Topic: qpsmtpd rules

[eruqamca]

Hello

anyone knows if there is a contrib for qpsmtpd mail rules same mailrules rpm for mailfront in 6.x.x version of sme ?

[eruqamca]

I found this plugin and work like mailfront mailrules, i think i needs a console in server-manager. Can someone help me to develop this ?

Edgar

[CharlieBrady]

anyone knows if there is a contrib for qpsmtpd mail rules same mailrules rpm for mailfront in 6.x.x version of sme ?

The standard configuration already applies "mail rules".

[eruqamca]

The rules from qpsmtpd don't have the syntax of mailrules.default file of mailfront. I need this kind of rules. I will begin to write a contrib for this. If someone wants to help me then email me to elozadam@gmail.com, i think it can be based on mailfront-mailrules contrib plus a plugin for qpsmtpd.  

Grettings

Edgar

[eruqamca]

I'm working in a plugin to emulate the mailfront mailrules, it is already working with some rules like:

elozada@abc.com  @gmail.com      OK
elozada@abc.com  eruqamca@yahool.com      OK
elozada@abc.com  @*      DENY
@abc.com  @hotmail.com      DENY

The plugin is at:

http://ameba.dyndns.org/rulesfromto/check_rulesfromto

If someone want to post suggestions my e-mail is elozadam@gmail.com

Thanks

Edgar  

[kruhm]

Thanks for your work in doing this. I'm sure many will appreciate it. Surprisingly, I haven't found much discussion on this topic.

I haven't tried it yet but will do so soon.

Suggestions:

1-It would be great if it worked with IP addresses as well as email address (possibly a different plugin). For example, I want to block a particular IP address: 63.135.64.xx

2-be sure to allow the ACCEPTS before the DENYS. For example:

Code: [Select]


user@domain.tld everyone@mydomain.tld OK
*@* everyone@mydomain.tld DENY

Would result in the denial of all addresses to everyone except user@domain.tld

3- I would say that many had DUNGOG'S mailblocking installed on V6. The  rules were kept at: /home/e-smith/dungog
An easy way to transfer these rules into V7 would be great.

4- I looked into the qpsmtpd plugins a little further. Maybe:
-a clean documentation of the plugins are needed.
-how to configure the default plugins.
-as well as how your plugin is different from what's already there.

[alt-network]

I would like to see this also. I would love to set rules like this...

*@mail.ru *@* DENY

I would like to try the contrib. Has anyone tried it?


Doyle

[alt-network]

HELP!!!!!! I HAVE THE SCRIPT WORKING IN SME 7 BUT, I NEED IT TO BLOCK ANY EMAILS FROM ANYONE TO A DOMAIN.

@*    @DOMAIN   DENY


I CANT GET IT WORKING.

I NEED THIS FOR THE ISSUES WITH THE NEW VIRUS THAT CAME OUT LAST WEEK THAT SENDS SPAM EMAIL TO MY SERVERS AND BRING THEM DOWN. I AM GETTING EMAILS 6 EVERY SECOND FOR THE LAST 6 DAYS. IN SME 6.5 I WAS ABLE TO USE THE MAIL BLOCKING MODULE TO WORK BUT DO NOT WORK IN SME 7.

I HAVE IT SETUP ON SME 6.5 TO ACCEPT ANY EMAIL TO USER@DOMAIN.COM THEN UNDER THAT SET ANY EMAIL TO @DOMAIN DENY AND IT WORKS GREAT. THE SYSTEM IS NOT SLOWED DOWN DUE TO NOT HAVING TO PROCESS THE EMAIL. THIS SETUP DOES NOT WORK IN SME7.

OR, IS THEIR A WAY TO DENY ALL EMAILS TO NONE VALID USERS ON THE SYSTEM INSTEAD TO SENDING TO SEND OR SENDING TO ADMIN.


THANKS FOR ANY HELP

[piran]

Doyle-----

Be calm. Seek medical attention for your deafness.

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/var/qmail/control/badrcptto
pico -w /etc/e-smith/templates-custom/var/qmail/control/badrcptto/50NowVulnerable

# type your problem domains (one per line) eg spammedout@panic.com
# exit and save (Ctrl-X, y, return)

/sbin/e-smith/expand-template /var/qmail/control/badrcptto
service qmail restart
signal-event email-update

# relax, the world hasn't yet ended

[raem]

alt-network

> I HAVE THE SCRIPT WORKING IN SME 7...

If you publish your script here, people can look at it & then be in a position to make comments or suggestions.


> IS THEIR A WAY TO DENY ALL EMAILS TO NONE VALID USERS ON
> THE SYSTEM INSTEAD TO SENDING TO SEND OR SENDING TO ADMIN.

Messages sent to invalid users are not accepted by default.
An error message is returned.

[alt-network]

The code I am using is from here:

http://ameba.dyndns.org/rulesfromto/check_rulesfromto

It will not let me set a global sender.

Sme does process emails that are address to the domain of the server and if the user is not valid it resends it back to the sender.

With the setup from dungog email blocking I am able to tell qmail that if the email user is valid take and if not block so it will not process it.

ex.

FROM           TO                   ACTION
*@*         user@domain.com     OK
*@*            *@domain.com      DENY


With this as soon as it see that the email for user@domain.com is good it would process it. If it is not for user@domain.com but for unknown@domain.com it would not that the email.


The problem with badrcptto is that it will block all emails from domain.com where I do want email for domain.com but not for invalid users.

There is a new virus that came out last week that sends spam out and that only two of the current antivirus programs out will clean it. What is happing is that I am being hit by emails that it is over loading my sever (SME 6.5). I found that using the dungog email blocking program that I can tell smtp server that if I dont give it a user for that domain an ok it will not take the email and with that it will not process the email and over load it. If I let the email in it slows the server down do to spam filering, antivirus detection before the system knows if it is a vaild user. My system is handling the hit with the dungog module but I have a customer that is on sme 7 that is also getting hit to the point of locking the smtp server part. I am seeing more servers now getting hit and until internet users clean there system I need a way of blocking invaild users before the system processes it.


Thanks, I hope this explains it better.

[piran]

<Thanks, I hope this explains it better.>
Not really, I'm confused... though that's not particularly difficult.

FWIW I've found SME7 *considerably* more spam-resistant than my
old SME6 box even with the old mailblocking contrib from Dungog.
I can only suggest moving to SME7 and taking things from there;~/

You might derive more widespread help by stating specifics instead of
generalities. What, for instance, is <...this new virus...>?

Why is it that you discard the suggested badrcptto vector?
...you possess a spammedout@panic.com address that is being abused.
...any traffic for invalid users is just refused by SME7.

[duncan]

Doyle-----

Be calm. Seek medical attention for your deafness.

lol

[raem]

alt-network

> Sme does process emails that are address to the domain of the server > and if the user is not valid it resends it back to the sender.

If I send a message to an invalid user on a sme7 server this is what I get back, I gather from my ISP, not from the sme server.
The sme is telling the ISP that the recipient is invalid.
The original message is not returned.


This message was generated by the [ISP's name] Internet Email System.

   ----- The following addresses had permanent fatal errors -----
<freddofrog@domain.com.au>
    (reason: 550 invalid recipient freddofrog@domain.com.au)

   ----- Transcript of session follows -----
... while talking to xxx.domain.com.au.:
>>> DATA
<<< 550 invalid recipient freddofrog@domain.com.au
550 5.1.1 <freddofrog@domain.com.au>... User unknown
<<< 503 RCPT first


Is that not sufficient for your needs ?

[raem]

alt-network

> Sme does process emails that are address to the domain of the server
> and if the user is not valid it resends it back to the sender.


If I add the invalid recipient name to a sme7 in the file /var/qmail/control/badcrptto (temporarily not via a custom template), and then I send a message to that same invalid address I get the following, which is very similar (almost identical) to the message the sender gets if they sent to a invalid user on a default configured sme7.

This message adds the text "not accepted here ", but the sender still gets a error message from their ISP either way (not the return of the original message).
I don't see any significant gain your script may have over a default sme7.


This message was generated by the ISP name Internet Email System.

   ----- The following addresses had permanent fatal errors -----
<freddofrog@domain.com.au>
    (reason: 550 mail to freddofrog@domain.com.au not accepted here (#5.1.1))

   ----- Transcript of session follows -----
... while talking to xxxx.domain.com.au.:
>>> DATA
<<< 550 mail to freddofrog@domain.com.au not accepted here (#5.1.1)
550 5.1.1 <freddofrog@domain.com.au>... User unknown
<<< 503 RCPT first


PS You also have the file /var/qmail/control/badmailfrom to specify senders addresses you want to permanently block.
You could also put a senders address into the spamassassin Black list, which will result in a high score being given to that message and if your Email (spamassassin custom section) panel is set to reject messages with a score above 15 or similar, then messages from that sender will be rejected.