Topic: Spam blocking with smtpfront-qmail HOWTO released

[raem]

> rpm -qi e-smith-mailfront
> On an upgraded 5.6 to 6.0 it's got
> Name        : e-smith-mailfront            
> Version     : 1.2.0                            

> whereas a fresh 6.0 (+sp4) produces
> Name        : e-smith-mailfront
> Version     : 1.3.0                            

> Also,just having the templates does nothing. The
> run command for 1.3.0 specifically runs runenv if
> it's available. 1.2.0 doesn't even know about it.

As the HOWTO clearly says, this is for sme v6.x servers only.
The rpms that are on the v6.0 (Mitel) instal disk are
e-smith-mailfront-1.3.0-11.noarch.rpm
mailfront-0.81-1.i386.rpm

The rpms that are on the v6.0.1 (contribs.org) instal disk are the same
e-smith-mailfront-1.3.0-11.noarch.rpm
mailfront-0.81-1.i386.rpm

> It looks as though upgrades didn't touch e-smith-mailfront,
> but that's just odd...

It would seem that some servers did not run the upgrade from 5.6 to 6.x correctly ???
You should be able to upgrade those rpms from the CD if you need to.


> AFAIK Gordon Rowell is up to e-smith-mailfront 1.5.0
> (and the matched mailfront 0.91-3es)

These are available from here (and mirror sites)
ftp://ftp.ibiblio.org/pub/linux/distributions/e-smith/contrib/GordonRowell/RPMS/

but they are only required if you wish to implement the Pattern matching feature to block executable content (& viruses).
See devinfo  for further info, and my soon to be released HOWTO

Regs
Ray

[raem]

> rpm -qi e-smith-mailfront
> On an upgraded 5.6 to 6.0 it's got
> Name        : e-smith-mailfront            
> Version     : 1.2.0                            

Are you sure it's v6.0 final and not v6.0beta3 ??

If I look on my sme v6.0beta3 CD I see
e-smith-mailfront-1.2.0-01.noarch.rpm
mailfront-0.81-1.i386.rpm

and just for the heck of it...
If I look on my sme v6.0beta2 CD I see
e-smith-mailfront-1.1.0-10.noarch.rpm
mailfront-0.81-1.i386.rpm

All users should ensure they have upgraded to sme server v6.0 final (Mitel release) or sme server v6.0.1 (contribs.org release).

If you are still running a beta release you MUST upgrade.
You are silly to still be running a beta release anyway !!

Regs
Ray

[bobk]

...
If I look on my sme v6.0beta3 CD I see
e-smith-mailfront-1.2.0-01.noarch.rpm
mailfront-0.81-1.i386.rpm

and just for the heck of it...
If I look on my sme v6.0beta2 CD I see
e-smith-mailfront-1.1.0-10.noarch.rpm
mailfront-0.81-1.i386.rpm
...

Ray,

According to Mitel - several packages in the beta release were 'back ported' to the versions in use on their commercial release when 6.0 final was issued.

So, you are right - there are some packages in 6.0 final and 6.0.1-01 that have lower version numbers than the same packages in the beta release.

[raem]

> So, you are right - there are some packages in 6.0 final and 6.0.1-01 that have lower version numbers than the same packages in the beta release.

I don't follow your reasoning.
The last 2 posts I made clearly show that v6.0 & v6.0.1 have more recent versions that the v6beta releases.
ie 1.3.0 is greater than 1.2.0 therefore newer.

It appears that the older e-smith-mailfront package in the v6beta releases will not provide the RBLList functionality, although I have not verified this myself

Regs
Ray

[raem]

Please see the revised v4 Spam blocking HOWTO at
http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/Spam%20blocking%20HOWTO%20using%20smtpfront-qmail%20for%20sme%20server.htm

There is additional information about rpm compatibility as per the discussions in this thread.

Good for dummies, (sorry) !

Regs
Ray

[fostware]

Sheesh!

I posted the information as a help. The other server was beta, then an upgrade to full, then to u4. I'm chasing up what I did, and if it is actually a bug.

Hopefully people can see exactly the requirements for RBL. Just saying "SME 6.x" may not help all those interested.

Thanks all the same.

[raem]

Dear All
Another good feature to implemenet is in my companion
Virus and file blocking HOWTO using smtpfront-qmail for sme server 6.0, 6.0.1 (not v6beta or earlier releases) which is available here
< http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/howto/Virus%20and%20file%20blocking%20HOWTO%20using%20smtpfront-qmail%20for%20sme%20server.htm >

Your server will reject email messages with virus infected attachments. You can also use it to control the type of attachments you wish to allow your users to send & receive ie reject multimedia files if required.

My server has processed NO virus infected messages in over 3 weeks as they have ALL (over 1000 since implementation) been rejected. The last (1) virus detected by Clamavis-ng was about 5 weeks ago, it was a new html exploit that pattern matching virus blocking does not detect.

Say goodbye to viruses in email attachments.

Regs
Ray

[loveless]

Im running the Mitel Release
[root@sme root]# rpm -q SMEServer
SMEServer-6.0-04

I don't think this is going to work any longer.  As I understand it, the SMEServer-x rpm was issued by Mitel as a method of keeping track of updates and such.  Unless 'contribs' begins to issue updates and use the same method.

A better way to see what your version is might be:

Code: [Select]


more /etc/e-smith-release

OR

Code: [Select]


/sbin/e-smith/db configuration getprop sysconfig ReleaseVersion


[romst]

I have sme 6.0.1-01 installed and securemail from pagefault.org, which replaces mailfront to version 0.91-3es and e-smith-mailfront - to 1.5.0-13.
All of it works well without filtering spam by rbl bases, but when i install filtering spam by RBLList according Ray Mitchel solution, this not work.
Smtpfront-qmail works fine, not rblsmtpd. /var/log/smtpfront-qmail/current did't content rblsmtpd ....
By hands i started this construction, but :
@4000000040d8908a2fcd30b4 rblsmtpd: fatal: unable to run bl.spamcop.net: file does not exist
@4000000040d890a70c3aed94 rblsmtpd: fatal: unable to run bl.spamcop.net: file does not exist
@4000000040d891b224f61ebc rblsmtpd: fatal: unable to run cbl.abuseat.org: file does not exist

Who can tell me about what's wrong ?

[raem]

What is your output from
/sbin/e-smith/db configuration show smtpfront-qmail

[romst]

smtpfront-qmail=service
    ExternalInterfaceFilter=/usr/bin/qmail-queue.amavis
    Instances=40
    InternalInterfaceFilter=/usr/bin/qmail-queue.amavis
    MaxMessageSize=10000000
    Patterns=disabled
    PatternsFile=/var/qmail/control/patterns.default
    Proxy=enabled
    RBLList=cbl.abuseat.org
    access=public
    authentication=disabled
    status=enabled

maybe use this:
in /etc/tcprules/tcp.smtp
192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="/usr/local/bin/rblsmtpd -r cbl.abuseat.org",.....  ?

[raem]

That db entry looks OK. I see you have pattern matching installed but disabled.

What do you get from
rpm -q mailfront
rpm -q e-smith-mailfront
I get
rpm -q mailfront
mailfront-0.91-3es
rpm -q e-smith-mailfront
e-smith-mailfront-1.5.0-13

If you really do have those rpms installed then they are OK.

Try this for a test
Disable RBL blocking completely
/sbin/e-smith/config delprop smtpfront-qmail RBLList
/sbin/e-smith/expand-template /var/service/smtpfront-qmail/runenv
svc -t /service/smtpfront-qmail


Then enable RBL blocking again with just one list, but try the spamhaus list shown as I know it is OK
/sbin/e-smith/config setprop smtpfront-qmail RBLList sbl-xbl.spamhaus.org
/sbin/e-smith/expand-template /var/service/smtpfront-qmail/runenv
svc -t /service/smtpfront-qmail

Report back, hopefully you see rejection entries in the log
to see them in readable date order do
grep rblsmtpd /var/log/smtpfront-qmail/current | tai64nlocal


> maybe use this:
> in /etc/tcprules/tcp.smtp
> 192.168.1.:allow,RELAYCLIENT="",RBLSMTPD="/usr/local/bin/rblsmtpd -r cbl.abuseat.org"

Not sure why you are quoting that example, that type of entry is related to the Pattern matching virus blocking, NOT to RBLList blocking. I think you are getting the 2 HOWTOs & methods confused.
You better read my 2 HOWTOs again.

[romst]

i have (rpm -q)
mailfront-0.91-3es, e-smith-mailfront-1.5.0-13.

/sbin/e-smith/config delprop smtpfront-qmail RBLList
/sbin/e-smith/expand-template /var/service/smtpfront-qmail/runenv
svc -t /service/smtpfront-qmail

output of /sbin/e-smith/db configuration show smtpfront-qmail:
smtpfront-qmail=service
    ExternalInterfaceFilter=/usr/bin/qmail-queue.amavis
    Instances=40
    InternalInterfaceFilter=/usr/bin/qmail-queue.amavis
    MaxMessageSize=10000000
    Patterns=enabled
    PatternsFile=/var/qmail/control/patterns.default
    Proxy=enabled
    access=public
    authentication=disabled
    status=enabled

/sbin/e-smith/config setprop smtpfront-qmail RBLList sbl-xbl.spamhaus.org
/sbin/e-smith/expand-template /var/service/smtpfront-qmail/runenv
svc -t /service/smtpfront-qmail


output of /sbin/e-smith/db configuration show smtpfront-qmail:
smtpfront-qmail=service
    ExternalInterfaceFilter=/usr/bin/qmail-queue.amavis
    Instances=40
    InternalInterfaceFilter=/usr/bin/qmail-queue.amavis
    MaxMessageSize=10000000
    Patterns=enabled
    PatternsFile=/var/qmail/control/patterns.default
    Proxy=enabled
    RBLList=sbl-xbl.spamhaus.org
    access=public
    authentication=disabled
    status=enabled

grep rblsmtpd /var/log/smtpfront-qmail/current | tai64nlocal has no output (only upper that i posted). tail has:

@4000000040d948e617176e2c smtpfront-qmail[10595]: Accepted message qp 10596 bytes 1917
@4000000040d948e72d77e28c smtpfront-qmail[10595]: bytes in: 1938 bytes out: 229
@4000000040d948e72d78f014 tcpserver: end 10595 status 0
@4000000040d948e72d78f3fc tcpserver: status: 0/40
@4000000040d9491239ff196c tcpserver: status: 1/40
@4000000040d949123a003694 tcpserver: pid 10620 from 127.0.0.1
@4000000040d949123a06ba8c tcpserver: ok 10620 0:127.0.0.1:125 localhost:127.0.0.1::57443
@4000000040d9491433637ea4 smtpfront-qmail[10620]: bytes in: 6 bytes out: 51
@4000000040d94914336dcf44 tcpserver: end 10620 status 0
@4000000040d94914336ddafc tcpserver: status: 0/40

cat /var/service/smtpfront-qmail/runenv:
INSTANCES=40
RBLSMTPD="/usr/local/bin/rblsmtpd -r sbl-xbl.spamhaus.org"

cat /var/service/smtpfront-qmail/run:
[ -f ./runenv ] && . ./runenv

exec 2>&1
exec /usr/bin/env - \
     /usr/local/bin/envuidgid ${SMTPFRONTUID:-qmaild} \
     /usr/local/bin/tcpserver\
        -v \
        -U \
        -R \
        -x ${CDBFILE:-/etc/tcprules/tcp.smtp.cdb} \
        -c ${INSTANCES:-40} \
        -l ${LOCALNAME:-0} \
        ${LISTENIP:-0} \
        ${PORT:-smtp} \
        /usr/local/bin/envdir ./env \
        ${RBLSMTPD} \
        /usr/bin/smtpfront-qmail

cat /etc/e-smith/templates/var/service/smtpfront-qmail/runenv/10RBLLookup:
{
    my @rbllist = split /:/, ${'smtpfront-qmail'}{RBLList} || '';
    if (scalar @rbllist)
    {
        $OUT = 'RBLSMTPD="/usr/local/bin/rblsmtpd ';
        $OUT .= join " ", map { "-r $_" } @rbllist;
        $OUT .= '"';
    }
    else
    {
        $OUT = "# No RBLs are defined";
    }
}

directory /etc/e-smith/templates-custom/var/service/smtpfront-qmail has no entries

[raem]

All that looks OK, you are now configured for the one combined spamhaus list

> grep rblsmtpd /var/log/smtpfront-qmail/current |  tai64nlocal has no output

You will have to wait until you receive a message that gets rejected (because the sender was listed at spamhaus) before you will see any rblsmtpd type entries

To see all entries in date order you can also do
grep "" /var/log/smtpfront-qmail/current | tai64nlocal

PS Have you read my HOWTOs, everything I am saying to you here is in the HOWTOs ?

[romst]

to RayMitchell:

Only blacklisted ip logged in /var/log/smtpfront-qmail/current or ALL?

i did't saw any connection by iptraf to sbl-xbl.spamhaus.org when smtp received mail messages?