• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Virus Blacklist and Qmail...

P

PixyPumpkin

Guest
Hi,

Yesterday my IP is been listed on a virus blacklist. I am 100% sure that this virus is not from my server so I read the FAQ of the blacklist. (http://virbl.bit.nl/faq.php) In one of the FAQ is this chapter:
My mailserver is listed, but it is impossible that it is infected with a virus. Your mailserver is probably listed because of bounces. If someone sends a virus to a nonexistant user in your domain, your mailserver will probably bounce the message back to the (forged) sender. If your bounces include the full body of the original message, a bounce will include the original virus. These bounces are just as harmful as the original virus itself. We advice mailserver administrators to configure their mailservers not to include bodies when bouncing. Qmail cannot limit the size of bounces by default. You can use this patch. If the link is dead, you could download this local copy.
Click to expand...
But this patch is only for Qmail stand-allone, I understand that if I want to install this patch that SW-Soft has to re-compile Qmial with Plesk? Oh, I am running Plesk Reloaded 7.5.3 with the 4PSA Clean Server (VIP Bundle) on CentOS 3. Is there a simple solution to this problem? Is it possible to drop the mail earlier or make sure that the headers are not send with bounces? I also run 4PSA Qmail Manager, maybe I oversee a setting there?

Thx!

//edit: Update: I spoke to the admin of the blacklist and it where indead two Failure Notices, so bouces of Qmail that sends the virus back in the header :(
 
You can change settings in the Plesk control panel so that emails to nonexisting users are either bounced (you don't want this), sent to another email box or rejected. I have mine set so that they are sent to an address created with no mailbox and no redirect. This sends the message to a "black hole". Change the settings here:

Domain -> Mail -> Preferences
 
But how do I do this on a server level, what you sugest is on a user level?
 
OK, thx, but I am looking for a server level sollution :)
 
Server-wide: create or edit the /var/qmail/control/rejectnonexist file, put each hosted domain in the file (one per line)

domain1.com
domain2.com
domain3.net
...

Restart Qmail service

If you have not done so, I would switch from DrWeb to clamav/clamd and install qmail-scanner from ART. Infected emails will be auto-deleted, and qmail-scanner makes many things more flexible and easier to configure.
 
Thx for the Tip, I am NOT using Dr. Web but 4PSA Clean Server :) is the compatible with the ART Qmail Scanner?
 
Yes it is. On server's using 4psa's Clean Server, I would make sure 4psa's stuff is all installed and working, then I would tweak their stuff's RulesDuJour settings (they don't make use of all the possible rulesets), then I would yum install clamav/clamd, and qmail-scanner (from ART's repository). I also remove the psa-spamassassin control module, and update spamassassin from ART as well.

Remember to run the qmail-scanner reconfigure script after making changes to the AV or SA programs.

So on those servers, all emails are scanned using odeiavir (from 4psa's stuff), clamav, spamassassin, perl-scan.
 
Wow, Thx! I can do something with this, I think I will wait for 7.5.5 and do these patches at the same time.
 
You must log in or register to reply here.

Similar threads

G
Resolved Emails not being blocked by server wide mail settings/blacklist
Replies
4
Views
943
gregconway
G
C
Question Analysing Sender IP in Mail Headers
Replies
0
Views
540
Change Maker
C
Alex Presland
Issue Emails forwarded by Plesk fail DKIM checks with certain attachments
2
Replies
21
Views
4K
Alex Presland
Alex Presland
I
Issue MAILER-DAEMON
Replies
0
Views
2K
Ickov
I
danami
Input Warden Antispam & Virus Protection Extension for Plesk
7 8 9
Replies
164
Views
37K
danami
danami
Back
Top