qmail & greylisting spam control

[usbusi]

any evidence of spammers spamming two times?

I am wondering if there has been any evidence of spammers fire and forgetting two times in order to circumvent greylisting?

 

[rbuhler]

smtp server configuration

In a default install of 7.5.4 the system uses xinetd as the smtp server. Are you all setting up your systems to use tcpserver rather than xinetd so that you can take advantage of system variables to control conections, or is there a way to do this type of control with the xinetd implementation?

 

[JoaoCorreia]

Does this works on Plesk 8.0.1 ?

Does this work on Plesk 8.0.1 ?

Thanks
Joao Correia

 

[jean-david]

Yes, it works great under 8.01.
The procedure is very similar to the one given for version 7.5.
Note that in this procedure, I found nowhere the C code to add to the qmail-smtpd source code. I found it in one of the 7.5 contribution on a forum (this one ?).

Jean-David

 

[JoaoCorreia]

Problem compiling ...

I install all the needed devel packages but I het this while compiling ...


[root@ns1 qmail-1.03]# make
./load qmail-envelope-scanner -lz -lm local_scan.o /usr/lib/mysql/libmysqlclient.a
/usr/lib/mysql/libmysqlclient.a(client.o)(.text+0x1515): In function `mysql_close_free_options':
: undefined reference to `SSL_CTX_free'
/usr/lib/mysql/libmysqlclient.a(viossl.o)(.text+0x34): In function `report_errors':
: undefined reference to `ERR_get_error_line_data'
/usr/lib/mysql/libmysqlclient.a(viossl.o)(.text+0x79): In function `vio_ssl_read':
: undefined reference to `SSL_read'
/usr/lib/mysql/libmysqlclient.a(viossl.o)(.text+0x9a): In function `vio_ssl_read':
: undefined reference to `SSL_get_error'
/usr/lib/mysql/libmysqlclient.a(viossl.o)(.text+0xce): In function `vio_ssl_write':
: undefined reference to `SSL_write'
/usr/lib/mysql/libmysqlclient.a(viossl.o)(.text+0x29f): In function `vio_ssl_close':
: undefined reference to `SSL_shutdown'
/usr/lib/mysql/libmysqlclient.a(viossl.o)(.text+0x2af): In function `vio_ssl_close':
: undefined reference to `SSL_free'


....

/usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0x49e): In function `new_VioSSLAcceptorFd':
: undefined reference to `SSL_CTX_set_session_id_context'
/usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0x4cb): In function `new_VioSSLAcceptorFd':
: undefined reference to `SSL_CTX_load_verify_locations'
/usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0x4f4): In function `new_VioSSLAcceptorFd':
: undefined reference to `SSL_CTX_ctrl'
/usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0x4fc): In function `new_VioSSLAcceptorFd':
: undefined reference to `DH_free'
/usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0x50f): In function `new_VioSSLAcceptorFd':
: undefined reference to `SSL_CTX_set_default_verify_paths'
/usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0x535): In function `new_VioSSLAcceptorFd':
: undefined reference to `SSL_load_error_strings'
/usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0x546): In function `new_VioSSLAcceptorFd':
: undefined reference to `SSL_library_init'
/usr/lib/mysql/libmysqlclient.a(viosslfactories.o)(.text+0x54b): In function `new_VioSSLAcceptorFd':
: undefined reference to `OPENSSL_add_all_algorithms_noconf'
collect2: ld returned 1 exit status
make: *** [qmail-envelope-scanner] Error 1
[root@ns1 qmail-1.03]#

What can be wrong ?

Regards
Joao Correia

 

[jean-david]

Try to add the ssl librairies to your compile command (-lssl or/and -lcrypto)

 

[JoaoCorreia]

SSL error solved

Edit conf-ld

cc -s -lssl

Done !

Thanks!
Joao Correia

 

[Garp]

Originally posted by atomicturtle
Yes, it just drops right in on a PSA or Project Gamera box. No additional configuration needed.

All,


I have Plesk servers running PSA 7.5.2 on CentOS 3.8 and server running PSA 8.0.1 on CentOS 4.4.

1. Does the 'yum install qgreylist' work on both kinds of setups? Do i have to reconfigure anything? The 7.5.2 boxes run drweb/Spamasassin from SWSoft, the 8.0.1 machines are running qmailscanner and spamassassin from AtomicRocketTurtle.

2. Is there any risk in installing the qgreylist package fro art's channel?

3. Do i have to configure anything to keep the filesystem from filling up?

4. Can the package be uninstalled by doing a "yum remove qgreylist"?

5. Does smtp-auth still work on the 7.5.2 box after installing this qgreylist package?



I've been reading the forums about qgreylist and greylisting in general, but appareantly need some reassurance before testing/implementing...

 

[wishbone]

Success!

Running SUSE using R'twick's source package on PLESK 7.5.4.

Everything works great so far. The greylist tmp file is reporting what it's doing and MTAs that are legit are retring and getting through. SMTP AUTH also seems to work just fine. I'm not sure if this is still an issue or not, but email sent from my treo using SSL SMTP AUTH got through the first time without issues.

The only issue I currently see is that non existent users are being processed by QMAIL instead of instantly bounced. If a mail actually gets through the greylisting does it then get bounced? I suppose I could test this. I know this has already been mentioned but I didn't see a server wide solution posted here yet.

Some notes about the package I used and the howto:

compiling:
Everything was fine for me except that I had to change the path to libmysqlclient.a. I had to install the mysql-devel packages as well since I didn't have them.

in Makefile
change:
load qmail-envelope-scanner.o local_scan.o /usr/lib/mysql/libmysqlclient.a
        ./load qmail-envelope-scanner -lz -lm local_scan.o /usr/lib/mysql/libmysqlclient.a

to:
load qmail-envelope-scanner.o local_scan.o /usr/lib64/mysql/libmysqlclient.a
        ./load qmail-envelope-scanner -lz -lm local_scan.o /usr/lib64/mysql/libmysqlclient.a

The howto was mostly correct. There are some differences between what's in the code and what the howto says. Pay CLOSE attention to what you set your username and password to, since they don't exactly match in the howto. I used my own and set it to what I used, which I'm guessing most will do. However, if you follow the howto step by step it will not work unless you change the username/password for mysql to match. The only other item was make sure you "use qmail;" before you try to create the new table. Anyone familar with mysql would know that, but I never assume anything there.

Anyone solved the "non existent" user "issue" yet?

Thanks for the source, I've been wait quite some time for something this easy!!!

 

[rtwick]

Originally posted by wishbone

Anyone solved the "non existent" user "issue" yet?

It is working fine for me. Please check if it is selected in plesk

 

[wishbone]

Well I haven't had any non existent user email get by the greylisting yet, so I haven't actually verified that it's not working. Am I right in assuming that greylisting happens BEFORE the non existent user checking?

 

[Thratchen]

Originally posted by wishbone
Well I haven't had any non existent user email get by the greylisting yet, so I haven't actually verified that it's not working. Am I right in assuming that greylisting happens BEFORE the non existent user checking?

yes it happens right after the check to see if the connection is allowed to relay or not.

 

[jimroe]

Originally posted by Thratchen
yes it happens right after the check to see if the connection is allowed to relay or not.

Good to see this confirmed but unfortunate the sequence works that way.

On a couple of servers I have set up greylisting on, one (or more) of the domains they host has been "selected" by a spammer who is using non-existent email addresses on those domains as a "From:" or "Reply To:" in the spam. So all the bounces from all the addresses the spam gets sent to bounce back to the greylisting server and get processed by greylisting - and only after the greylisting process is complete do they get rejected. The issue is that while they don't get through, they cause a lot of extra server load doing all the greylisting. It would be much nicer if greylisting could determine if the message should be rejected and rejected before greylisting processing.

 

[rtwick]

Originally posted by jimroe
Good to see this confirmed but unfortunate the sequence works that way.

On a couple of servers I have set up greylisting on, one (or more) of the domains they host has been "selected" by a spammer who is using non-existent email addresses on those domains as a "From:" or "Reply To:" in the spam. So all the bounces from all the addresses the spam gets sent to bounce back to the greylisting server and get processed by greylisting - and only after the greylisting process is complete do they get rejected. The issue is that while they don't get through, they cause a lot of extra server load doing all the greylisting. It would be much nicer if greylisting could determine if the message should be rejected and rejected before greylisting processing.

In this case I do think recipient check before greylisting will be better. Its very easy to change the behavior. Change qmail-smtpd.c to call envelope_scanner after call to spp.

Here's the part of code that needs to be changed.

Existing code:

 [b]if (!relayclient) {
    if (!envelope_scanner()) return;
  }
[/b]
  rcptcountstr[fmt_ulong(rcptcountstr, rcptcount)] = 0;
  if (!env_put2("SMTPRCPTCOUNT", rcptcountstr)) die_nomem();
  switch (spp(&spp_rcpt, "SMTPRCPTTO")) { case 0: sppout(); case -1: return; }
  if (!stralloc_cats(&rcptto,"T")) die_nomem();
  if (!stralloc_cats(&rcptto,addr.s)) die_nomem();

new code:

  rcptcountstr[fmt_ulong(rcptcountstr, rcptcount)] = 0;
  if (!env_put2("SMTPRCPTCOUNT", rcptcountstr)) die_nomem();
  switch (spp(&spp_rcpt, "SMTPRCPTTO")) { case 0: sppout(); case -1: return; }
  [b]if (!relayclient) {
    if (!envelope_scanner()) return;
  }[/b]
  if (!stralloc_cats(&rcptto,"T")) die_nomem();
  if (!stralloc_cats(&rcptto,addr.s)) die_nomem();

I haven't tested it. You need to test it first before implementing on a production server.

HTH
-R'twick

 

[bmeshier]

I'm compiling a new version for Plesk 8.0 now. Will post when complete. Thanks

 

[bmeshier]

New qmail+greylisting source and installation instructions for Plesk 8 here:

http://meshier.com/2006/09/18/adding-greylisting-support-to-qmail-on-plesk-8/

 

[jimroe]

Originally posted by rtwick

I haven't tested it. You need to test it first before implementing on a production server.

HTH
-R'twick

Good tip.

My problem was a bit compounded by the fact that my test implementation is on a server running an older version of Plesk, so while the SPP patch is applied to the new qmail-smtpd.c, I didn't have the rest of the pieces of the "reject" puzzle. Fortunately, I was able to find source code for a replacement reject plugin that works, and thus was able to test this code change, and it indeed does what it's supposed to do. Mail to non-existent users does NOT hit the greylist code and server loads are down a lot. This should probably be the default for greylisting implementation.

 

[CyberTech]

Can it works on Freebsd Plesk 7.5.6?

Anyone?

 

[rtwick]

Originally posted by CyberTech
Can it works on Freebsd Plesk 7.5.6?

Anyone?

THere is no reason, why it will not. But, since I do not have a freebsd box, can not tell for sure. PLease test it and let us know if it works.

-R'twick

 

[guybrush]

/tmp/greylist_dbg.txt isn't created

Hello

After a lot of tries of installing greylist module in a Plesk 7.5.4 over a fc1 distribution, we aren't able to make it work.

We follow al the instructions in this post and in the external post http://meshier.com/2006/09/18/adding-greylisting-support-to-qmail-on-plesk-8/

- Download -> compile (with a warning)
---------------------------------------------
qmail-local.c: En la función `main':
qmail-local.c:760: aviso: el tipo de devolución de `main' no es `int'
auto-str.c:9: aviso: conflicting types for built-in function `puts'

(one for each compiled file)
---------------------------------------------

- Creation of the DB by the two ways explained. From shell and from Plesk control panel
- Move the two generated files to the qmail directory (overwriting one of them)
- And restart qmail

But... the f...... /tmp/greylist_dbg.txt file never is created.

After the hypotetical installation we have tested the qmail server, and it works, but nothing is added to the db ot the /tmp/greylist_dbg.txt.

We have tried the installation more than 20 times unsuccesfully

some help apreciated. THANKS!!!