Re: [qmailtoaster] Re: spam emails

[remo]

Create a rule in spamdyke that should work. 

> Il giorno 2 lug 2020, alle ore 22:07, ChandranManikandan  
> ha scritto:
> 
> 
> Hi Friends,
> 
> Any luck to  block permanently or how to tight the spam rules.
> Any help is appreciated.
> 
>> On Wed, Jul 1, 2020 at 3:21 PM ChandranManikandan  wrote:
>> Hi Folks,
>> 
>> All of our employees received the same spam emails below like that.
>> Do you have any idea how to block that?
>> I have tried to block in spamassassin but still received the message.
>> Could anyone help me?
>> 
>>A file has been shared with u...@example.com using a 
>> secure Sharepoint link
>> 
>> 
>>  
>> 
>> Date: 01/07/2020
>> 
>> .
>>  
>> Access Files 
>> 
>> -- 
>> Regards,
>> Manikandan.C
> 
> 
> -- 
> Regards,
> Manikandan.C
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam emails

[remo]

I run them all. This is on the user level the spamdyke and spamassassin are at 
the smtp level. You will be fine to run them. 

> Il giorno 13 mag 2020, alle ore 21:33, ChandranManikandan  
> ha scritto:
> 
> 
> Hi Eric & Remo,
> 
> I have installed dspam package with the below step for my domain.
> Install Dspam:
> wget https://raw.githubusercontent.com/qmtoaster/dspam/master/dspamdb.sh
> chmod 755 dspamdb.sh
> ./dpsamdb.sh
> After install do i need to follow the below steps for server side filter.
> # cd /home/vpopmail/domains/example.com/user
> # wget https://raw.githubusercontent.com/qmtoaster/dspam/master/.qmail
> # wget 
> https://raw.githubusercontent.com/qmtoaster/dspam/master/.mailfilter.dspam
> # chown vpopmail:vchkpw .qmail
> # chown vpopmail:vchkpw .mailfilter.dspam
> # chmod 600 .qmail
> # chmod 600 .mailfilter.dspam
> Any conflict happened if i install dspam, because already had spamdyke & 
> spamassassin on my server.
> Could you advise
> 
> 
>> On Wed, May 13, 2020 at 10:14 PM  wrote:
>> The website has the instructions please check if you get stuck I will be 
>> happy to help. 
>> 
>> Remo
>> 
 Il giorno 13 mag 2020, alle ore 01:33, ChandranManikandan 
  ha scritto:
 
>>> 
>>> Hi Eric,
>>> 
>>> How do i install dspam and blocked spam emails in dspam.
>>> Can you help me.
>>> 
 On Tue, May 12, 2020 at 11:45 AM Eric Broch  
 wrote:
 I use Dspam myself, but for clients I spec out a paid service like 
 Sonicwall. I know of someone else who uses Barracuda.
 
 On 5/11/2020 8:31 PM, ChandranManikandan wrote:
> Hi Friends,
> 
> Anyone help me.
> 
> On Mon, May 11, 2020 at 12:15 PM ChandranManikandan  
> wrote:
>> Hi Friends,
>> 
>> I have blocked spam emails in blacklist_sender of spamdyke and local.cf 
>> of spamassassin and subject, body wise.But still repeated emails are 
>> coming with different domain emails.how to tighten the spam emails and 
>> blocked.
>> 
>> 
>> spamdyke.conf
>> dns-blacklist-entry=bl.spamcop.net
>> graylist-dir=/var/spamdyke/graylist
>> graylist-level=none
>> graylist-max-secs=2678400
>> graylist-min-secs=180
>> greeting-delay-secs=8
>> header-blacklist-entry=From:*>,*<*
>> idle-timeout-secs=60
>> ip-blacklist-file=/etc/spamdyke/blacklist_ip
>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
>> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
>> ip-whitelist-file=/etc/spamdyke/whitelist_ip
>> qmail-rcpthosts-file=/var/qmail/control/rcpthosts
>> #qmail-rcpthosts-file=/var/qmail/control/qmail-morercpthosts-cdb
>> log-level=info
>> max-recipients=50
>> #policy-url=http://my.policy.explanation.url/
>> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
>> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
>> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
>> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
>> reject-empty-rdns
>> reject-ip-in-cc-rdns
>> reject-sender=no-mx
>> reject-unresolvable-rdns
>> sender-blacklist-file=/etc/spamdyke/blacklist_senders
>> sender-whitelist-file=/etc/spamdyke/whitelist_senders
>> tls-certificate-file=/var/qmail/control/servercert.pem
>> tls-level=smtp
>> 
>> local.cf
>> ok_locales all
>> skip_rbl_checks 0
>> 
>> required_hits 5.0
>> report_safe 0
>> #rewrite_header Subject [SPAM]
>> 
>> use_pyzor 0
>> 
>> ok_languages all
>> 
>> use_auto_whitelist 0
>> 
>> use_bayes 1
>> use_bayes_rules 1
>> bayes_auto_learn 1
>> use_razor2 0
>> use_dcc 0
>> 
>> 
>> -- 
>> Regards,
>> Manikandan.C
> 
> 
> -- 
> Regards,
> Manikandan.C
>>> 
>>> 
>>> -- 
>>> Regards,
>>> Manikandan.C
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 
> 
> -- 
> Regards,
> Manikandan.C
-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam emails

[Eric Broch]

https://raw.githubusercontent.com/qmtoaster/dspam/master/readme.txt.

I use server side filter per user (If you've enabled dspam for a domain) 
.mailfilter.dspam and .qmail file on github 
(https://github.com/qmtoaster/dspam), maildrop must be installed.


I also use training scripts and run them hourly also on github (above)

Eric

On 5/13/2020 2:33 AM, ChandranManikandan wrote:

Hi Eric,

How do i install dspam and blocked spam emails in dspam.
Can you help me.

On Tue, May 12, 2020 at 11:45 AM Eric Broch > wrote:


I use Dspam myself, but for clients I spec out a paid service like
Sonicwall. I know of someone else who uses Barracuda.

On 5/11/2020 8:31 PM, ChandranManikandan wrote:

Hi Friends,

Anyone help me.

On Mon, May 11, 2020 at 12:15 PM ChandranManikandan
mailto:kand...@gmail.com>> wrote:

Hi Friends,

I have blocked spam emails in blacklist_sender of spamdyke
and local.cf  of spamassassin and subject,
body wise.But still repeated emails are coming with different
domain emails.how to tighten the spam emails and blocked.


spamdyke.conf
dns-blacklist-entry=bl.spamcop.net 
graylist-dir=/var/spamdyke/graylist
graylist-level=none
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=8
header-blacklist-entry=From:*>,*<*
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
qmail-rcpthosts-file=/var/qmail/control/rcpthosts
#qmail-rcpthosts-file=/var/qmail/control/qmail-morercpthosts-cdb
log-level=info
max-recipients=50
#policy-url=http://my.policy.explanation.url/
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
reject-empty-rdns
reject-ip-in-cc-rdns
reject-sender=no-mx
reject-unresolvable-rdns
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp

local.cf 
ok_locales all
skip_rbl_checks 0

required_hits 5.0
report_safe 0
#rewrite_header Subject [SPAM]

use_pyzor 0

ok_languages all

use_auto_whitelist 0

use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
use_razor2 0
use_dcc 0


-- 
*/Regards,

Manikandan.C
/*



-- 
*/Regards,

Manikandan.C
/*




--
*/Regards,
Manikandan.C
/*

Re: [qmailtoaster] Re: Spam emails

[ChandranManikandan]

Hi Eric,

How do i install dspam and blocked spam emails in dspam.
Can you help me.

On Tue, May 12, 2020 at 11:45 AM Eric Broch  wrote:

> I use Dspam myself, but for clients I spec out a paid service like
> Sonicwall. I know of someone else who uses Barracuda.
> On 5/11/2020 8:31 PM, ChandranManikandan wrote:
>
> Hi Friends,
>
> Anyone help me.
>
> On Mon, May 11, 2020 at 12:15 PM ChandranManikandan 
> wrote:
>
>> Hi Friends,
>>
>> I have blocked spam emails in blacklist_sender of spamdyke and local.cf
>> of spamassassin and subject, body wise.But still repeated emails are coming
>> with different domain emails.how to tighten the spam emails and blocked.
>>
>>
>> spamdyke.conf
>> dns-blacklist-entry=bl.spamcop.net
>> graylist-dir=/var/spamdyke/graylist
>> graylist-level=none
>> graylist-max-secs=2678400
>> graylist-min-secs=180
>> greeting-delay-secs=8
>> header-blacklist-entry=From:*>,*<*
>> idle-timeout-secs=60
>> ip-blacklist-file=/etc/spamdyke/blacklist_ip
>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
>> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
>> ip-whitelist-file=/etc/spamdyke/whitelist_ip
>> qmail-rcpthosts-file=/var/qmail/control/rcpthosts
>> #qmail-rcpthosts-file=/var/qmail/control/qmail-morercpthosts-cdb
>> log-level=info
>> max-recipients=50
>> #policy-url=http://my.policy.explanation.url/
>> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
>> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
>> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
>> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
>> reject-empty-rdns
>> reject-ip-in-cc-rdns
>> reject-sender=no-mx
>> reject-unresolvable-rdns
>> sender-blacklist-file=/etc/spamdyke/blacklist_senders
>> sender-whitelist-file=/etc/spamdyke/whitelist_senders
>> tls-certificate-file=/var/qmail/control/servercert.pem
>> tls-level=smtp
>>
>> local.cf
>> ok_locales all
>> skip_rbl_checks 0
>>
>> required_hits 5.0
>> report_safe 0
>> #rewrite_header Subject [SPAM]
>>
>> use_pyzor 0
>>
>> ok_languages all
>>
>> use_auto_whitelist 0
>>
>> use_bayes 1
>> use_bayes_rules 1
>> bayes_auto_learn 1
>> use_razor2 0
>> use_dcc 0
>>
>>
>> --
>>
>>
>> *Regards, Manikandan.C *
>>
>
>
> --
>
>
> *Regards, Manikandan.C *
>
>

-- 


*Regards,Manikandan.C*

Re: [qmailtoaster] Re: Spam emails

[Tahnan Al Anas]

Thanks!

On Tue, 12 May 2020, 12:39 pm Eric Broch,  wrote:

> rpm -e --nodeps httpd
>
> yum install httpd
>
>
> On 5/12/2020 12:37 AM, Tahnan Al Anas wrote:
>
> Hi Eric,
>
> How we can remove specific service such as httpd and reinstall it? I have
> found if I go to remove httpd, php, vqadmin and some more service need to
> uninstall
>
>
>
> --
> --
>
> Best Regards
> Muhammad Tahnan Al Anas
>
>
> On Tue, May 12, 2020 at 9:44 AM Eric Broch 
> wrote:
>
>> I use Dspam myself, but for clients I spec out a paid service like
>> Sonicwall. I know of someone else who uses Barracuda.
>> On 5/11/2020 8:31 PM, ChandranManikandan wrote:
>>
>> Hi Friends,
>>
>> Anyone help me.
>>
>> On Mon, May 11, 2020 at 12:15 PM ChandranManikandan 
>> wrote:
>>
>>> Hi Friends,
>>>
>>> I have blocked spam emails in blacklist_sender of spamdyke and local.cf
>>> of spamassassin and subject, body wise.But still repeated emails are coming
>>> with different domain emails.how to tighten the spam emails and blocked.
>>>
>>>
>>> spamdyke.conf
>>> dns-blacklist-entry=bl.spamcop.net
>>> graylist-dir=/var/spamdyke/graylist
>>> graylist-level=none
>>> graylist-max-secs=2678400
>>> graylist-min-secs=180
>>> greeting-delay-secs=8
>>> header-blacklist-entry=From:*>,*<*
>>> idle-timeout-secs=60
>>> ip-blacklist-file=/etc/spamdyke/blacklist_ip
>>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
>>> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
>>> ip-whitelist-file=/etc/spamdyke/whitelist_ip
>>> qmail-rcpthosts-file=/var/qmail/control/rcpthosts
>>> #qmail-rcpthosts-file=/var/qmail/control/qmail-morercpthosts-cdb
>>> log-level=info
>>> max-recipients=50
>>> #policy-url=http://my.policy.explanation.url/
>>> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
>>> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
>>> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
>>> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
>>> reject-empty-rdns
>>> reject-ip-in-cc-rdns
>>> reject-sender=no-mx
>>> reject-unresolvable-rdns
>>> sender-blacklist-file=/etc/spamdyke/blacklist_senders
>>> sender-whitelist-file=/etc/spamdyke/whitelist_senders
>>> tls-certificate-file=/var/qmail/control/servercert.pem
>>> tls-level=smtp
>>>
>>> local.cf
>>> ok_locales all
>>> skip_rbl_checks 0
>>>
>>> required_hits 5.0
>>> report_safe 0
>>> #rewrite_header Subject [SPAM]
>>>
>>> use_pyzor 0
>>>
>>> ok_languages all
>>>
>>> use_auto_whitelist 0
>>>
>>> use_bayes 1
>>> use_bayes_rules 1
>>> bayes_auto_learn 1
>>> use_razor2 0
>>> use_dcc 0
>>>
>>>
>>> --
>>>
>>>
>>> *Regards, Manikandan.C *
>>>
>>
>>
>> --
>>
>>
>> *Regards, Manikandan.C *
>>
>>

Re: [qmailtoaster] Re: Spam emails

[Eric Broch]

rpm -e --nodeps httpd

yum install httpd


On 5/12/2020 12:37 AM, Tahnan Al Anas wrote:

Hi Eric,

How we can remove specific service such as httpd and reinstall it? I 
have found if I go to remove httpd, php, vqadmin and some more service 
need to uninstall




--
--

Best Regards
Muhammad Tahnan Al Anas


On Tue, May 12, 2020 at 9:44 AM Eric Broch > wrote:


I use Dspam myself, but for clients I spec out a paid service like
Sonicwall. I know of someone else who uses Barracuda.

On 5/11/2020 8:31 PM, ChandranManikandan wrote:

Hi Friends,

Anyone help me.

On Mon, May 11, 2020 at 12:15 PM ChandranManikandan
mailto:kand...@gmail.com>> wrote:

Hi Friends,

I have blocked spam emails in blacklist_sender of spamdyke
and local.cf  of spamassassin and subject,
body wise.But still repeated emails are coming with different
domain emails.how to tighten the spam emails and blocked.


spamdyke.conf
dns-blacklist-entry=bl.spamcop.net 
graylist-dir=/var/spamdyke/graylist
graylist-level=none
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=8
header-blacklist-entry=From:*>,*<*
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
qmail-rcpthosts-file=/var/qmail/control/rcpthosts
#qmail-rcpthosts-file=/var/qmail/control/qmail-morercpthosts-cdb
log-level=info
max-recipients=50
#policy-url=http://my.policy.explanation.url/
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
reject-empty-rdns
reject-ip-in-cc-rdns
reject-sender=no-mx
reject-unresolvable-rdns
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp

local.cf 
ok_locales all
skip_rbl_checks 0

required_hits 5.0
report_safe 0
#rewrite_header Subject [SPAM]

use_pyzor 0

ok_languages all

use_auto_whitelist 0

use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
use_razor2 0
use_dcc 0


-- 
*/Regards,

Manikandan.C
/*



-- 
*/Regards,

Manikandan.C
/*

Re: [qmailtoaster] Re: Spam emails

[Tahnan Al Anas]

Hi Eric,

How we can remove specific service such as httpd and reinstall it? I have
found if I go to remove httpd, php, vqadmin and some more service need to
uninstall



--
--

Best Regards
Muhammad Tahnan Al Anas


On Tue, May 12, 2020 at 9:44 AM Eric Broch  wrote:

> I use Dspam myself, but for clients I spec out a paid service like
> Sonicwall. I know of someone else who uses Barracuda.
> On 5/11/2020 8:31 PM, ChandranManikandan wrote:
>
> Hi Friends,
>
> Anyone help me.
>
> On Mon, May 11, 2020 at 12:15 PM ChandranManikandan 
> wrote:
>
>> Hi Friends,
>>
>> I have blocked spam emails in blacklist_sender of spamdyke and local.cf
>> of spamassassin and subject, body wise.But still repeated emails are coming
>> with different domain emails.how to tighten the spam emails and blocked.
>>
>>
>> spamdyke.conf
>> dns-blacklist-entry=bl.spamcop.net
>> graylist-dir=/var/spamdyke/graylist
>> graylist-level=none
>> graylist-max-secs=2678400
>> graylist-min-secs=180
>> greeting-delay-secs=8
>> header-blacklist-entry=From:*>,*<*
>> idle-timeout-secs=60
>> ip-blacklist-file=/etc/spamdyke/blacklist_ip
>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
>> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
>> ip-whitelist-file=/etc/spamdyke/whitelist_ip
>> qmail-rcpthosts-file=/var/qmail/control/rcpthosts
>> #qmail-rcpthosts-file=/var/qmail/control/qmail-morercpthosts-cdb
>> log-level=info
>> max-recipients=50
>> #policy-url=http://my.policy.explanation.url/
>> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
>> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
>> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
>> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
>> reject-empty-rdns
>> reject-ip-in-cc-rdns
>> reject-sender=no-mx
>> reject-unresolvable-rdns
>> sender-blacklist-file=/etc/spamdyke/blacklist_senders
>> sender-whitelist-file=/etc/spamdyke/whitelist_senders
>> tls-certificate-file=/var/qmail/control/servercert.pem
>> tls-level=smtp
>>
>> local.cf
>> ok_locales all
>> skip_rbl_checks 0
>>
>> required_hits 5.0
>> report_safe 0
>> #rewrite_header Subject [SPAM]
>>
>> use_pyzor 0
>>
>> ok_languages all
>>
>> use_auto_whitelist 0
>>
>> use_bayes 1
>> use_bayes_rules 1
>> bayes_auto_learn 1
>> use_razor2 0
>> use_dcc 0
>>
>>
>> --
>>
>>
>> *Regards, Manikandan.C *
>>
>
>
> --
>
>
> *Regards, Manikandan.C *
>
>

Re: [qmailtoaster] Re: Spam emails

[Eric Broch]

I use Dspam myself, but for clients I spec out a paid service like 
Sonicwall. I know of someone else who uses Barracuda.


On 5/11/2020 8:31 PM, ChandranManikandan wrote:

Hi Friends,

Anyone help me.

On Mon, May 11, 2020 at 12:15 PM ChandranManikandan > wrote:


Hi Friends,

I have blocked spam emails in blacklist_sender of spamdyke and
local.cf  of spamassassin and subject, body
wise.But still repeated emails are coming with different domain
emails.how to tighten the spam emails and blocked.


spamdyke.conf
dns-blacklist-entry=bl.spamcop.net 
graylist-dir=/var/spamdyke/graylist
graylist-level=none
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=8
header-blacklist-entry=From:*>,*<*
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
qmail-rcpthosts-file=/var/qmail/control/rcpthosts
#qmail-rcpthosts-file=/var/qmail/control/qmail-morercpthosts-cdb
log-level=info
max-recipients=50
#policy-url=http://my.policy.explanation.url/
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
reject-empty-rdns
reject-ip-in-cc-rdns
reject-sender=no-mx
reject-unresolvable-rdns
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp

local.cf 
ok_locales all
skip_rbl_checks 0

required_hits 5.0
report_safe 0
#rewrite_header Subject [SPAM]

use_pyzor 0

ok_languages all

use_auto_whitelist 0

use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
use_razor2 0
use_dcc 0


-- 
*/Regards,

Manikandan.C
/*



--
*/Regards,
Manikandan.C
/*

RE: [qmailtoaster] Re: ***SPAM***[ds] RE: [qmailtoaster] Qmail reject email from several domain Reason TIMEOUT

[marek]

I don’t have any error in logs. The error appear in outlook or other email
client when I try send test mail. I think is the authentication reason. But
I don’t see any advice in logs L 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 11:18 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: ***SPAM***[ds] RE: [qmailtoaster] Qmail reject
email from several domain Reason TIMEOUT

 

In what log are you getting the error?

 

On 11/8/2016 12:38 PM, ma...@demod.pl wrote:

The  TLS test on   https://www.checktls.com/
works for me ok without error. Even on old qmail-smtpd with spamdyke. But I
can recive emai from dupont.com only on patched qmail-smtpd. But on patched
qmail-smtpd I can’t send any mail. In outlook I have error . no
authentication method is supported by the server. In log file I don’t have
any info even I run excessive log. What I do wrong L

 

From: ma...@demod.pl [mailto:ma...@demod.pl] 
Sent: Tuesday, November 08, 2016 4:34 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Forgive me if i lamer . i'am afraid i don’t have knowledge enough

I download netqmail 1.06 from qmail.org site. Just apply
netqmail-1.05-tls-20060104.patch by patch < netqmail-1.05-tls-20060104.patch
and compile by make. Next copy new compiled qmail-smtpd to may  ./qmail/bin
directory and restart qmailctl

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Tuesday, November 08, 2016 3:59 PM
To: qmailtoaster-list@qmailtoaster
 .com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

I apologize for my ignorance of this (TLS) feature inherent in the
Qmailtoaster package. In fact your setup should be able to negotiate a TLS
connection if the client utilizes STARTTLS over the SMTP.

I tested my own setup (stock qmailtoaster) here:
(https://www.checktls.com/). And it seems to work, and I do have Spamdyke in
place although it does not test complete delivery.

"But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)"

Are you using stock qmailtoaster setup?

Eric

 

 

On 11/7/2016 4:06 PM, ma...@demod.pl wrote:

Thx a lot for you help

When i compile and replace qmail-smtpd and qmail-remote, mails from
dupont.com come without problem.

But I can’t send mail from my server. no authentication method is supported
by the server. when I try through the web I have message: 502 unimplemented
(#5.5.1)

And another trouble. The log file smtp is very poor L I don’t know why. I
thing is some compilation option.
when I copy old smtpd back. Log file is ok and can send mail but no recive
from dupont.com

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 07, 2016 11:09 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Qmail reject email from several domain Reason
TIMEOUT

 

Marek,

OK, It seems that the older version of this patch
(netqmail-1.06-tls-20160918.patch) is already implemented on the current
Qmailtoaster package, but I'm not sure how to implement it or how to stop
SPAMDYKE from blocking it.

This is the version used now:

http://inoa.net/qmail-tls/netqmail-1.05-tls-20060104.patch

The claim in the qmailtoaster patch (qmailtoaster-1.3.2.patch), below, is
that it has been used successfully since 1999.

"This patch implements RFC 3207 (was RFC 2487) in qmail.
This means you can get SSL or TLS encrypted and
authenticated SMTP between the MTAs and from MUA to MTA.
The code is considered experimental (but has worked for
many since its first release on 1999-03-21)."

If anyone has any information on this please chime in.

Thanks

Eric

 

 

On 11/7/2016 12:10 PM, Eric Broch wrote:

I think this (http://inoa.net/qmail-tls/) is the patch you're looking for.
I'll check into it when I have a little time.

Explanation of the patch @ http://www.memoryhole.net/qmail/#starttls  :

SSL (STARTTLS)

SMTP transmits email unencrypted. Other than privacy concerns, this is not
typically a problem. However, if you use SMTP AUTH, you are sending your
username and password across the network in plain text (which is easy for a
hacker or spammer to extract if they wanted to). The solution is to use
encryption in SMTP — in other words, make qmail support the STARTTLS ESMTP
extension. Frederik Vermeulen wrote a patch to get it to work. It adds one
minor step to the compilation of qmail: you must create a server certificate
(run make cert before running make setup check). Also, you must create a
cron job to rebuild the certs daily (because otherwise, over time, an
attacker could figure out what they are). Commonly, when someone indicates
that they want qmail to support SSL/STARTTLS they will be referred to a
project like mailfront 

RE: [qmailtoaster] Re: ***SPAM***[ds] RE: [qmailtoaster] Qmail reject email from several domain Reason TIMEOUT

[marek]

104.47.42.63 is the client of my client (this is a dupont.com server. I
don’t have any idea why he use TLS to port 25.  I don’t any chance to do
something with 104.47.42.63 server

The 104.47.42.63 don’t know any passwords. They send an email for my client.
On my server (192.168.0.95 is local ip of my server)  I don’t know I
understand correct what are You mean. L

 

 

From: Eric Broch [mailto:ebr...@whitehorsetc.com] 
Sent: Monday, November 07, 2016 5:29 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: ***SPAM***[ds] RE: [qmailtoaster] Qmail reject
email from several domain Reason TIMEOUT

 

Again, I ask, is there a reason that they (104.47.42.63) are using TLS to
connect to port 25 and transfer email to your server (192.168.0.25)   :
See "encryption: TLS" in your log (below).

Again, why are they using TLS to connect to your server over port 25 for
standard email transfer???

This is the problem and the reason for the error! 

Someone correct me if I'm missing something.

If they (104.47.42.63) know the username and password of the recipient on
your server (192.168.0.95) you can use authentication--qmail allows for
this, but why would you do it that way? This is only for internal--your
network--forwarding of messages to another server. You would not do it this
way unless you were willing to give them individual account information and
they were willing to set up rules. They would then forward to port 587.

 

On 11/7/2016 7:09 AM, ma...@demod.pl wrote:

Hi, 

 

This is my recordio log  for rejecting session. Where is the problem?

Is there any way to configure my server to allow this mail?

 

Log bellow:

 

2016-11-07 12:09:28.629740500 16889 <
þ}ínî¼Í4^D<89>-®¬<8a>Ì<96>!Éw^W|~6äÅ9¹^LS£<88><91>s·ï<8d>¤[Ý<9d>ë÷ÙPå^P<93>0
gÎ<90>zЯ®þseß^]Ê<9b><9f>3¢^_¶G^N<9d><90>^T<86>^T<9f>ýÂd5o<92>a4ÅøOêÛ<9d>¢pa
QÁ[¿^CÍrzJø<8c>^Lcí^\ÅÂj-2=Bc"E^K^Oêk^W!¢µSk8^\w<<9e>^Cjú<85>Ì0ö&ѧ·ÍuMS^A^]
Ý»üS^@¥<9c>+T'`]<82>lì<9e>

2016-11-07 14:50:34.334877500 tcpserver: pid 25891 from 104.47.42.63

2016-11-07 14:50:34.334965500 tcpserver: ok 25891
mail.x.pl:192.168.0.95:25 :104.47.42.63::36544

2016-11-07 14:50:41.242199500 25891 > 220 mail.x.pl - Welcome to Qmail
Toaster Ver. 1.3 SMTP Server ESMTP^M

2016-11-07 14:50:41.672305500 25891 < EHLO
NAM03-BY2-obe.outbound.protection.outlook.com^M

2016-11-07 14:50:41.672451500 25891 > 250-mail.x.pl - Welcome to Qmail
Toaster Ver. 1.3 SMTP Server^M

2016-11-07 14:50:41.672453500 25891 > 250-STARTTLS^M

2016-11-07 14:50:41.672454500 25891 > 250-PIPELINING^M

2016-11-07 14:50:41.672455500 25891 > 250-8BITMIME^M

2016-11-07 14:50:41.672469500 25891 > 250-SIZE 30971520^M

2016-11-07 14:50:41.672470500 25891 > 250 AUTH LOGIN PLAIN CRAM-MD5^M

2016-11-07 14:50:42.124968500 25891 < STARTTLS^M

2016-11-07 14:50:42.125148500 25891 > 220 Proceed.^M

2016-11-07 14:50:42.592265500 25891 < ^V^C^C^@t^A^@^@p^C^CX
<86>²ëx»å<94>ö»6<84>FÊ×pìTi<9c><9f><8e>ÅÅ>d`ù^XoÉ^@^@^RÀ(À'À^TÀ^S^@=^@<^@5^@
/^@

2016-11-07 14:50:42.592267500 25891 < ^A^@^@5^@

2016-11-07 14:50:42.592280500 25891 <
^@^F^@^D^@^X^@^W^@^K^@^B^A^@^@^M^@^T^@^R^F^A^F^C^D^A^E^A^B^A^D^C^E^C^B^C^B^B
^@#^@^@^@^W^@^@ÿ^A^@^A^@+

2016-11-07 14:50:42.625785500 25891 > ^V^C^A^@Q^B^@^@M^C^AX
<86>²^ZÞòM/Ñ×Ó<92>^?áÿUÍ?x^NÐ?;goc<8a>>LåÆ ^A|-
ó^[^@+(^])ÖÄg%ê<81>Ey^S¤d^Vª<83>8¤´iÐÚ<90>^@5^@^@^Eÿ^A^@^A^@^V^C^A^B<91>^K^@
^B<8d>^@^B<8a>^@^B<87>0<82>^B<83>0<82>^Aì^B ^@Ây¼ì:^T<9b>ô0^M^F
*<86>H<86>÷^M^A^A^E^E^@0<81><85>1^K0^F^CU^D^F^S^BPL1^R0^P^F^CU^D^H^S
Pomorskie1^O0^M^F^CU^D^G^S^FGdynia1^M0^K^F^CU^D

2016-11-07 14:50:42.625787500 25891 > ^S^DDEMO1^K0
^F^CU^D^K^S^BIT1^V0^T^F^CU^D^C^S^Mmail.x.pl1^]0^[^F *<86>H<86>÷^M^A
^A^V+

2016-11-07 14:50:42.625816500 25891 >
^Nmarek@x.pl0^^^W^M161012175446Z^W^M171012175446Z0
 <81><85>1^K0^F^CU^D^F^S^BPL1^R0^P^F^CU^D^H^S
Pomorskie1^O0^M^F^CU^D^G^S^FGdynia1^M0^K^F^CU^D

2016-11-07 14:50:42.625818500 25891 > ^S^DDEMO1^K0
^F^CU^D^K^S^BIT1^V0^T^F^CU^D^C^S^Mmail.x.pl1^]0^[^F *<86>H<86>÷^M^A
^A^V^Nmarek@x.pl0
 <81><9f>0^M^F
*<86>H<86>÷^M^A^A^A^E^@^C<81><8d>^@0<81><89>^B<81><81>^@<97>W8ñ¾­Õ:Ðbì<91>µÙ
Íà^X^Y?<94><9a>ª|jfÍ^Z5xä¥^GyÂkÈæ<8f>ÞåÒá<8b>-+

2016-11-07 14:50:42.625868500 25891 >
CI<87><98>Ѭå^TN^N<96>^\E^H^E<8e>6^Nä0ÃnÄ¿sF
Ä<8c>Á<94>^R<8f>Cíy©^Eæ<9e>8<93>OsÈG¤Éß^ZÖ^A^G¶^AV^R<9a>IZS^EJº
Å+í<82>k.O^\«Ç|<84>.^^?eK^E3^B^C^A^@^A0^M^F

*<86>H<86>÷^M^A^A^E^E^@^C<81><81>^@!/W<83>"<86>^°U»R^Xû³^]>s$4^W^Kó\<9a><8c>
^RS<84>6É5^Oð@qø<9a>T^]^T×<8c>^OÖy¥^SÍF<80><8f>_ÉÄ0H°X^UuµXIw#\iªu®"Ä^^WÊ^Tj
Ï<8a><9f>m¬è^M^P<92>Ä<81>Ìuì<8d>D)<86>u¸J¤<80>t.5¼2ø¦ï<84><96>#<98><86>&ñÌ°0
S4Â^Tõ/ÃV^T:^V^C^A^@^D^N^@^@^@+

2016-11-07 14:50:43.927166500 25891 <
^V^C^A^@<86>^P^@^@<82>^@<80>j^HXl<9c>ãâõ<92><9b><85>uVd^\<95>M£¸@ôá^E<8d>èp.

RE: [qmailtoaster] Re: SPAM Emails generating from server

[Amit Dalia]

Thanks Eric.
Even that is done.


Amit Dalia  


On 09/12/2013 09:02 PM, Amit Dalia wrote:
 I'm using roundcube webmail as well.

 Anyway I had already blacklisted 127.0.0.1 in my spamdyke 
 configuration and it worked.

 Thanks.

 Amit Dalia

You must have roundcube configured to authenticate then, right? If so, I
would recommend removing the 127.: line from tcp.smtp.

--
-Eric 'shubes'


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Re: SPAM Emails generating from server

[Amit Dalia]

I'm using roundcube webmail as well.

Anyway I had already blacklisted 127.0.0.1 in my spamdyke configuration and
it worked.

Thanks.

Amit Dalia  

-Original Message-
From: Eric Shubert [mailto:e...@shubes.net] 
Sent: 13 September 2013 06:42
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SPAM Emails generating from server

On 09/12/2013 05:20 AM, Amit wrote:
 Please find below SMTP log.

 2013-09-12 17:08:05.533459500 CHKUSER relaying rcpt: from 
 internalrevenueserv...@internalrevenue.org:: remote 
 User:unknown:127.0.0.1 rcpt onessaad...@yahoo.com 
 mailto:onessaad...@yahoo.com : client allowed to relay
 2013-09-12 17:08:05.533460500 policy_check: remote 
 internalrevenueserv...@internalrevenue.org
 mailto:internalrevenueserv...@internalrevenue.org - remote 
 onessaad...@yahoo.com mailto:onessaad...@yahoo.com (UNAUTHENTICATED
 SENDER)
 2013-09-12 17:08:05.533461500 policy_check: policy allows transmission
 2013-09-12 17:08:05.579302500 CHKUSER relaying rcpt: from 
 internalrevenueserv...@internalrevenue.org:: remote 
 User:unknown:127.0.0.1 rcpt oni...@yahoo.com 
 mailto:oni...@yahoo.com : client allowed to relay
 2013-09-12 17:08:05.579305500 policy_check: remote 
 internalrevenueserv...@internalrevenue.org
 mailto:internalrevenueserv...@internalrevenue.org - remote 
 oni...@yahoo.com mailto:oni...@yahoo.com (UNAUTHENTICATED SENDER)
 2013-09-12 17:08:05.579306500 policy_check: policy allows transmission
 2013-09-12 17:08:05.581583500 CHKUSER relaying rcpt: from 
 internalrevenueserv...@internalrevenue.org:: remote 
 User:unknown:127.0.0.1 rcpt opensky...@yahoo.com 
 mailto:opensky...@yahoo.com : client allowed to relay
 2013-09-12 17:08:05.581585500 policy_check: remote 
 internalrevenueserv...@internalrevenue.org
 mailto:internalrevenueserv...@internalrevenue.org - remote 
 opensky...@yahoo.com mailto:opensky...@yahoo.com (UNAUTHENTICATED 
 SENDER)
 2013-09-12 17:08:05.581586500 policy_check: policy allows transmission
 2013-09-12 17:08:05.663348500 CHKUSER relaying rcpt: from 
 internalrevenueserv...@internalrevenue.org:: remote 
 User:unknown:127.0.0.1 rcpt onurgo...@uaeu.ac.ae 
 mailto:onurgo...@uaeu.ac.ae : client allowed to relay
 2013-09-12 17:08:05.663352500 policy_check: remote 
 internalrevenueserv...@internalrevenue.org
 mailto:internalrevenueserv...@internalrevenue.org - remote 
 onurgo...@uaeu.ac.ae mailto:onurgo...@uaeu.ac.ae (UNAUTHENTICATED 
 SENDER)
 2013-09-12 17:08:05.663353500 policy_check: policy allows transmission


 Such spam emails are getting generated from server.
 Where do I look for source of the same? What will happen if I 
 blacklist
 127.0.0.1 IP in spamdyke?

 Regards,

 Amit

I would configure your squirrelmail to authenticate in
/etc/squirrelmail/config_local.php:

  # these are added so SM authenticates,
  # eliminating need for 127.: line in /etc/tcprules.d/tcp.smtp file
  $smtpServerAddress  = 'localhost';
  $smtpPort   = 587;
  $smtp_auth_mech = 'login';

and restart httpd:
# service httpd restart

Then remove the 127. line from /etc/tcprules.d/tcp.smtp file, and rebuild
the cdb file:
# qmailctl cdb

This will keep any rogue process on your host from using QMT as an open
relay. See if this fixes things, and we can go from there.

--
-Eric 'shubes'


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: SPAM so sick of it!

[Tony White]

Hi Eric,
  Yes Spamdyke is in use and here is the config in use...

dns-blacklist-entry=zen.spamhaus.org
#dns-blacklist-entry=bl.spamcop.net
#dns-blacklist-entry=cbl.abuseat.org
#dns-blacklist-entry=spamsources.fabel.dk
#dns-blacklist-entry=zombie.dnsbl.sorbs.net
#dns-blacklist-entry=dul.dnsbl.sorbs.net
#dns-blacklist-entry=bogons.cymru.com
graylist-dir=/var/spamdyke/graylist
graylist-level=always
graylist-max-secs=604800
graylist-min-secs=300
greeting-delay-secs=30
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
#ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
#ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
local-domains-file=/var/qmail/control/rcpthosts
log-level=info
log-target=stderr
max-recipients=20
policy-url=http://www.ycs.com.au/policy.php
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
reject-empty-rdns
#reject-missing-sender-mx
reject-unresolvable-rdns
#reject-ip-in-cc-rdns
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp

best wishes
  Tony White

On 16/07/2013 08:02, Eric Shubert wrote:


On 07/15/2013 10:07 AM, Tony White wrote:

Hi folks,
   I know you will probably think this is a small thing but my data bill
has grown
by 15GB per month over the last few months. Just watching the smtp log is
so frustrating as all but 1% of the connections result in actual mail
delivery.
Even then many of those connections result in spam.
   Can anyone please suggest how I can slow this down some more? Does
anyone actually disable smtp connections during any given time periods?
By this I mean it seems most of my spam arrives after midnight and goes
away at about 6am.

   Any ideas gratefully accepted.



I presume you're not using spamdyke. Spamdyke should easily block 80+%, 90+% in some cases. Heck, rbls alone should catch 
30% or so.


If you're not using spamdyke, install it. The qtp-install-spamdyke script takes care of everything for you. Spamdyke is 
slated to be included in the next stock QMT release (along with COS6 support).


If you are using spamdyke, please post your configuration file.




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam filter configuration change

[Giuseppe Perna]

thanks Eric for you replay

I now install spamdyke..
I could tell where they are inserted spam emails and how to release in the
event of a false positive?


thanks


2012/10/22 Eric Shubert e...@shubes.net

 On 10/22/2012 12:13 PM, Giuseppe Perna wrote:

 thanks for your replay.
 i wont install spamdyke
 1) I must first remove any software?


 No.


  2) I can proceed directly to the installation of spamdyke?


 Yes.


  3) I just run this command? # qtp-install-spamdyke


 Yes.
 You then need to restart qmail to activate it:
 # service qmail restart


  4) for configuration and change filters as you go along?


 Simply edit the /etc/spamdyke/spamdyke.conf file to suit your needs. The
 default configuration is a good start, and shouldn't need much if any
 tailoring.

 Once it's running, the
 # qmlog -f smtp
 command is handy to see what's going on. You'll see many spamdyke DENIED_
 messages. That's a good thing, as spamdyke typically rejects about 90% (on
 average) of what comes in.

 --
 -Eric 'shubes'



 2012/10/22 Eric Shubert e...@shubes.net mailto:e...@shubes.net


 You really should install spamdyke, Guiseppe. It will not impact the
 availability of your server, and will *drastically* improve spam
 rejections, as well as reducing the load on your server.

 --
 -Eric 'shubes'


 On 10/22/2012 10:06 AM, Giuseppe Perna wrote:

 Hello,
 thaks for you replay
 I noh spamdyke I installed and I can not install this software.
 the spam that I can be adjusted in any way?


 i read in the log this message:
 rblsmtpd: 69.64.42.16 pid 13125: 451
 
 http://www.spamhaus.org/query/**__bl?ip=69.64.42.16http://www.spamhaus.org/query/__bl?ip=69.64.42.16

 
 http://www.spamhaus.org/**query/bl?ip=69.64.42.16http://www.spamhaus.org/query/bl?ip=69.64.42.16
 


 Thanks


 2012/10/17 Aleksander Podsiadły a...@mniow.pl
 mailto:a...@mniow.pl mailto:a...@mniow.pl

 mailto:a...@mniow.pl


  Dnia 2012-10-17, śro o godzinie 16:24 +0200, Giuseppe Perna
 pisze:
How do I check if I use spamdyke?
I can not do the installation spamdyke in a production
 server.
thanks

  Something like:
  10-17 01:39:09 spamdyke[20707]: DENIED_RBL_MATCH from:
 dfter...@hotmail.com mailto:dfter...@hotmail.com
 mailto:dfter...@hotmail.com mailto:dfter...@hotmail.com to:
 s...@k888.tw mailto:s...@k888.tw
  mailto:s...@k888.tw mailto:s...@k888.tw origin_ip:
 114.42.128.176
  origin_rdns: 114-42-128-176.dynamic.hinet._**_net
 
 http://114-42-128-176.**dynamic.hinet.nethttp://114-42-128-176.dynamic.hinet.net
 
  
 http://114-42-128-176.__dynam**ic.hinet.nethttp://dynamic.hinet.net

 
 http://114-42-128-176.**dynamic.hinet.nethttp://114-42-128-176.dynamic.hinet.net
 auth: (unknown)
  encryption: (none) reason: zen.spamhaus.org
 http://zen.spamhaus.org http://zen.spamhaus.org



  IMHO you can do it and you should do it.

  --
  Pozdrawiam/Regards,
  mgr inż. Aleksander Podsiadły
  st. informatyk gminy
  Urząd Gminy w Mniowie
  ul. Centralna 9
  26-080 Mniów
  tel: +48 413737002 tel:%2B48%20413737002
 tel:%2B48%20413737002
  fax: +48 413737024 tel:%2B48%20413737024
 tel:%2B48%20413737024
  mail: a...@mniow.pl mailto:a...@mniow.pl
 mailto:a...@mniow.pl mailto:a...@mniow.pl
  jid: a...@jabber.mniow.pl mailto:a...@jabber.mniow.pl
 mailto:a...@jabber.mniow.pl mailto:a...@jabber.mniow.pl

  gg: 9150578



 --**__**
 --__-
  To unsubscribe, e-mail:
 qmailtoaster-list-unsubscribe@**__qmailtoaster.com
 
 mailto:qmailtoaster-list-**unsubscr...@qmailtoaster.comqmailtoaster-list-unsubscr...@qmailtoaster.com
 
  
 mailto:qmailtoaster-list-__**unsubscr...@qmailtoaster.comqmailtoaster-list-__unsubscr...@qmailtoaster.com

 
 mailto:qmailtoaster-list-**unsubscr...@qmailtoaster.comqmailtoaster-list-unsubscr...@qmailtoaster.com
 

  For additional commands, e-mail:
 qmailtoaster-list-help@__qmail**toaster.comhttp://qmailtoaster.com
 
 mailto:qmailtoaster-list-**h...@qmailtoaster.comqmailtoaster-list-h...@qmailtoaster.com
 
  
 mailto:qmailtoaster-list-__**h...@qmailtoaster.comqmailtoaster-list-__h...@qmailtoaster.com
 
 mailto:qmailtoaster-list-**h...@qmailtoaster.comqmailtoaster-list-h...@qmailtoaster.com
 




 --








 --**__**
 --__-
 To unsubscribe, e-mail:
 qmailtoaster-list-unsubscribe@**__qmailtoaster.com

 
 

Re: [qmailtoaster] Re: spam filter configuration change

[Giuseppe Perna]

Hello,
thaks for you replay
I noh spamdyke I installed and I can not install this software.
the spam that I can be adjusted in any way?


i read in the log this message:
rblsmtpd: 69.64.42.16 pid 13125: 451
http://www.spamhaus.org/query/bl?ip=69.64.42.16


Thanks


2012/10/17 Aleksander Podsiadły a...@mniow.pl

 Dnia 2012-10-17, śro o godzinie 16:24 +0200, Giuseppe Perna pisze:
  How do I check if I use spamdyke?
  I can not do the installation spamdyke in a production server.
  thanks

 Something like:
 10-17 01:39:09 spamdyke[20707]: DENIED_RBL_MATCH from:
 dfter...@hotmail.com to: s...@k888.tw origin_ip: 114.42.128.176
 origin_rdns: 114-42-128-176.dynamic.hinet.net auth: (unknown)
 encryption: (none) reason: zen.spamhaus.org

 IMHO you can do it and you should do it.

 --
 Pozdrawiam/Regards,
 mgr inż. Aleksander Podsiadły
 st. informatyk gminy
 Urząd Gminy w Mniowie
 ul. Centralna 9
 26-080 Mniów
 tel: +48 413737002
 fax: +48 413737024
 mail: a...@mniow.pl
 jid: a...@jabber.mniow.pl
 gg: 9150578


 -
 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




--

Re: [qmailtoaster] Re: spam filter configuration change

[Giuseppe Perna]

thanks for your replay.
i wont install spamdyke
1) I must first remove any software?
2) I can proceed directly to the installation of spamdyke?
3) I just run this command? # qtp-install-spamdyke
4) for configuration and change filters as you go along?
thanks


2012/10/22 Eric Shubert e...@shubes.net

 You really should install spamdyke, Guiseppe. It will not impact the
 availability of your server, and will *drastically* improve spam
 rejections, as well as reducing the load on your server.

 --
 -Eric 'shubes'


 On 10/22/2012 10:06 AM, Giuseppe Perna wrote:

 Hello,
 thaks for you replay
 I noh spamdyke I installed and I can not install this software.
 the spam that I can be adjusted in any way?


 i read in the log this message:
 rblsmtpd: 69.64.42.16 pid 13125: 451
 http://www.spamhaus.org/query/**bl?ip=69.64.42.16http://www.spamhaus.org/query/bl?ip=69.64.42.16


 Thanks


 2012/10/17 Aleksander Podsiadły a...@mniow.pl mailto:a...@mniow.pl


 Dnia 2012-10-17, śro o godzinie 16:24 +0200, Giuseppe Perna pisze:
   How do I check if I use spamdyke?
   I can not do the installation spamdyke in a production server.
   thanks

 Something like:
 10-17 01:39:09 spamdyke[20707]: DENIED_RBL_MATCH from:
 dfter...@hotmail.com mailto:dfter...@hotmail.com to: s...@k888.tw
 mailto:s...@k888.tw origin_ip: 114.42.128.176
 origin_rdns: 
 114-42-128-176.dynamic.hinet.**nethttp://114-42-128-176.dynamic.hinet.net
 
 http://114-42-128-176.**dynamic.hinet.nethttp://114-42-128-176.dynamic.hinet.net
 auth: (unknown)
 encryption: (none) reason: zen.spamhaus.org http://zen.spamhaus.org


 IMHO you can do it and you should do it.

 --
 Pozdrawiam/Regards,
 mgr inż. Aleksander Podsiadły
 st. informatyk gminy
 Urząd Gminy w Mniowie
 ul. Centralna 9
 26-080 Mniów
 tel: +48 413737002 tel:%2B48%20413737002
 fax: +48 413737024 tel:%2B48%20413737024
 mail: a...@mniow.pl mailto:a...@mniow.pl
 jid: a...@jabber.mniow.pl mailto:a...@jabber.mniow.pl

 gg: 9150578


 --**--**
 -
 To unsubscribe, e-mail:
 
 qmailtoaster-list-unsubscribe@**qmailtoaster.comqmailtoaster-list-unsubscr...@qmailtoaster.com
 
 mailto:qmailtoaster-list-**unsubscr...@qmailtoaster.comqmailtoaster-list-unsubscr...@qmailtoaster.com
 

 For additional commands, e-mail:
 
 qmailtoaster-list-help@**qmailtoaster.comqmailtoaster-list-h...@qmailtoaster.com
 
 mailto:qmailtoaster-list-**h...@qmailtoaster.comqmailtoaster-list-h...@qmailtoaster.com
 




 --








 --**--**-
 To unsubscribe, e-mail: 
 qmailtoaster-list-unsubscribe@**qmailtoaster.comqmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: 
 qmailtoaster-list-help@**qmailtoaster.comqmailtoaster-list-h...@qmailtoaster.com




--

Re: [qmailtoaster] Re: spam filter configuration change

[Giuseppe Perna]

thaks for you replay,
i read in the log this message:
rblsmtpd: 69.64.42.16 pid 13125: 451
http://www.spamhaus.org/query/bl?ip=69.64.42.16

How do I check if I use spamdyke?
I can not do the installation spamdyke in a production server.
thanks



2012/10/15 Eric Shubert e...@shubes.net

 On 10/15/2012 02:51 AM, Giuseppe Perna wrote:

 Good morning to all,
 I noticed recently that my server is receiving so much spam.
 How can I change the filters and increase the severity?
 I can make this change from the admin panel-toaster or do I have to
 change any configuration files?
 thanks

 --


 I presume you're not using spamdyke.

 Run
 # qtp-install-spamdyke
 to install it. Refer to the wiki for further into about spamdyke.

 --
 -Eric 'shubes'


 --**--**-
 To unsubscribe, e-mail: 
 qmailtoaster-list-unsubscribe@**qmailtoaster.comqmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: 
 qmailtoaster-list-help@**qmailtoaster.comqmailtoaster-list-h...@qmailtoaster.com




--

Re: [qmailtoaster] Re: spam filter configuration change

[Aleksander Podsiadły]

Dnia 2012-10-17, śro o godzinie 16:24 +0200, Giuseppe Perna pisze:
 How do I check if I use spamdyke?
 I can not do the installation spamdyke in a production server.
 thanks 

Something like:
10-17 01:39:09 spamdyke[20707]: DENIED_RBL_MATCH from:
dfter...@hotmail.com to: s...@k888.tw origin_ip: 114.42.128.176
origin_rdns: 114-42-128-176.dynamic.hinet.net auth: (unknown)
encryption: (none) reason: zen.spamhaus.org

IMHO you can do it and you should do it.

-- 
Pozdrawiam/Regards,
mgr inż. Aleksander Podsiadły
st. informatyk gminy
Urząd Gminy w Mniowie
ul. Centralna 9
26-080 Mniów
tel: +48 413737002
fax: +48 413737024
mail: a...@mniow.pl
jid: a...@jabber.mniow.pl
gg: 9150578


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam attack I cannot control.

[Tony White]

Hello Eric,
  See notes in text please...

best wishes
  Tony White




On 08/06/2012 03:58, Eric Shubert wrote:

On 06/07/2012 02:41 AM, Tony White wrote:

Hello,
I am sending from my yahoo account as my ip is in the spamcop system. Of
course
QMT uses spamcop therefore I am unable to send email from my normal account.
At this time I am experienceing a spam attack against a single email
address in one
of my domains.
The format is as follows...

CHKUSER accepted sender: from
escort...@9ether.com:va...@email.address.com: remote
static-mumbai.wnet.net.in:unkn etc..

I have had to disable the account to at least stem the flow of emails
but I do understand how
this kind of attack works. Firstly an invalid email address followed by
a valid one which
seems to guarantee delivery.


2 separate emails in one smtp session I take it? Hmmm.

When you say you disabled the account, is that the recipient account, or an 
authenticated sender account?


  Disabled the recipient account ie the valid one.


Is this normal? Has anyone else seen this and has a resolution? I would
appreciate
any and all help here.


I wouldn't consider it to be normal.


Also I seem to get chkuser accepted any recipient for this domain is
this linked to
this problem.


tcp.smtp contents might tell the story here.
What's in your tcp.smtp file?

127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private
125.168.12.213:allow,RELAYCLIENT=
125.168.15.237:allow,RELAYCLIENT=
:allow,CHKUSER_RCPTLIMIT=20,CHKUSER_WRONGRCPTLIMIT=20,DKSIGN=/var/qmail/control/domainkeys/%/private




Thank you all in advance...

Tony White



A full sample from your smtp log would be helpful. You can redact your domain(s) if you'd like, but try to leave the 
messages intact as much as possible. qmlog shows a nice format btw.


Are you running spamdyke? If not, installing it is the first thing I would do. I have yet to hear a good reason for not 
running spamdyke (although you may need to adjust the stock settings slightly for your situation). In addition to 
blocking 80+% of the spam, it will also lighten the load on your host.


On a side note, I don't know the cause, but it also seems to me that there are fewer spam attempts recently, compared to 
when I first installed spamdyke. Years ago it seemed like there was an smtp session active nearly every minute. Now 
several minutes may pass with no smtp activity. It's as though there are fewer spammers trying to send stuff. I'm not 
certain at all what the cause of this is, but I wonder if perhaps the spam lists are being cleaned of addresses that are 
undeliverable to spammers (which spamdyke rejections would appear to be). Spam lists would after all be more valuable 
with a higher degree of deliverability, so they do have an incentive to keep their lists clean. Just a thought.




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam attack I cannot control.

[Tony White]

Hi Eric,
  Update: At this stage I think it is email from a valid account.,
The owner of the account will be in later today and I will test
for virus/Trojans.

best wishes
  Tony White



On 08/06/2012 11:29, Tony White wrote:

Hello Eric,
  See notes in text please...

best wishes
  Tony White




On 08/06/2012 03:58, Eric Shubert wrote:

On 06/07/2012 02:41 AM, Tony White wrote:

Hello,
I am sending from my yahoo account as my ip is in the spamcop system. Of
course
QMT uses spamcop therefore I am unable to send email from my normal account.
At this time I am experienceing a spam attack against a single email
address in one
of my domains.
The format is as follows...

CHKUSER accepted sender: from
escort...@9ether.com:va...@email.address.com: remote
static-mumbai.wnet.net.in:unkn etc..

I have had to disable the account to at least stem the flow of emails
but I do understand how
this kind of attack works. Firstly an invalid email address followed by
a valid one which
seems to guarantee delivery.


2 separate emails in one smtp session I take it? Hmmm.

When you say you disabled the account, is that the recipient account, or an 
authenticated sender account?


  Disabled the recipient account ie the valid one.


Is this normal? Has anyone else seen this and has a resolution? I would
appreciate
any and all help here.


I wouldn't consider it to be normal.


Also I seem to get chkuser accepted any recipient for this domain is
this linked to
this problem.


tcp.smtp contents might tell the story here.
What's in your tcp.smtp file?

127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private
125.168.12.213:allow,RELAYCLIENT=
125.168.15.237:allow,RELAYCLIENT=
:allow,CHKUSER_RCPTLIMIT=20,CHKUSER_WRONGRCPTLIMIT=20,DKSIGN=/var/qmail/control/domainkeys/%/private




Thank you all in advance...

Tony White



A full sample from your smtp log would be helpful. You can redact your domain(s) if you'd like, but try to leave the 
messages intact as much as possible. qmlog shows a nice format btw.


Are you running spamdyke? If not, installing it is the first thing I would do. I have yet to hear a good reason for not 
running spamdyke (although you may need to adjust the stock settings slightly for your situation). In addition to 
blocking 80+% of the spam, it will also lighten the load on your host.


On a side note, I don't know the cause, but it also seems to me that there are fewer spam attempts recently, compared to 
when I first installed spamdyke. Years ago it seemed like there was an smtp session active nearly every minute. Now 
several minutes may pass with no smtp activity. It's as though there are fewer spammers trying to send stuff. I'm not 
certain at all what the cause of this is, but I wonder if perhaps the spam lists are being cleaned of addresses that are 
undeliverable to spammers (which spamdyke rejections would appear to be). Spam lists would after all be more valuable 
with a higher degree of deliverability, so they do have an incentive to keep their lists clean. Just a thought.




-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam attack I cannot control.

[Tony White]

Hello Eric,
  Inserted is a snippet of my log for last night.

-- log insert --
@40004fcb49a336ca19a4 CHKUSER accepted sender: from kenwri...@gmail.com:waver...@nnn.com.au: remote 
nnn.com.au;waver...@nnn.com.au:unknown:197.254.125.102 rcpt  : sender accepted

@40004fcb49a40059e1c4 tcpserver: end 30219 status 0
@40004fcb49a40059e5ac tcpserver: status: 3/100
@40004fcb49a43935030c CHKUSER relaying rcpt: from kenwri...@gmail.com:waver...@nnn.com.au: remote 
nnn.com.au;waver...@nnn.com.au:unknown:197.254.125.102 rcpt hofmann-zuha...@t-online.de : client allowed to relay

@40004fcb49a4393535d4 policy_check: local waver...@nnn.com.au - remote 
hofmann-zuha...@t-online.de (AUTHENTICATED SENDER)
@40004fcb49a43935ca44 policy_check: policy allows transmission
@40004fcb49a53b033b2c CHKUSER relaying rcpt: from kenwri...@gmail.com:waver...@nnn.com.au: remote 
nnn.com.au;waver...@nnn.com.au:unknown:197.254.125.102 rcpt hofmatth...@hotmail.com : client allowed to relay

@40004fcb49a53b03623c policy_check: local waver...@nnn.com.au - remote 
hofmatth...@hotmail.com (AUTHENTICATED SENDER)
@40004fcb49a53b03a4a4 policy_check: policy allows transmission
@40004fcb49a613fde5a4 tcpserver: end 30223 status 0
@40004fcb49a613fe08cc tcpserver: status: 2/100
@40004fcb49a702104454 CHKUSER relaying rcpt: from kenwri...@gmail.com:waver...@nnn.com.au: remote 
nnn.com.au;waver...@nnn.com.au:unknown:197.254.125.102 rcpt hof...@aol.com : client allowed to relay

@40004fcb49a702106f4c policy_check: local waver...@nnn.com.au - remote 
hof...@aol.com (AUTHENTICATED SENDER)
@40004fcb49a70210adcc policy_check: policy allows transmission
@40004fcb49a8033f8524 CHKUSER relaying rcpt: from kenwri...@gmail.com:waver...@nnn.com.au: remote 
nnn.com.au;waver...@nnn.com.au:unknown:197.254.125.102 rcpt hofn...@aol.com : client allowed to relay

@40004fcb49a8033fb404 policy_check: local waver...@nnn.com.au - remote 
hofn...@aol.com (AUTHENTICATED SENDER)
@40004fcb49a8033fee9c policy_check: policy allows transmission
--- log insert end 


best wishes
  Tony White




On 08/06/2012 11:44, Tony White wrote:

Hi Eric,
  Update: At this stage I think it is email from a valid account.,
The owner of the account will be in later today and I will test
for virus/Trojans.

best wishes
  Tony White



On 08/06/2012 11:29, Tony White wrote:

Hello Eric,
  See notes in text please...

best wishes
  Tony White




On 08/06/2012 03:58, Eric Shubert wrote:

On 06/07/2012 02:41 AM, Tony White wrote:

Hello,
I am sending from my yahoo account as my ip is in the spamcop system. Of
course
QMT uses spamcop therefore I am unable to send email from my normal account.
At this time I am experienceing a spam attack against a single email
address in one
of my domains.
The format is as follows...

CHKUSER accepted sender: from
escort...@9ether.com:va...@email.address.com: remote
static-mumbai.wnet.net.in:unkn etc..

I have had to disable the account to at least stem the flow of emails
but I do understand how
this kind of attack works. Firstly an invalid email address followed by
a valid one which
seems to guarantee delivery.


2 separate emails in one smtp session I take it? Hmmm.

When you say you disabled the account, is that the recipient account, or an 
authenticated sender account?


  Disabled the recipient account ie the valid one.


Is this normal? Has anyone else seen this and has a resolution? I would
appreciate
any and all help here.


I wouldn't consider it to be normal.


Also I seem to get chkuser accepted any recipient for this domain is
this linked to
this problem.


tcp.smtp contents might tell the story here.
What's in your tcp.smtp file?

127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private
125.168.12.213:allow,RELAYCLIENT=
125.168.15.237:allow,RELAYCLIENT=
:allow,CHKUSER_RCPTLIMIT=20,CHKUSER_WRONGRCPTLIMIT=20,DKSIGN=/var/qmail/control/domainkeys/%/private




Thank you all in advance...

Tony White



A full sample from your smtp log would be helpful. You can redact your domain(s) if you'd like, but try to leave the 
messages intact as much as possible. qmlog shows a nice format btw.


Are you running spamdyke? If not, installing it is the first thing I would do. I have yet to hear a good reason for not 
running spamdyke (although you may need to adjust the stock settings slightly for your situation). In addition to 
blocking 80+% of the spam, it will also lighten the load on your host.


On a side note, I don't know the cause, but it also seems to me that there are fewer spam attempts recently, compared 
to when I first installed spamdyke. Years ago it seemed like there was an smtp session active nearly every minute. Now 
several minutes may pass with no smtp activity. It's as though there are fewer spammers trying to send stuff. I'm not 
certain at all what the cause of this is, but I wonder if 

Re: [qmailtoaster] Re: SPAM learning

[Cecil Yother, Jr.]

On 10/04/2011 09:33 AM, Eric Shubert wrote:

On 10/03/2011 07:57 AM, Maxwell Smart wrote:

Good morning list,

Recently on the list there was discussion on how to take the e mail
addresses /characteristics of mail marked as spam from Thunderbird and
modify SA rules. I can't seem to find the notes on that.

1) Am I understanding that correctly?
2) Where might I find that reference?

CJ



I thought someone else might help out here, but no takers yet. :(

SA rules aren't actually modified. You're talking about the bayes 
database which SA uses to learn about what's spam and what's not. The 
sa-learn program updates the bayes database with tokens from spam 
messages, and ham messages. That way, it stores up characteristics of 
spam and ham, which helps it to decide whether a message is likely to 
be spam or not.


There are (static) rules then, which give normal points to messages 
based on the bayes probability. In order to weigh bayes scoring a 
little more heavily, I have modified these values in my local.cf file 
as follows:

# adjusting these scores gives bayes more weight
# commented values are the defaults
# score BAYES_00 0 0 -2.312 -2.599
# score BAYES_05 0 0 -1.110 -1.110
# score BAYES_20 0 0 -0.740 -0.740
# score BAYES_40 0 0 -0.185 -0.185
# score BAYES_50 0 0 0.001 0.001
# score BAYES_60 0 0 1.0 1.0
# score BAYES_80 0 0 2.0 2.0
# score BAYES_95 0 0 3.0 3.0
# score BAYES_99 0 0 3.5 3.5

score BAYES_00 0 0 -2.612 -2.899
score BAYES_05 0 0 -1.110 -1.110
score BAYES_20 0 0 -0.740 -0.740
score BAYES_40 0 0 -0.185 -0.185
score BAYES_50 0 0 0.001 0.001
score BAYES_60 0 0 1.5 1.5
score BAYES_80 0 0 3.0 3.0
score BAYES_95 0 0 4.0 4.0
score BAYES_99 0 0 5.1 5.1

HTH.


Can you use specific words or phrases?  If so where do you put those?


--
Cecil Yother, Jr. cj
cj's
2318 Clement Ave
Alameda, CA  94501

tel 510.865.2787 | http://yother.com
Check out the new Volvo classified resource http://www.volvoclassified.com


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Help

[Pak Ogah]

On 09/28/11 20:48, Eric Shubert wrote:

On 09/27/2011 08:50 PM, Pak Ogah wrote:

On 09/27/11 22:54, Mike Tirpak wrote:

...

Mike,
First of all make sure you installed Spamdyke which can easily catch 
spam

http://qtp.qmailtoaster.com/trac/wiki/Features#qtp-install-spamdyke
http://wiki.qmailtoaster.com/index.php/Spamdyke

then you can create a email account s...@domain.com and
nots...@domain.com for SA to learn
http://wiki.qmailtoaster.com/index.php/Spamassassin#Bayesian_Statistical_Scoring 



make sure your user bounce/redirect the spam not forwarding it
http://wiki.qmailtoaster.com/index.php/How_to_redirect/bounce_mail_for_sa-learn 




or you can enable Spam folder (IMAP which can be see by webmail and IMAP
client)
http://wiki.qmailtoaster.com/index.php/FAQs#I_upgraded_my_QmailToaster_to_the_latest_and_I_no_longer_have_the_.22Spam_Detection.22_box_in_Qmailadmin. 



so that your user can put spam message to it, and tell SA to learn it
and remove it
http://qtp.qmailtoaster.com/trac/wiki/Features#qtp-clean-spam

HTH

- 





Very nice reply, Pak. Should be on the wiki somewhere. ;)


it's on Wiki Eric,
that's why I just copy/paste the link :D


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Control

[Mike Tirpak]

Would that be the actual name of the account ( ex: 
catchacco...@mydomain.com) or catchall.acco...@mydomain.com?  I tried to 
use the actual name and that didn't work.


On 9/22/2011 1:25 AM, Eric Shubert wrote:

On 09/21/2011 08:55 PM, Pak Ogah wrote:

On 09/21/11 20:06, Mike Tirpak wrote:

Everyone,

I'm looking for a way to stop spamassassin from marking spam that goes
to the catchall account. My company uses that account for paging and
it adds unnecessary characters to the transmitting time. Short of
adding each account to simcontrol, what can I do to prevent this from
happening?


you add this line to /var/qmail/control/simcontrol
catchall.acco...@mydomain.com:clam=yes,spam=no,attach=.exe:.pif:.scr

after that execute
service qmail cdb

by doing this your catchall.acco...@mydomain.com account won't be
scanned for spam
detail see:
http://wiki.qmailtoaster.com/index.php/Simscan

- 



Are you sure about this? If email comes in addressed to 
x...@domain.com, won't it get scanned, then delivered to the catchall 
account?




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Control

[Mike Tirpak]

Yes, that is correct.  The catchall account is not addressed specifically.

On 9/22/2011 8:41 AM, Eric Shubert wrote:
Yes, the actual account name. You would need to run qmailctl cdb 
after changing this file in order to activate the change.


I believe the problem is, it would only work for email addressed 
specifically to the catchall account. Email addresses to non-existent 
account names would still be scanned, if I understand correctly.




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Control

[Mike Tirpak]

Easier said than done.  I am starting from the beginning.  I have never 
worked with sed scripts or have any idea how to get them to work with qmail.


On 9/22/2011 8:47 AM, Eric Shubert wrote:

On 09/21/2011 06:06 AM, Mike Tirpak wrote:

Everyone,

I'm looking for a way to stop spamassassin from marking spam that goes
to the catchall account. My company uses that account for paging and it
adds unnecessary characters to the transmitting time. Short of adding
each account to simcontrol, what can I do to prevent this from 
happening?


- 





So you'll want to strip off the tag in the subject line during 
delivery using a sed script in the .qmail file. I think that'll work 
nicely.




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Control

[Mike Tirpak]

I'm not familiar with sed.  Can you direct me to any documentation? 
Thanks for your help.


On 9/21/2011 10:21 AM, Eric Shubert wrote:

On 09/21/2011 06:06 AM, Mike Tirpak wrote:

Everyone,

I'm looking for a way to stop spamassassin from marking spam that goes
to the catchall account. My company uses that account for paging and it
adds unnecessary characters to the transmitting time. Short of adding
each account to simcontrol, what can I do to prevent this from 
happening?


- 



You might pass the messages through sed in the delivery process to 
remove the tag. Add the sed editing script in the the .qmail file 
(which controls delivery) for the catchall account.




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Re: SPAM Designation Option

[Michael J. Colvin]

I agree with Eric on the Spamdyke portion.  I was thinking the same thing,
but didn't have an answer for the SpamAssassin portion, so I didn't reply!
:-)

I run SpamDyke more for the benefit of my server.  The benefit for the
client is secondary.  If you disable it, your certainly going to increase
the load on your server, requiring, at some point, you to either upgrade
your server, or add another to handle the load.  

I'd second Eric's suggestion to simply not tell your client about SpamDyke
and leave it in place, or charge the client more to cover the extra
spam/mail your server is sure to get.

Mike

-Original Message-
From: Eric Shubert [mailto:e...@shubes.net] 
Sent: Tuesday, May 03, 2011 9:32 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: SPAM Designation Option

On 05/03/2011 09:07 AM, Dan McAllister wrote:
 Greetings QMail list...

 I am in the unenviable position of admitting that some of my QMail is FM
 to me (FM is f***ing magic or, in plainer terms I know it works,
 I just don't know how) -- and that has me in a bit of a quandary

 I host web  e-mail for some of my clients and I have a NEW customer,
 who has asked me to turn off the SpamAssassin ***SPAM*** insert in the
 subject line... in fact, he wants to turn off ALL SPAM blocking for his
 domain.

 So, how / where do I configure SpamAssassin (and SpamDyke, for that
 matter) to NOT process messages for his domain?

 Thanks in advance,

 Dan McAllister


For SA, add a record to the beginning of /var/qmail/control/simcontrol:
customdomain.com:clam=yes,spam=no
then run service qmail cdb.

Per-domain control in spamdyke is a little tricky. See spamdyke docs for 
that. Spamdyke false positives are practically nonexistent though, so 
you might want to just leave spamdyke active and not tell him about it. 
Then again, if he insists on receiving spam, I'd charge him extra for 
the load it'll cause on your server as well as the trouble of 
configuring spamdyke. ;)

-- 
-Eric 'shubes'



-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!

-
 Please visit qmailtoaster.com for the latest news, updates, and
packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: SPAM Designation Option

[Peter Peltonen]

Hi,

On Tue, May 3, 2011 at 7:31 PM, Eric Shubert e...@shubes.net wrote:
 that. Spamdyke false positives are practically nonexistent though, so you
 might want to just leave spamdyke active and not tell him about it. Then
 again, if he insists on receiving spam, I'd charge him extra for the load
 it'll cause on your server as well as the trouble of configuring spamdyke.
 ;)

Even if Spamdyke is correct, it does not mean that the end behaviour
is what the customer expects.

I have ran into issues where customers haven't received email they
were expecting because of Spamdyke rejecting a message because of
missing reserve dns. And it does not help telling the customer that
the sending server is not properly configured, if they can receive the
same email with their Gmail or some other account...

I have been playing around with an idea that I should create a page
for each customer where they could check the sending addresses for
denied messages. So if there is a real message denied I could then
offer an option to white list that mail server or sending address, so
that the customer could try contacting the sender again.

Best,
Peter

-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Re: SPAM Designation Option

[Joel Eddy]

I hear ya. I just ran into this yesterday as well.

What I did to correct the issue was to add the email address to the
/etc/spamdyke/whitelist_recipients file.

The recipients mail server was an exchange server(yuck bad word) but it used
postini to screen their spam.

The rDNS resolved back to postini and not what they had in their dns
records.

 

I finally just gave up trying to explain it and found I could add the
address to the spamdyke whitelist. Solved

It for me. And that way you not whitelisting and entire domain that could be
a spammer.

 

Hope that helps.

 

 

  _  

From: Peter Peltonen [mailto:peter.pelto...@gmail.com] 
Sent: Tuesday, May 03, 2011 12:38 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: SPAM Designation Option

 

Hi,

On Tue, May 3, 2011 at 7:31 PM, Eric Shubert e...@shubes.net wrote:
 that. Spamdyke false positives are practically nonexistent though, so you
 might want to just leave spamdyke active and not tell him about it. Then
 again, if he insists on receiving spam, I'd charge him extra for the load
 it'll cause on your server as well as the trouble of configuring spamdyke.
 ;)

Even if Spamdyke is correct, it does not mean that the end behaviour
is what the customer expects.

I have ran into issues where customers haven't received email they
were expecting because of Spamdyke rejecting a message because of
missing reserve dns. And it does not help telling the customer that
the sending server is not properly configured, if they can receive the
same email with their Gmail or some other account...

I have been playing around with an idea that I should create a page
for each customer where they could check the sending addresses for
denied messages. So if there is a real message denied I could then
offer an option to white list that mail server or sending address, so
that the customer could try contacting the sender again.

Best,
Peter


-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!

-
 Please visit qmailtoaster.com for the latest news, updates, and
packages.

  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com



  _  

No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1209 / Virus Database: 1500/3612 - Release Date: 05/03/11

RE: [qmailtoaster] Re: SPAM Designation Option

[Michael J. Colvin]

This is true, however a LARGE amount of spam is sent from IP's with no RDNS.
By not blocking those e-mails, you're certainly forcing your mail server to
deal with a MUCH larger amount of mail, most of which would be spam.  I
guess if you don't have a resource issue, and don't mind wasting resources
on handling spam, that may or may not be rejected by SpamAssassin down the
road, then that's fine.  

I agree that, if the customer wants the spam, I'm more than happy to let
them have it.  However, I won't do it at the detriment of other users.

If you've never had a Spam Attack, where your server is constantly
bombarded by spammers, then when you do, you'll wish you had SpamDyke.  :-)
When your server (Or the OP's server) is being hammered by a spammer, and
comes here to complain about how his server is overloaded and legit e-mail
is timing out because all of his SMTP ports are being bogarted, the first
suggestion is going to be Are you running SpamDyke.

And, yes... When a client is not getting e-mail because the sender's mail
server (Usually an internal Exchange server) does not have an RDNS, I tell
them that's why.  I even have a form e-mail I send them to send the blocked
person.  I've actually picked up several consulting gigs (Fixing their RDNS
issue) and spam filtering customers from this...

Lack of RDNS is becoming a much more common antispam check.  So, if you're
blocking it, others are also likely blocking it, and, in the end, the
offending server's admin is going to have to resolve the issue...

Mike

-Original Message-
From: Peter Peltonen [mailto:peter.pelto...@gmail.com] 
Sent: Tuesday, May 03, 2011 10:38 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: SPAM Designation Option

Hi,

On Tue, May 3, 2011 at 7:31 PM, Eric Shubert e...@shubes.net wrote:
 that. Spamdyke false positives are practically nonexistent though, so you
 might want to just leave spamdyke active and not tell him about it. Then
 again, if he insists on receiving spam, I'd charge him extra for the load
 it'll cause on your server as well as the trouble of configuring spamdyke.
 ;)

Even if Spamdyke is correct, it does not mean that the end behaviour
is what the customer expects.

I have ran into issues where customers haven't received email they
were expecting because of Spamdyke rejecting a message because of
missing reserve dns. And it does not help telling the customer that
the sending server is not properly configured, if they can receive the
same email with their Gmail or some other account...

I have been playing around with an idea that I should create a page
for each customer where they could check the sending addresses for
denied messages. So if there is a real message denied I could then
offer an option to white list that mail server or sending address, so
that the customer could try contacting the sender again.

Best,
Peter


-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!

-
 Please visit qmailtoaster.com for the latest news, updates, and
packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: SPAM Designation Option

[Dan McAllister]

Lack of rDNS records will cause messages to fail to MSN/Hotmail, and 
Yahoo! accounts (don't know about Gmail)... I'm not at all worried about 
the blocking of messages (the SPAM he doesn't see he won't bitch 
about)... he just didn't like the ***SPAM*** label behavior! BTW: I 
warned him that there would be an increase in SPAM -- we'll see how long 
it takes him to decide to turn SA back on!


Dan

On 5/3/2011 1:58 PM, Michael J. Colvin wrote:

This is true, however a LARGE amount of spam is sent from IP's with no RDNS.
By not blocking those e-mails, you're certainly forcing your mail server to
deal with a MUCH larger amount of mail, most of which would be spam.  I
guess if you don't have a resource issue, and don't mind wasting resources
on handling spam, that may or may not be rejected by SpamAssassin down the
road, then that's fine.

I agree that, if the customer wants the spam, I'm more than happy to let
them have it.  However, I won't do it at the detriment of other users.

If you've never had a Spam Attack, where your server is constantly
bombarded by spammers, then when you do, you'll wish you had SpamDyke.  :-)
When your server (Or the OP's server) is being hammered by a spammer, and
comes here to complain about how his server is overloaded and legit e-mail
is timing out because all of his SMTP ports are being bogarted, the first
suggestion is going to be Are you running SpamDyke.

And, yes... When a client is not getting e-mail because the sender's mail
server (Usually an internal Exchange server) does not have an RDNS, I tell
them that's why.  I even have a form e-mail I send them to send the blocked
person.  I've actually picked up several consulting gigs (Fixing their RDNS
issue) and spam filtering customers from this...

Lack of RDNS is becoming a much more common antispam check.  So, if you're
blocking it, others are also likely blocking it, and, in the end, the
offending server's admin is going to have to resolve the issue...

Mike

-Original Message-
From: Peter Peltonen [mailto:peter.pelto...@gmail.com]
Sent: Tuesday, May 03, 2011 10:38 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: SPAM Designation Option

Hi,

On Tue, May 3, 2011 at 7:31 PM, Eric Shuberte...@shubes.net  wrote:

that. Spamdyke false positives are practically nonexistent though, so you
might want to just leave spamdyke active and not tell him about it. Then
again, if he insists on receiving spam, I'd charge him extra for the load
it'll cause on your server as well as the trouble of configuring spamdyke.
;)

Even if Spamdyke is correct, it does not mean that the end behaviour
is what the customer expects.

I have ran into issues where customers haven't received email they
were expecting because of Spamdyke rejecting a message because of
missing reserve dns. And it does not help telling the customer that
the sending server is not properly configured, if they can receive the
same email with their Gmail or some other account...

I have been playing around with an idea that I should create a page
for each customer where they could check the sending addresses for
denied messages. So if there is a real message denied I could then
offer an option to white list that mail server or sending address, so
that the customer could try contacting the sender again.

Best,
Peter


-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and installations.
   If you need professional help with your setup, contact them today!

-
  Please visit qmailtoaster.com for the latest news, updates, and
packages.

   To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and installations.
   If you need professional help with your setup, contact them today!
-
  Please visit qmailtoaster.com for the latest news, updates, and packages.

   To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today

Re: [qmailtoaster] Re: ***SPAM*** RE: [qmailtoaster] Replication

[Scott Hughes]

On 4/18/11 7:30 PM, Eric Shubert wrote:

On 04/18/2011 03:00 PM, Scott Hughes wrote:

Yes, the path is correct. I double checked that. Also, I can run it from
the command line in any directory I am in just by typing “sync-qmail”.

Thanks,

Scott



What are you using to edit the crontab?
Have you tried restarting cron?


I have tried editing crontab in two ways:

1) crontab -e then restarting cron (service crond restart);

2) Using 'nano' to edit the /etc/crontab and then restarting cron 
(service crond restart)


I have to say that this one really has me stumped.  As best I can see 
everything is correct (syntax, paths, the script itself).  I am *sure* 
that I am missing something but I'm clueless as to what it is right now.


Thanks,
Scott


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Re: spam

[mattias]

O thanks!
Qmail-spam stop do it!

-Original Message-
From: Eric Shubert [mailto:e...@shubes.net] 
Sent: Saturday, March 05, 2011 11:52 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: spam


On 03/05/2011 03:34 PM, mattias wrote:
 I have set
 Spamd=no I /var/qmail/control/simscan
 Or if it whas spam=no
 But I still see spamd up when I do
 Qmailctl stat

 --
 ---

# qmailctl cdb
# touch /var/qmail/supervise/spamd/down
# qmail-spam stop

-- 
-Eric 'shubes'



-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!

-
 Please visit qmailtoaster.com for the latest news, updates, and
packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.

  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Assassasin

[Emmanuel Buamah]

--- On Thu, 12/23/10, Eric Shubert e...@shubes.net wrote:

From: Eric Shubert e...@shubes.net
Subject: [qmailtoaster] Re: Spam Assassasin
To: qmailtoaster-list@qmailtoaster.com
Date: Thursday, December 23, 2010, 3:44 AM

On 12/23/2010 06:39 AM, Emmanuel Buamah wrote:
 Hi All,
 
 I was installing qmail toaster on CentOS, though it is not my first
 time, but my first time of encoutering this error. When it got to
 spamassassin, during the compilation, I got this error:
 
 chmod: cannot access `/var/tmp/spamassassin-toaster-root/usr/bin/*': No
 such file or directory

This appears to be the problem, but I've no idea why there would be no files in 
this folder. Did something fail previous to this?

I don't use the install script any more, I use qtp-newmodel instead (no sense 
in maintaining any more scripts than necessary). See if that doesn't work for 
you.
-- -Eric 'shubes'


The same error is what I get when I tried the qtp-newmodel. So what are the 
options left.





-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
-
    Please visit qmailtoaster.com for the latest news, updates, and packages.
         To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com





  

Re: [qmailtoaster] Re: spam relaying

[David Milholen]

Yes, but only for the subnets I allow.
  The ones listed in my tcp.rules. This was ok when the network did not 
have over a 1000 users on it. Not everyone uses my domain for email that 
is on my network.
I have a rule on the gateway that stops all smtp traffic unless it is 
from my server only.


I did tell the customers to apply authentication and change their 
password and so far so good.

 I believe this has been resolved for now.

I just dont have any idea how many others on the net have it set.
I guess I will need to send out a block message to all the accounts on 
my domain and shut down 'no auth'.


I do not allow open relay from anyone outside of the subnets I list on 
the server. Only allow for those on listed subnets.


What is the best way to lock this down?

--Thanks
Dave

On 7/31/2010 9:17 PM, Eric Shubert wrote:

Jake Vickers wrote:

On 07/31/2010 01:35 PM, David Milholen wrote:

Hi All,
 I am sure some have seen this before in their smtp logs.

@40004c54490126e69094 CHKUSER relaying rcpt: from 
keithra...@gmail.com:: remote *User:unknown:63.147.8.197* rcpt 
zara-har...@hotmail.com : client allowed to relay
@40004c54490126ec513c spamdyke[1982]: ALLOWED from: 
keithra...@gmail.com to: zara-har...@hotmail.com origin_ip: 
63.147.8.197 origin_rdns: *can-63-147-8-197.wletc.com* auth: (unknown)


The Ip address belongs to my network but the hotmail and gmail 
accounts do not.
This looks like a customers' machine with a bad bot-net virus. I 
have shut off any access to the mail server for that customer but it 
seems to be reoccurring until I flush the dns.

It will not show up for a while then it starts again.

Is my Dns compromised?

What can I do to not accept User:unkown by using spamdyke or other 
methods?


Aren't you allowing anyone who has one fo your IPs to relay all they 
want in your tcp.smtp? If so, then there's not much you can do unless 
you want tighten up your network or force everything to be scanned.




Right. This is (one reason) why it's not a good idea to allow open 
(unauthenticated) relaying, even on your own network. Open relays are 
bad news. Always. (imo)




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam relaying

[David Milholen]

Correct me if I am wrong but in order for every to authenticate to the 
server all I need to do is remove some rules in my tcp.rules?

Here is what it looks like currently..

192.168.:deny
172.168.:deny

63.147.8.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1
63.147.9.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1
63.144.48.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1
65.121.158.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1
208.44.160.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,RBLSMTPD=,NOP0FCHECK=1

:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_ALLOW_SENDER_CHAR_3=/,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/sims$

This last line is for some cell carriers.. It may not be needed any 
longer but I do have a lot of customers starting to use their I-phones 
for logging in. They have no choice but to use authentication.
unless this could be a leak outside of my current list of subnets. 
Because it sure looks like it.


thanks
Dave


On 7/31/2010 9:17 PM, Eric Shubert wrote:

Jake Vickers wrote:

On 07/31/2010 01:35 PM, David Milholen wrote:

Hi All,
 I am sure some have seen this before in their smtp logs.

@40004c54490126e69094 CHKUSER relaying rcpt: from 
keithra...@gmail.com:: remote *User:unknown:63.147.8.197* rcpt 
zara-har...@hotmail.com : client allowed to relay
@40004c54490126ec513c spamdyke[1982]: ALLOWED from: 
keithra...@gmail.com to: zara-har...@hotmail.com origin_ip: 
63.147.8.197 origin_rdns: *can-63-147-8-197.wletc.com* auth: (unknown)


The Ip address belongs to my network but the hotmail and gmail 
accounts do not.
This looks like a customers' machine with a bad bot-net virus. I 
have shut off any access to the mail server for that customer but it 
seems to be reoccurring until I flush the dns.

It will not show up for a while then it starts again.

Is my Dns compromised?

What can I do to not accept User:unkown by using spamdyke or other 
methods?


Aren't you allowing anyone who has one fo your IPs to relay all they 
want in your tcp.smtp? If so, then there's not much you can do unless 
you want tighten up your network or force everything to be scanned.




Right. This is (one reason) why it's not a good idea to allow open 
(unauthenticated) relaying, even on your own network. Open relays are 
bad news. Always. (imo)




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam email routing query

[Martin Waschbuesch]

Ok, here is Timo's response to my question:

Am 11.07.2010 um 21:01 schrieb Timo Sirainen:

 On Sat, 2010-07-10 at 09:14 +0200, Martin Waschbuesch wrote:
 
 1.) Is there any danger regarding  maildir consistency in directly moving 
 mail items about?
 
 No. Assuming you use mv and not cp (and it's all in the same
 filesystem) so that the move is atomic.
 
 2.) Could I somehow use deliver to move the mails? I think I can recall that 
 other LDAs (maildrop?) allow for that? This would of course be preferred as 
 the maildir cache would also still be optimized after the operation.
 
 deliver -u user -m mailboxname could be used to save new mails. Maybe
 a save + delete would work too. I don't really think it's worth it.
 
 If anyone has any suggestions, I'd really appreciate this.
 
 See the antispam plugin:
 http://johannes.sipsolutions.net/Projects/dovecot-antispam

So, since I have not seen any issues with the way I do it (it is indeed mv and 
on same filesystem), I'll leave it as is.

Though, that does not explain why Andreas saw different behaviour?

Martin

Am 08.07.2010 um 21:12 schrieb Martin Waschbuesch:

 You know, sometimes I am just way too slow it seems. :-)
 
 Am 08.07.2010 um 20:29 schrieb Eric Shubert:
 
 I haven't looked at the deliver documentation much, let alone recently.
 I don't mean to sound like a broken record, but would you like to ask on the 
 dovecot list? (dove...@dovecot.org)
 That list has been pretty active lately, and the people there are very 
 helpful.
 
 -- 
 -Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.

  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam email routing query

[Andreas Galatis]

Hi.

My experience was only when I deleted files.
I think dovecot does not complain if there are new files in the folder, but if 
there are files missing, it complains.
I think it's normel that programs deliver mail into the folder, but normaly, 
whitout dovecot no file is deleted. So dovecot thinks there is missing s.th. 
and complains

I just tried out and deleted some mails in a Mailbox/cur Folder.
No problem.
I will investigate more on the error I had with my client and will tell 
you about the results.

Andreas


Am Montag, 12. Juli 2010 09:32:51 schrieb Martin Waschbuesch:
 Ok, here is Timo's response to my question:
 
 Am 11.07.2010 um 21:01 schrieb Timo Sirainen:
  On Sat, 2010-07-10 at 09:14 +0200, Martin Waschbuesch wrote:
  1.) Is there any danger regarding  maildir consistency in directly
  moving mail items about?
 
  No. Assuming you use mv and not cp (and it's all in the same
  filesystem) so that the move is atomic.
 
  2.) Could I somehow use deliver to move the mails? I think I can recall
  that other LDAs (maildrop?) allow for that? This would of course be
  preferred as the maildir cache would also still be optimized after the
  operation.
 
  deliver -u user -m mailboxname could be used to save new mails. Maybe
  a save + delete would work too. I don't really think it's worth it.
 
  If anyone has any suggestions, I'd really appreciate this.
 
  See the antispam plugin:
  http://johannes.sipsolutions.net/Projects/dovecot-antispam
 
 So, since I have not seen any issues with the way I do it (it is indeed mv
  and on same filesystem), I'll leave it as is.
 
 Though, that does not explain why Andreas saw different behaviour?
 
 Martin
 
 Am 08.07.2010 um 21:12 schrieb Martin Waschbuesch:
  You know, sometimes I am just way too slow it seems. :-)
 
  Am 08.07.2010 um 20:29 schrieb Eric Shubert:
  I haven't looked at the deliver documentation much, let alone recently.
  I don't mean to sound like a broken record, but would you like to ask on
  the dovecot list? (dove...@dovecot.org) That list has been pretty active
  lately, and the people there are very helpful.
 
 ---
 -- Qmailtoaster is sponsored by Vickers Consulting Group
  (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster
  support and installations. If you need professional help with your setup,
  contact them today!
  --
 --- Please visit qmailtoaster.com for the latest news, updates, and
  packages.
 
   To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands,
  e-mail: qmailtoaster-list-h...@qmailtoaster.com
 

-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam email routing query

[Andreas Galatis]

No, no vm, no nfs, all local

Andreas
Am Donnerstag, 8. Juli 2010 19:47:26 schrieb Jake Vickers:
 On 07/08/2010 12:58 PM, Andreas Galatis wrote:
  After having deleted some Mails and the user accesses the concerned
  folder via squirrelmail he gets a failure notice saying the
  imap-connection was interrupted.
  In the logs I see the error message saying time went back, therefore
  dovecot was stopped.
  The error message is false, time is not manipulated, I run ntpd on all
  servers. So I tried stopping the deleteoldmails script and have no more
  problems with the folders, neither with time going back.
  Since I use dovecot, my client can easily show all messages in the Folder
  and delete the oldest himself, through squirrelmail. With courier it was
  too slow to see large amount of Mails.
 
 Do you have the mailstore on an NFS volume, especially in conjunction
 with a VM of some type?
 
 ---
 -- Qmailtoaster is sponsored by Vickers Consulting Group
  (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster
  support and installations. If you need professional help with your setup,
  contact them today!
  --
 --- Please visit qmailtoaster.com for the latest news, updates, and
  packages.
 
   To unsubscribe, e-mail:
  qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands,
  e-mail: qmailtoaster-list-h...@qmailtoaster.com
 

-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam email routing query

[Martin Waschbuesch]

Interesting,

I have a script that does just that (move files about in the maildir) and it 
has not lead to problems yet. Though, I can definitely understand how it might 
be problematic. I gotta watch out for that.
If you want to be on the safe side, I guess Eric's suggestion of using 
dovecot's lda is the thing to do.

Martin

Am 08.07.2010 um 11:47 schrieb Andreas Galatis:

 Hi Eric,
 
 As far as I learned it is never a good idea to copy (or delete) messages 
 directly in the Maildir if you use dovecot.
 I had a script deleting old mails from a clients Maildir running via cron.
 The first day the script deleted old messages, the client could not access 
 the 
 last listpage from squirrelmail.
 I think the dovecot- index files where irritated because of missing files.
 At least you would have to delete the dovecot-files in the concerned 
 directory 
 (they will be rebuilt)
 
 Andreas
 Am Donnerstag, 8. Juli 2010 04:18:51 schrieb Eric Shubert:
 Rajesh M wrote:
 hi eric
 
 when the email arrives in the spam box its headers contained the
 delivered to email id in the header so my script will know where to
 which email id the message is to be delivered. so my concern about bcc is
 resolved.
 
 my second question is as such
 which would be better
 
 Define better. ;)
 
 Simply move the email from the centralized spambox to the inbox of that
 email id
 Or use the qmail-queue program to reroute the message back to the queue
 for delivery.
 
 As usual, there's more than one way.
 
 i don't want the email time stamps changed during this process.
 
 Which time stamps are you referring to?
 
 On further thinking about this, I wouldn't do either. If you have
 dovecot installed, I would use dovecot's deliver program. Otherwise, I'd
 use the maildrop program. You should realize though that at some point
 dovecot's lda (deliver) is likely going to replace maildrop. With either
 program, I don't expect you'd need to do any parsing of the message in
 your script - just pass it on to the lda. I could be wrong about this
 though.
 
 You could move the file to the appropriate inbox yourself and I believe
 that would work, but using the lda would be 'better'. The lda really
 should know what's going into the mailbox, for indexing and quota purposes.
 
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group 
 (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
 -
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
 
 


--
Corporation. An ingenious device for obtaining individual profit without 
individual responsibility.

Bierce, Ambrose


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.

  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam email routing query

[Andreas Galatis]

After having deleted some Mails and the user accesses the concerned folder
via squirrelmail he gets a failure notice saying the imap-connection was
interrupted.
In the logs I see the error message saying time went back, therefore
dovecot was stopped.
The error message is false, time is not manipulated, I run ntpd on all
servers. So I tried stopping the deleteoldmails script and have no more
problems with the folders, neither with time going back.
Since I use dovecot, my client can easily show all messages in the Folder
and delete the oldest himself, through squirrelmail. With courier it was
too slow to see large amount of Mails.


Andreas

 Yes, it can be problematic. At the same time though, dovecot is very
 robust, and is capable of recovering from inconsistencies such as this
 automatically (all by itself). I would expect performance hits when
 dovecot needs to rebuild indexes and such, but I would not expect a
 failure of any kind. If it fails, I'd consider it a bug (and I expect
 Timo the author would as well).

 If you run into problems however, I think Andreas's remedy of deleting
 the dovecot-files should indeed clear things up. I'd try to check first
 though to be sure that dovecot isn't in the middle of rebuilding things
 already. Not sure how I'd do that off hand (ps?/lsof?).
 --
 -Eric 'shubes'

 Martin Waschbuesch wrote:
 Interesting,

 I have a script that does just that (move files about in the maildir)
 and it has not lead to problems yet. Though, I can definitely understand
 how it might be problematic. I gotta watch out for that.
 If you want to be on the safe side, I guess Eric's suggestion of using
 dovecot's lda is the thing to do.

 Martin

 Am 08.07.2010 um 11:47 schrieb Andreas Galatis:

 Hi Eric,

 As far as I learned it is never a good idea to copy (or delete)
 messages
 directly in the Maildir if you use dovecot.
 I had a script deleting old mails from a clients Maildir running via
 cron.
 The first day the script deleted old messages, the client could not
 access the
 last listpage from squirrelmail.
 I think the dovecot- index files where irritated because of missing
 files.
 At least you would have to delete the dovecot-files in the concerned
 directory
 (they will be rebuilt)

 Andreas
 Am Donnerstag, 8. Juli 2010 04:18:51 schrieb Eric Shubert:
 Rajesh M wrote:
 hi eric

 when the email arrives in the spam box its headers contained the
 delivered to email id in the header so my script will know where to
 which email id the message is to be delivered. so my concern about
 bcc is
 resolved.

 my second question is as such
 which would be better
 Define better. ;)

 Simply move the email from the centralized spambox to the inbox of
 that
 email id
 Or use the qmail-queue program to reroute the message back to the
 queue
 for delivery.
 As usual, there's more than one way.

 i don't want the email time stamps changed during this process.
 Which time stamps are you referring to?

 On further thinking about this, I wouldn't do either. If you have
 dovecot installed, I would use dovecot's deliver program. Otherwise,
 I'd
 use the maildrop program. You should realize though that at some point
 dovecot's lda (deliver) is likely going to replace maildrop. With
 either
 program, I don't expect you'd need to do any parsing of the message in
 your script - just pass it on to the lda. I could be wrong about this
 though.

 You could move the file to the appropriate inbox yourself and I
 believe
 that would work, but using the lda would be 'better'. The lda really
 should know what's going into the mailbox, for indexing and quota
 purposes.

 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
 installations.
  If you need professional help with your setup, contact them today!
 -
 Please visit qmailtoaster.com for the latest news, updates, and
 packages.

  To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com




 --
 Corporation. An ingenious device for obtaining individual profit
 without individual responsibility.

 Bierce, Ambrose


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help 

Re: [qmailtoaster] Re: spam email routing query

[Martin Waschbuesch]

I never have such problems with e.g. horde or Mail on Mac OS X.
Could that be IMAP client-related as well? But then I am investigating how to 
replace my manual  operations with dovecot's deliver. I don't want to end up 
having such problems as well.

Martin

Am 08.07.2010 um 18:58 schrieb Andreas Galatis:

 After having deleted some Mails and the user accesses the concerned folder
 via squirrelmail he gets a failure notice saying the imap-connection was
 interrupted.
 In the logs I see the error message saying time went back, therefore
 dovecot was stopped.
 The error message is false, time is not manipulated, I run ntpd on all
 servers. So I tried stopping the deleteoldmails script and have no more
 problems with the folders, neither with time going back.
 Since I use dovecot, my client can easily show all messages in the Folder
 and delete the oldest himself, through squirrelmail. With courier it was
 too slow to see large amount of Mails.
 
 
 Andreas
 
 Yes, it can be problematic. At the same time though, dovecot is very
 robust, and is capable of recovering from inconsistencies such as this
 automatically (all by itself). I would expect performance hits when
 dovecot needs to rebuild indexes and such, but I would not expect a
 failure of any kind. If it fails, I'd consider it a bug (and I expect
 Timo the author would as well).
 
 If you run into problems however, I think Andreas's remedy of deleting
 the dovecot-files should indeed clear things up. I'd try to check first
 though to be sure that dovecot isn't in the middle of rebuilding things
 already. Not sure how I'd do that off hand (ps?/lsof?).
 --
 -Eric 'shubes'
 
 Martin Waschbuesch wrote:
 Interesting,
 
 I have a script that does just that (move files about in the maildir)
 and it has not lead to problems yet. Though, I can definitely understand
 how it might be problematic. I gotta watch out for that.
 If you want to be on the safe side, I guess Eric's suggestion of using
 dovecot's lda is the thing to do.
 
 Martin
 
 Am 08.07.2010 um 11:47 schrieb Andreas Galatis:
 
 Hi Eric,
 
 As far as I learned it is never a good idea to copy (or delete)
 messages
 directly in the Maildir if you use dovecot.
 I had a script deleting old mails from a clients Maildir running via
 cron.
 The first day the script deleted old messages, the client could not
 access the
 last listpage from squirrelmail.
 I think the dovecot- index files where irritated because of missing
 files.
 At least you would have to delete the dovecot-files in the concerned
 directory
 (they will be rebuilt)
 
 Andreas
 Am Donnerstag, 8. Juli 2010 04:18:51 schrieb Eric Shubert:
 Rajesh M wrote:
 hi eric
 
 when the email arrives in the spam box its headers contained the
 delivered to email id in the header so my script will know where to
 which email id the message is to be delivered. so my concern about
 bcc is
 resolved.
 
 my second question is as such
 which would be better
 Define better. ;)
 
 Simply move the email from the centralized spambox to the inbox of
 that
 email id
 Or use the qmail-queue program to reroute the message back to the
 queue
 for delivery.
 As usual, there's more than one way.
 
 i don't want the email time stamps changed during this process.
 Which time stamps are you referring to?
 
 On further thinking about this, I wouldn't do either. If you have
 dovecot installed, I would use dovecot's deliver program. Otherwise,
 I'd
 use the maildrop program. You should realize though that at some point
 dovecot's lda (deliver) is likely going to replace maildrop. With
 either
 program, I don't expect you'd need to do any parsing of the message in
 your script - just pass it on to the lda. I could be wrong about this
 though.
 
 You could move the file to the appropriate inbox yourself and I
 believe
 that would work, but using the lda would be 'better'. The lda really
 should know what's going into the mailbox, for indexing and quota
 purposes.
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and
 installations.
 If you need professional help with your setup, contact them today!
 -
Please visit qmailtoaster.com for the latest news, updates, and
 packages.
 
 To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com
 
 
 
 
 --
 Corporation. An ingenious device for obtaining individual profit
 without individual responsibility.
 
 Bierce, Ambrose
 
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
 installations.
  If you need 

Re: [qmailtoaster] Re: spam email routing query

[Jake Vickers]

On 07/08/2010 12:58 PM, Andreas Galatis wrote:

After having deleted some Mails and the user accesses the concerned folder
via squirrelmail he gets a failure notice saying the imap-connection was
interrupted.
In the logs I see the error message saying time went back, therefore
dovecot was stopped.
The error message is false, time is not manipulated, I run ntpd on all
servers. So I tried stopping the deleteoldmails script and have no more
problems with the folders, neither with time going back.
Since I use dovecot, my client can easily show all messages in the Folder
and delete the oldest himself, through squirrelmail. With courier it was
too slow to see large amount of Mails.
   


Do you have the mailstore on an NFS volume, especially in conjunction 
with a VM of some type?


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam email routing query

[Martin Waschbuesch]

From what I read in the deliver documentation, it cannot (unlike maildrop) take 
an email from standard input or a file? At least that is how I read the 
documentation.
If that's true I do not see how it could be used for this type of scripting.
Anyone can confirm / correct my observation?

Martin
 
Am 08.07.2010 um 11:51 schrieb Martin Waschbuesch:

 Interesting,
 
 I have a script that does just that (move files about in the maildir) and it 
 has not lead to problems yet. Though, I can definitely understand how it 
 might be problematic. I gotta watch out for that.
 If you want to be on the safe side, I guess Eric's suggestion of using 
 dovecot's lda is the thing to do.
 
 Martin
 
 Am 08.07.2010 um 11:47 schrieb Andreas Galatis:
 
 Hi Eric,
 
 As far as I learned it is never a good idea to copy (or delete) messages 
 directly in the Maildir if you use dovecot.
 I had a script deleting old mails from a clients Maildir running via cron.
 The first day the script deleted old messages, the client could not access 
 the 
 last listpage from squirrelmail.
 I think the dovecot- index files where irritated because of missing files.
 At least you would have to delete the dovecot-files in the concerned 
 directory 
 (they will be rebuilt)
 
 Andreas
 Am Donnerstag, 8. Juli 2010 04:18:51 schrieb Eric Shubert:
 Rajesh M wrote:
 hi eric
 
 when the email arrives in the spam box its headers contained the
 delivered to email id in the header so my script will know where to
 which email id the message is to be delivered. so my concern about bcc is
 resolved.
 
 my second question is as such
 which would be better
 
 Define better. ;)
 
 Simply move the email from the centralized spambox to the inbox of that
 email id
 Or use the qmail-queue program to reroute the message back to the queue
 for delivery.
 
 As usual, there's more than one way.
 
 i don't want the email time stamps changed during this process.
 
 Which time stamps are you referring to?
 
 On further thinking about this, I wouldn't do either. If you have
 dovecot installed, I would use dovecot's deliver program. Otherwise, I'd
 use the maildrop program. You should realize though that at some point
 dovecot's lda (deliver) is likely going to replace maildrop. With either
 program, I don't expect you'd need to do any parsing of the message in
 your script - just pass it on to the lda. I could be wrong about this
 though.
 
 You could move the file to the appropriate inbox yourself and I believe
 that would work, but using the lda would be 'better'. The lda really
 should know what's going into the mailbox, for indexing and quota purposes.
 
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group 
 (www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
 -
Please visit qmailtoaster.com for the latest news, updates, and packages.
 
 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
 
 
 
 
 --
 Corporation. An ingenious device for obtaining individual profit without 
 individual responsibility.
 
 Bierce, Ambrose
 
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group 
 (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
 -
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
 
 


--
“Any society that would give up a little liberty to gain a little security will 
deserve neither and lose both.”

Benjamin Franklin








-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.

  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam email routing query

[Martin Waschbuesch]

You know, sometimes I am just way too slow it seems. :-)

Am 08.07.2010 um 20:29 schrieb Eric Shubert:

 I haven't looked at the deliver documentation much, let alone recently.
 I don't mean to sound like a broken record, but would you like to ask on the 
 dovecot list? (dove...@dovecot.org)
 That list has been pretty active lately, and the people there are very 
 helpful.
 
 -- 
 -Eric 'shubes'
 
 Martin Waschbuesch wrote:
 From what I read in the deliver documentation, it cannot (unlike maildrop) 
 take an email from standard input or a file? At least that is how I read the 
 documentation.
 If that's true I do not see how it could be used for this type of scripting.
 Anyone can confirm / correct my observation?
 Martin
 Am 08.07.2010 um 11:51 schrieb Martin Waschbuesch:
 Interesting,
 
 I have a script that does just that (move files about in the maildir) and 
 it has not lead to problems yet. Though, I can definitely understand how it 
 might be problematic. I gotta watch out for that.
 If you want to be on the safe side, I guess Eric's suggestion of using 
 dovecot's lda is the thing to do.
 
 Martin
 
 Am 08.07.2010 um 11:47 schrieb Andreas Galatis:
 
 Hi Eric,
 
 As far as I learned it is never a good idea to copy (or delete) messages 
 directly in the Maildir if you use dovecot.
 I had a script deleting old mails from a clients Maildir running via cron.
 The first day the script deleted old messages, the client could not access 
 the last listpage from squirrelmail.
 I think the dovecot- index files where irritated because of missing files.
 At least you would have to delete the dovecot-files in the concerned 
 directory (they will be rebuilt)
 
 Andreas
 Am Donnerstag, 8. Juli 2010 04:18:51 schrieb Eric Shubert:
 Rajesh M wrote:
 hi eric
 
 when the email arrives in the spam box its headers contained the
 delivered to email id in the header so my script will know where to
 which email id the message is to be delivered. so my concern about bcc is
 resolved.
 
 my second question is as such
 which would be better
 Define better. ;)
 
 Simply move the email from the centralized spambox to the inbox of that
 email id
 Or use the qmail-queue program to reroute the message back to the queue
 for delivery.
 As usual, there's more than one way.
 
 i don't want the email time stamps changed during this process.
 Which time stamps are you referring to?
 
 On further thinking about this, I wouldn't do either. If you have
 dovecot installed, I would use dovecot's deliver program. Otherwise, I'd
 use the maildrop program. You should realize though that at some point
 dovecot's lda (deliver) is likely going to replace maildrop. With either
 program, I don't expect you'd need to do any parsing of the message in
 your script - just pass it on to the lda. I could be wrong about this
 though.
 
 You could move the file to the appropriate inbox yourself and I believe
 that would work, but using the lda would be 'better'. The lda really
 should know what's going into the mailbox, for indexing and quota 
 purposes.
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group 
 (www.vickersconsulting.com)
  Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
 -
   Please visit qmailtoaster.com for the latest news, updates, and packages.
 
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
   For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
 
 
 
 --
 Corporation. An ingenious device for obtaining individual profit without 
 individual responsibility.
 
 Bierce, Ambrose
 
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group 
 (www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
 -
Please visit qmailtoaster.com for the latest news, updates, and packages.
 
 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
 
 
 
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group 
 (www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
 -
Please visit qmailtoaster.com for the latest news, updates, and packages.
 To unsubscribe, e-mail: 

Re: [qmailtoaster] Re: spam email routing query

[Rajesh M]

hi eric

when the email arrives in the spam box its headers contained the
delivered to email id in the header so my script will know where to
which email id the message is to be delivered. so my concern about bcc is
resolved.

my second question is as such
which would be better
Simply move the email from the centralized spambox to the inbox of that
email id
Or use the qmail-queue program to reroute the message back to the queue
for delivery.

i don't want the email time stamps changed during this process.


thanks
rajesh


 Rajesh M wrote:
 Rajesh M wrote:
 hi

 the current system is such that all the emails that are spam (ie
 between
 5
 and 8) get tagged as spam in subject line and are are routed to the
 SPAM
 folder which can be viewed via squirrelmail

 my questions

 1) is it possible to route these to a common mailbox which will be
 monitored by a system admin

 2) if the mail is genuine spam then the it is left as it is

 3) if the email has been wrongly classified then the administrator
 will
 move the email to another folder say notspam and then it will be
 delivered
 to the recepient's inbox

 rajesh

 -
 Anything's possible. ;)

 This could be done I suppose. It sounds to me like you're talking about
 a centralized spambox. I'd look into the current spambox capability and
 see how to tweak it to do 1). 3) will take a bit of doing, but not
 much.
 A script could be written which would pipe emails in the notspam folder
 to the qmail-queue program for delivery, and remove them from the
 notspam folder.

 Personally, I'm not fond of the idea. Sounds to me like you're creating
 work for a sysadmin, which would be more appropriately done by the end
 user. I suppose it might be appropriate depending on your environment
 though.

 --
 -Eric 'shubes'


 -

 hi

 thanks for the input

 how would such a script handle bcc ?

 rajesh

 -

 I'm not positive, but I think that bcc is no longer in play at that
 point, so there would be nothing to handle. Unless I'm misunderstanding
 your question. Please describe a scenario, and we can hash it out.

 --
 -Eric 'shubes'


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com









-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam email routing query

[Rajesh M]

 Rajesh M wrote:
 hi

 the current system is such that all the emails that are spam (ie between
 5
 and 8) get tagged as spam in subject line and are are routed to the SPAM
 folder which can be viewed via squirrelmail

 my questions

 1) is it possible to route these to a common mailbox which will be
 monitored by a system admin

 2) if the mail is genuine spam then the it is left as it is

 3) if the email has been wrongly classified then the administrator will
 move the email to another folder say notspam and then it will be
 delivered
 to the recepient's inbox

 rajesh

 -

 Anything's possible. ;)

 This could be done I suppose. It sounds to me like you're talking about
 a centralized spambox. I'd look into the current spambox capability and
 see how to tweak it to do 1). 3) will take a bit of doing, but not much.
 A script could be written which would pipe emails in the notspam folder
 to the qmail-queue program for delivery, and remove them from the
 notspam folder.

 Personally, I'm not fond of the idea. Sounds to me like you're creating
 work for a sysadmin, which would be more appropriately done by the end
 user. I suppose it might be appropriate depending on your environment
 though.

 --
 -Eric 'shubes'


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and
 installations.
   If you need professional help with your setup, contact them today!
 -
  Please visit qmailtoaster.com for the latest news, updates, and
 packages.

   To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
  For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com




hi

thanks for the input

how would such a script handle bcc ?

rajesh





-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Box Missing

[Scott Hughes]

On 6/18/10 6:49 PM, Eric Shubert wrote:

Scott Hughes wrote:
On my secondary QMT server the spambox check box is missing in 
QmailAdmin.  I tried to rebuild the qmailadmin-toaster package with 
the '--define 'spambox 1'' option and then install it, but with no luck.


Obviously I am missing something.

Any suggestions?


Please describe in detail what you tried when rebuilding the package.

I would recommend doing:
# cd /opt/qmailtoaster-plus/etc/rpmbuild
# cp qmailadmin-toaster.sample qmailadmin-toaster
# qtp-newmodel
and select the qmailadmin-toaster package for rebuild.

That's a lot easier than trying to do it manually.


Eric,

I was following the FAQ advice from this page: 
http://wiki.qmailtoaster.com/index.php/FAQs#I_upgraded_my_QmailToaster_to_the_latest_and_I_no_longer_have_the_.22Spam_Detection.22_box_in_Qmailadmin.


Should that be updated to reflect your recommendation above as it is 
much easier and straight forward or are these two different situations 
and I'm just not seeing that?


Scott


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Box Missing

[Scott Hughes]

On 6/18/10 6:49 PM, Eric Shubert wrote:

Scott Hughes wrote:
On my secondary QMT server the spambox check box is missing in 
QmailAdmin.  I tried to rebuild the qmailadmin-toaster package with 
the '--define 'spambox 1'' option and then install it, but with no luck.


Obviously I am missing something.

Any suggestions?


Please describe in detail what you tried when rebuilding the package.

I would recommend doing:
# cd /opt/qmailtoaster-plus/etc/rpmbuild
# cp qmailadmin-toaster.sample qmailadmin-toaster
# qtp-newmodel
and select the qmailadmin-toaster package for rebuild.

That's a lot easier than trying to do it manually.


Thanks Eric. I tried your recommendation and it worked.

Scott


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam

[Jake Vickers]

On 04/14/2010 11:18 AM, David Milholen wrote:

Eric Shubert wrote:

Jake Vickers wrote:

On 04/09/2010 05:26 PM, Eric Shubert wrote:

Jake Vickers wrote:

On 04/09/2010 11:25 AM, madmac wrote:
Is there then a way to secure squirrelmail, or any other webmail 
prog.

This is a default install of qmail with the  ISO.
Not having it is not an option, as most of the clients can only 
use webmail as they are on the road daily.


Thanks




I use fail2ban to monitor for brute-force attacks. Works on pop3 
as well.


fail2ban is good for brute-force attacks all right, but useless if 
a password is sniffed. Best to be sure that no passwords travel the 
internet in the clear.




True - I run everything using SSL myself.
I normally do not see too many passwords sniffed. I can provide gigs 
worth of logs of brute force attempts. ;)


Yeah, I've only seen pw sniffed once.
Lots of script kiddies out there though. I shut off pop3 entirely, 
and users use pop3-ssl. Haven't noticed any brute-force attacks on 
IMAP, or SMTP for that matter (doesn't mean there haven't been any 
though).


I am migrating everything over to ssl slowly but in oder to do a full 
move without people noticing the pop up one time I need a fix on my 
self signed cert so it doesnt pop up everytime I login.
 I am looking into it but just havent had time to figure out what I 
did wrong when I did the cert.


I did not try self-signed certs. I just paid the $10 and got a signed 
cert (see the link on the wiki page).

Re: [qmailtoaster] Re: spam

[madmac]

Ok so far:
I have a new install of qmailtoaster.
All yum updates
All qmail updates.
Set tight RBL, SA-Updates
spamdyke, added 455 bad IP`s, added 9278 Know spammers,
Cron to clean spam, cron to clean trash, maildrop to log rotate.
Installed QcontrolIPE
Installed mod_ssl, openssl and Created self signed key,  ( Thanks Todd it 
works )


Tested https://mysite.com and https://mysite.com/webmail, both work as far 
as I can see . they ask to verify certificate.


when I modify the squirrel.conf as shown:
IfModule mod_alias.c
Alias /webmail /usr/share/squirrelmail
/IfModule
Directory /usr/share/squirrelmail
  Options None
  Order allow,deny
  allow from all
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
/Directory

it does not redirect , as I think it should
eg: redirect http://mysite.com/webmail
to https://mysite.com/webmail

can any one confirm my settings are correct in the squirrel.conf file.

Can I reiterate , That VM ware is awsome for this kind of testing, just 
remember to do a snapshot.

Thanks


- Original Message - 
From: Todd Beckstead to...@csdcpa.com

To: qmailtoaster-list@qmailtoaster.com
Sent: Tuesday, April 13, 2010 4:38 PM
Subject: RE: [qmailtoaster] Re: spam


One other tip. My ISO install had openssl installed, but not mod_ssl. I 
had

to add that. See Step 1.
Todd

-Original Message-
From: Todd Beckstead [mailto:to...@csdcpa.com]
Sent: Tuesday, April 13, 2010 4:32 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: spam

I struggled with getting the info in the wiki to work for me too. Here's
a link to something that finally worked for me on my CentOS 5.4. I used
the info in Section 2.

http://wiki.centos.org/HowTos/Https

Good luck!
Todd

-Original Message-
From: madmac [mailto:sysad...@tricubemedia.com]
Sent: Tuesday, April 13, 2010 4:01 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: spam

Ok Guys n Gals

I  have rebuilt a new toaster on VM, from scratch. Using the
CentQMT5-1.2.0.iso
I am going to make this a ssl only, secure qmail server, if it kills me.
As
my current server is comprimised as previously posted.

Tried maNy sites to get a  self signed  ssl cert installed for
testing.
even here on the wiki:
http://wiki.qmailtoaster.com/index.php?title=Certificateprintable=yes
In there is a line that says you can self sign,
 a.. NOTE - For reference, here is the command to sign the request for
a
self signed certificate:
 1.. openssl x509 -req -days 365 -in servercert.csr -signkey
servercert.key -out servercert.crt
Can the poster or anyone else confirm that they have managed to get it
to
work ,

Or can anyone else help me get this installation secured.
I have added all the usual , clamav, spamassasin and spamdyke, also have
a
huge blacklist of IP`s and Spammers ( from another source )
I have disabled root to ssh, and changed the ssh port also, modified the

firewall to suite.

When all this is done I will also add fail2ban, as sugested by Jake,
and
any hints on installing and configuring that would also be helpfull.

Notes
Previously tried but failed to get https://ipaddress/webmail to work.
even added what was sugested:

add these lines to your /etc/http/squirrelmail.conf file:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

restarted apache also.

When I have done all the testing to confirm security, I will make it (
The
VM ) avaliable.

Thanks all:
madmac


- Original Message - 
From: madmac sysad...@tricubemedia.com

To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, April 09, 2010 2:28 PM
Subject: Re: [qmailtoaster] Re: spam



Thanks Eric and Jake,

Will test fail2ban also on a VM


- Original Message - 
From: Eric Shubert e...@shubes.net

To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, April 09, 2010 10:09 AM
Subject: [qmailtoaster] Re: spam



You should secure squirrelmail so that it only runs with https, so

that

passwords are not sent in the clear. To do so, configure apache with

a

valid cert (see http://wiki.qmailtoaster.com/index.php/Certificate),

then

add these lines to your /etc/http/squirrelmail.conf file:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

Then
# service httpd restart

madmac wrote:

Is there then a way to secure squirrelmail, or any other webmail

prog.

This is a default install of qmail with the  ISO.
Not having it is not an option, as most of the clients can only use
webmail as they are on the road daily.
 Thanks
 - Original Message -
*From:* Jake Vickers mailto:j...@qmailtoaster.com
*To:* qmailtoaster-list@qmailtoaster.com
mailto:qmailtoaster-list@qmailtoaster.com
*Sent:* Thursday, April 08, 2010 5:53 PM
*Subject:* Re: [qmailtoaster] spam

On 04/08/2010 04:21 PM, madmac wrote:

Well anyone that can guess my passwords must be amazing

Re: [qmailtoaster] Re: spam

[madmac]

Not needed in squirrel.conf
as far as I can see, If I keep the default settings in the squirrel.conf , 
It works.

Possiblt because I made the changes to the main httpd.conf file.
I have now disabled http access ( on prt 80 ) and forced https ( on port 
443 )

Also added Atomic linux Blacklist IP`s to the firewall.
Looking at adding more ready made rules to the default spamassassin. ( from 
rulesemporium )

Disabled root access, and changed from the default ssh port

After some more testing I will make it  live  ( after a backup of cource ) 
then make the VM avaliable.


I can also put up my method on the wiki for all. If the mods think it 
usefull.

more soon.


- Original Message - 
From: madmac sysad...@tricubemedia.com

To: qmailtoaster-list@qmailtoaster.com
Sent: Thursday, April 15, 2010 1:31 PM
Subject: Re: [qmailtoaster] Re: spam



Ok so far:
I have a new install of qmailtoaster.
All yum updates
All qmail updates.
Set tight RBL, SA-Updates
spamdyke, added 455 bad IP`s, added 9278 Know spammers,
Cron to clean spam, cron to clean trash, maildrop to log rotate.
Installed QcontrolIPE
Installed mod_ssl, openssl and Created self signed key,  ( Thanks Todd it 
works )


Tested https://mysite.com and https://mysite.com/webmail, both work as far 
as I can see . they ask to verify certificate.


when I modify the squirrel.conf as shown:
IfModule mod_alias.c
Alias /webmail /usr/share/squirrelmail
/IfModule
Directory /usr/share/squirrelmail
  Options None
  Order allow,deny
  allow from all
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]
/Directory

it does not redirect , as I think it should
eg: redirect http://mysite.com/webmail
to https://mysite.com/webmail

can any one confirm my settings are correct in the squirrel.conf file.

Can I reiterate , That VM ware is awsome for this kind of testing, just 
remember to do a snapshot.

Thanks


- Original Message - 
From: Todd Beckstead to...@csdcpa.com

To: qmailtoaster-list@qmailtoaster.com
Sent: Tuesday, April 13, 2010 4:38 PM
Subject: RE: [qmailtoaster] Re: spam


One other tip. My ISO install had openssl installed, but not mod_ssl. I 
had

to add that. See Step 1.
Todd

-Original Message-
From: Todd Beckstead [mailto:to...@csdcpa.com]
Sent: Tuesday, April 13, 2010 4:32 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: spam

I struggled with getting the info in the wiki to work for me too. Here's
a link to something that finally worked for me on my CentOS 5.4. I used
the info in Section 2.

http://wiki.centos.org/HowTos/Https

Good luck!
Todd

-Original Message-
From: madmac [mailto:sysad...@tricubemedia.com]
Sent: Tuesday, April 13, 2010 4:01 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: spam

Ok Guys n Gals

I  have rebuilt a new toaster on VM, from scratch. Using the
CentQMT5-1.2.0.iso
I am going to make this a ssl only, secure qmail server, if it kills me.
As
my current server is comprimised as previously posted.

Tried maNy sites to get a  self signed  ssl cert installed for
testing.
even here on the wiki:
http://wiki.qmailtoaster.com/index.php?title=Certificateprintable=yes
In there is a line that says you can self sign,
 a.. NOTE - For reference, here is the command to sign the request for
a
self signed certificate:
 1.. openssl x509 -req -days 365 -in servercert.csr -signkey
servercert.key -out servercert.crt
Can the poster or anyone else confirm that they have managed to get it
to
work ,

Or can anyone else help me get this installation secured.
I have added all the usual , clamav, spamassasin and spamdyke, also have
a
huge blacklist of IP`s and Spammers ( from another source )
I have disabled root to ssh, and changed the ssh port also, modified the

firewall to suite.

When all this is done I will also add fail2ban, as sugested by Jake,
and
any hints on installing and configuring that would also be helpfull.

Notes
Previously tried but failed to get https://ipaddress/webmail to work.
even added what was sugested:

add these lines to your /etc/http/squirrelmail.conf file:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

restarted apache also.

When I have done all the testing to confirm security, I will make it (
The
VM ) avaliable.

Thanks all:
madmac


- Original Message - 
From: madmac sysad...@tricubemedia.com

To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, April 09, 2010 2:28 PM
Subject: Re: [qmailtoaster] Re: spam



Thanks Eric and Jake,

Will test fail2ban also on a VM


- Original Message - 
From: Eric Shubert e...@shubes.net

To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, April 09, 2010 10:09 AM
Subject: [qmailtoaster] Re: spam



You should secure squirrelmail so that it only runs with https, so

that

passwords are not sent in the clear. To do so, configure apache with

a

valid cert (see http

Re: [qmailtoaster] Re: spam

[David Milholen]

Eric Shubert wrote:
Jake
Vickers wrote:
  
  On 04/09/2010 05:26 PM, Eric Shubert wrote:

Jake Vickers wrote:
  
  On 04/09/2010 11:25 AM, madmac wrote:

Is there then a way to secure
squirrelmail, or any other webmail prog.
  
This is a default install of qmail with the ISO.
  
Not having it is not an option, as most of the clients can only use
webmail as they are on the road daily.
  
  
Thanks
  
  
  


I use fail2ban to monitor for brute-force attacks. Works on pop3 as
well.

  
  
fail2ban is good for brute-force attacks all right, but useless if a
password is sniffed. Best to be sure that no passwords travel the
internet in the clear.
  
  


True - I run everything using SSL myself.

I normally do not see too many passwords sniffed. I can provide gigs
worth of logs of brute force attempts. ;)

  
  
Yeah, I've only seen pw sniffed once.
  
Lots of "script kiddies" out there though. I shut off pop3 entirely,
and users use pop3-ssl. Haven't noticed any brute-force attacks on
IMAP, or SMTP for that matter (doesn't mean there haven't been any
though).
  
  

I am migrating everything over to ssl slowly but in oder to do a full
move without people noticing the pop up one time I need a fix on my
self signed cert so it doesnt pop up everytime I login.
I am looking into it but just havent had time to figure out what I did
wrong when I did the cert.

--dave


-- 

David Milholen
Project Engineer
501-318-1300
Wireless Etc

Re: [qmailtoaster] Re: spam

[madmac]

Sorry eric I have just got to ask;

what is TTBOMK



- Original Message - 
From: Eric Shubert e...@shubes.net

To: qmailtoaster-list@qmailtoaster.com
Sent: Wednesday, April 14, 2010 9:28 AM
Subject: [qmailtoaster] Re: spam



David Milholen wrote:

Eric Shubert wrote:

Jake Vickers wrote:

On 04/09/2010 05:26 PM, Eric Shubert wrote:

Jake Vickers wrote:

On 04/09/2010 11:25 AM, madmac wrote:
Is there then a way to secure squirrelmail, or any other webmail 
prog.

This is a default install of qmail with the  ISO.
Not having it is not an option, as most of the clients can only use 
webmail as they are on the road daily.


Thanks




I use fail2ban to monitor for brute-force attacks. Works on pop3 as 
well.


fail2ban is good for brute-force attacks all right, but useless if a 
password is sniffed. Best to be sure that no passwords travel the 
internet in the clear.




True - I run everything using SSL myself.
I normally do not see too many passwords sniffed. I can provide gigs 
worth of logs of brute force attempts. ;)


Yeah, I've only seen pw sniffed once.
Lots of script kiddies out there though. I shut off pop3 entirely, and 
users use pop3-ssl. Haven't noticed any brute-force attacks on IMAP, or 
SMTP for that matter (doesn't mean there haven't been any though).


I am migrating everything over to ssl slowly but in oder to do a full 
move without people noticing the pop up one time I need a fix on my self 
signed cert so it doesnt pop up everytime I login.
 I am looking into it but just havent had time to figure out what I did 
wrong when I did the cert.


--dave



TTBOMK, the only way to avoid having to do anything on the clients is to 
pay for a cert from a CA that's recognized by the client by default. The 
best I've been able to do short of that is to use cacert.org to sign 
certs. Still need to import cacert.org's root cert into each client, but 
once that's done then any cert signed by cacert.org will pass.


--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)

   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and 
packages.

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com







-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam

[madmac]

Ok I got it, brain fart




- Original Message - 
From: madmac sysad...@tricubemedia.com

To: qmailtoaster-list@qmailtoaster.com
Sent: Wednesday, April 14, 2010 3:06 PM
Subject: Re: [qmailtoaster] Re: spam



Sorry eric I have just got to ask;

what is TTBOMK



- Original Message - 
From: Eric Shubert e...@shubes.net

To: qmailtoaster-list@qmailtoaster.com
Sent: Wednesday, April 14, 2010 9:28 AM
Subject: [qmailtoaster] Re: spam



David Milholen wrote:

Eric Shubert wrote:

Jake Vickers wrote:

On 04/09/2010 05:26 PM, Eric Shubert wrote:

Jake Vickers wrote:

On 04/09/2010 11:25 AM, madmac wrote:
Is there then a way to secure squirrelmail, or any other webmail 
prog.

This is a default install of qmail with the  ISO.
Not having it is not an option, as most of the clients can only use 
webmail as they are on the road daily.


Thanks




I use fail2ban to monitor for brute-force attacks. Works on pop3 as 
well.


fail2ban is good for brute-force attacks all right, but useless if a 
password is sniffed. Best to be sure that no passwords travel the 
internet in the clear.




True - I run everything using SSL myself.
I normally do not see too many passwords sniffed. I can provide gigs 
worth of logs of brute force attempts. ;)


Yeah, I've only seen pw sniffed once.
Lots of script kiddies out there though. I shut off pop3 entirely, 
and users use pop3-ssl. Haven't noticed any brute-force attacks on 
IMAP, or SMTP for that matter (doesn't mean there haven't been any 
though).


I am migrating everything over to ssl slowly but in oder to do a full 
move without people noticing the pop up one time I need a fix on my self 
signed cert so it doesnt pop up everytime I login.
 I am looking into it but just havent had time to figure out what I did 
wrong when I did the cert.


--dave



TTBOMK, the only way to avoid having to do anything on the clients is to 
pay for a cert from a CA that's recognized by the client by default. The 
best I've been able to do short of that is to use cacert.org to sign 
certs. Still need to import cacert.org's root cert into each client, but 
once that's done then any cert signed by cacert.org will pass.


--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
installations.

 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and 
packages.
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com







-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)

   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and 
packages.

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com







-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam

[madmac]

Ok Guys n Gals

I  have rebuilt a new toaster on VM, from scratch. Using the 
CentQMT5-1.2.0.iso
I am going to make this a ssl only, secure qmail server, if it kills me. As 
my current server is comprimised as previously posted.


Tried maNy sites to get a  self signed  ssl cert installed for testing.
even here on the wiki: 
http://wiki.qmailtoaster.com/index.php?title=Certificateprintable=yes

In there is a line that says you can self sign,
 a.. NOTE - For reference, here is the command to sign the request for a 
self signed certificate:
 1.. openssl x509 -req -days 365 -in servercert.csr -signkey 
servercert.key -out servercert.crt
Can the poster or anyone else confirm that they have managed to get it to 
work ,


Or can anyone else help me get this installation secured.
I have added all the usual , clamav, spamassasin and spamdyke, also have a 
huge blacklist of IP`s and Spammers ( from another source )
I have disabled root to ssh, and changed the ssh port also, modified the 
firewall to suite.


When all this is done I will also add fail2ban, as sugested by Jake, and 
any hints on installing and configuring that would also be helpfull.


Notes
Previously tried but failed to get https://ipaddress/webmail to work.
even added what was sugested:

add these lines to your /etc/http/squirrelmail.conf file:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

restarted apache also.

When I have done all the testing to confirm security, I will make it ( The 
VM ) avaliable.


Thanks all:
madmac


- Original Message - 
From: madmac sysad...@tricubemedia.com

To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, April 09, 2010 2:28 PM
Subject: Re: [qmailtoaster] Re: spam



Thanks Eric and Jake,

Will test fail2ban also on a VM


- Original Message - 
From: Eric Shubert e...@shubes.net

To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, April 09, 2010 10:09 AM
Subject: [qmailtoaster] Re: spam


You should secure squirrelmail so that it only runs with https, so that 
passwords are not sent in the clear. To do so, configure apache with a 
valid cert (see http://wiki.qmailtoaster.com/index.php/Certificate), then 
add these lines to your /etc/http/squirrelmail.conf file:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

Then
# service httpd restart

madmac wrote:

Is there then a way to secure squirrelmail, or any other webmail prog.
This is a default install of qmail with the  ISO.
Not having it is not an option, as most of the clients can only use 
webmail as they are on the road daily.

 Thanks
 - Original Message -
*From:* Jake Vickers mailto:j...@qmailtoaster.com
*To:* qmailtoaster-list@qmailtoaster.com
mailto:qmailtoaster-list@qmailtoaster.com
*Sent:* Thursday, April 08, 2010 5:53 PM
*Subject:* Re: [qmailtoaster] spam

On 04/08/2010 04:21 PM, madmac wrote:

Well anyone that can guess my passwords must be amazing.
Let alone get through the elaborate firewall system.
ssh port is  non standard 
 But I agree, this box is compromised  some how 
 File count now at 9580 and counting




Are all of the files that are infected from mailboxes?
It does sound like your machine has been compromised. If you leave
Squirrelmail open (ie: no protection against password attacks) or
have other webapps running then this is the most likely place for
them to get in. Once they have an account's login credentials, they
can upload things to themselves and run them (don't ask me how - I
never looked at how they did it - I just fixed it) and then brute
force passwords from the local machine to obtain other access or
whatever they are looking to do.
I had one a year or so back where a guy installed phpbb - when he
came in the next day someone had emailed him his root password. He
reinstalled and put phpbb back on and had his machine compromised in
about 2 hours after that.



--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
installations.

 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and 
packages.
To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com







-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)

   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help

RE: [qmailtoaster] Re: spam

[Todd Beckstead]

I struggled with getting the info in the wiki to work for me too. Here's
a link to something that finally worked for me on my CentOS 5.4. I used
the info in Section 2.

http://wiki.centos.org/HowTos/Https

Good luck!
Todd

-Original Message-
From: madmac [mailto:sysad...@tricubemedia.com] 
Sent: Tuesday, April 13, 2010 4:01 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: spam

Ok Guys n Gals

I  have rebuilt a new toaster on VM, from scratch. Using the 
CentQMT5-1.2.0.iso
I am going to make this a ssl only, secure qmail server, if it kills me.
As 
my current server is comprimised as previously posted.

Tried maNy sites to get a  self signed  ssl cert installed for
testing.
even here on the wiki: 
http://wiki.qmailtoaster.com/index.php?title=Certificateprintable=yes
In there is a line that says you can self sign,
  a.. NOTE - For reference, here is the command to sign the request for
a 
self signed certificate:
  1.. openssl x509 -req -days 365 -in servercert.csr -signkey 
servercert.key -out servercert.crt
Can the poster or anyone else confirm that they have managed to get it
to 
work ,

Or can anyone else help me get this installation secured.
I have added all the usual , clamav, spamassasin and spamdyke, also have
a 
huge blacklist of IP`s and Spammers ( from another source )
I have disabled root to ssh, and changed the ssh port also, modified the

firewall to suite.

When all this is done I will also add fail2ban, as sugested by Jake,
and 
any hints on installing and configuring that would also be helpfull.

Notes
Previously tried but failed to get https://ipaddress/webmail to work.
even added what was sugested:
 add these lines to your /etc/http/squirrelmail.conf file:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
 RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

restarted apache also.

When I have done all the testing to confirm security, I will make it (
The 
VM ) avaliable.

Thanks all:
madmac


- Original Message - 
From: madmac sysad...@tricubemedia.com
To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, April 09, 2010 2:28 PM
Subject: Re: [qmailtoaster] Re: spam


 Thanks Eric and Jake,

 Will test fail2ban also on a VM


 - Original Message - 
 From: Eric Shubert e...@shubes.net
 To: qmailtoaster-list@qmailtoaster.com
 Sent: Friday, April 09, 2010 10:09 AM
 Subject: [qmailtoaster] Re: spam


 You should secure squirrelmail so that it only runs with https, so
that 
 passwords are not sent in the clear. To do so, configure apache with
a 
 valid cert (see http://wiki.qmailtoaster.com/index.php/Certificate),
then 
 add these lines to your /etc/http/squirrelmail.conf file:
 RewriteEngine on
 RewriteCond %{SERVER_PORT} !^443$
 RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

 Then
 # service httpd restart

 madmac wrote:
 Is there then a way to secure squirrelmail, or any other webmail
prog.
 This is a default install of qmail with the  ISO.
 Not having it is not an option, as most of the clients can only use 
 webmail as they are on the road daily.
  Thanks
  - Original Message -
 *From:* Jake Vickers mailto:j...@qmailtoaster.com
 *To:* qmailtoaster-list@qmailtoaster.com
 mailto:qmailtoaster-list@qmailtoaster.com
 *Sent:* Thursday, April 08, 2010 5:53 PM
 *Subject:* Re: [qmailtoaster] spam

 On 04/08/2010 04:21 PM, madmac wrote:
 Well anyone that can guess my passwords must be amazing.
 Let alone get through the elaborate firewall system.
 ssh port is  non standard 
  But I agree, this box is compromised  some how 
  File count now at 9580 and counting



 Are all of the files that are infected from mailboxes?
 It does sound like your machine has been compromised. If you
leave
 Squirrelmail open (ie: no protection against password attacks)
or
 have other webapps running then this is the most likely place
for
 them to get in. Once they have an account's login credentials,
they
 can upload things to themselves and run them (don't ask me how -
I
 never looked at how they did it - I just fixed it) and then
brute
 force passwords from the local machine to obtain other access or
 whatever they are looking to do.
 I had one a year or so back where a guy installed phpbb - when
he
 came in the next day someone had emailed him his root password.
He
 reinstalled and put phpbb back on and had his machine
compromised in
 about 2 hours after that.


 -- 
 -Eric 'shubes'




-
 Qmailtoaster is sponsored by Vickers Consulting Group 
 (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and 
 installations.
  If you need professional help with your setup, contact them
today!


-
 Please visit qmailtoaster.com for the latest news, updates

RE: [qmailtoaster] Re: spam

[Todd Beckstead]

One other tip. My ISO install had openssl installed, but not mod_ssl. I had
to add that. See Step 1.
Todd

-Original Message-
From: Todd Beckstead [mailto:to...@csdcpa.com] 
Sent: Tuesday, April 13, 2010 4:32 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] Re: spam

I struggled with getting the info in the wiki to work for me too. Here's
a link to something that finally worked for me on my CentOS 5.4. I used
the info in Section 2.

http://wiki.centos.org/HowTos/Https

Good luck!
Todd

-Original Message-
From: madmac [mailto:sysad...@tricubemedia.com] 
Sent: Tuesday, April 13, 2010 4:01 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: spam

Ok Guys n Gals

I  have rebuilt a new toaster on VM, from scratch. Using the 
CentQMT5-1.2.0.iso
I am going to make this a ssl only, secure qmail server, if it kills me.
As 
my current server is comprimised as previously posted.

Tried maNy sites to get a  self signed  ssl cert installed for
testing.
even here on the wiki: 
http://wiki.qmailtoaster.com/index.php?title=Certificateprintable=yes
In there is a line that says you can self sign,
  a.. NOTE - For reference, here is the command to sign the request for
a 
self signed certificate:
  1.. openssl x509 -req -days 365 -in servercert.csr -signkey 
servercert.key -out servercert.crt
Can the poster or anyone else confirm that they have managed to get it
to 
work ,

Or can anyone else help me get this installation secured.
I have added all the usual , clamav, spamassasin and spamdyke, also have
a 
huge blacklist of IP`s and Spammers ( from another source )
I have disabled root to ssh, and changed the ssh port also, modified the

firewall to suite.

When all this is done I will also add fail2ban, as sugested by Jake,
and 
any hints on installing and configuring that would also be helpfull.

Notes
Previously tried but failed to get https://ipaddress/webmail to work.
even added what was sugested:
 add these lines to your /etc/http/squirrelmail.conf file:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
 RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

restarted apache also.

When I have done all the testing to confirm security, I will make it (
The 
VM ) avaliable.

Thanks all:
madmac


- Original Message - 
From: madmac sysad...@tricubemedia.com
To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, April 09, 2010 2:28 PM
Subject: Re: [qmailtoaster] Re: spam


 Thanks Eric and Jake,

 Will test fail2ban also on a VM


 - Original Message - 
 From: Eric Shubert e...@shubes.net
 To: qmailtoaster-list@qmailtoaster.com
 Sent: Friday, April 09, 2010 10:09 AM
 Subject: [qmailtoaster] Re: spam


 You should secure squirrelmail so that it only runs with https, so
that 
 passwords are not sent in the clear. To do so, configure apache with
a 
 valid cert (see http://wiki.qmailtoaster.com/index.php/Certificate),
then 
 add these lines to your /etc/http/squirrelmail.conf file:
 RewriteEngine on
 RewriteCond %{SERVER_PORT} !^443$
 RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

 Then
 # service httpd restart

 madmac wrote:
 Is there then a way to secure squirrelmail, or any other webmail
prog.
 This is a default install of qmail with the  ISO.
 Not having it is not an option, as most of the clients can only use 
 webmail as they are on the road daily.
  Thanks
  - Original Message -
 *From:* Jake Vickers mailto:j...@qmailtoaster.com
 *To:* qmailtoaster-list@qmailtoaster.com
 mailto:qmailtoaster-list@qmailtoaster.com
 *Sent:* Thursday, April 08, 2010 5:53 PM
 *Subject:* Re: [qmailtoaster] spam

 On 04/08/2010 04:21 PM, madmac wrote:
 Well anyone that can guess my passwords must be amazing.
 Let alone get through the elaborate firewall system.
 ssh port is  non standard 
  But I agree, this box is compromised  some how 
  File count now at 9580 and counting



 Are all of the files that are infected from mailboxes?
 It does sound like your machine has been compromised. If you
leave
 Squirrelmail open (ie: no protection against password attacks)
or
 have other webapps running then this is the most likely place
for
 them to get in. Once they have an account's login credentials,
they
 can upload things to themselves and run them (don't ask me how -
I
 never looked at how they did it - I just fixed it) and then
brute
 force passwords from the local machine to obtain other access or
 whatever they are looking to do.
 I had one a year or so back where a guy installed phpbb - when
he
 came in the next day someone had emailed him his root password.
He
 reinstalled and put phpbb back on and had his machine
compromised in
 about 2 hours after that.


 -- 
 -Eric 'shubes'




-
 Qmailtoaster is sponsored by Vickers Consulting Group 
 (www.vickersconsulting.com

Re: [qmailtoaster] Re: spam

[Johannes Weberhofer, Weberhofer GmbH]

Another thing that makes it very hard to use PHP-security-issues is to use the 
following-settings for

Directory /usr/share/squirrelmail
php_admin_value open_basedir 
/usr/share/squirrelmail:/etc/squirrelmail:/var/lib/squirrelmail:/var/spool/squirrelmail
php_admin_value upload_tmp_dir /srv/www/vhosts/at.weberhofer.www-ssl/tmp
php_admin_flag safe_mode On
/Directory

Changing the upload_tmp_dir makes it very hard to use standard-haking tools 
which regulary tries to operate files on the /tmp path. The other options 
prevents access to most directories and disallows execution of scritpts/files. 
You have to check ownerships/permissions to make the above settings working.

Best regards,
Johannes

Am 09.04.2010 18:09, schrieb Eric Shubert:

You should secure squirrelmail so that it only runs with https, so that
passwords are not sent in the clear. To do so, configure apache with a
valid cert (see http://wiki.qmailtoaster.com/index.php/Certificate),
then add these lines to your /etc/http/squirrelmail.conf file:
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

Then
# service httpd restart

madmac wrote:

Is there then a way to secure squirrelmail, or any other webmail prog.
This is a default install of qmail with the ISO.
Not having it is not an option, as most of the clients can only use
webmail as they are on the road daily.

Thanks



- Original Message -
*From:* Jake Vickers mailto:j...@qmailtoaster.com
*To:* qmailtoaster-list@qmailtoaster.com
mailto:qmailtoaster-list@qmailtoaster.com
*Sent:* Thursday, April 08, 2010 5:53 PM
*Subject:* Re: [qmailtoaster] spam

On 04/08/2010 04:21 PM, madmac wrote:

Well anyone that can guess my passwords must be amazing.
Let alone get through the elaborate firewall system.
ssh port is  non standard 
But I agree, this box is compromised  some how 
File count now at 9580 and counting



Are all of the files that are infected from mailboxes?
It does sound like your machine has been compromised. If you leave
Squirrelmail open (ie: no protection against password attacks) or
have other webapps running then this is the most likely place for
them to get in. Once they have an account's login credentials, they
can upload things to themselves and run them (don't ask me how - I
never looked at how they did it - I just fixed it) and then brute
force passwords from the local machine to obtain other access or
whatever they are looking to do.
I had one a year or so back where a guy installed phpbb - when he
came in the next day someone had emailed him his root password. He
reinstalled and put phpbb back on and had his machine compromised in
about 2 hours after that.





--


|-
|  weberhofer GmbH | Johannes Weberhofer
|  information technologies|
|  Austria, 1080 Wien, Blindengasse 52/3
|-

-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam

[madmac]

no other web apps running.
 It's easy enough to configure squirrelmail to authenticate (and use port 
587). 


Can you show me how plesae eric.

Thanks

- Original Message - 
From: Eric Shubert e...@shubes.net

To: qmailtoaster-list@qmailtoaster.com
Sent: Thursday, April 08, 2010 7:49 PM
Subject: [qmailtoaster] Re: spam



Jake Vickers wrote:

On 04/08/2010 04:21 PM, madmac wrote:

Well anyone that can guess my passwords must be amazing.
Let alone get through the elaborate firewall system.
ssh port is  non standard 
 But I agree, this box is compromised  some how 
 File count now at 9580 and counting



Are all of the files that are infected from mailboxes?
It does sound like your machine has been compromised. If you leave 
Squirrelmail open (ie: no protection against password attacks) or have 
other webapps running then this is the most likely place for them to get 
in. Once they have an account's login credentials, they can upload things 
to themselves and run them (don't ask me how - I never looked at how they 
did it - I just fixed it) and then brute force passwords from the local 
machine to obtain other access or whatever they are looking to do.
I had one a year or so back where a guy installed phpbb - when he came in 
the next day someone had emailed him his root password. He reinstalled 
and put phpbb back on and had his machine compromised in about 2 hours 
after that.


Good thoughts. Others:

If you have web apps (other than qmt) running on the host, I'd get rid of 
the 127.: line in tcp.smtp and see if that blocks it. It's easy enough to 
configure squirrelmail to authenticate (and use port 587).


If you have users that are not using TLS/SSL with pop3 and/or imap, it's 
possible that their account logins have been compromised. It does happen.


--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)

   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and 
packages.

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com







-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam

[madmac]

Thanks Eric and Jake,

Will test fail2ban also on a VM


- Original Message - 
From: Eric Shubert e...@shubes.net

To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, April 09, 2010 10:09 AM
Subject: [qmailtoaster] Re: spam


You should secure squirrelmail so that it only runs with https, so that 
passwords are not sent in the clear. To do so, configure apache with a 
valid cert (see http://wiki.qmailtoaster.com/index.php/Certificate), then 
add these lines to your /etc/http/squirrelmail.conf file:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*/webmail.*)$ https://%{SERVER_NAME}$1 [L,R]

Then
# service httpd restart

madmac wrote:

Is there then a way to secure squirrelmail, or any other webmail prog.
This is a default install of qmail with the  ISO.
Not having it is not an option, as most of the clients can only use 
webmail as they are on the road daily.

 Thanks
 - Original Message -
*From:* Jake Vickers mailto:j...@qmailtoaster.com
*To:* qmailtoaster-list@qmailtoaster.com
mailto:qmailtoaster-list@qmailtoaster.com
*Sent:* Thursday, April 08, 2010 5:53 PM
*Subject:* Re: [qmailtoaster] spam

On 04/08/2010 04:21 PM, madmac wrote:

Well anyone that can guess my passwords must be amazing.
Let alone get through the elaborate firewall system.
ssh port is  non standard 
 But I agree, this box is compromised  some how 
 File count now at 9580 and counting




Are all of the files that are infected from mailboxes?
It does sound like your machine has been compromised. If you leave
Squirrelmail open (ie: no protection against password attacks) or
have other webapps running then this is the most likely place for
them to get in. Once they have an account's login credentials, they
can upload things to themselves and run them (don't ask me how - I
never looked at how they did it - I just fixed it) and then brute
force passwords from the local machine to obtain other access or
whatever they are looking to do.
I had one a year or so back where a guy installed phpbb - when he
came in the next day someone had emailed him his root password. He
reinstalled and put phpbb back on and had his machine compromised in
about 2 hours after that.



--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)

   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and 
packages.

To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com







-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam

[Jake Vickers]

On 04/09/2010 05:26 PM, Eric Shubert wrote:

Jake Vickers wrote:

On 04/09/2010 11:25 AM, madmac wrote:

Is there then a way to secure squirrelmail, or any other webmail prog.
This is a default install of qmail with the  ISO.
Not having it is not an option, as most of the clients can only use 
webmail as they are on the road daily.


Thanks




I use fail2ban to monitor for brute-force attacks. Works on pop3 as 
well.


fail2ban is good for brute-force attacks all right, but useless if a 
password is sniffed. Best to be sure that no passwords travel the 
internet in the clear.




True - I run everything using SSL myself.
I normally do not see too many passwords sniffed. I can provide gigs 
worth of logs of brute force attempts. ;)



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam

[madmac]

Thanks eric for the input,
I will try spamdyke on a test box first,
Can you point me to the config files for blocking IP`s etc.



Eric Shubert wrote:

madmac wrote:
Some of our clients are saying they are getting tons more spam than 
usual.

I have them send me the IP`s from the email headers,

1.Can I block spammers using IP address
2. Do I need to install sopamdyke to accomplish this

Thanks

- 



You can use iptables if you like, but spamdyke can do this as well, in 
addition to so many other things.


Do you have a reason for not using spamdyke? It's trivial to install, 
using the qtp-install-spamdyke script.


I strongly recommend using spamdyke. It's really the bomb.




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam

[madmac]

Awesome, thanks eric


Eric Shubert wrote:
With spamdyke, you probably won't need to block specific IPs. These 
addresses most likely will have something else about them (missing or 
unresolvable rDNS for example) that will cause them to be blocked. You 
shouldn't need to tweak the spamdyke configuration much at all.


That being said, to answer your question, in the stock configuration 
(generated by qtp-install-spamdyke), there are several configuration 
files in /etc/spamdyke/. One of these is a file named blacklist-ip, 
which simply contains a list of IP addresses you want to block. There 
are also blacklist_keywords, blacklist_rdns, blacklist_recipients and 
blacklist_senders files. You should read through the spamdyke 
documentation (at http://spamdyke.org) before adjusting any of the 
configuration settings.


madmac wrote:

Thanks eric for the input,
I will try spamdyke on a test box first,
Can you point me to the config files for blocking IP`s etc.



Eric Shubert wrote:

madmac wrote:
Some of our clients are saying they are getting tons more spam than 
usual.

I have them send me the IP`s from the email headers,

1.Can I block spammers using IP address
2. Do I need to install sopamdyke to accomplish this

Thanks

- 





You can use iptables if you like, but spamdyke can do this as well, 
in addition to so many other things.


Do you have a reason for not using spamdyke? It's trivial to 
install, using the qtp-install-spamdyke script.


I strongly recommend using spamdyke. It's really the bomb.




- 

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
installations.

 If you need professional help with your setup, contact them today!






-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam

[madmac]

Last question,

Should the need arise, what is the removal command for spamdyke.

Thanks


madmac wrote:

Awesome, thanks eric


Eric Shubert wrote:
With spamdyke, you probably won't need to block specific IPs. These 
addresses most likely will have something else about them (missing or 
unresolvable rDNS for example) that will cause them to be blocked. 
You shouldn't need to tweak the spamdyke configuration much at all.


That being said, to answer your question, in the stock 
configuration (generated by qtp-install-spamdyke), there are several 
configuration files in /etc/spamdyke/. One of these is a file named 
blacklist-ip, which simply contains a list of IP addresses you want 
to block. There are also blacklist_keywords, blacklist_rdns, 
blacklist_recipients and blacklist_senders files. You should read 
through the spamdyke documentation (at http://spamdyke.org) before 
adjusting any of the configuration settings.


madmac wrote:

Thanks eric for the input,
I will try spamdyke on a test box first,
Can you point me to the config files for blocking IP`s etc.



Eric Shubert wrote:

madmac wrote:
Some of our clients are saying they are getting tons more spam 
than usual.

I have them send me the IP`s from the email headers,

1.Can I block spammers using IP address
2. Do I need to install sopamdyke to accomplish this

Thanks

- 






You can use iptables if you like, but spamdyke can do this as well, 
in addition to so many other things.


Do you have a reason for not using spamdyke? It's trivial to 
install, using the qtp-install-spamdyke script.


I strongly recommend using spamdyke. It's really the bomb.




- 

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
installations.

 If you need professional help with your setup, contact them today!






- 

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
installations.

 If you need professional help with your setup, contact them today!
- 

Please visit qmailtoaster.com for the latest news, updates, and 
packages.
 To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com








-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam

[madmac]

Sorry, did some more digging and found it.


   Disabling

If you need to disable spamdyke, run the following commands:

# cd /var/qmail/supervise/smtp
# ln -sf run.dist run
# qmailctl restart



madmac wrote:

Last question,

Should the need arise, what is the removal command for spamdyke.

Thanks 

Re: [qmailtoaster] Re: spam

[madmac]

Also,
it is on the wiki:
http://wiki.qmailtoaster.com/index.php/Spamdyke

Thanks

madmac wrote:

Sorry, did some more digging and found it.


Disabling

If you need to disable spamdyke, run the following commands:

# cd /var/qmail/supervise/smtp
# ln -sf run.dist run
# qmailctl restart
  



madmac wrote:

Last question,

Should the need arise, what is the removal command for spamdyke.

Thanks 





-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam filter

[Amit]

Its qmailctl cdb.

On Thu, Mar 11, 2010 at 12:50 AM, mattias m...@mjw.se wrote:

 You meen qmailctl reload?

 -Ursprungligt meddelande-
 Från: Eric Shubert [mailto:e...@shubes.net]
 Skickat: den 10 mars 2010 20:11
 Till: qmailtoaster-list@qmailtoaster.com
 Ämne: [qmailtoaster] Re: Spam filter


 mattias wrote:
  Not remember
  How to complete switch off all mail filters in qmt?
 
 
  --
  ---

 /var/qmail/control/simcontrol allows you to turn off spamassassin and
 clamav. Don't forget to rebuild the cdb file after changing it.

 --
 -Eric 'shubes'



 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!

 
 -
 Please visit qmailtoaster.com for the latest news, updates, and
 packages.

  To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com





 -
 Qmailtoaster is sponsored by Vickers Consulting Group (
 www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!

 -
 Please visit qmailtoaster.com for the latest news, updates, and
 packages.

  To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam masquerade

[PACOI]

Thanks for you information

Feb 23 17:29:54 mainserver spamdyke[28573]: DENIED_RBL_MATCH from:
lyderep8...@iam.net.ma to: u...@domain origin_ip: 81.192.30.5
origin_rdns: adsl-5-30-192-81.adsl.iam.net.ma auth: (unknown)

Spamdyke work with qmailtoaster



On Tue, Feb 23, 2010 at 2:13 PM, PACOI ppa...@gmail.com wrote:
 Thanks

 I install spamdyke
 i test my qmailtoaster with spamdyke


 On Tue, Feb 23, 2010 at 2:06 PM, Eric Shubert e...@shubes.net wrote:
 http://qtp.qmailtoaster.com/trac/wiki/Features#qtp-install-spamdyke
 http://wiki.qmailtoaster.com/index.php/Spamdyke

 PACOI wrote:

 I need one howto for install spamdyke
 Thanks

 On Fri, Feb 19, 2010 at 11:26 AM, PACOI ppa...@gmail.com wrote:

 Thanks i see the information

 On Fri, Feb 19, 2010 at 11:23 AM, Scott Hughes sonicscott9...@gmail.com
 wrote:

 Pacoi,

 Try this:  http://wiki.qmailtoaster.com/index.php/Spamdyke

 Scott


 On Fri, Feb 19, 2010 at 11:11 AM, PACOI ppa...@gmail.com wrote:

 Thanks

 how install spamdyke?


 On Fri, Feb 19, 2010 at 11:08 AM, Dave Hallowell d...@acbsco.com
 wrote:

 Pacoi,
 Install spamdyke. Easily done via qmailtoaster plus.
 Dave

 PACOI wrote:

 This show on my logs
 @40004b7eb3e92976a984.s:@40004b7eb34d1874c7c4
 simscan:[12068]:CLEAN (3.60/12.00):6.4754s:Winter season


 sale:213.207.34.201:strongerzo...@autocad2002.ru:usua...@dominio.com:,use...@dominio.com
 This Ip  213.207.34.201 is not Auth for send mail
 On the mail client outlook show
 De: usua...@dominio.com [mailto:usua...@dominio.com]
 Enviado el: Viernes, 19 de Febrero de 2010 09:50 a.m.
 Para: usua...@dominio.com
 Asunto: Winter season sale
 This account or spam masquerade send mail for my account internal
 On Fri, Feb 19, 2010 at 10:32 AM, Maxwell Smart c...@yother.com wrote:


 I don't see a source printout.  I would be looking for a virus or
 Malware on an internal system before I'd worry about the spam filter.
 On 02/19/2010 08:17 AM, PACOI wrote:


 Hi all
 For the last month we've been getting a lot of SPAM that shows as an
 internal e-mail, mainly Viagra ads. I've included the source printout
 for reference. This one shows that I sent it to myself but it's just
 as likely to get one of these with an address of someone else in our
 mail domain.
 I've been hoping the spam filter would adjust and start catching these
 things but that doesn't appear to be happening.
 Anyone else getting these? If so, have you been able to come up with a
 technique or setting to catch these?
 Thanks for you help


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
    Vickers Consulting Group offers Qmailtoaster support and
 installations.
      If you need professional help with your setup, contact them
 today!


 -
     Please visit qmailtoaster.com for the latest news, updates, and
 packages.
      To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
     For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com


 --
 Cecil Yother, Jr. cj
 cj's
 2318 Clement Ave
 Alameda, CA  94501
 tel 510.865.2787 | fax 510.864.7300
 http://yother.com


 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and
 installations.
     If you need professional help with your setup, contact them today!


 -
    Please visit qmailtoaster.com for the latest news, updates, and
 packages.
     To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com




 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com)
    Vickers Consulting Group offers Qmailtoaster support and
 installations.
      If you need professional help with your setup, contact them
 today!


 -
     Please visit qmailtoaster.com for the latest news, updates, and
 packages.

      To unsubscribe, e-mail:
 qmailtoaster-list-unsubscr...@qmailtoaster.com
     For additional commands, e-mail:
 qmailtoaster-list-h...@qmailtoaster.com




 -
 Qmailtoaster is sponsored by Vickers Consulting Group
 (www.vickersconsulting.com) Vickers Consulting Group offers
 Qmailtoaster
 support and installations. If you need professional help with your
 setup,
 contact them today!


 -
 Please visit qmailtoaster.com for the 

Re: [qmailtoaster] Re: spam outgoing from host

[David Milholen]

I wanted to let the list know the outcome of this..
If you are an ISP on a average to large scale with your own DNS.MTAs 
and other services that reside on your internal network but are visible 
to your host inside your network. Here is a little topology of what I have:

!Internet!GW-ETH0FSwitch---MTA,DNS,BLA,BLAH
  -ETH1---FSwitch---Customers
This is a rule I use on my gateway to the world:
iptables -A FORWARD -o Serial0 -p tcp -s xxx.xxx.xxx.xxx --dport 25 -j 
ACCEPT

iptables -A FORWARD -o Serial0 -p tcp --dport 25 -j DROP

I do not nat anything on the network. where 'x' is the public ip of the MTA.
All is routed and static

This rule basically states that if you area customer on the network then 
you can only use my MTA to send email.

 Thanks
--Dave

Eric Shubert wrote:

I believe that's correct.

David Milholen wrote:
I can set rules up on the Gateway to the internet or I can set them 
up at each pop site.
My best guess would be set this rule up to say only my mail server is 
allowed to send smtp on port 25 correct?

--Dave


Jake Vickers wrote:

David Milholen wrote:

Eric,
It is a host on the network.. He is only running a mail client.



Right, but the virus would be spewing emails from the client machine 
- it kinda setups up an outgoing smtp service to send emails with.
This is why most ISPs these days will allow port 25 traffic from 
their clients, but only to the ISPs mail servers. They can stop 
rogue viruses from becoming spam geysers this way.



- 







-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam outgoing from host

[Jake Vickers]

David Milholen wrote:

Eric,
It is a host on the network.. He is only running a mail client.



Right, but the virus would be spewing emails from the client machine - 
it kinda setups up an outgoing smtp service to send emails with.
This is why most ISPs these days will allow port 25 traffic from their 
clients, but only to the ISPs mail servers. They can stop rogue viruses 
from becoming spam geysers this way.



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam outgoing from host

[David Milholen]

Eric,
It is a host on the network.. He is only running a mail client.

Eric Shubert wrote:

David Milholen wrote:

Hi All,
I have a customer on my net that has a machine that seems to be 
spewing some spam from it. So that I have a better understanding of 
how this occurs any explanations would be helpful.


Here is what I received from Junkmailfilter. The 208.44.160.xxx hosts 
are on my network.

I just want to know how his machine is doing this?


This is an automated email abuse report from the folks at 
junkemailfilter.com for an email message received from IP address 
[208.44.160.90] on .
We hope this information will help you in determining the source of 
the problem and shut it down. The original message is attached in 
MIME format with complete headers. For more information about this 
standardized abuse report format [ARF] please visit 
http://www.mipassoc.org/arf/ If you would prefer abuse reports in 
text format let us know.


If you have any questions or feedback about this abuse report or are 
interested in learning about our spam filtering technology feel free 
to contact us. If this is not spam please accept our apologies and 
let us know so we can fix the problem. Pay close attention to the 
REASON listed.

Marc Perkel - Fearless Leader
Junk Email Filter dot com
http://www.junkemailfilter.com
err...@junkemailfilter.com

* Date:* From:Generic VIAGRA (c) Best Supplier 
bydyzijym6...@wletc.com

* Subject: Visitor mary's personal 80% OFF
* Host:can-208-44-160-90.wletc.com [208.44.160.90]
* Reason:  MULTI-BLACKLIST - can-208-44-160-90.wletc.com (wletc.com) 
[208.44.160.90] - [S=6 - cbl.abuseat.org bl.spamcop.net] -  OurBl 
BlList - X=euclid H=can-208-44-160-90.wletc.com [208.44.160.90] 
HELO=[wletc.com] f=[bydyzijym6...@wletc.com] t=[m...@zme


For more information about these abuse reports: 
http://wiki.junkemailfilter.com/index.php/Spam_abuse
To test or be removed from our blacklist: 
http://ipadmin.junkemailfilter.com/remove.php?ip=208.44.160.90


 Original Headers 

Received: from can-208-44-160-90.wletc.com ([208.44.160.90] 
helo=wletc.com)

by euclid.junkemailfilter.com with esmtps (TLSv1:RC4-MD5:128)
(Exim 4.71)
id 1NNlsS-0001hk-6w on interface=65.49.42.62
for m...@zment.com; Thu, 24 Dec 2009 03:29:08 -0800
From: Generic VIAGRA (c) Best Supplier bydyzijym6...@wletc.com
To: m...@zment.com
Subject: Visitor mary's personal 80% OFF
MIME-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Sender-Domain: wletc.com
X-Spamfilter-host: euclid.junkemailfilter.com - 
http://www.junkemailfilter.com

X-Mail-from: bydyzijym6...@wletc.com
X-Spam-Class: SPAM-HIGH-VERY - MULTI-BLACKLIST - 
can-208-44-160-90.wletc.com (wletc.com) [208.44.160.90] - [S=6 - 
cbl.abuseat.org bl.spamcop.net] -  OurBl BlList - X=euclid 
H=can-208-44-160-90.wletc.com [208.44.160.90] HELO=[wletc.com] 
f=[bydyzijym6...@wletc.com] t=[m...@zment.com] S=[Visitor mary's 
personal 80% OFF]
X-Honeypot: Yes - MULTI-BLACKLIST - can-208-44-160-90.wletc.com 
(wletc.com) [208.44.160.90] - [S=6 - cbl.abuseat.org bl.spamcop.net] 
-  OurBl BlList - X=euclid H=can-208-44-160-90.wletc.com 
[208.44.160.90] HELO=[wletc.com] f=[bydyzijym6...@wletc.com] 
t=[m...@zment.com] S=[Visitor mary's personal 80% OFF]

X-Abuse-email: X-Abuse-email: dmilho...@wletc.com
X-Sender-Host-Address: 208.44.160.90
X-Sender-Host-Name: can-208-44-160-90.wletc.com
X-Original-helo: wletc.com



Feedback-Type: abuse
User-Agent: JunkEmailFilter - Abuse Reporter/1.0 - Testing - Feedback 
Appreciated

Version: 0.1
Original-Mail-From: Generic VIAGRA (c) Best Supplier 
bydyzijym6...@wletc.com

Original-Rcpt-To: m...@zment.com
Received-Date: Source-IP: 208.44.160.90




Thanks
---Dave

- 



Is the host at 208.44.160.90 a QMT, or some other host?




-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam outgoing from host

[Aleksander Podsiadły]

W dniu 24.12.2009 21:00, David Milholen pisze:
 Eric,
 It is a host on the network.. He is only running a mail client.
SMTP-proxy can help you: http://smtp-proxy.klolik.org/
You can also block DNAT for port 25. For example most of the Polish
public mail servers now accept mail from clients only on 2 ports:
submission (587) and smtps (465).
Port 25 is only for relay to, not from.

-- 
Pozdrawiam / Regards,
Aleksander Podsiadły
mail: a...@westside.kielce.pl
jid: a...@jabber.westside.kielce.pl
ICQ: 201121279
gg: 9150578


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: spam outgoing from host

[Aleksander Podsiadły]

W dniu 24.12.2009 21:12, Aleksander Podsiadły pisze:
 [...] You can also block DNAT for port 25. [...]
Look at: http://tools.ietf.org/html/rfc2476 and
http://tools.ietf.org/html/rfc2554

-- 
Pozdrawiam / Regards,
Aleksander Podsiadły
mail: a...@westside.kielce.pl
jid: a...@jabber.westside.kielce.pl
ICQ: 201121279
gg: 9150578


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Re: Spam issues

[nicole thomson]

thanks eric


it did the job.





 To: qmailtoaster-list@qmailtoaster.com
 From: e...@shubes.net
 Date: Mon, 9 Nov 2009 07:53:53 -0700
 Subject: [qmailtoaster]  Re: Spam issues
 
 Nicole,
 You need to add a --max-children=8 (for example) parameter to the 
 command you've shown. See man spamd for details, as there are some 
 factors with this parameter that you should be aware of.
 -- 
 -Eric 'shubes'
 
 nicole thomson wrote:
  
  This is showing the message as rejected, but I do see an error in your 
  spamd log that may be causing you some grief:
  info: prefork: server reached --max-children setting, consider raising it
  You set a limit on the number of children spawnable in your run file and 
  you're exceeding that. You either need to tune your system to process 
  messages faster, or raise that limit in your run file.
  
  (As a side note, is there a way to make your MSN auto wrap message lines 
  that are too long?)
  
  
  jake,  can you please tell me where should i change the settings for the 
  above recommendations?
  
  
  btw i am using putty to access the machine, i dont use MSN at work place.
  
  
  
  
  my spamd/run contents as follows
  
  
  
  #!/bin/sh
  exec /usr/bin/spamd -x -u vpopmail -s stderr 21
  
  
  
  
  
  
  
  
  Date: Fri, 6 Nov 2009 07:38:38 -0500
  From: j...@qmailtoaster.com
  To: qmailtoaster-list@qmailtoaster.com
  Subject: Re: [qmailtoaster] Spam issues
  
  nicole thomson wrote:
  
  from smtp
  
  @40004af3c9c62ff93254 simscan:[16170]:SPAM REJECT
  (16.30/12.00):25.1791s:We Provide Nice Choice Of Affordable
  Soft.:222.254.140.77:mole...@rgleq.com:mydomainu...@mydomain.com:
  
  mailto:Soft.:222.254.140.77:mole...@rgleq.com:mydomainu...@mydomain.com:
  @40004af3c9c62ff99014 qmail-smtpd: qq hard reject (Your email is
  considered spam (16.30 spam-hits)): MAILFROM:mole...@rgleq.com
  mailto:mole...@rgleq.com RCPTTO:mydomainu...@mydomain.com
  mailto:RCPTTO:mydomainu...@mydomain.com
  @40004af3c9c70707fed4 tcpserver: end 16170 status 256
  @40004af3c9c7070806a4 tcpserver: status: 2/50
  @40004af3c9d51b8ed904 tcpserver: end 16336 status 0
  @40004af3c9d51b8f32dc tcpserver: status: 1/50
  @40004af3c9e51b78d44c tcpserver: end 16335 status 0
  @40004af3c9e51b79226c tcpserver: status: 0/50
  
  
  from spamd
  
  @40004af3c9c62f9c703c [16157] info: spamd: identified spam
  (16.3/12.0) for clamav:508 in 9.9 seconds, 4446 bytes.
  @40004af3c9c62f9e21d4 [16157] info: spamd: result: Y 16 -
  
  BAYES_99,HELO_LOCALHOST,HTML_MESSAGE,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL
  
  scantime=9.9,size=4446,user=clamav,uid=508,required_score=12.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52586,mid=000d01ca5eae$d178b630$6400a...@molests,bayes=1.00,autolearn=spam
  @40004af3c9c6314a9d3c [2460] info: prefork: child states: B
  @40004af3c9c6314aa50c [2460] info: prefork: server reached
  --max-children setting, consider raising it
  @40004af3c9c631727c44 [16157] info: spamd: connection from
  localhost.localdomain [127.0.0.1] at port 52596
  @40004af3c9c631f423ac [16157] info: spamd: processing message
  008c01ca5eae$f2cd4620$d867d2...@com for vpopmail:508
  @40004af3c9c917309794 [12120] info: spamd: clean message
  (-3.2/12.0) for vpopmail:508 in 4.2 seconds, 53607 bytes.
  @40004af3c9c917325cb4 [12120] info: spamd: result: . -3 -
  AWL,BAYES_00,HTML_MESSAGE,NO_RELAYS
  
  scantime=4.2,size=53607,user=vpopmail,uid=508,required_score=12.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52591,mid=00b101ca5eae$e1c22d00$a54687...@com,bayes=0.00,autolearn=unavailable
  
  
  
  This is showing the message as rejected, but I do see an error in your 
  spamd log that may be causing you some grief:
  info: prefork: server reached --max-children setting, consider raising it
  You set a limit on the number of children spawnable in your run file and 
  you're exceeding that. You either need to tune your system to process 
  messages faster, or raise that limit in your run file.
  
  (As a side note, is there a way to make your MSN auto wrap message lines 
  that are too long?)
  
  
  New Windows 7: Simplify what you do everyday. Find the right PC for you. 
  http://windows.microsoft.com/shop
 
 
 -
 Qmailtoaster is sponsored by Vickers Consulting Group 
 (www.vickersconsulting.com)
 Vickers Consulting Group offers Qmailtoaster support and installations.
   If you need professional help with your setup, contact them today!
 

RE: [qmailtoaster] Re: Spam Help Plz

[Michael Colvin]

Good point Eric...  I didn't think of this, since I'm not yet using the QMT
in production yet, and am still using Qmailrocks (Is that a 4 letter word
around here? :-)  ) w/Spamdyke set to handle TLS directly...So, in my case,
only Spamdyke is handling TLS, since my Qmail doesn't support it.  (I don't
think I ever configured it, or installed the patch, or whatever..I forget
now!)

I didn't like the way Spamdyke worked when allowing the TLS connection to
bypass it, so I felt it better to have Spamdyke offer TLS, and then still be
able to utilize all of it's filters.

Although, I think the most of it's filters would still work, those based on
the initial SMTP connection (RBL's etc), but graylisting, white/black listed
sender/recipients, etc would not, so it could be exploited to some degree.

I still think the best way to determine your issue Raphael is to provide the
e-mail headers...  :-)  I've got my users trained...When they have any
issues, either with spam getting through, or someone trying to send e-mail
to them getting a bounce, they send me headers.  Usually makes short work of
figuring out the problem.
 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert
 Sent: Thursday, November 05, 2009 11:02 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Re: Spam Help Plz
 
 Rafael Andrade wrote:
  Hello all,
 
  Im using qmailtoaster two years a go, and i`m very satisfied...
  some days a go my users receiving lots of spams, Tagged in subjects
  (spamassassin) or not.
 
  What could I be making to get better?
 
  Actually im using Qmailtoaster + Spamdyke with greylist.
 
  Excuse for english.
 
  My confs below:
 
  cat /etc/tcprules.d/tcp.smtp
  127.:allow,RELAYCLIENT=
 
 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R
 CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ
 
 
 Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con
 trol/domainkeys/%/private,NOP0FCHECK=1
 
 
 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120
 ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE
 
 
 UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke
 ys/%/private,NOP0FCHECK=1
 
 
 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO
 NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG
 
  N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1
 
  cat /var/qmail/control/simcontrol
 
 :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
 mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
 
 
 l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
 :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
 
  idw:.ipt
 
  cat /etc/spamdyke/spamdyke.conf
  # rbl
  dns-blacklist-entry=bl.spamcop.net
  dns-blacklist-entry=zen.spamhaus.org
  dns-blacklist-entry=dnsbl.sorbs.net
  dns-blacklist-entry=bogons.cymru.com
  dns-blacklist-entry=ix.dnsbl.manitu.net
  dns-blacklist-entry=cbl.abuseat.org
  dns-blacklist-entry=dnsbl.njabl.org
 
 
  # graylist
  #graylist-dir=/etc/spamdyke/graylist.d
  graylist-dir=/home/vpopmail/graylist.d
  graylist-level=always
  graylist-max-secs=2678400
  graylist-min-secs=180
  greeting-delay-secs=5
 
 
  local-domains-file=/var/qmail/control/rcpthosts
  #log-level=debug
  log-level=info
  log-target=syslog
  #log-target=stderr
  max-recipients=50
  #policy-url=http://my.policy.explanation.url/
  reject-empty-rdns
  #reject-ip-in-cc-rdns
  reject-missing-sender-mx
  reject-unresolvable-rdns
  tls-certificate-file=/var/qmail/control/servercert.pem
  # blacklist and whitelist ip
  ip-blacklist-file=/etc/spamdyke/blacklist_ip
  ip-whitelist-file=/etc/spamdyke/whitelist_ip
 
  # blacklist and whitelist keywords
  ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
  ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
 
  # blacklist and whitelist senders
  sender-blacklist-file=/etc/spamdyke/blacklist_senders
  sender-whitelist-file=/etc/spamdyke/whitelist_senders
 
  # blacklist and whitelist rdns
  rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
  rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
 
  # whitelist dns
  dns-whitelist-file=/etc/spamdyke/whitelist_dns
 
  # blacklist and whitelist recipients
  recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
  recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
 
 
 Raphael,
 
 I just came across what I think is a possible hole in spamdyke's
 configuration.
 
 I've been reading through the documentation regarding TLS, and it
 appears that with no tls-level option specified, if a spammer were to
 use TLS (advertised by qmail), spamdyke would be unable to use several
 of its filters because the data is encrypted passing through spamdyke to
 qmail-smtp.
 
 If you add tls-level=smtp to the spamdyke configuration file, this
 will cause spamdyke to 

Re: [qmailtoaster] Re: Spam Help Plz

[Aleksander Podsiadly]

W dniu 05.11.2009 20:02, Eric Shubert pisze:


I just came across what I think is a possible hole in spamdyke's 
configuration.


I've been reading through the documentation regarding TLS, and it 
appears that with no tls-level option specified, if a spammer were 
to use TLS (advertised by qmail), spamdyke would be unable to use 
several of its filters because the data is encrypted passing through 
spamdyke to qmail-smtp.

[...]

I don't think so.
From http://www.spamdyke.org/documentation/README.html
,,If |tls-level| is not given, spamdyke will use a value of |smtp|.''

--
Pozdrawiam / Regards,
Aleksander Podsiad?y
mail: a...@westside.kielce.pl
jid: a...@jabber.westside.kielce.pl
ICQ: 201121279
gg: 9150578

Re: [qmailtoaster] Re: Spam Help Plz

[Kent Busbee]

See response below; Aleksander Podsiadly wrote:
 W dniu 05.11.2009 20:02, Eric Shubert pisze:

 I just came across what I think is a possible hole in spamdyke's
 configuration.

 I've been reading through the documentation regarding TLS, and it
 appears that with no tls-level option specified, if a spammer were
 to use TLS (advertised by qmail), spamdyke would be unable to use
 several of its filters because the data is encrypted passing through
 spamdyke to qmail-smtp.
 [...]
 I don't think so.
  From http://www.spamdyke.org/documentation/README.html
 ,,If |tls-level| is not given, spamdyke will use a value of |smtp|.''

 --

Elsewhere on the same page:

First, with no TLS options given, spamdyke will identify a TLS
conversation and simply pass the data back and forth between qmail and the
remote client.

Can you say Ambiguous?

Hey, HOW's about those headers so we can help solve this problem???


Kent Busbee
Director of Technology
Northlake Christian School


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Help Plz

[Jake Vickers]

Kent Busbee wrote:
Did anyone else notice that he is missing spam_hits in his config file? 
Does it default to something without it?


HIS:
cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.wmv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
idw:.ipt

MINE:
# cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd:.dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh

  


Yes I did notice, but I'm trying to catch up on the thread.
Depending on what version of simscan he's running, it will default to 
either 20 or 40 (40 is the newer versions, 20 being the older versions).
We really need to see the headers of a spam that got through to help any 
more though. Anything else is just guessing at this point.



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

RE: [qmailtoaster] Re: Spam Help Plz

[Michael Colvin]

Like Eric mentioned, at this point, you need to take a look at the headers
of the spam e-mails that your users are getting.  You need to find something
in the type of e-mails you're getting that you can filter on...

Or, as also mentioned, it might be an internal user that is bypassing some
of the filtering because they are authenticated...

At this point, you need to look at the specific spam, and use specific
techniques to filter it, not simply add more RBL's, or blacklists, etc.
It's likely that just making one small tweak will eliminate most of your
spam.

 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: Rafael Andrade [mailto:raf...@riosulense.com.br]
 Sent: Tuesday, November 03, 2009 8:50 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: Re: [qmailtoaster] Re: Spam Help Plz
 
 Hello, Eric and all list,
 
 First thank u for the answer
 
 My users receiving lots of spams dont have a specific sender domain, or
 default spam type.
 
 My spamdyke is running see:
 
 spamdyke-stats /var/log/maillog
 Allowed: 35619
 Denied : 140729
 Sum: 176348
 % Spam : 79.80%
 
 in logfile:
 Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
 misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
 84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)
 
 I`m using lots of Rbls to try reduce the spam numbers but not working
 correctly.
 
 Does anybody have some idea?
 
 
 Thanks so much
 
 Rafael
 
 Eric Shubert escreveu:
  Rafael Andrade wrote:
  Hello all,
 
  Im using qmailtoaster two years a go, and i`m very satisfied...
  some days a go my users receiving lots of spams, Tagged in subjects
  (spamassassin) or not.
 
  What could I be making to get better?
 
  Actually im using Qmailtoaster + Spamdyke with greylist.
 
  Excuse for english.
 
  My confs below:
 
  cat /etc/tcprules.d/tcp.smtp
  127.:allow,RELAYCLIENT=
 
 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R
 CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ
 
 
 Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con
 trol/domainkeys/%/private,NOP0FCHECK=1
 
 
 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120
 ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE
 
 
 UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke
 ys/%/private,NOP0FCHECK=1
 
 
 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO
 NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG
 
  N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1
 
  cat /var/qmail/control/simcontrol
 
 :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
 mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
 
 
 l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
 :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
 
  idw:.ipt
 
  cat /etc/spamdyke/spamdyke.conf
  # rbl
  dns-blacklist-entry=bl.spamcop.net
  dns-blacklist-entry=zen.spamhaus.org
  dns-blacklist-entry=dnsbl.sorbs.net
  dns-blacklist-entry=bogons.cymru.com
  dns-blacklist-entry=ix.dnsbl.manitu.net
  dns-blacklist-entry=cbl.abuseat.org
  dns-blacklist-entry=dnsbl.njabl.org
 
 
  # graylist
  #graylist-dir=/etc/spamdyke/graylist.d
  graylist-dir=/home/vpopmail/graylist.d
  graylist-level=always
  graylist-max-secs=2678400
  graylist-min-secs=180
  greeting-delay-secs=5
 
 
  local-domains-file=/var/qmail/control/rcpthosts
  #log-level=debug
  log-level=info
  log-target=syslog
  #log-target=stderr
  max-recipients=50
  #policy-url=http://my.policy.explanation.url/
  reject-empty-rdns
  #reject-ip-in-cc-rdns
  reject-missing-sender-mx
  reject-unresolvable-rdns
  tls-certificate-file=/var/qmail/control/servercert.pem
  # blacklist and whitelist ip
  ip-blacklist-file=/etc/spamdyke/blacklist_ip
  ip-whitelist-file=/etc/spamdyke/whitelist_ip
 
  # blacklist and whitelist keywords
  ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
  ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
 
  # blacklist and whitelist senders
  sender-blacklist-file=/etc/spamdyke/blacklist_senders
  sender-whitelist-file=/etc/spamdyke/whitelist_senders
 
  # blacklist and whitelist rdns
  rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
  rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
 
  # whitelist dns
  dns-whitelist-file=/etc/spamdyke/whitelist_dns
 
  # blacklist and whitelist recipients
  recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
  recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
 
 
  ---
 --
 
 
  (Wow - that's a lot of RBLs)
 
  Are you sure that spamdyke's running?
  I like to use
  log-target=stderr
  so I can see spamdyke's messages in the smtp log along with the other
  related messages. Make sure spamdyke is running.
 
  Looks to me like you have the screws turned down pretty

RE: [qmailtoaster] Re: Spam Help Plz

[Kent Busbee]

Did anyone else notice that he is missing spam_hits in his config file? 
Does it default to something without it?

HIS:
cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.wmv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
idw:.ipt

MINE:
# cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd:.dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh


See response above; Michael Colvin wrote:
 Like Eric mentioned, at this point, you need to take a look at the headers
 of the spam e-mails that your users are getting.  You need to find
 something
 in the type of e-mails you're getting that you can filter on...

 Or, as also mentioned, it might be an internal user that is bypassing some
 of the filtering because they are authenticated...

 At this point, you need to look at the specific spam, and use specific
 techniques to filter it, not simply add more RBL's, or blacklists, etc.
 It's likely that just making one small tweak will eliminate most of your
 spam.

  
 Michael J. Colvin
 NorCal Internet Services
 www.norcalisp.com
  



 -Original Message-
 From: Rafael Andrade [mailto:raf...@riosulense.com.br]
 Sent: Tuesday, November 03, 2009 8:50 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: Re: [qmailtoaster] Re: Spam Help Plz

 Hello, Eric and all list,

 First thank u for the answer

 My users receiving lots of spams dont have a specific sender domain, or
 default spam type.

 My spamdyke is running see:

 spamdyke-stats /var/log/maillog
 Allowed: 35619
 Denied : 140729
 Sum: 176348
 % Spam : 79.80%

 in logfile:
 Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
 misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
 84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)

 I`m using lots of Rbls to try reduce the spam numbers but not working
 correctly.

 Does anybody have some idea?


 Thanks so much

 Rafael

 Eric Shubert escreveu:
  Rafael Andrade wrote:
  Hello all,
 
  Im using qmailtoaster two years a go, and i`m very satisfied...
  some days a go my users receiving lots of spams, Tagged in subjects
  (spamassassin) or not.
 
  What could I be making to get better?
 
  Actually im using Qmailtoaster + Spamdyke with greylist.
 
  Excuse for english.
 
  My confs below:
 
  cat /etc/tcprules.d/tcp.smtp
  127.:allow,RELAYCLIENT=
 
 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R
 CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ
 
 
 Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con
 trol/domainkeys/%/private,NOP0FCHECK=1
 
 
 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120
 ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE
 
 
 UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke
 ys/%/private,NOP0FCHECK=1
 
 
 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO
 NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG
 
  N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1
 
  cat /var/qmail/control/simcontrol
 
 :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
 mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
 
 
 l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
 :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
 
  idw:.ipt
 
  cat /etc/spamdyke/spamdyke.conf
  # rbl
  dns-blacklist-entry=bl.spamcop.net
  dns-blacklist-entry=zen.spamhaus.org
  dns-blacklist-entry=dnsbl.sorbs.net
  dns-blacklist-entry=bogons.cymru.com
  dns-blacklist-entry=ix.dnsbl.manitu.net
  dns-blacklist-entry=cbl.abuseat.org
  dns-blacklist-entry=dnsbl.njabl.org
 
 
  # graylist
  #graylist-dir=/etc/spamdyke/graylist.d
  graylist-dir=/home/vpopmail/graylist.d
  graylist-level=always
  graylist-max-secs=2678400
  graylist-min-secs=180
  greeting-delay-secs=5
 
 
  local-domains-file=/var/qmail/control/rcpthosts
  #log-level=debug
  log-level=info
  log-target=syslog
  #log-target=stderr
  max-recipients=50
  #policy-url=http://my.policy.explanation.url/
  reject-empty-rdns
  #reject-ip-in-cc-rdns
  reject-missing-sender-mx
  reject-unresolvable-rdns
  tls-certificate-file=/var/qmail/control/servercert.pem
  # blacklist and whitelist ip
  ip-blacklist-file=/etc/spamdyke/blacklist_ip
  ip-whitelist-file=/etc/spamdyke/whitelist_ip
 
  # blacklist and whitelist keywords
  ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
  ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
 
  # blacklist and whitelist senders
  sender-blacklist-file=/etc/spamdyke/blacklist_senders
  sender-whitelist-file=/etc/spamdyke/whitelist_senders
 
  # blacklist and whitelist rdns
  rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
  rdns-whitelist-file=/etc

RE: [qmailtoaster] Re: Spam Help Plz

[Michael Colvin]

 
 Did anyone else notice that he is missing spam_hits in his config file?
 Does it default to something without it?

I believe it defaults to 5 or something similar.  It would only effect
SpamAssassin anyway, and I've come to not really rely on SpamAssassin to
block most of my spam.  SpamDyke catches nearly all of it.  If he's getting
a lot of spam through, SpamAssassin is likely not the answer, blocking it
with SpamDyke is.   :-)

 Mike


 
 HIS:
 cat /var/qmail/control/simcontrol
 :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
 mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
 l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
 :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
 idw:.ipt
 
 MINE:
 # cat /var/qmail/control/simcontrol
 :clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd:.
 dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh
 
 
 See response above; Michael Colvin wrote:
  Like Eric mentioned, at this point, you need to take a look at the
 headers
  of the spam e-mails that your users are getting.  You need to find
  something
  in the type of e-mails you're getting that you can filter on...
 
  Or, as also mentioned, it might be an internal user that is bypassing
 some
  of the filtering because they are authenticated...
 
  At this point, you need to look at the specific spam, and use specific
  techniques to filter it, not simply add more RBL's, or blacklists, etc.
  It's likely that just making one small tweak will eliminate most of your
  spam.
 
 
  Michael J. Colvin
  NorCal Internet Services
  www.norcalisp.com
 
 
 
 
  -Original Message-
  From: Rafael Andrade [mailto:raf...@riosulense.com.br]
  Sent: Tuesday, November 03, 2009 8:50 AM
  To: qmailtoaster-list@qmailtoaster.com
  Subject: Re: [qmailtoaster] Re: Spam Help Plz
 
  Hello, Eric and all list,
 
  First thank u for the answer
 
  My users receiving lots of spams dont have a specific sender domain, or
  default spam type.
 
  My spamdyke is running see:
 
  spamdyke-stats /var/log/maillog
  Allowed: 35619
  Denied : 140729
  Sum: 176348
  % Spam : 79.80%
 
  in logfile:
  Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
  misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
  84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)
 
  I`m using lots of Rbls to try reduce the spam numbers but not working
  correctly.
 
  Does anybody have some idea?
 
 
  Thanks so much
 
  Rafael
 
  Eric Shubert escreveu:
   Rafael Andrade wrote:
   Hello all,
  
   Im using qmailtoaster two years a go, and i`m very satisfied...
   some days a go my users receiving lots of spams, Tagged in subjects
   (spamassassin) or not.
  
   What could I be making to get better?
  
   Actually im using Qmailtoaster + Spamdyke with greylist.
  
   Excuse for english.
  
   My confs below:
  
   cat /etc/tcprules.d/tcp.smtp
   127.:allow,RELAYCLIENT=
  
 
 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R
  CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ
  
  
 
 Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con
  trol/domainkeys/%/private,NOP0FCHECK=1
  
  
 
 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120
  ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE
  
  
 
 UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke
  ys/%/private,NOP0FCHECK=1
  
  
 
 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO
  NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG
  
   N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1
  
   cat /var/qmail/control/simcontrol
  
 
 :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
  mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
  
  
 
 l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
  :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
  
   idw:.ipt
  
   cat /etc/spamdyke/spamdyke.conf
   # rbl
   dns-blacklist-entry=bl.spamcop.net
   dns-blacklist-entry=zen.spamhaus.org
   dns-blacklist-entry=dnsbl.sorbs.net
   dns-blacklist-entry=bogons.cymru.com
   dns-blacklist-entry=ix.dnsbl.manitu.net
   dns-blacklist-entry=cbl.abuseat.org
   dns-blacklist-entry=dnsbl.njabl.org
  
  
   # graylist
   #graylist-dir=/etc/spamdyke/graylist.d
   graylist-dir=/home/vpopmail/graylist.d
   graylist-level=always
   graylist-max-secs=2678400
   graylist-min-secs=180
   greeting-delay-secs=5
  
  
   local-domains-file=/var/qmail/control/rcpthosts
   #log-level=debug
   log-level=info
   log-target=syslog
   #log-target=stderr
   max-recipients=50
   #policy-url=http://my.policy.explanation.url/
   reject-empty-rdns
   #reject-ip-in-cc-rdns
   reject-missing-sender-mx
   reject-unresolvable-rdns
   tls-certificate-file=/var/qmail/control/servercert.pem
   # blacklist and whitelist ip
   ip-blacklist-file=/etc/spamdyke

Re: [qmailtoaster] Re: Spam Help Plz

[Andreas Galatis]

Hi Rafael,

Why do you have disabled the spamdyke- ip-in-cc-rdns?
#reject-ip-in-cc-rdns

This spamdyke-rule catches about 30% of incoming mails because coming from 
dynamic addresses.

Andreas
Am Tuesday 03 November 2009 18:44:15 schrieb Michael Colvin:
  Did anyone else notice that he is missing spam_hits in his config file?
  Does it default to something without it?

 I believe it defaults to 5 or something similar.  It would only effect
 SpamAssassin anyway, and I've come to not really rely on SpamAssassin to
 block most of my spam.  SpamDyke catches nearly all of it.  If he's getting
 a lot of spam through, SpamAssassin is likely not the answer, blocking it
 with SpamDyke is.   :-)

  Mike

  HIS:
  cat /var/qmail/control/simcontrol
 
  :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.
  :w
 
  mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
  l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dw
 r
 
  :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
 
  idw:.ipt
 
  MINE:
  # cat /var/qmail/control/simcontrol
 
  :clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd:
  :.
 
  dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh
 
  See response above; Michael Colvin wrote:
   Like Eric mentioned, at this point, you need to take a look at the
 
  headers
 
   of the spam e-mails that your users are getting.  You need to find
   something
   in the type of e-mails you're getting that you can filter on...
  
   Or, as also mentioned, it might be an internal user that is bypassing
 
  some
 
   of the filtering because they are authenticated...
  
   At this point, you need to look at the specific spam, and use specific
   techniques to filter it, not simply add more RBL's, or blacklists, etc.
   It's likely that just making one small tweak will eliminate most of
   your spam.
  
  
   Michael J. Colvin
   NorCal Internet Services
   www.norcalisp.com
  
   -Original Message-
   From: Rafael Andrade [mailto:raf...@riosulense.com.br]
   Sent: Tuesday, November 03, 2009 8:50 AM
   To: qmailtoaster-list@qmailtoaster.com
   Subject: Re: [qmailtoaster] Re: Spam Help Plz
  
   Hello, Eric and all list,
  
   First thank u for the answer
  
   My users receiving lots of spams dont have a specific sender domain,
   or default spam type.
  
   My spamdyke is running see:
  
   spamdyke-stats /var/log/maillog
   Allowed: 35619
   Denied : 140729
   Sum: 176348
   % Spam : 79.80%
  
   in logfile:
   Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
   misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
   84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)
  
   I`m using lots of Rbls to try reduce the spam numbers but not working
   correctly.
  
   Does anybody have some idea?
  
  
   Thanks so much
  
   Rafael
  
   Eric Shubert escreveu:
Rafael Andrade wrote:
Hello all,
   
Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects
(spamassassin) or not.
   
What could I be making to get better?
   
Actually im using Qmailtoaster + Spamdyke with greylist.
   
Excuse for english.
   
My confs below:
   
cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=
 
  192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_
 R
 
   CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ
 
  Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/co
 n
 
   trol/domainkeys/%/private,NOP0FCHECK=1
 
  xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=12
 0
 
   ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE
 
  UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domaink
 e
 
   ys/%/private,NOP0FCHECK=1
  :
  :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WR
  :O
  :
   NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG
  
N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1
   
cat /var/qmail/control/simcontrol
  :
  :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.
  :w
  :
   mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
 
  l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dw
 r
 
   :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
   :
idw:.ipt
   
cat /etc/spamdyke/spamdyke.conf
# rbl
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=dnsbl.sorbs.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=ix.dnsbl.manitu.net
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=dnsbl.njabl.org
   
   
# graylist
#graylist-dir=/etc/spamdyke/graylist.d
graylist-dir=/home/vpopmail/graylist.d
graylist-level=always
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5
   
   
local-domains-file

Re: [qmailtoaster] Re: Spam Help Plz

[Brent Gardner]

Rafael Andrade wrote:

Hello, Eric and all list,

First thank u for the answer

My users receiving lots of spams dont have a specific sender domain, 
or default spam type.


My spamdyke is running see:

spamdyke-stats /var/log/maillog
Allowed: 35619
Denied : 140729
Sum: 176348
% Spam : 79.80%


snip

Where can I find spamdyke-stats?

This command intrigues me.


Brent Gardner



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Help Plz

[Rafael Andrade]

of the spam e-mails that your users are getting.  You need to find
something
in the type of e-mails you're getting that you can filter on...

Or, as also mentioned, it might be an internal user that is 
bypassing some

of the filtering because they are authenticated...

At this point, you need to look at the specific spam, and use specific
techniques to filter it, not simply add more RBL's, or blacklists, etc.
It's likely that just making one small tweak will eliminate most of 
your

spam.

 
Michael J. Colvin

NorCal Internet Services
www.norcalisp.com
 





-Original Message-
From: Rafael Andrade [mailto:raf...@riosulense.com.br]
Sent: Tuesday, November 03, 2009 8:50 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Spam Help Plz

Hello, Eric and all list,

First thank u for the answer

My users receiving lots of spams dont have a specific sender 
domain, or

default spam type.

My spamdyke is running see:

spamdyke-stats /var/log/maillog
Allowed: 35619
Denied : 140729
Sum: 176348
% Spam : 79.80%

in logfile:
Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)

I`m using lots of Rbls to try reduce the spam numbers but not working
correctly.

Does anybody have some idea?


Thanks so much

Rafael

Eric Shubert escreveu:

Rafael Andrade wrote:

Hello all,

Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects
(spamassassin) or not.

What could I be making to get better?

Actually im using Qmailtoaster + Spamdyke with greylist.

Excuse for english.

My confs below:

cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=

192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R 


CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ


Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con 


trol/domainkeys/%/private,NOP0FCHECK=1


xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120 


,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE


UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke 


ys/%/private,NOP0FCHECK=1


:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO 


NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG

N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1

cat /var/qmail/control/simcontrol

:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w 


mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p


l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr 


:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.

idw:.ipt

cat /etc/spamdyke/spamdyke.conf
# rbl
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=dnsbl.sorbs.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=ix.dnsbl.manitu.net
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=dnsbl.njabl.org


# graylist
#graylist-dir=/etc/spamdyke/graylist.d
graylist-dir=/home/vpopmail/graylist.d
graylist-level=always
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5


local-domains-file=/var/qmail/control/rcpthosts
#log-level=debug
log-level=info
log-target=syslog
#log-target=stderr
max-recipients=50
#policy-url=http://my.policy.explanation.url/
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-missing-sender-mx
reject-unresolvable-rdns
tls-certificate-file=/var/qmail/control/servercert.pem
# blacklist and whitelist ip
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-whitelist-file=/etc/spamdyke/whitelist_ip

# blacklist and whitelist keywords
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords

# blacklist and whitelist senders
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders

# blacklist and whitelist rdns
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns

# whitelist dns
dns-whitelist-file=/etc/spamdyke/whitelist_dns

# blacklist and whitelist recipients
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients


--- 


--


(Wow - that's a lot of RBLs)

Are you sure that spamdyke's running?
I like to use
log-target=stderr
so I can see spamdyke's messages in the smtp log along with the other
related messages. Make sure spamdyke is running.

Looks to me like you have the screws turned down pretty tight spam
wise.  I think the next step would be to look at a representative
sample of the spam you're receiving, to see why it's getting through.

Perhaps there is a workstation or server on your network that's been
compromised and is sending out the spam

Re: [qmailtoaster] Re: [Spam] [qmailtoaster] Unknown localhost connection

[Jake Vickers]

Mark Burlingame wrote:

I did a fresh install of CentOS 4.3 on a separate machine. The old server
was CentOS 4.2 and the last released version of the qmail toaster packages.
I used Jake Vicker's backup/restore scripts to move everything from the old
server to the new server. Other email is fine. SA  Clam are working fine.
The address means nothing to me.

I really am a bit confused. I noticed it was coming from inside when I
looked through the smtp logs. Is there anywhere else to check besides the
smtp/current log?

It's not really a problem, but damn is it confusing. I had a copy of
roundcubemail and eyeos that I'll have to check through as well.
  
Maybe someone internally is sending those messages? (spam bot)? If it's 
being sent through your machine, you would also see the entry in your 
/var/qmail/send logs.


-
QmailToaster hosted by: VR Hosted http://www.vr.org
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]