Koozali.org formerly Contribs.org

Disable blacklist, etc checking for secured qpsmtp

Disable blacklist, etc checking for secured qpsmtp
« on: July 24, 2006, 10:14:40 AM »
Hi,

If I'm not mistaken, the qpsmtpd and sqpsmtpd services share the same config.

If one of my users connects via sqpsmtpd, and authenticates, is it possible to not do any blacklist/spam checking?

Thanks,
Alex
......

bearTM

Re: Disable blacklist, etc checking for secured qpsmtp
« Reply #1 on: July 31, 2006, 04:03:53 PM »
Quote from: "Elax"
If one of my users connects via sqpsmtpd, and authenticates, is it possible to not do any blacklist/spam checking?

Hi Alex,

We have a number of users in China who unfortunately constantly get 'leftover' SPAM IP's, which are still in the DNSBL/RHSBL lists. Turning on the default qpsmtpd blacklist 'rejection' would outright reject ALL emails from any Blacklisted host. This wasn't quite what we needed ... So, I needed to solve the same problem, but I've done it in a different way.

Spamassassin has the appropriate Blacklists enabled (by default - i.e. I haven't enabled them in qpsmptd) and assigns a SPAM score to any emails received from them.

What I have done is the following:

I added a custom fragment for a Spamassassin match string (in /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf/) to check for the Received Header which contains the smtp validation of authentication which was added by the SME Server. I assigned this a negative score to ensure that it would pass the AUTH email and NOT flag it as SPAM.

I subsequently changed the settings for the Blacklists (i.e. the score) to ensure that an email from a Blacklisted servers would be rejected as SPAM.

By tweaking the scores, you can set any custom level of rejection for each list as you wish. This allows you to keep rejected emails in the "junkmail" folder for a while to ensure that everything is working as you want it to. Then it's a simple matter of setting the scores high to auto-delete it.

While this doesn't do an automatic rejection at the connection level (based on connecting IP), however it achieves the same result, albeit at the cost of the email traffic.

To (almost) ensure rejection by the Blacklists, I've doubled the SPAM scores (approx.) for now ... later on, I'll probably raise them higher to just auto-delete the emails.

Comments, corrections, enhancements appreciated ...

I'm now wondering if there is a good way to ensure that the Received header can't be forged in any way ...

Here's the example one I'm using named: 05smtpauth

Code: [Select]

#
# Allow any Valid SMTP AUTH user to (mostly) bypass the SPAM Checking
#
header SMTP_AUTH_VALID Received =~ /\b(smtp-auth username [a-z]\{3,16\}, mechanism login)\b.*\bby example\.com\b/
describe SMTP_AUTH_VALID SMTP Authentication found in Headers
score SMTP_AUTH_VALID -20.000
#
# Rework the Blacklist Scores to ensure SPAM Rejection
#
score RCVD_IN_BL_SPAMCOP_NET 4 # 0 1.332 0 1.558
score RCVD_IN_DSBL 5 # 0 1.801 0 2.600
score RCVD_IN_IADB_VOUCHED -2 # 0 -1.825 0 -2.200
score RCVD_IN_NJABL_CGI 0 # 0 # n=1 n=3
score RCVD_IN_NJABL_DUL 4 # 0 1.713 0 1.946
score RCVD_IN_NJABL_MULTI 0 # 0 # n=1 n=3
score RCVD_IN_NJABL_PROXY 2 # 0 0.327 0 0.721
score RCVD_IN_NJABL_RELAY 0 # 0
score RCVD_IN_NJABL_SPAM 5 # 0 1.905 0 2.775
score RCVD_IN_SBL 6 # 0 2.712 0 3.160
score RCVD_IN_SORBS_BLOCK 0 # 0 # n=1 n=3
score RCVD_IN_SORBS_DUL 4 # 0 1.988 0 2.046
score RCVD_IN_SORBS_HTTP 0 # 0
score RCVD_IN_SORBS_MISC 0 # 0
score RCVD_IN_SORBS_SMTP 1 # 0 0 0 0.201
score RCVD_IN_SORBS_SOCKS 4 # 0 1.823 0 2.159
score RCVD_IN_SORBS_WEB 2 # 0 1.236 0 1.456
score RCVD_IN_SORBS_ZOMBIE 1 # 0 0.240 0 0.258
score RCVD_IN_WHOIS_BOGONS 5 # 0 1.811 0 2.430
score RCVD_IN_WHOIS_INVALID 4 # 0 2.151 0 2.234
score RCVD_IN_XBL 6 # 0 3.114 0 3.897
#
# Custom Spamassassin Settings
#
report_safe 1
#
# SME Standard Settings
#