Topic: Fighting spam with SME dedicated DNSBL

[Knuddi]

SMEOptimizer has now been enhanced with remote monitoring of the registered SME server. This means that it (its public IP) will be checked daily for registration in about 80 different public DNS blacklists. It will also on a regular basis (every 30 minute) be checked on the SMTP channel to see whether its online.

If the server has issues, then the admin will receive an alert via email.

See the updated Howto on how to configure these settings.

https://wiki.contribs.org/SMEOptimizer

Enjoy,
Jesper

[brianr]

Got this:

[root@bjsserver smeoptimizer]# ./SMEOptimizer.pl -status

         SMEOptimizer - Optimize your SME server
by SMEOptimizer.com - Copyright (c) 2016, all rights reserved.
 Servers hosted and operated by ScanMailX - www.scanmailx.com

Use of uninitialized value in printf at ./SMEOptimizer.pl line 236.
Contact Email       :   
Alerts              :   Yes
Spam Reports        :   111
Registered          :   2016-10-07 09:34:24
Last SpamReports    :   2016-10-09 20:44:01

Looks like no email set, so I set one (used -connect), and the uninit var went away!!

How do I know if I've been allowed to use DNS for spamassassin?

Also MY server is on a dynamic IP address, so your alert system will not really work?  My others ones which I'll add once I've got some more confidence are however on fixed IPs.

[Knuddi]

Yes, the first few servers registered did not set the default value for contact email - you were one of them

If you try the "--status" again, you will see a new line indicating whether you have DNS Blacklist access.

Alerts              :   Yes
Spam Reports        :   88
Registered          :   2016-10-07 16:03:52
DNS Blacklist       :   Active via SpamAssassin
Last SpamReports    :   2016-10-09 22:23:01

If you are on a dynamic IP, then you are right that SMTP checks are quite unstable and the check for blacklist listning most certainly. You should therefore consider to disable Alerts for that server.

[brianr]

So I see you are using spamassassin score of 5 for the situation in which one of your rules fire. This should at least push the email into the "move to the junkmail folder" category.

I am interested to know why you have chosen to use spamassasin rather than treating it as a "genuine" DNSBL or writing a custom plugin for qpsmtpd (which quite clearly you understand enough to do).

My hidden agenda is that I'd like to be able to identify the emails which are found by your package and identify them on the mailstats report. Unfortunatly the latest qpsmtpd (0.96) has removed the logging of the Spamassassin rules that have been applied so I've had to take out the spamassassin league table.

[Knuddi]

The reason for choosing SA is that I didn't want to make a hard trigger from start. If I created a qpsmtpd plugin that hard triggered a reject it could cause annoyance for now. Having said that, then it is the plan to do just that when the confidence level has been build up.

I can see that SA adds these to the mail header (X-Spam-Status) , so I will be able to pull these out and count hits on rules.

[brianr]

The reason for choosing SA is that I didn't want to make a hard trigger from start. If I created a qpsmtpd plugin that hard triggered a reject it could cause annoyance for now. Having said that, then it is the plan to do just that when the confidence level has been build up.

I can see that SA adds these to the mail header (X-Spam-Status) , so I will be able to pull these out and count hits on rules.

Good news that you intend to write a qpsmtpd plugin - I'll then be able to count the uses of it.  Althyough spamassassin adds a x-spam-status header to the email, it no longer drops it into the qpsmtpd log file, so the mailstats package cannot access it just now. I'll just have to look out for more emails ending up ion the junkmail folder...

[bosco555]

Hi All,

installed on a couple of servers this morning, but now I get this:

Contact Email       :   admin@mail.com (Email has been altered, of course)
Alerts              :   Yes
Spam Reports        :   418
Registered          :   2016-10-17 07:44:59
DNS Blacklist       :   Awaiting enough spam reports to be activated
Last SpamReports    :   2016-10-17 08:13:26

How many Spam reports are needed for the DNS Blacklist to be activated?

Thanks

[Knuddi]

That is odd - the trigger is 50 spam reports. Let me check why it hasn't been upgraded.

Got it - upgrade script has been fixed and you should have received mail confirmation of upgrade.

[brianr]

This seems a bit odd?

SMEOptimizer status:
   Alerts              :   No
   Spam Reports        :   20093
   Registered          :   2016-10-07 09:34:24
   DNS Blacklist       :   Active via SpamAssassin
   Last SpamReports    :   2016-10-19 00:26:05

20,000 is more than I'd expect in a year! Are you sure you are not keeping track through my IP which changes...

[Knuddi]

The counter is not related to the IP but the servers unique SME ID. So I guess that you receive more shi... than you think. Please notice that also directory attacks are counted and they often come in big waves.

[brianr]

The counter is not related to the IP but the servers unique SME ID. So I guess that you receive more shi... than you think. Please notice that also directory attacks are counted and they often come in big waves.

Actually you are right!!  I had 19,000 in 3 hours yesterday afternoon! All rejected as non-conformant.

[bosco555]

That is odd - the trigger is 50 spam reports. Let me check why it hasn't been upgraded.

Got it - upgrade script has been fixed and you should have received mail confirmation of upgrade.

Thanks Jesper..all good now...

[Knuddi]

Now some weeks later there are 39 servers registered that have provided 2598279 spam reports resulting in additional 5767 harvested IP addresses in the community DNS BL.

I can also notice that several of the registered servers are listed in various other international blacklists (e.g Spamhaus) so that I assume causes some admin thoughts as well

[Knuddi]

Just a small update on the status of the DNSBL. As of today (April 24, 2017), 23.987.906 spam reports have been registered from the 54 contributing servers in the setup. This has resulted in a DNSBL that serves 22448 active and bad IPs back to the contributing server.