Koozali.org: home of the SME Server

SME 5.6 filter mail for exchange.

Tim Litwiller

Re: SME 5.6 filter mail for exchange.
« Reply #15 on: July 28, 2003, 08:42:32 PM »
Yes, those emails coming from places that are black listed will get dropped but - the rest of the junk email gets scored by spamassassin and you can use spamassassins white and black lists to make sure that those emails get correctly marked  ( some uce comes from valid places)
or some organizations especially with internet sales aren't willing to block so agresively with rblsmtp.  Like Ryan says some rbls will be to aggresive - some are very specific to areas etc....

SSBN

Re: SME 5.6 filter mail for exchange.
« Reply #16 on: July 29, 2003, 07:50:14 AM »
Ok here is what i have so far. Fresh install of SME 5.6 all updates
installed
spam ass.rpm
e-smith-mailfront-1.0.0-02rbl.noarch.rpm
clamav.rpm
 
I then folowed the how-to on how to set up clamav and all went well.

Here is where i gut stuck.

("copy /usr/bin/qmail-queue.amavis to /usr/bin/qmail-queue.amavis.orig          )
(make a new file /usr/bin/qmail-queue.amavis with                                        )
(                                                                                                               )
(  #!/bin/sh                                                                                                 )
( spamc | /usr/bin/qmail-queue.amavis.orig                                                   )
(                                                                                                               )
(give it the same permissions and user and group as /usr/bin/qmail-               )(queue.amavis.orig                                                                                     )
(                                                                                                               )
(then it runs thru spamassassin and the virus scanner before forwarding on to )(the  next server.                                                                                        )

I cant find the files in /usr/bin
did i miss somthing to install

Thanks

Tim Litwiller

Re: SME 5.6 filter mail for exchange.
« Reply #17 on: July 29, 2003, 07:56:59 AM »

SSBN

Re: SME 5.6 filter mail for exchange.
« Reply #18 on: July 29, 2003, 08:37:30 AM »
I did install it. Did the how to as well. It all seamed to work. But i still cant find the files. Am i looking in the proper place. I did a find qmail-queue.amavis  and it didn't find it. Could it be under another name.

any idea where i went wrong.

SSBN

Re: SME 5.6 filter mail for exchange.
« Reply #19 on: July 29, 2003, 08:42:39 AM »
hahaha i didn't finish it. Just did the firs part. I should go to bed.

Thanks

SSBN

Re: SME 5.6 filter mail for exchange.
« Reply #20 on: July 31, 2003, 07:26:05 AM »
SME 5.6 Exchange front end.

In my quest to getting my sme server to filter spam for my exchange server here is whit I have bin told to do. I haven’t bin able to get it working yet but I think I know where I went wrong. But could Tim Litwiller and Ryan fill in the blanks for me.

1: First set up a SME 5.6 server with all the updates as per the updates how to.

2: Download and move to an i-bay e-smith-mailfront-1.0.0-02rbl.noarch.rpm

Log into the shell and navigate to the dir with mailfront.
Type in rpm –Uvh e-smith-mailfront-1.0.0-02rbl.noarch.rpm
Restart the server (I am not sour if this is exactly how it should be installed. Can you guys confirm?)

3: You can now go to the /service/~smtpfront-qmail/rblsmtpd.conf. and add black lists of your choice. Any blacklisted email will be dropped and lost.

(Just wondering is there anywhere in these steps an signal-event post-update should be run)

4: Next go to other email options and set the delegate email server to the ip of your exchange server.

Blacklisted email will now be dropped based on the blacklists you pick.


Going a bit further.

From whit I understand you can take this a step further and use spam assassin with this setup.
(Do I need to have install the modified mailfront for this to work?)

1:Go to at www.pagefault.org there are instructions for setting up amavis-ng and clamav to scan email for virus follow those instructions - then replace when you have that working
copy /usr/bin/qmail-queue.amavis to /usr/bin/qmail-queue.amavis.orig
make a new file /usr/bin/qmail-queue.amavis with

#!/bin/sh
spamc | /usr/bin/qmail-queue.amavis.orig
(I am not sour what this is doing. Could you explain in more detail? I am not real good with Linux commands yet)
give it the same permissions and user and group as /usr/bin/qmail-queue.amavis.orig

2:Now you should be able to use the features of spam assassin.

Can you guys take a look at this and correct me where I am wrong or way off. Thanks for all your time.

Tim Litwiller

Re: SME 5.6 filter mail for exchange.
« Reply #21 on: July 31, 2003, 08:31:47 AM »
SSBN wrote:
>
> SME 5.6 Exchange front end.
>
> In my quest to getting my sme server to filter spam for my
> exchange server here is whit I have bin told to do. I haven’t
> bin able to get it working yet but I think I know where I
> went wrong. But could Tim Litwiller and Ryan fill in the
> blanks for me.
>
> 1: First set up a SME 5.6 server with all the updates as per
> the updates how to.
>
> 2: Download and move to an i-bay
> e-smith-mailfront-1.0.0-02rbl.noarch.rpm
>
> Log into the shell and navigate to the dir with mailfront.
> Type in rpm –Uvh e-smith-mailfront-1.0.0-02rbl.noarch.rpm
> Restart the server (I am not sour if this is exactly how it
> should be installed. Can you guys confirm?)
>
> 3: You can now go to the
> /service/~smtpfront-qmail/rblsmtpd.conf. and add black lists
> of your choice. Any blacklisted email will be dropped and lost.
>

Should be ok - I only use spamcops blacklist

> (Just wondering is there anywhere in these steps an
> signal-event post-update should be run)
>
I don't remember

> 4: Next go to other email options and set the delegate email
> server to the ip of your exchange server.
>
> Blacklisted email will now be dropped based on the blacklists
> you pick.
>
>

Yes, that should take care of the worst of the spam

> Going a bit further.
>
> From whit I understand you can take this a step further and
> use spam assassin with this setup.
> (Do I need to have install the modified mailfront for this to
> work?)
>
Did you install the spamassassin listed at contribs.org?

> 1:Go to at www.pagefault.org there are instructions for
> setting up amavis-ng and clamav to scan email for virus
> follow those instructions - then replace when you have that
> working
> copy /usr/bin/qmail-queue.amavis to
> /usr/bin/qmail-queue.amavis.orig
> make a new file /usr/bin/qmail-queue.amavis with
>

amavis replaces the origianl qmail-queue with it's own perl script that scans for virus and then passes the mail thru to the original qmail-queue - here we add another layer that scans for spam and then passes to amavis who them scns for virus and passes back to original qmail-queue


> #!/bin/sh
> spamc | /usr/bin/qmail-queue.amavis.orig

also chmod u+x  /usr/bin/qmail-queue.amavis to make it executable


> (I am not sure what this is doing. Could you explain in more
> detail? I am not real good with Linux commands yet)
> give it the same permissions and user and group as
> /usr/bin/qmail-queue.amavis.orig
>
> 2:Now you should be able to use the features of spam assassin.
>
> Can you guys take a look at this and correct me where I am
> wrong or way off. Thanks for all your time.

ryan

Re: SME 5.6 filter mail for exchange.
« Reply #22 on: July 31, 2003, 07:44:09 PM »
Tim Litwiller wrote:
>
> SSBN wrote:
> >
> > SME 5.6 Exchange front end.
> >
> > In my quest to getting my sme server to filter spam for my
> > exchange server here is whit I have bin told to do. I haven’t
> > bin able to get it working yet but I think I know where I
> > went wrong. But could Tim Litwiller and Ryan fill in the
> > blanks for me.
> >
> > 1: First set up a SME 5.6 server with all the updates as per
> > the updates how to.
> >
> > 2: Download and move to an i-bay
> > e-smith-mailfront-1.0.0-02rbl.noarch.rpm
> >
> > Log into the shell and navigate to the dir with mailfront.
> > Type in rpm –Uvh e-smith-mailfront-1.0.0-02rbl.noarch.rpm
> > Restart the server (I am not sour if this is exactly how it
> > should be installed. Can you guys confirm?)
> >
> > 3: You can now go to the
> > /service/~smtpfront-qmail/rblsmtpd.conf. and add black lists
> > of your choice. Any blacklisted email will be dropped and
> lost.
> >
>
> Should be ok - I only use spamcops blacklist
>
> > (Just wondering is there anywhere in these steps an
> > signal-event post-update should be run)
> >

> I don't remember
ryan:  no restart or reboot necessary, changes are immediate.
>
> > 4: Next go to other email options and set the delegate email
> > server to the ip of your exchange server.
> >
> > Blacklisted email will now be dropped based on the blacklists
> > you pick.
> >
> >
>
> Yes, that should take care of the worst of the spam
ryan: SME domain must be exact domain for internet mail service on exchange.
>
> > Going a bit further.
> >
> > From whit I understand you can take this a step further and
> > use spam assassin with this setup.
> > (Do I need to have install the modified mailfront for this to
> > work?)
> >
> Did you install the spamassassin listed at contribs.org?
ryan:  spamassassin will be bored with very little to do if your blacklists are working.  KISS:  keep it simple stupid is the rule I follow.  Try the blacklists, use spamassassin only if you need it.
>
> > 1:Go to at www.pagefault.org there are instructions for
> > setting up amavis-ng and clamav to scan email for virus
> > follow those instructions - then replace when you have that
> > working
> > copy /usr/bin/qmail-queue.amavis to
> > /usr/bin/qmail-queue.amavis.orig
> > make a new file /usr/bin/qmail-queue.amavis with
> >
>
> amavis replaces the origianl qmail-queue with it's own perl
> script that scans for virus and then passes the mail thru to
> the original qmail-queue - here we add another layer that
> scans for spam and then passes to amavis who them scns for
> virus and passes back to original qmail-queue
>
>
> > #!/bin/sh
> > spamc | /usr/bin/qmail-queue.amavis.orig
>
> also chmod u+x  /usr/bin/qmail-queue.amavis to make it
> executable
ryan:  never used antivirus on linux...using mcafee on exchange server and all clients.
>
>
> > (I am not sure what this is doing. Could you explain in more
> > detail? I am not real good with Linux commands yet)
> > give it the same permissions and user and group as
> > /usr/bin/qmail-queue.amavis.orig
> >
ryan:  you can only practice.  practice on a test box.  have likely had to start over on a test box dozens of times...crashing/breaking it is a learning experience.  Fixing it is an even better learning experience.

> > 2:Now you should be able to use the features of spam
> assassin.
> >
> > Can you guys take a look at this and correct me where I am
> > wrong or way off. Thanks for all your time.

ryan:  right now I use 7 blacklists plus 3 non traditional that block subnets from china, korea, and hongkong.  

You can verify your blacklists are working by viewing the log in server manager.  Look at "smptfront-qmail/current".  The lines with 'rblsmtpd' are blocked messages.  This will show you emails that got in and those that got blocked.  I tend to use a key word 'rblsmtpd' to filter and show just the blocked emails.  

Keep in mind if you have a backup mx DNS record, spammers will try your backup server.  If it is not spam protected, you will get the spam.  Also, don't have your exchange server on the internet as a host address....spammers hit me once through a host record, not an MX record.  They are clever and persistent!  

If you need to access exchange from the internet for pop or imap, use portforwarding from a firewall.  If you use full exchange 5.5 services (global book, shared calendar, etc) over the internet, a firewall will kill these services.   Exchange server 2003 has full exchange services available through port 80, but you need to use the Outlook 2003 client for it to work.  Exch. 2000 can use full services with portforwarding if you open several ports.  I read that the new Exch 2003 server allows the use of blacklists, so SME won't need to guard it...but remember it is microsoft and a risk to be left on the internet in my opinion.  My firewalls continue to get dozens of hits per day with code red and the M$ sql attack.   Better play it safe and keep up the linux firewalls.

ryan

dean

Re: SME 5.6 filter mail for exchange.
« Reply #23 on: August 17, 2003, 03:12:29 AM »
I have a sme 5.6 in server only mode. I like to install a spam filter" e-smith-mailfront-1.0.0-02rbl.noarch.rpm" which looks that will do the job. But i do not know any reliable black lists or how to configure the "/service/~smtpfront-qmail/rblsmtpd.conf". Can you publish your rblsmtpd.conf

dean

Re: SME 5.6 filter mail for exchange.
« Reply #24 on: August 18, 2003, 12:21:30 AM »
>ryan: right now I use 7 blacklists plus 3 non traditional that block subnets from >china, korea, and hongkong.

>You can verify your blacklists are working by viewing the log in server manager. >Look at "smptfront-qmail/current". The lines with 'rblsmtpd' are blocked >messages. This will show you emails that got in and those that got blocked. I >tend to use a key word 'rblsmtpd' to filter and show just the blocked emails.

Ryan i installed the e-smith-mailfront-1.0.0-02rbl.noarch.rpm. I checked the rblsmtpd.conf and it has a line:RBLARGS="$RBLARGS -r list.dsbl.org" then i checked the "smtpfront-qmail/current" in server manager and i found no lines with "rblsmtpd". Is there any other way that i can check that this configuration is working? This how my :smtpfront-qmail/current" log looks:

400000003f3fccc6085268c4 smtpfront-qmail[7769]: MAIL FROM: BODY=8BITMIME
@400000003f3fccc60852a35c smtpfront-qmail[7769]: RCPT TO:
@400000003f3fccc62af05134 smtpfront-qmail[7769]: Accepted message qp 7770 bytes 10145
@400000003f3fccc62e9f8624 smtpfront-qmail[7769]: bytes in: 10336 bytes out: 193
@400000003f3fccc62ea3626c tcpserver: end 7769 status 0
@400000003f3fccc62ea381ac tcpserver: status: 0/40
@400000003f3fccfd0ca77aa4 tcpserver: status: 1/40
@400000003f3fccfd0cad79cc tcpserver: pid 7776 from 210.102.37.238
@400000003f3fccfd0e947d94 tcpserver: ok 7776 0:192.168.1.10:25 :210.102.37.238::4886
@400000003f3fccfe19a4df6c smtpfront-qmail[7776]: MAIL from:
@400000003f3fccfe28bfbd64 smtpfront-qmail[7776]: RCPT to:
@400000003f3fccfe28bfe85c smtpfront-qmail[7776]: Sorry, that domain isn't in my list of allowed rcpthosts.
@400000003f3fccfe37de2d6c smtpfront-qmail[7776]: bytes in: 96 bytes out: 196
@400000003f3fccfe37e136c4 tcpserver: end 7776 status 0
@400000003f3fccfe37e15604 tcpserver: status: 0/40

Before i installed the mailfront it looked like:

400000003f3e7dc7220ba12c smtpfront-qmail[19625]: MAIL FROM: BODY=8BITMIME
@400000003f3e7dc7220be77c smtpfront-qmail[19625]: RCPT TO:
@400000003f3e7dc72e35374c smtpfront-qmail[19625]: Accepted message qp 19626 bytes 1800
@400000003f3e7dc730e23a94 smtpfront-qmail[19625]: bytes in: 1801 bytes out: 193
@400000003f3e82030b9d1b3c smtpfront-qmail[19783]: MAIL FROM:<26490723@mail.apol.com.tw>
@400000003f3e82030b9d59bc smtpfront-qmail[19783]: bytes in: 50 bytes out: 80
@400000003f3e87f1047ccfb4 smtpfront-qmail[19870]: MAIL FROM:
@400000003f3e87f11090e5ec smtpfront-qmail[19870]: RCPT TO:
@400000003f3e87f1297cf2e4 smtpfront-qmail[19870]: Accepted message qp 19871 bytes 2438
@400000003f3e87f631ac8b8c smtpfront-qmail[19870]: bytes in: 2489 bytes out: 193

ryan

Re: SME 5.6 filter mail for exchange.
« Reply #25 on: August 19, 2003, 02:10:05 AM »
Dean,

The default install for smtpfront rbl rpm puts only ordb.org into the config file.  You need to evaluate carefully which blacklists you use.  Below is the contents of my rblsmtpd.conf file:

RBLARGS="$RBLARGS -r sbl.spamhaus.org -r relays.osirusoft.com -r opm.blitzed.org -r list.dsbl.org -r dnsbl.sorbs.net -r dnsbl.njabl.org -r bl.spamcop.net -r china.blackholes.us -r korea.blackholes.us -r hongkong.blackholes.us"

Anyone that uses blacklists must be aware you might block legitimate email and will likely never know unless a user complains.   My lists are not aggressive and allow email from the free domains such as yahoo & hotmail.  

I have recieved complaints from my users that can't recieve email from a sender on att.net and one on earthlink.net....the specific servers used by those senders had multiple blacklist hits, so I said sorry, can't allow that email.........

Useful tool to check domains and IP address against lots of spam rbl blacklists:

http://openrbl.org

If spam gets through, run the IP address through this site to see if other blacklists will block it....it is a cat and mouse game that goes on forever...., but I do block 99% of the spams with SME...so I am ahead at this point.



ryan

dean

Re: SME 5.6 filter mail for exchange.
« Reply #26 on: August 19, 2003, 02:41:51 AM »
Thanks ryan

checked the "smtpfront-qmail/current" for rbl and found plenty blocked emails. It's working!!!!!!!!!!

Thank's again for the blacklists.

ryan

Re: SME 5.6 filter mail for exchange.
« Reply #27 on: August 19, 2003, 03:16:51 AM »
Glad to hear your controlling spam!

Be aware...if you use a backup MX record (and backup server), it must have the same blacklists because many spammers will send spam to your backup servers knowing the primary is the most guarded.  Once delivered to to a backup server, it will be delivered unless you have additional processing of messages once they are accepted.

ryan

ryan

Re: SME 5.6 filter mail for exchange.
« Reply #28 on: August 27, 2003, 10:07:20 AM »
This just posted on slashdot:

Osirusoft Blacklists The World

 
Posted by timothy on Tuesday August 26, @11:15PM
from the wildcard-matches-for-evil dept.
ariehk writes "As of today, Osirusoft, distributer of the SPEWS and open relay blocklists, among others, is no longer operational. Servers using these lists (including the FTC) are currently rejecting ALL email. This shutdown seems to be in response to a several-week-long DDoS attack on Osirusoft, SPEWS and others, resulting in both sites being down. This has caused much discussion on n.a.n-a.e, including the suggestion that the attack is somehow related to the SoBig worm. The spammers must be hurting if they can devote these kinds of resources to attacking blocklists." Read on below a related submission.


ryan

Michael Roed

Re: SME 5.6 filter mail for exchange.
« Reply #29 on: August 27, 2003, 02:01:37 PM »
Ryan>>> Do your setup allow external users to access your Exchangeserver via POP3 or IMAP???
I have tried to get Outlook Express to connect to my Exchange 2000 server from home but I can't seem to get through E-smith 5.6. I have forwarded port 110 but still can't connect to Exchange. Is this enough to do on Esmith or am I missing a thing?

Thank you,
Michael.