MAPS / Qmail Question

[ShadowMan@]

See this other post, also Debian and smtp / inetd / xinetd related,

http://forum.plesk.com/showthread.php?s=&postid=123941#post123941

Last post by slydahunter

 

[_tek]

Re: Re: On Debian with same issues

Originally posted by ShadowMan
The nonvalid characters was a bug in 7.5.2, Why on earth would you really want to put more than 8 RBL hosts? The added delays (if one or more are not responding) and higher risk of false positives??

I have constantly had customers requesting tighter spam filtering on servers we built for them. This has let us to find many different rbls's some **** others are really good. We filter for a lot of customers based on countries. there is a lot more than 8 countries out there and if your not doing business in china you can block quite a bit of spam by blocking by country.

We also check for blocks of legitimate mail and false positives. to date we have only had one case of false positives being a problem and that was over two years ago.

Generally what I have seen/read on many forums is that responsible admins use between 1 and 4 RBL hosts, and even then it depends upon which hosts you actually choose to use.

I would argue that responsible admins do what their clients ask of them. I know the issues of rbls and i acknowledge they are not the end all and agree there are a lot of bad ones out there. What i also acknowledge is the fact that they do work. I also actively report every single spam mail i get, which i believe all responsible admins should also do.

Thanks for posting the debian xinetd stuff, i'm gonna implement this tomorrow once i have had some sleep.

Thanks for all the help everyone. It sure would be nice if swsoft jumped in and fixed something but since they don't its great to have such active forums with helpful and knowledgable people. every problem i have had has been solved in part from the help of everyone here.

Ill happily post back whatever i find out as a fix.

 

[_tek]

Deb specific

Originally posted by ShadowMan
If it were a RedHat based server, the next/last thing I would try would be to force a reinstall of all the email related RPMs, but I'm not sure how things are done on Debian systems.

Since i see more people posting solutions for redhat i post this in case someone running debian might find it useful.

With Debian you would do it with apt-get --reinstall filename. Or you could download the .deb files and run dpkg -i --force-all package.deb but that can be mildly dangerous behavior and might lead to breaking your system the more graceful approach would be
doing it with apt-get --reinstall

and yes you could do apt-get remove packagename followed by apt-get install packagename.

 

[_tek]

working solution for rbl on debian

I have everything to make it work, i especially want to thank you shadowman cause of something on one of the posts you linked to or whatever i was able to finally get a working solution. Now just to see how many rbls i can load in without it cr4pp1ng out.

Install xinetd, create two files inside of /etc/xinet.d
one called smtp and the other called smtps

inside of each it should read as follows.

service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org -r bl.spamcop.net /var/qmail/bin/relaylock /var/qmail /bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

edit your /etc/default/spamassassin file so it looks like this. ***make note yours has a -L which prevents it from doing network lookups, remove the -L ***

# /etc/default/spamassassin
# Duncan Findlay

# WARNING: please read README.spamd before using.
# There may be security risks.

# Change to one to enable spamd
ENABLED=1

# Options
# See man spamd for possible options. The -d option is automatically added.

# NOTE: version 3.0.x has switched to a "preforking" model, so you
# need to make sure --max-children is not set to anything higher than
# 5, unless you know what you're doing.

OPTIONS="--create-prefs --max-children 5 --helper-home-dir -s /var/log/spamd.log"

# Pid file
# Where should spamd write its PID to file? If you use the -u or
# --username option above, this needs to be writable by that user.
# Otherwise, the init script will not be able to shut spamd down.
PIDFILE="/var/run/spamd.pid"


edit your /etc/spamassassin/init.pre it should
look like below.
###########################################################################

# RelayCountry - add metadata for Bayes learning, marking the countries
# a message was relayed through
#
loadplugin Mail::SpamAssassin:lugin::RelayCountry

# URIDNSBL - look up URLs found in the message against several DNS
# blocklists.
#
loadplugin Mail::SpamAssassin:lugin::URIDNSBL

# Hashcash - perform hashcash verification.
#
loadplugin Mail::SpamAssassin:lugin::Hashcash

# SPF - perform SPF verification.
#
loadplugin Mail::SpamAssassin:lugin::SPF


next you need to make sure you have all of these perl modules loaded as follows.
run this.

perl -MCPAN -e shell

the first time this is done its going to force you setup your perl distro if its not already done, follow the prompts and if you want to make it a bit easier/faster on you when you get the mirrors part test each of the mirrors by opening up another window and just ping the domain names they list as cpan mirrors to chose the fastest ones. then go back to the cpan screen and select those mirrors for your sources.

Once that is finished you will run this

cpan>install Mail::SpamAssassin:lugin::RelayCountry Mail::SpamAssassin:lugin::URIDNSBL
Mail::SpamAssassin:lugin::Hashcash
Mail::SpamAssassin:lugin::SPF

Now restart each of those services

/etc/init.d/xinetd restart
/etc/init.d/spamassassin restart
/etc/init.d/qmail restart

Now test.
That should get you working on debian.

Word of warning. You may not see these rbl lookups in your logs, qmail since it drops them appears to not even log them...

yet another reason why postfix is a WAY better choice than qmail... to get this functionality with qmailit appears you need to patch the source and recompile.

Hoping someone can prove me wrong on the logging or show me a way to get it to log everything but i havent found anything in my logs about rbls dropping/denying connections or connecting IP's.

Next thing i want is auto_reporting to spamcop... while i have it in i can't tell if its working yet.
If your wanting to enable something like that you would do it in the user_prefs file in
/var/qmail/mailnames/example.net/username/user_prefs

mine reads as follows
rewrite_header subject *****SPAM*****
required_score 7
report_safe 0
spamcop_to_address [email protected]


Hope this helps someone.

 

[lloy0076]

I'm not sure why you need the Spamassassin tweak. Is it that:

* rblsmtpd is still not working
* but spamassassin does check t he RBL's properly

That is to say, have you actually solved the problem by gettin spamassassin to use RBL lists BUT rblsmtpd is still not working?

To put it another way, let's say you disable spamassassin completely (eg, by removing it or deleting it), does the RBL still work?

DSL

 

[_tek]

great question

but since plesks qmail implementation does minimal logging (WHICH SUCKS, totally stupid guys) its hard to say which is actually doing the lookup without perhaps using a packet dump analyses, which i might just do. Problem is this server gets tons of traffic so its like the proverbial needle in the haystack and my total lack of time.

I need to also point out i said to create the two files in xinetd.d but i now have 4 files in there which prevented qmail from starting and of course nothing shows up in the mail server logs cause the mail server is being run by xinetd. apparently ?plesk? created two new files which it didn't do the first time around. This is preventing qmail from starting cause its trying to bind to the port twice. delete the two files or just disable them by setting the line in the two files to read disable = yes.

End result is the lookups are happening which is blocking spam as to what is doing the lookup, from what i see in how they setup qmail, my bet its happening only with spamassassin but since plesk doesnt do adequate logging we are left to scratch our heads. Bottom line though it spam is now being blocked. In the last 24 hours i have gotten only one spam, huge reduction.