1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

Virus Blacklist and Qmail...

Discussion in 'Plesk for Linux - 8.x and Older' started by PixyPumpkin, Nov 10, 2005.

  1. PixyPumpkin

    PixyPumpkin Guest

    0
     
    Hi,

    Yesterday my IP is been listed on a virus blacklist. I am 100% sure that this virus is not from my server so I read the FAQ of the blacklist. (http://virbl.bit.nl/faq.php) In one of the FAQ is this chapter:
    But this patch is only for Qmail stand-allone, I understand that if I want to install this patch that SW-Soft has to re-compile Qmial with Plesk? Oh, I am running Plesk Reloaded 7.5.3 with the 4PSA Clean Server (VIP Bundle) on CentOS 3. Is there a simple solution to this problem? Is it possible to drop the mail earlier or make sure that the headers are not send with bounces? I also run 4PSA Qmail Manager, maybe I oversee a setting there?

    Thx!

    //edit: Update: I spoke to the admin of the blacklist and it where indead two Failure Notices, so bouces of Qmail that sends the virus back in the header :(
     
  2. phoenixisp

    phoenixisp Silver Pleskian

    27
    57%
    Joined:
    Feb 2, 2002
    Messages:
    840
    Likes Received:
    0
    You can change settings in the Plesk control panel so that emails to nonexisting users are either bounced (you don't want this), sent to another email box or rejected. I have mine set so that they are sent to an address created with no mailbox and no redirect. This sends the message to a "black hole". Change the settings here:

    Domain -> Mail -> Preferences
     
  3. PixyPumpkin

    PixyPumpkin Guest

    0
     
    But how do I do this on a server level, what you sugest is on a user level?
     
  4. phoenixisp

    phoenixisp Silver Pleskian

    27
    57%
    Joined:
    Feb 2, 2002
    Messages:
    840
    Likes Received:
    0
    No, it's done on a domain level. I don't know of a server-wide solution.
     
  5. PixyPumpkin

    PixyPumpkin Guest

    0
     
    OK, thx, but I am looking for a server level sollution :)
     
  6. ShadowMan@

    ShadowMan@ Guest

    0
     
    Server-wide: create or edit the /var/qmail/control/rejectnonexist file, put each hosted domain in the file (one per line)

    domain1.com
    domain2.com
    domain3.net
    ...

    Restart Qmail service

    If you have not done so, I would switch from DrWeb to clamav/clamd and install qmail-scanner from ART. Infected emails will be auto-deleted, and qmail-scanner makes many things more flexible and easier to configure.
     
  7. PixyPumpkin

    PixyPumpkin Guest

    0
     
    Thx for the Tip, I am NOT using Dr. Web but 4PSA Clean Server :) is the compatible with the ART Qmail Scanner?
     
  8. ShadowMan@

    ShadowMan@ Guest

    0
     
    Yes it is. On server's using 4psa's Clean Server, I would make sure 4psa's stuff is all installed and working, then I would tweak their stuff's RulesDuJour settings (they don't make use of all the possible rulesets), then I would yum install clamav/clamd, and qmail-scanner (from ART's repository). I also remove the psa-spamassassin control module, and update spamassassin from ART as well.

    Remember to run the qmail-scanner reconfigure script after making changes to the AV or SA programs.

    So on those servers, all emails are scanned using odeiavir (from 4psa's stuff), clamav, spamassassin, perl-scan.
     
  9. PixyPumpkin

    PixyPumpkin Guest

    0
     
    Wow, Thx! I can do something with this, I think I will wait for 7.5.5 and do these patches at the same time.
     
Loading...