Re: [courier-users] using dnsbl in maildroprc
Daniel, On Tue 20/Nov/2012 12:56:38 +0100 Sam Varshavchik wrote: cour...@devloop.de writes: Just another question: Alessandro was talking about embedded mode of maildrop. I have seen in the documentation that this mode is enabled by -m or -M option. But where I have to set this option? Is it DEFAULTDELIVERY in courierd? I thought DEFAULTDELIVERY is started after mail is already accepted? Start by reading the localmailfilter(7) man page. The first line of the synopsis, in particular, tells you how courier learns what executable to run as a local filter. As the doc says, you may consider as purely coincidental the fact that the same executable can work as a delivery agent as well. It takes a bit of a set up, and some trial-and-error. For testing, you can place a script there. See, for example: http://www.mail-archive.com/courier-users@lists.sourceforge.net/msg34694.html (the issue there is that SUID doesn't work as expected, for scripts) -- -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] using dnsbl in maildroprc
Hi, Lindsay Haisley writes: On Mon, 2012-11-19 at 19:16 -0500, Sam Varshavchik wrote: Why all that work? I was going to say that, Sam, but this answer is so simple I thought I must be missing something :P May I decide to drop out more information. But nevertheless, I hate grep'ing logfiles. My two cents is that it doesn't look very smart. I already have the information of blocking by DNSBL at the time courier gets the mail. Why gather them a second time by parsing logfiles? What I do here is as follows: Hard shortened that. I just want to say that this was very usefull to me. Thanks. Just another question: Alessandro was talking about embedded mode of maildrop. I have seen in the documentation that this mode is enabled by -m or -M option. But where I have to set this option? Is it DEFAULTDELIVERY in courierd? I thought DEFAULTDELIVERY is started after mail is already accepted? As you may noticed I do not really understand the mail processing of courier ;) Is there a kind of flow diagram? Ain't Unix wonderful? ;) Yes, I agree. There is alway at least one way ;) thanks and regards Daniel -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] using dnsbl in maildroprc
cour...@devloop.de writes: Just another question: Alessandro was talking about embedded mode of maildrop. I have seen in the documentation that this mode is enabled by -m or -M option. But where I have to set this option? Is it DEFAULTDELIVERY in courierd? I thought DEFAULTDELIVERY is started after mail is already accepted? Start by reading the localmailfilter(7) man page. It takes a bit of a set up, and some trial-and-error. pgpEBAOE6Wcgf.pgp Description: PGP signature -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] using dnsbl in maildroprc
Hi, I guess I have some understanding problems of the -block option. I want to use a standard DNSBL to drop spam. But I also want to count the hits by the DNSBL. My idea was to use maildroprc to run an external program and then block the mail. Thus I have added the following option to esmtpd: BLACKLISTS=-block=ix.dnsbl.manitu.net,BLOCK_DNSBL_MANITU As far as I have understood BLOCK_DNSBL_MANITU is an environment variable which gets set if the sender IP is listed in the DNSBL. Now I did the following in maildroprc: import BLOCK_DNSBL_MANITU if ( $BLOCK_DNSBL_MANITU ) But that did not work. The if was always false. How do I use BLOCK_DNSBL_MANITU in maildroprc? What is it initialized with? Is it initialized with the result of the TXT record query on the DNSBL? regards Daniel PS: Yes, I used search engines. But looking for courier block dnsbl or something similar is... well... it is simply painfull :) -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] using dnsbl in maildroprc
On Mon 19/Nov/2012 19:58:43 +0100 courier wrote: BLACKLISTS=-block=ix.dnsbl.manitu.net,BLOCK_DNSBL_MANITU That looks fine to me. As far as I have understood BLOCK_DNSBL_MANITU is an environment variable which gets set if the sender IP is listed in the DNSBL. Now I did the following in maildroprc: import BLOCK_DNSBL_MANITU if ( $BLOCK_DNSBL_MANITU ) But that did not work. The if was always false. How do I use BLOCK_DNSBL_MANITU in maildroprc? Recall maildrop is also invoked for delivery. maildroprc runs after mail has been accepted. You want the embedded mode. What is it initialized with? Is it initialized with the result of the TXT record query on the DNSBL? Yes, since you don't provide a message. hth -- -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] using dnsbl in maildroprc
cour...@devloop.de writes: Hi, I guess I have some understanding problems of the -block option. I want to use a standard DNSBL to drop spam. But I also want to count the hits by the DNSBL. My idea was to use maildroprc to run an external program and then block the mail. Why all that work? Just block the email, and run a script that greps your /var/log/maillog, and adds everything up. The error messages should be trivial to identify, by DNSBL. pgpV2pi66eV3G.pgp Description: PGP signature -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] using dnsbl in maildroprc
On Mon, 2012-11-19 at 19:16 -0500, Sam Varshavchik wrote: cour...@devloop.de writes: Hi, I guess I have some understanding problems of the -block option. I want to use a standard DNSBL to drop spam. But I also want to count the hits by the DNSBL. My idea was to use maildroprc to run an external program and then block the mail. Why all that work? Just block the email, and run a script that greps your /var/log/maillog, and adds everything up. The error messages should be trivial to identify, by DNSBL. I was going to say that, Sam, but this answer is so simple I thought I must be missing something :P What I do here is as follows: in esmtpd, I have: BLACKLISTS=-block=cbl.abuseat.org,BLOCK2 -block=dnsbl.njabl.org,BLOCK3 -block etc.. The .mailfilters/rcptfilter file for every virtual mail account contains an include for a per-domain file, domainspampolicy, which in turn contains an include for /etc/courier/globalspampolicy. globalspampolicy contains a series of stanzas such as: import BLOCK2 if ( $BLOCK2 ne ) { echo $BLOCK2 (BL-2) EXITCODE=1 exit } import BLOCK3 if ( $BLOCK3 ne ) { echo $BLOCK3 (BL-3) EXITCODE=1 exit } etc... So every log entry for blocked emails has a (BL-?) tag in it identifying the BL in which the originating address was found. This helps identify the advisory blacklist for each entry in the final report. Every day, for every user who wants a report on blocked email, root runs a cron job as follows: zcat /var/log/mail.log.1.gz | cat - /var/log/mail.log | grep 'error,relay'|grep ' 511 '|grep domain.org | /usr/local/sbin/prettylog.pl | mailx -sBlocked Email Summary from FMP ad...@domain.org domain.org and ad...@domian.org are creative redactions from a real example :) prettylog.pl is a perl script, as follows: #!/usr/bin/perl ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) = localtime(time - (60 * 60 * 24)); $month = (Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec)[$mon]; $day = sprintf(%s %2.2s, $month, $mday); $day = $ARGV[0] if $ARGV[0]; $year += 1900; $format = %-16s %-5s %-16s %-57.55s %-30s %s\n; print EOF; The following emails were refused blah, blah, (something semi-intelligent about the following report). BLOCKED EMAIL SUMMARY - $day, $year EOF printf($format, DATE, LIST, SERVER IP, FROM, TO, REASON); printf($format, , , -, , --, --); $count = 0; while (STDIN) { next if (!($_ =~ /$day/)); $_ =~ /(... .. ..:..:..) .*? courieresmtpd: error,relay=(.*?),.*?from=(.*?).*?,to=(.*?): 511 (.*?)(?: \(BL-(.)\)){0,1}$/; $mdate = $1; $ip = $2; $from = $3; $to = $4; $reason = $5; $bl = $6; printf($format, $mdate, $bl, $ip, $from, $to, $reason); $count++; } printf(\nA total of %s probable spam emails were blocked during the last 24 hours.\n, $count); So each user who wants one gets a report of their blocked emails, identifying which BL service tagged it followed by a total of blocked emails. You can morph the script to do pretty much anything you want to, such as listing and summarizing only DNSBL hits, or just sending the system admin a DNSBL hit count. Ain't Unix wonderful? ;) -- Lindsay Haisley | We have met the enemy and he is us. FMP Computer Services | 512-259-1190 | -- Pogo http://www.fmp.com| -- Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov ___ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users