• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Virus Blacklist and Qmail...

P

PixyPumpkin

Guest
Hi,

Yesterday my IP is been listed on a virus blacklist. I am 100% sure that this virus is not from my server so I read the FAQ of the blacklist. (http://virbl.bit.nl/faq.php) In one of the FAQ is this chapter:
My mailserver is listed, but it is impossible that it is infected with a virus. Your mailserver is probably listed because of bounces. If someone sends a virus to a nonexistant user in your domain, your mailserver will probably bounce the message back to the (forged) sender. If your bounces include the full body of the original message, a bounce will include the original virus. These bounces are just as harmful as the original virus itself. We advice mailserver administrators to configure their mailservers not to include bodies when bouncing. Qmail cannot limit the size of bounces by default. You can use this patch. If the link is dead, you could download this local copy.
But this patch is only for Qmail stand-allone, I understand that if I want to install this patch that SW-Soft has to re-compile Qmial with Plesk? Oh, I am running Plesk Reloaded 7.5.3 with the 4PSA Clean Server (VIP Bundle) on CentOS 3. Is there a simple solution to this problem? Is it possible to drop the mail earlier or make sure that the headers are not send with bounces? I also run 4PSA Qmail Manager, maybe I oversee a setting there?

Thx!

//edit: Update: I spoke to the admin of the blacklist and it where indead two Failure Notices, so bouces of Qmail that sends the virus back in the header :(
 
You can change settings in the Plesk control panel so that emails to nonexisting users are either bounced (you don't want this), sent to another email box or rejected. I have mine set so that they are sent to an address created with no mailbox and no redirect. This sends the message to a "black hole". Change the settings here:

Domain -> Mail -> Preferences
 
But how do I do this on a server level, what you sugest is on a user level?
 
OK, thx, but I am looking for a server level sollution :)
 
Server-wide: create or edit the /var/qmail/control/rejectnonexist file, put each hosted domain in the file (one per line)

domain1.com
domain2.com
domain3.net
...

Restart Qmail service

If you have not done so, I would switch from DrWeb to clamav/clamd and install qmail-scanner from ART. Infected emails will be auto-deleted, and qmail-scanner makes many things more flexible and easier to configure.
 
Thx for the Tip, I am NOT using Dr. Web but 4PSA Clean Server :) is the compatible with the ART Qmail Scanner?
 
Yes it is. On server's using 4psa's Clean Server, I would make sure 4psa's stuff is all installed and working, then I would tweak their stuff's RulesDuJour settings (they don't make use of all the possible rulesets), then I would yum install clamav/clamd, and qmail-scanner (from ART's repository). I also remove the psa-spamassassin control module, and update spamassassin from ART as well.

Remember to run the qmail-scanner reconfigure script after making changes to the AV or SA programs.

So on those servers, all emails are scanned using odeiavir (from 4psa's stuff), clamav, spamassassin, perl-scan.
 
Wow, Thx! I can do something with this, I think I will wait for 7.5.5 and do these patches at the same time.
 
Back
Top