Topic: qpsmtpd rules

[eruqamca]

Hello

anyone knows if there is a contrib for qpsmtpd mail rules same mailrules rpm for mailfront in 6.x.x version of sme ?

[eruqamca]

I found this plugin and work like mailfront mailrules, i think i needs a console in server-manager. Can someone help me to develop this ?

Edgar

[CharlieBrady]

anyone knows if there is a contrib for qpsmtpd mail rules same mailrules rpm for mailfront in 6.x.x version of sme ?

The standard configuration already applies "mail rules".

[eruqamca]

The rules from qpsmtpd don't have the syntax of mailrules.default file of mailfront. I need this kind of rules. I will begin to write a contrib for this. If someone wants to help me then email me to elozadam@gmail.com, i think it can be based on mailfront-mailrules contrib plus a plugin for qpsmtpd.  

Grettings

Edgar

[eruqamca]

I'm working in a plugin to emulate the mailfront mailrules, it is already working with some rules like:

elozada@abc.com  @gmail.com      OK
elozada@abc.com  eruqamca@yahool.com      OK
elozada@abc.com  @*      DENY
@abc.com  @hotmail.com      DENY

The plugin is at:

http://ameba.dyndns.org/rulesfromto/check_rulesfromto

If someone want to post suggestions my e-mail is elozadam@gmail.com

Thanks

Edgar  

[kruhm]

Thanks for your work in doing this. I'm sure many will appreciate it. Surprisingly, I haven't found much discussion on this topic.

I haven't tried it yet but will do so soon.

Suggestions:

1-It would be great if it worked with IP addresses as well as email address (possibly a different plugin). For example, I want to block a particular IP address: 63.135.64.xx

2-be sure to allow the ACCEPTS before the DENYS. For example:

Code: [Select]


user@domain.tld everyone@mydomain.tld OK
*@* everyone@mydomain.tld DENY

Would result in the denial of all addresses to everyone except user@domain.tld

3- I would say that many had DUNGOG'S mailblocking installed on V6. The  rules were kept at: /home/e-smith/dungog
An easy way to transfer these rules into V7 would be great.

4- I looked into the qpsmtpd plugins a little further. Maybe:
-a clean documentation of the plugins are needed.
-how to configure the default plugins.
-as well as how your plugin is different from what's already there.

[alt-network]

I would like to see this also. I would love to set rules like this...

*@mail.ru *@* DENY

I would like to try the contrib. Has anyone tried it?


Doyle

[alt-network]

HELP!!!!!! I HAVE THE SCRIPT WORKING IN SME 7 BUT, I NEED IT TO BLOCK ANY EMAILS FROM ANYONE TO A DOMAIN.

@*    @DOMAIN   DENY


I CANT GET IT WORKING.

I NEED THIS FOR THE ISSUES WITH THE NEW VIRUS THAT CAME OUT LAST WEEK THAT SENDS SPAM EMAIL TO MY SERVERS AND BRING THEM DOWN. I AM GETTING EMAILS 6 EVERY SECOND FOR THE LAST 6 DAYS. IN SME 6.5 I WAS ABLE TO USE THE MAIL BLOCKING MODULE TO WORK BUT DO NOT WORK IN SME 7.

I HAVE IT SETUP ON SME 6.5 TO ACCEPT ANY EMAIL TO USER@DOMAIN.COM THEN UNDER THAT SET ANY EMAIL TO @DOMAIN DENY AND IT WORKS GREAT. THE SYSTEM IS NOT SLOWED DOWN DUE TO NOT HAVING TO PROCESS THE EMAIL. THIS SETUP DOES NOT WORK IN SME7.

OR, IS THEIR A WAY TO DENY ALL EMAILS TO NONE VALID USERS ON THE SYSTEM INSTEAD TO SENDING TO SEND OR SENDING TO ADMIN.


THANKS FOR ANY HELP

[piran]

Doyle-----

Be calm. Seek medical attention for your deafness.

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/var/qmail/control/badrcptto
pico -w /etc/e-smith/templates-custom/var/qmail/control/badrcptto/50NowVulnerable

# type your problem domains (one per line) eg spammedout@panic.com
# exit and save (Ctrl-X, y, return)

/sbin/e-smith/expand-template /var/qmail/control/badrcptto
service qmail restart
signal-event email-update

# relax, the world hasn't yet ended

[raem]

alt-network

> I HAVE THE SCRIPT WORKING IN SME 7...

If you publish your script here, people can look at it & then be in a position to make comments or suggestions.


> IS THEIR A WAY TO DENY ALL EMAILS TO NONE VALID USERS ON
> THE SYSTEM INSTEAD TO SENDING TO SEND OR SENDING TO ADMIN.

Messages sent to invalid users are not accepted by default.
An error message is returned.

[alt-network]

The code I am using is from here:

http://ameba.dyndns.org/rulesfromto/check_rulesfromto

It will not let me set a global sender.

Sme does process emails that are address to the domain of the server and if the user is not valid it resends it back to the sender.

With the setup from dungog email blocking I am able to tell qmail that if the email user is valid take and if not block so it will not process it.

ex.

FROM           TO                   ACTION
*@*         user@domain.com     OK
*@*            *@domain.com      DENY


With this as soon as it see that the email for user@domain.com is good it would process it. If it is not for user@domain.com but for unknown@domain.com it would not that the email.


The problem with badrcptto is that it will block all emails from domain.com where I do want email for domain.com but not for invalid users.

There is a new virus that came out last week that sends spam out and that only two of the current antivirus programs out will clean it. What is happing is that I am being hit by emails that it is over loading my sever (SME 6.5). I found that using the dungog email blocking program that I can tell smtp server that if I dont give it a user for that domain an ok it will not take the email and with that it will not process the email and over load it. If I let the email in it slows the server down do to spam filering, antivirus detection before the system knows if it is a vaild user. My system is handling the hit with the dungog module but I have a customer that is on sme 7 that is also getting hit to the point of locking the smtp server part. I am seeing more servers now getting hit and until internet users clean there system I need a way of blocking invaild users before the system processes it.


Thanks, I hope this explains it better.

[piran]

<Thanks, I hope this explains it better.>
Not really, I'm confused... though that's not particularly difficult.

FWIW I've found SME7 *considerably* more spam-resistant than my
old SME6 box even with the old mailblocking contrib from Dungog.
I can only suggest moving to SME7 and taking things from there;~/

You might derive more widespread help by stating specifics instead of
generalities. What, for instance, is <...this new virus...>?

Why is it that you discard the suggested badrcptto vector?
...you possess a spammedout@panic.com address that is being abused.
...any traffic for invalid users is just refused by SME7.

[duncan]

Doyle-----

Be calm. Seek medical attention for your deafness.

lol

[raem]

alt-network

> Sme does process emails that are address to the domain of the server > and if the user is not valid it resends it back to the sender.

If I send a message to an invalid user on a sme7 server this is what I get back, I gather from my ISP, not from the sme server.
The sme is telling the ISP that the recipient is invalid.
The original message is not returned.


This message was generated by the [ISP's name] Internet Email System.

   ----- The following addresses had permanent fatal errors -----
<freddofrog@domain.com.au>
    (reason: 550 invalid recipient freddofrog@domain.com.au)

   ----- Transcript of session follows -----
... while talking to xxx.domain.com.au.:
>>> DATA
<<< 550 invalid recipient freddofrog@domain.com.au
550 5.1.1 <freddofrog@domain.com.au>... User unknown
<<< 503 RCPT first


Is that not sufficient for your needs ?

[raem]

alt-network

> Sme does process emails that are address to the domain of the server
> and if the user is not valid it resends it back to the sender.


If I add the invalid recipient name to a sme7 in the file /var/qmail/control/badcrptto (temporarily not via a custom template), and then I send a message to that same invalid address I get the following, which is very similar (almost identical) to the message the sender gets if they sent to a invalid user on a default configured sme7.

This message adds the text "not accepted here ", but the sender still gets a error message from their ISP either way (not the return of the original message).
I don't see any significant gain your script may have over a default sme7.


This message was generated by the ISP name Internet Email System.

   ----- The following addresses had permanent fatal errors -----
<freddofrog@domain.com.au>
    (reason: 550 mail to freddofrog@domain.com.au not accepted here (#5.1.1))

   ----- Transcript of session follows -----
... while talking to xxxx.domain.com.au.:
>>> DATA
<<< 550 mail to freddofrog@domain.com.au not accepted here (#5.1.1)
550 5.1.1 <freddofrog@domain.com.au>... User unknown
<<< 503 RCPT first


PS You also have the file /var/qmail/control/badmailfrom to specify senders addresses you want to permanently block.
You could also put a senders address into the spamassassin Black list, which will result in a high score being given to that message and if your Email (spamassassin custom section) panel is set to reject messages with a score above 15 or similar, then messages from that sender will be rejected.

[alt-network]

Thanks for the responses. It is an issues when you have very large customers crashing because of this.

I have been working with sme since it was e-smith 2.0. I am sorry if I was not detailed. Lot of times I have trouble finding anyone who can help at the tech level.

I want to apologize. In Sme 6.5 it would resend the email back to the email address of the person who sent the email and if the email address was forged it would send it to that email address and not to the person who sent it. I did not know that in sme 7 that they have changed it. I did not do my homework ; )

The badrcptto would not work because the user that the email is being sent to is random.

The virus that came out last week was-
Malware.Trojan.Backdoor.Gen

Thank you for your help!!!!!!!!!!!!!!!

[raem]

alt-network

Out of interest do you run those customers sme7 servers with RBL lists enabled (if so which lists) and with executable content filtering enabled (all except zipv2) and with spamassassin enabled to reject above a score of 15 ?

[alt-network]

Yes on all. I have my customers running on sme since e-smth 2. I have worked with vpn on sme before it was being used. I have found it working better then micro***t from day 1.

I have the spamassassin set at 10 because I have found that any emails over 10 all spam and dont what to waste my time on them.

I have the default rbl works fine and have been looking into fine tuning that.

I also host over 20 websites on sme 6.5 and looking forward to moving over to sme 7 for the improved email handling.

[raem]

alt-network

> I also host over 20 websites on sme 6.5 and looking forward to
> moving over to sme 7 for the improved email handling

So you are not yet using sme7 !
sme7 is better in many respects, not only just mail handling improvements.

[alt-network]

Yes, I agree.

I have a replacement server going in this month with sme 7 but still waiting for my memory upgrade to come in.

[alt-network]

Thank you for your help.

I finely decided to do some homework and learn more about the qpsmtpd.

I found that the goodrcptto plugin int the qpsmtpd is doing what I was looking for.

    http://http.netdevice.com:9080/qmail/patch/goodrcptto-12.patch

"A qmail server will normally accept email for any recipient address at a domain.
This patch causes the server to reject single recipient email to an invalid
recipient, and filter out the invalid recipients from multiple recipient email,
while accepting the message for the valid recipients.
This occurs during the initial SMTP conversation for a reduction in disk I/O.
The server rejects attempts to queue messages to non existent recipients, and joe job bounces to forged recipients, preventing them from becoming double bounces."

What is still happening is that hundards of emails with hundards of email addresses in each email is hitting the server to the point that the qpsmtpd locks.


Under the /var/service/qpsmtpd/control/plugins shows the order of what is checked with each email.

_____________________________________________________________

#------------------------------------------------------------
#              !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://wiki.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------

auth/auth_cvm_unix_local cvm_socket /var/lib/cvm/cvm-unix-local.socket enable_sm
tp no enable_ssmtp yes
check_earlytalker
count_unrecognized_commands 4
# bcc disabled
check_relay
check_norelay

require_resolvable_fromhost
check_basicheaders
# rhsbl disabled
dnsbl
check_badmailfrom
check_badrcptto_patterns
check_badrcptto
check_spamhelo
check_goodrcptto extn -  
# check_smtp_forward not required

rcpt_ok
virus/pattern_filter check=patterns action=deny

tnef2mime

spamassassin reject_threshold 10 munge_subject_threshold 5
virus/clamav clamscan_path=/usr/bin/clamdscan action=reject max_size=25000000
queue/qmail-queue

_____________________________________________________________

NOTE: The email is checked with 11 plugins before it checked against the goodrcptto list and when it hits the goodrcptto plugin it checks each and every email address in the email slowing the system while more emails are coming in. With 100-300 emails every 5 mins it is causing qpsmtp to lockup forcing a reboot.

check_earlytalker
count_unrecognized_commands 4
check_relay
check_norelay
require_resolvable_fromhost
check_basicheaders
dnsbl
check_badmailfrom
check_badrcptto_patterns
check_badrcptto
check_spamhelo
check_goodrcptto extn -


NOTE: What I did was moved the goodrcptto plugin before the dnsbl to keep the system from wasting resources.

_____________________________________________________________

#------------------------------------------------------------
#              !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://wiki.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------

auth/auth_cvm_unix_local cvm_socket /var/lib/cvm/cvm-unix-local.socket enable_sm
tp no enable_ssmtp yes
check_earlytalker
count_unrecognized_commands 4
# bcc disabled
check_relay
check_norelay

require_resolvable_fromhost
check_basicheaders
check_goodrcptto extn -
# rhsbl disabled
dnsbl
check_badmailfrom
check_badrcptto_patterns
check_badrcptto
check_spamhelo
# check_smtp_forward not required

rcpt_ok
virus/pattern_filter check=patterns action=deny

tnef2mime

spamassassin reject_threshold 10 munge_subject_threshold 5
virus/clamav clamscan_path=/usr/bin/clamdscan action=reject max_size=25000000
queue/qmail-queue

_____________________________________________________________

Does anyone think if this will case any issues with the system. While watching the /var/log/qpsmtpd/current - log I see that bouges emails are being denied before wasting resources.

On the same webpage it talks about dictionary attacks which the emails that are coming in looks like.

"To prevent dictionary attacks, the transmission channel is closed after the
number of bad recipients set in control/brtlimit or BRTLIMIT, two by default.
Repeated attempts from the same IPs may be handled by a cron that looks at the
logs and updates tcprules accordingly."

Does anyone know anything about "brtlimit" that it is talking about.


Thanks...

[piran]

Nice home work;~)
Maybe you make the life of the dictionary attacker easier though...
by sending back the invalid early? That BRTLIMIT thing (two by
default) seems to work. All such instances that used to occur here in
waves on my SME6 box now happen in no more than 2 on my SME7.
Sheer guess: BRTLIMIT (bad recipients tolerated limit?)

[alt-network]

Ray,

Thanks for your ideas and help. The I am looking into this issues I am finding that I am being hit by a mailbomb from random ipaddress. My sme6.5 is taking the hit but one of my customers who are on sme7 is being hit and causing the system to lockup.

I found that there is a added feature on the goodrctto plugin that will block the ipaddress of the server sending the mailbomb.

http://msgs.securepoint.com/cgi-bin/get/qmail0409/54/3.html

What do you think of this?

Do you have any Ideas for mailbomds?

[piran]

Depends on the flavour of the mailbomb?
Multiple attempts from same IP to invalid recipients on SME7 is already
covered as the link is just dropped. However individual attempts from
many IPs needs lots of processing... so turn off SA for the duration of
the mailbomb?

[gocdo]

Hi,

I have a 'similar' mail server setup. About 1500 email accounts for around 250 domains on a 6.5 box and I recently moved about 60 email accounts for 3 domains to a 7.0 box. All servers are identical 3Ghz boxes on raided 200GB disks with 2GB ram. The email servers are fairly bare in the extra contribs installed and both are pretty much the same. Yum updates are current.

Midmorning Tue 5th Dec, the 7.0 box suddenly died - not crash. Login took 30 minutes. Load was over 100 and swap was exhausted :-}. Had to be email since that is all that server was doing. Check showed no rootkits etc. Hundreds of qpsmtpd-fork processes. Contrast - the 6.5 box gets busy - load sometimes to about 5 - but it is still quite responsive.

Took about a week to resolve - fortunately with very patient customers. After considerable time digging (searching these forums is painful with the few search limit) and experimenting I moved the recipient ok check to the start of the qpsmtpd list, disabled spamassassin (SA) and clam checking, modified the smtpd connections to 10 and left the ip connections at 5. This reduced the load issue dramatically. I finally moved one domain back to one of the 6.5 boxes and performance on the 7.0 server is now acceptable. Thinking back, I didn't sufficiently test disabling the RBL lookups, this was probably causing the excessive time pre-processing the messages before rejecting or handing to qmail. Will try that as well.

Observation: the 6.5 system can cope with a far higher load while the 7.0 system was slightly better at reducing spam (when SA was enabled). The 6.5 box has sustained a long term average of around an email every two seconds (for months) while the 7.0 server seems to choke on a short term sustained rate of more than one every 5 to 10 seconds. The log files indicated the 7.0 server would hit the connection limit and limit processing, however, the connections would still be arriving with top and ps showing the qpsmtpd_fork process numbers would build up and hover around 100. Processing email would get progressively slower until POPing would timeout and no new mail was being delivered.

With a light email load, say, a message a minute or less and you wouldn't see the performance issues until an email bombing session starts.

Not sure I call these SME bugs - so have not logged it.

Regards
Kevin

[alt-network]

That is what has and still is happening to the setup I have. My sme 6.5 server is being hit with 6 emails every second which adds up to about 23,000 per day and is still running strong. But I am getting hit hard with spam that is getting past the SA. The sme 7 is getting hit with 1 to 3 each second and locking up.

I do think that it maybe the SA that is causing the issues in sme 7. I have been trying to find information about the control/brtlimit or BRTLIMIT patch that will block the ip of the sender if it happens more then twice but have not found any help with that without rewriting the goodrcptto plugin.

I am working with a programmer to find a way of intergrading this feature into a program that someone wrote as a concept for sme 5. I was able to rewrite it for sme 6.X and then for sme 7. What it does is if someone is attacking the server with a dictionary attack at ssh or just trying to get in, it will auto lock that ip for 15 days then after 15 days auto unlock it. It works great and I am looking into setting up a way to include this to block the mailbombs.

I think this will be the only way to get this under control; by not letting in the smtp servers that are being used for mailbombs.

[dmay]

I suggest you open a Bug Tracker ticket and report your issues and observations.

Darrell

[piran]

Depending on the profile of the mailbomb's botnet and on the way
they are programmed have you considered implementing greylisting?
http://forums.contribs.org/index.php?topic=33662.msg143786#msg143786
By then disabling SA you might not lock up so much and greylisting
may give you some breathing room to develop a working defense.

[alt-network]

I have found a qpsmtp plugin that will block the ip of the smtp server that is getting deny when sending emails to the sme 7 server. It is a plugin written just for this and would like help getting it working on sme7.

http://www.oreillynet.com/lpt/a/6167


I have the code installed but getting errors. I don't know perl very well and can't get it working.

Here is the code. Can any one help!

use NDBM_File;
use Fcntl;

sub init {
    my ($self, $qp, $filename, $threshold) = @_;
   
    tie my %h, 'NDBM_File', $filename, O_RDWR|O_CREAT, 0666
        or die "Unable to tie $filename: $!";
    $self->{dbm} = \%h;
    $self->{deny_threshold} = $threshold;
}

#!perl -w

sub hook_deny {
    my ($self, $transaction, $plugin, $level) = @_;
   
    # We're only interested in DENY or DENY_DISCONNECT
    unless ($level == DENY or $level == DENY_DISCONNECT) {
        return DECLINED;
    }
   
    return DECLINED if $plugin eq $self->plugin_name;
   
    # continued...

    my $ip = $self->connection->remote_ip;
    my $now = time;

    my $record = $self->{dbm}->{$ip};
    # Is this IP in the DB?
    if (!$record) {
        $self->{dbm}->{$ip} = pack("NN", 1, $now);
        return DECLINED;
    }
   
    my ($count, $tlast) = unpack("NN", $record);

    # Denied within the last 8 hours?
    if ($tlast < ($now - 28800)) {
        # Not denied in last 8 hours so just reset count.
        $self->{dbm}->{$ip} = pack("NN", 1, $now);
        return DECLINED;
    }
   
    # Now just update the count
    $self->{dbm}->{$ip} = pack("NN", $count+1, $now);
   
    return DECLINED;
}

sub hook_connect {
    my ($self, $transaction) = @_;
   
    my $ip = $self->connection->remote_ip;
    my $record = $self->{dbm}->{$ip} || return DECLINED;
    my ($count, $tlast) = unpack("NN", $record);
   
    # Ignore and delete entry if not denied in last 12 hours
    if ($tlast < (time - 43200)) {
        delete $self->{dbm}->{$ip};
        return DECLINED;
    }
   
    if ($count >= $self->{deny_threshold}) {
        return DENYSOFT, "You are a repeat offender. Go away";
    }
   
    return DECLINED;
}




I think this will be the answer for the mailbomb issues. Please check and let me what you think and if I can get help working on it.


The error I am getting is:

eval Can't locate NDM_File.pm in @INC

[cjensen]

You seem to be missing a perl-module:

NDBM_File.pm http://search.cpan.org/author/NWCLARK/perl-5.8.8/ext/NDBM_File/NDBM_File.pm

Do you have this perl-module installed?  

Code: [Select]

perldoc NDBM_File will return

Code: [Select]

No documentation found for "NDBM_File". if not installed.

This module is listed under Perl 5.8.8  SME 7.0 is 5.8.5


Craig Jensen

[alt-network]

I checked and that is correct that it is not installed. Does anyone  know how to install this or update it without braking anything else?

[raem]

alt-network

> The sme 7 is getting hit with 1 to 3 each second and locking up.

config show smtpd
look at
Instances
and
Instances PerIP

tweaking these may slow things down.

[raem]

alt-network

You might also look at this setting

cat /var/qmail/control/concurrencyremote

[alt-network]

Thanks Ray,

I have questions on some of the settings. Just checking to see if I understand them.

I tried searching the internet on them before wasting your time but unable to find them.

First:
Instances : Is this the max number of smtp connections or emails being processed?

Second:
Instances PerIP : Is this the max number of connections at one time per IP or the max total of smtp servers?

Third: seen this setting....
MaximumDateOffset: Is this setting for checking dates for emails ex: If the setting is set for 1 will it let emails that are 1 day different in and the date more then 1 day deny?

Fourth:
var/qmail/control/concurrencyremote: confused about this one. Is this not controlled by the above and if not what does it control. Next, to change this setting do I change it in the template folder or is there a command to set this.


Thanks for your time.....
Doyle

[dmay]

The smtpd db entries Instances=40 & InstancesPerIP=5 relate to qpsmtpd-forkserver -c & -m, explained here:

Code: [Select]

# qpsmtpd-forkserver --help
usage: qpsmtpd-forkserver [ options ]
 -l, --listen-address addr : listen on specific address(es); can be specified
                             multiple times for multiple bindings.  Default is
                             0.0.0.0 (all interfaces).
 -p, --port P              : listen on a specific port; default 2525
 -c, --limit-connections N : limit concurrent connections to N; default 15
 -u, --user U              : run as a particular user (default 'smtpd')
 -m, --max-from-ip M       : limit connections from a single IP; default 5
     --pid-file P          : print main servers PID to file P
 -d, --detach              : detach from controlling terminal (daemonize)

I have found Instances=40 very problematic myself:

http://bugs.contribs.org/show_bug.cgi?id=2139

Darrell

[raem]

alt-network

> Instances : Is this the max number of smtp connections

Yes

> Instances PerIP : Is this the max number of connections at one time per IP

Yes

...and I think this setting may definitely benefit you if your reduce it, to stop "mesage bombs" coming from the same server IP.


> var/qmail/control/concurrencyremote: confused about this one.
> Is this not controlled by the above and if not what does it control.

This controls qmail parameters, not smtpd parameters
There is also var/qmail/control/concurrencylocal

From my sme6 notes (modified slightly for sme7)
cat /var/qmail/control/concurrencyremote
20

config setprop qmail ConcurrencyRemote 5
signal-event email-update
/etc/init.d/qmail restart


I'm not sure if there is a better "sme7 way" of doing this.

[paulfung]

Hello

anyone knows if there is a contrib for qpsmtpd mail rules same mailrules rpm for mailfront in 6.x.x version of sme ?

As per I know, the mailfront in 6.x.x can copy all out going email to a mail box i.e. : "maillog", does any one know if there exist any way to do it in 7.1 via qpsmtpd's mail rule ?

Thanks for any info.

[raem]

paulfung

http://forums.contribs.org/index.php?topic=31374.0

[paulfung]

Thanks !!

By the way,
 does it support multible forwarding format like "xx1@domain.com;xx2@domain2.com"

Best Regards,

Paul

[albatroz]

So in summary there is no current replacement for this contrib
dungog-mailblocking-1.0-3.noarch.rpm

[kruhm]

So in summary there is no current replacement for this contrib
dungog-mailblocking-1.0-3.noarch.rpm

What are you looking to do specifically? Give an example.

[albatroz]

I want that:

* Certain local users can´t be capable of sending email to Internet, only intranet

* Certain local users can´t be capable of receiving email from Internet, only intranet

* Block the reception of emails from certain addresses/domains to the whole server or to certain local users.

[kruhm]

* Certain local users can´t be capable of sending email to Internet, only intranet

In short, no.
On a published domain -no. (You could fake out a published domain but then the published domain wouldn't work. For example, you could have your own yahoo.com but then the real yahoo.com wouldn't work.)
On an unpublished local domain & sme is your dns -yes. A domain like thisismylocaldomain5746.com doesn't exist except on your server and email will remain local both sending and receiving.

* Certain local users can´t be capable of receiving email from Internet, only intranet

same as above. In short, no.

* Block the reception of emails from certain addresses/domains to the whole server...

yes. http://bugs.contribs.org/show_bug.cgi?id=2409

...or to certain local users.

no.

[albatroz]

So I will have to keep using SME 6.1

[raem]

albatroz

> So I will have to keep using SME 6.1

...and get hacked !!!

sme7 does things differently to sme6 so you can't expect the solution that worked for sme6 to be implemented in sme7.

Look at http://forums.contribs.org/index.php?topic=36302.0

and search forums on check_badmailfromto for other posts on the subject