properly?
Am I reading the sense of the log inappropriately?
Or is this bugzilla fodder?