Re: [qmailtoaster] blacklist question

Mon, 11 Dec 2006 09:14:16 -0800 

Erol KAHRAMAN wrote:
> hi,
> my blacklists file is as follow;
> -r sbl-xbl.spamhaus.org <http://sbl-xbl.spamhaus.org> -r bl.spamcop.net
> <http://bl.spamcop.net> -r relays.ordb.org <http://relays.ordb.org> -r
> dnsbl.antispam.or.id <http://dnsbl.antispam.or.id> -r opm.blitzed.org
> <http://opm.blitzed.org> -r list.dsbl.org <http://list.dsbl.org> -r
> cbl.abuseat.org <http://cbl.abuseat.org>
> 
> and my smtp/run file is;
> 
> #!/bin/sh
> QMAILDUID=`id -u vpopmail`
> NOFILESGID=`id -g vpopmail`
> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> BLACKLIST=`cat /var/qmail/control/blacklists`
> SMTPD="/var/qmail/bin/qmail-smtpd"
> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
> RBLSMTPD="/usr/bin/rblsmtpd"
> HOSTNAME=`hostname`
> VCHKPW="/home/vpopmail/bin/vchkpw"
> 
> exec /usr/bin/softlimit -m 12000000 \
>      /usr/bin/tcpserver -v -p -R -H -l $HOSTNAME -x $TCP_CDB -c
> "$MAXSMTPD" \
>      -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
>      $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 2>&1
> 
> All on my qmail box is ok. But i am not sure does it check for spammers.
> When i run tcpdump i cannot see any traffic to these rbl servers. How
> can i test, does it realy check or not ?
> -- 
> Erol KAHRAMAN
> System Network Administrator

1) RBLs typically catch >50% of spam. You should see '451' messages in smtp
log such as:
12-11 10:06:38 rblsmtpd: 72.77.239.170 pid 22049: 451
http://www.spamhaus.org/query/bl?ip=72.77.239.170
# grep rblsmtpd /var/log/qmail/smtp/current | tai64nlocal | less
should show them to you.

2) If you don't see any rblsmtpd messages,
# ps -ef | grep rblsmtpd
vpopmail 21880 23330  0 Dec10 ?        00:00:01 /usr/bin/tcpserver -v -R -H
-l doris -x /etc/tcprules.d/tcp.smtp.cdb -c 100 -u 89 -g 89 0 smtp
/usr/bin/rblsmtpd -r sbl-xbl.spamhaus.org -r bl.spamcop.net -r
relays.ordb.org -r dnsbl.antispam.or.id -r opm.blitzed.org -r list.dsbl.org
-r cbl.abuseat.org /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw
/bin/true
This shows what the exec command expanded into. You should see your
blacklists expanded there.

3) If #2 looks ok and you're not seeing log messages, you likely have a DNS
problem.

Let us know.

Tip: Use qmlog command (part of qmailtoaster-plus package) for easy log viewing.


-- 
-Eric 'shubes'

---------------------------------------------------------------------
     QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to