Keith, Absolutely. All of the e-mail addresses that are legit on the Imail server (in my case) are stored in a single text file on the Postfix/IMGate machine.
I don't think that any of the scripts in IMGate itself (at least the basic ones that Len gives you for free) will help you to export a list of users from either Exchange or Imail. The previously mentioned Book of Postfix has an entire chapter dedicated specifically on how to set this up for Exchange, but it applies equally well to Imail. In fact, you can find a collection of scripts mentioned in the book to download for free at the author's website at http://www.postfix-book.com/downloads.html . You can also find a ton of info on how to manage the scripts and add your own UCE filters at http://www.securitysage.com/antispam/intro.html . The book has been worth its weight in gold to me. I was actually able to get a basic box that did basic inbound authentication and filtering up-and-running after just reading a single chapter. In my case, the Postfix/IMGate box is working perfectly to throttle dictionary attacks and reject bogus addresses. I have to mention that one of the greatest parts about having done this project is that once you have put one box together, it is a piece of cake to duplicate everything on a secondary box. Almost all of the files on a secondary MX are exactly the same. Also, if the box ever crashes, no problem. There is nothing on it that can not be restored by doing a plain-vanilla OS installation, along with some text files that you can upload via FTP (or better, using something like WinSCP3, which encrypts the login and upload via SSH). Just keep a hard drive laying around with a plain-vanilla install of Debian (for example) on it and you can have it running on a new server with all of the custom files uploaded to it within minutes. With the addition of Webmin and the KDE or Gnome GUI interfaces, you will rarely need to touch the command line, and almost never have to access the box via an actual monitor. William Van Hefner Network Administrator Vantek Communications, Inc. e-mail: [EMAIL PROTECTED] -----Original Message----- From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Saturday, September 17, 2005 10:20 AM To: [email protected] Subject: RE: [IMail Forum] User configurable spam filter William, Great write-up. Exchange (or other smtp server hosted at our clients) is exactly what I was referring to. On Imail we use Sanford's LDAP hook script to populate Imail Aliases to block against dictionary attacks for domains we host that are Gateway'd, i.e. no accounts on Imail, just scan for viruses/spam and send the good stuff to their smtp server. From your post below, it seems IMGate can do the same query and populate a good email account listing for that type of setup, is that correct? Thanks again, appreciate the writeup Keith From: [EMAIL PROTECTED] on behalf of William Van Hefner Sent: Fri 9/16/2005 11:36 PM To: [email protected] Subject: RE: [IMail Forum] User configurable spam filter I'm not sure that I understand your question exactly, but the IMGate machine rejects any unauthorized relays OR mail to non-existent domains and/or accounts. It's incredibly simple to add a list of what domain names you will allow relaying to. Adding a list of allowed users is a bit trickier though. You can allegedly use LDAP, but for right now I am just periodically generating a text list from Imail of the legit users for each domain and adding them to the gateway box as needed. With a local list of "authorized recipients", you never have ANY dictionary attacks or bogus addresses hitting your main (Imail) server. This feature alone makes using an IMGate/Postfix gateway all worth it. Eventually, I will automate the "allowed" list of users. It is not a real pressing need at the moment for me though. FYI, I have made some rather extensive modifications to Len's scripts, along with tweaking the reporting tools as well. Here is a snapshot of today's traffic on the primary IMGate box. My log rolls-over at 6:30 a.m., so this is only about 13 hours or so worth of results. Below is a brief description of some of the more difficult to understand filters. 1 ACL 57 PUMP AND DUMP STOCK OFFER 1 SMTP unauthorized pipelining 1 SMTP Exceeded Hard Error Limit after END-OF-MESSAGE 1 ACL 92 OBFUSCATED WORD IN SUBJECT 1 ACL SAV: new verification in progress 1 SMTP Exceeded Hard Error Limit after MAIL 2 ACL 52 SPAMMER MAILING ADDRESS IN BODY 2 RBL dnsbl.ahbl.org 2 RBL blackhole.securitysage.com 2 ACL 96 SPAM PHRASE IN SUBJECT 3 SMTP invalid [EMAIL PROTECTED] 3 ACL to_local_recipients unknown recipient 3 ACL 91 BLACKLISTED FROM ADDRESS 3 ACL 50 SPAM PHRASE IN BODY 5 ACL 51 SPAMHAUS NAME IN BODY 5 RBL block.rhs.mailpolice.com 6 RBL list.dsbl.org 6 RBL psbl.surriel.com 7 ACL 85 MASS MAILER SPAMWARE 8 ACL header checks 9 RBL bl.spamcop.net 12 ACL 89 SPAMHAUS NETWORK (Headers) 13 RBL all.rbl.kropka.net 14 ACL to_relay_recipients unknown recipient 19 ACL unauthorized relay 21 RBL rhsbl.ahbl.org 22 RBL combined.njabl.org 26 ACL SAV: undeliverable sender address 29 ACL from_senders_regexp 35 DNS no A/MX for @sender.domain 40 DNS nxdomain for MTA PTR hostname (forged @sender.domain) 40 ACL SAV: unverifiable sender address 52 RBL dynamic.rhs.mailpolice.com 82 ACL helo_hostnames 92 ACL 55 SPAM DOMAIN IN BODY 106 RBL sbl-xbl.spamhaus.org 307 SMTP Exceeded Hard Error Limit after RCPT 373 SMTP Exceeded Hard Error Limit after DATA 614 ACL RAV: undeliverable recipient address 1221 Other 3190 TOTAL (Does not count legit traffic actually passed through) OTHER = Almost all of the "other" messages blocked were a result of Greylisting. By far, the most effective anti-spam tool there is. ACL RAV: undeliverable recipient address = Dictionary attacks, e-mail sent to non-existant addresses. The "Anvil" feature of Postfix helps to tarpit dictionary attacks. ACL 55 SPAM DOMAIN IN BODY - A list of blacklisted domains that I personally compile. Can be used in Imail, or converted for use in Postfix. Se http://www.vantekcommunications.com/spam/ for the list. Updated regularly. Usually daily. Most of the rest of the above use standard Postfix scrips, with the addition of Len's basic IMGate scripts. If you want access to a bunch of more scripts that will stop even more spam, see Postfix.Org. If you want a great book that details exactly how to set up Postfix on any Linux/FreeBSD/*Nix box to act as a gateway for Exchange (works for Imail, too). I'd highly recommend The Book of Postfix, by Ralf Hilderbrandt and Patrick Koetter. It will even show you how to automatically update your Postfix/IMGate box, so that it is updated with all of the legitimate addresses on your sysytem on a regular basis. By far, the best book I have ever read on Postfix. Easy to read. Lots of Examples. Very user-friendly. When you throw-in the ability of AMASVID-NEW, Spamassassin and its endless number of antispam tests, you should be able to reject far better than 99% of spam with a miniscule number of false postives. Anything more than .01% is simply unacceptable. My FP rate should be closer to .001% by the time I am done fine-tuning the installation. William Van Hefner Network Administrator Vantek Communications, Inc. e-mail: [EMAIL PROTECTED] -----Original Message----- From: Keith Johnson [mailto:[EMAIL PROTECTED] On Behalf Of Keith Johnson Sent: Friday, September 16, 2005 7:45 PM To: [email protected] Subject: RE: [IMail Forum] User configurable spam filter William, Are you purely using Len's ImGate as a virtual domain checker or do you also check on validating Gateway'd domains? Just wondering how this is accomplished using Len's ImGate as there are no physical accounts on Imail for a Gateway domain. Thanks for the aid. Keith From: [EMAIL PROTECTED] on behalf of William Van Hefner Sent: Fri 9/16/2005 1:43 PM To: [email protected] Subject: RE: [IMail Forum] User configurable spam filter It should be easy enough to set this up using Imail's rules (ver. 8.05+) without the need of Declude. Exactly what your filtering parameters are for identifying spam will dictate what rules you would be using. I concur with the other poster though. Few people ever check spam folders. However, I do not agree that sending all of the (tagged) spam through is the best way to deal with things, either. That is a tremendous waste of bandwidth, processing power, disk space, etc., and it just encourages spammers to send more e-mail, since they (rightfully?) assume that such mail is actually being delivered. Personally, I would recommend setting something up like Len's Imgate in front of your Imail box, and tie that in to your existing rules, along with something like Spamassassin to REJECT mail that is obviously spam. Using a web interface like Maya Mailguard will allow per user and per domain blacklisting, whitelisting, antivirus control and the setting of individual levels of spam filtration. You can flat-out reject high-scoring spam (the infrequent legit sender gets a bounce message explaining why their message was not delivered) and tag moderate-scoring spam on the Subject: line. SA will run a variety of tests, including RBLs, RHSBLs, heuristics, Razor, Pyzor, custom filters you create or can download off of the net, Bayesian filtering, and a ton more. Len's basic scripts will at least block the stuff that is so ridiculous as to not even be considered for delivery (spammers that forge your IP address in the HELLO should never be allowed to send you mail, and you will get hundreds of those a day). Imail does some nice stuff, but I am starting to look at it more and more as a POP3 and final destination server, rather than something I would use alone to fight spam. If nothing else, why subject your main mail server to dictionary attacks, viruses, DOS attacks, port scans, or have to expend its CPU on chewing through an increasing number of rules, or store a bunch of spam that no one really wants to see? Any old *nix box (or two) will improve your server's performance markedly, and shave as much as 50% off of your bandwidth costs. The cost is cheap. The software is free. It works significantly better and is way more stable. You will need to get your "hands dirty" an learn a little about Linux/FreeBSD and Postfix, but not much. It's certainly been worth it to me. William Van Hefner Network Administrator Vantek Communications, Inc. e-mail: [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mike Odryna > Sent: Friday, September 16, 2005 6:50 AM > To: [email protected] > Subject: [IMail Forum] User configurable spam filter > > > I was looking through the archives for a solution where as > SPAM is sent to the SPAM folder in the users account. The > user then can periodically check that folder for false > positives and have the ability to mark the mail as good or > bad which ever the case may be. > > It was stated that Declude has this functionality already > built in. Can someone confirm that? And it does, can you > post some screen shots on how it looks when setup. > > Thanks in advance. > > Mike Odryna > Owner > LakeSpeed.Com > http://www.lakespeed.com > (603)635-8700 > > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
