MAPS / Qmail Question

[lloy0076]

Hi There,

I have:

* sbl-xbl.spamhaus.org

...and the "Enable MAPS spam protections" in my 7.5.4 version of Plesk.

It doesn't appear to be working according to the link:

* http://www.crynwr.com/spam/

Any idea what I need to do to get this working? I've grepped the log files and such for "spamhaus" and can't see any mention of it...

DSL

 

[jamesyeeoc]

Edited: I stand sort of corrected. Grep your /usr/local/psa/var/log/maillog and maillog.processed for 'spamhaus', it should log when the crynwr test happens. However, the rblsmtpd module does not appear to log each and everytime it does a lookup at the spamhaus RBL list...

So you sent an email according to spamhaus.org's instructions:

Testing your SBL Setup

Once you have set up your mail server to use sbl.spamhaus.org, you can test to see if the SBL blocking is working by sending an email (any email) to: [email protected] (you must send the email from the mail server which you wish to test). The Crynwr system robot will answer you to tell you if your server is correctly blocking SBL-listed IPs or not.

and the Crynwr robot sent you a reply. Please post what their reply was.

If you SSH into your server, and check the following file (assuming you run a RedHat type OS) /etc/xinetd.d/smtp_psa do you see something quite like:

service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

The part in BOLD is primarily what we are after.

 

[lloy0076]

Hi There,

So you sent an email according to spamhaus.org's instructions: and the Crynwr robot sent you a reply. Please post what their reply was.

It said:

220 my.mail.server ESMTP
helo sbl.crynwr.com
250 my.mail.server
mail from:<>
250 ok
rcpt to:<[email protected]>
250 ok
data
354 go ahead
From: [email protected]
To: [email protected]er
Date: Tue, 11 Oct 2005 3:39:23 -0000
Message-Id: <[email protected]>
Precedence: junk

Test message
.
250 ok 1129001952 qp 12745
quit
Successful termination. As far as I can tell, the email was delivered.
That might not be what you want.

I did receive the message.

I use a Debian system bu there is no such BOLD statement in the correct place.

I only have:

smtp stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -Rt0 /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
smtps stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -Rt0 /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true

Such a line should be there but I don't want to put it in manually unless I have to.

DSL

 

[jamesyeeoc]

Ah, ok, for Debian, please see the post by Perler at:

http://forums.sw-soft.com/showthread.php?threadid=27837&highlight=debian+AND+smtp

be careful, his quoted post has some extra spaces which should not be there, such as "s pamhaus" and "qmai l"...

 

[lloy0076]

Hmmm...

http://forums.sw-soft.com/showthread.php?threadid=27837&highlight=debian+AND+smtp

be careful, his quoted post has some extra spaces which should not be there, such as "s pamhaus" and "qmai l"... [/B]

I tried:

smtp stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -Rt0 /var/qmail/bin/relaylock /usr/sbin/rbmsmtpd -rrelays.ordb.org /var/qmail/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/
true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true

...and my mail server suddenly stops listening on port 25 [and logs no connection attempts at all].

I've looked at:

* http://www.chrishardie.com/tech/qmail/qmail-antispam.html#views

...and from what I can discern that looks about right but obviously there is -something- wrong with it.

Maybe it's just got me because I'm honestly an older style Sendmail hacker (give me Sendmail any day) but I think I'm being defeated here by something really easy to overlook but will make me feel rather silly when I do see it

DSL

 

[jamesyeeoc]

Looks like standard typos...

/usr/sbin/rbmsmtpd -rrelays.ordb.org

should be

/usr/sbin/rblsmtpd -r relays.ordb.org

or

/usr/sbin/rblsmtpd -b -r relays.ordb.org

Now also, in the other post, he put a -b before the -r and he also did not have the -Rt0 (which I know is useful, but just pointing it out to compare apples to apples)...

I'm not sure what the -b option is off the top of my head...

 

[lloy0076]

Hmmm, I seem to have typoed what I actually tried which was this:

#smtp stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -Rt0 /var/qmail/bin/relaylock /usr/sbin/rblsmtpd -b -r relays.ordb.org /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true

I've also tried without -Rt0 and without the -b but to no avail.

Is it possible that the rblsmtpd thing requires more ports to be open? I'm running a relatively restrictive firewall...

[i.e. does rblsmtpd call something that expects to be able to talk back to the server on some random port?]

DSL

 

[lloy0076]

Well, some success - this:

smtp stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -Rt0 /var/qmail/bin/relaylock /usr/sbin/rblsmtpd -b -r sbl-xbl.spamhaus.org /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/tru /var/qmail/bin/cmd5checkpw /bin/true
smtps stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -Rt0 /var/qmail/bin/relaylock /usr/sbin/rblsmtpd -b -r sbl-xbl.spamhaus.org /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/tru /var/qmail/bin/cmd5checkpw /bin/true

This works but doesn't block the [email protected] test; I still get back:

220 my.mail.server ESMTP
helo sbl.crynwr.com
250 my.mail.server
mail from:<>
250 ok
rcpt to:<[email protected]>
250 ok
data
354 go ahead
From: [email protected]
To: [email protected]er
Date: Sat, 15 Oct 2005 8:46:25 -0000
Message-Id: <[email protected]>
Precedence: junk

Test message
.
250 ok 1129365965 qp 3622
quit
Successful termination. As far as I can tell, the email was delivered.
That might not be what you want.

And I receive the message.

Stupidly if I add another RBL like this:

smtp stream tcp nowait root /var/qmail/bin/tcp-env tcp-env -Rt0 /var/qmail/bin/relaylock /usr/sbin/rblsmtpd -b -r sbl-xbl.spamhaus.org -r relays.ordb.org /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/tru /var/qmail/bin/cmd5checkpw /bin/true

...I go back to the 'Hmmm..it's behaving as though it's just dropping packages. telnet my.mail.server 25 simply just hangs as though someone's slapped an IP level drop filter on'.

I really can't see why this isn't working - I'm going to risk asking this question on the Qmail list itself as I suspect I've run into a Qmail/Debian issue.

DSL

 

[rvdmeer]

I'm managing a fedora core 3 server with plesk and got it working within a short period. It might be a stupid question but did you also restart xinet.d?

/etc/init.d/xinetd restart

Without that the config files are not reloaded..

 

[lloy0076]

Hi There,

I'm actually using Debian so it's defaulting to inetd. Your question isn't at all stupid because I and many of my colleagues have been baffled by not restarting or reloading a service's configuration before.

That said, I did install Xinetd:

# apt-get install xinetd

I then configured the inetd services, specifically:

# cat /etc/xinet.d/qmail
service smtp
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /var/qmail/bin/relaylock /usr/sbin/rblsmtpd -b -r sbl-xbl.spamhaus.org /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /bin/true
}

It's not the same as the Plesk default name because I've had to produce the configuration by hand.

Sadly to say, the rblsmtpd= still doesn't work; I won't post the details because the error messages (or should I say lack of errors?) are the same as above.

DSL

 

[rvdmeer]

I made it work with the following config:

[root@vite ~]# cat /etc/xinetd.d/smtp_psa

service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org -r bl.spamcop.net /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}
[root@vite ~]#

With: -Rt0 it didnt work so you might wanna remove that out of your server_args line

 

[slydahunter]

Hi i'm also running plesk on debian,
i would like two know if last 2 posts are working...

lloy0076, did you try last modification on your server?

BEst regards

Sly

 

[lloy0076]

I still haven't gotten this working; it's beginning to bug me.

DSL

 

[lloy0076]

Now, I got to setting up "tcpserver" using this:

---
#!/bin/bash
QMAILUID=`id -u root`
NOFILESGID=`id -g root`
exec /usr/local/bin/tcpserver -H -R -v -p -X \
-u $QMAILUID -g $NOFILESGID 0 25 \
/var/qmail/bin/tcp-env -Rt0 \
/var/qmail/bin/relaylock \
/usr/local/bin/rblsmtpd-log \
/usr/local/bin/rblsmtpd-log -r sbl-xbl.spamhaus.org \
/var/qmail/bin/qmail-smtpd \
/var/qmail/bin/smtp_auth \
/var/wmail/bin/true \
/var/qmail/bin/cmd5checkpw \
/var/qmail/bin/true
--

I also tried:

--
#!/bin/bash
QMAILUID=`id -u root`
NOFILESGID=`id -g root`
exec /usr/local/bin/tcpserver -H -R -v -p -X \
-u $QMAILUID -g $NOFILESGID 0 25 \
/var/qmail/bin/tcp-env -Rt0 \
/var/qmail/bin/relaylock \
/usr/local/bin/rblsmtpd \
/usr/local/bin/rblsmtpd -r sbl-xbl.spamhaus.org \
/var/qmail/bin/qmail-smtpd \
/var/qmail/bin/smtp_auth \
/var/wmail/bin/true \
/var/qmail/bin/cmd5checkpw \
/var/qmail/bin/true
--

...and it STILL doesn't work.

DSL

 

[_tek]

On Debian with same issues

This is driving me nutz too.

I already shot myself in the foot not realizing that debian did not use xinetd and installed but didnt have the xinetd/qmail file so the service was not surring and qmails lack of intelligent logging makes for lots of pain and wasted time.

My users are getting flooded with spam.
It appears it works if you only have one RBL listed in the MAPS field in the server config for mail and i read one someones posting from 7.5.1 that he had isolated it to anything more than 8 rbls and plesk barfs and adds nonvalid characters.
prior posting

I'm questioning if making a RBL that polls results from a master list of other RBL's and just using that one rbl might make it work but that is one hell of a lot of work for something that is "supposed to work"

 

[ShadowMan@]

Re: On Debian with same issues

Originally posted by _tek
This is driving me nutz too.

I already shot myself in the foot not realizing that debian did not use xinetd and installed but didnt have the xinetd/qmail file so the service was not surring and qmails lack of intelligent logging makes for lots of pain and wasted time.

My users are getting flooded with spam.
It appears it works if you only have one RBL listed in the MAPS field in the server config for mail and i read one someones posting from 7.5.1 that he had isolated it to anything more than 8 rbls and plesk barfs and adds nonvalid characters.
prior posting
I'm questioning if making a RBL that polls results from a master list of other RBL's and just using that one rbl might make it work but that is one hell of a lot of work for something that is "supposed to work"

The nonvalid characters was a bug in 7.5.2, Why on earth would you really want to put more than 8 RBL hosts? The added delays (if one or more are not responding) and higher risk of false positives??

Generally what I have seen/read on many forums is that responsible admins use between 1 and 4 RBL hosts, and even then it depends upon which hosts you actually choose to use.

 

[lloy0076]

Shadowman,

Without sounding too grumpy, having ANY list work at the moment would be a good thing. I can't even get one to work no matter which way I go.

DSL

 

[ShadowMan@]

Did you try WITHOUT the -Rt0 and with only a single RBL host? and of course restart all related services or reboot the server?

Believe me, I can fully understand your grumpiness. I wish I had a clear cut answer for you, but from other's posts and threads it seems to be a common problem with that OS distro.

Having added xinetd and tcpserver into the mix probably doesn't help any either since now the conditions of the 'test' for lack of a better term have now changed.

 

[lloy0076]

On my live machine, after every time I respun the configuration I would do:

/etc/init.d/qmail reload
/etc/iinit.d/inetd reload

On another test machine, I would do:

shutdown -rf now

I've tried without -Rt0 and without tcp-env totally, all to no avail.

DSL

 

[ShadowMan@]

If it were a RedHat based server, the next/last thing I would try would be to force a reinstall of all the email related RPMs, but I'm not sure how things are done on Debian systems.