Re: RBLs?
> Am 03.07.2019 um 10:26 schrieb Gilles Chehade : >> On Wed, Jul 03, 2019 at 08:22:59AM +, mabi wrote: >>> On Wednesday, July 3, 2019 9:39 AM, Giovanni Bechis >>> wrote: >>> >>> I think it could be possible to write a filter-spamassassin, that way smtpd >>> could reject based on SpamAssassin tags. >> > > yes, that is definitely doable I have done that already: https://www.umaxx.net/dl/filter-spamassassin-0.1.tar.gz
Re: RBLs?
On Wed, Jul 03, 2019 at 08:22:59AM +, mabi wrote: > ? Original Message ? > On Wednesday, July 3, 2019 9:39 AM, Giovanni Bechis > wrote: > > > I think it could be possible to write a filter-spamassassin, that way smtpd > > could reject based on SpamAssassin tags. > yes, that is definitely doable > Good idea, I might look at this alternative when I have a moment to write > something in Ruby interfacing OpenSMTPD<->SA. Is there any documentation > available to the filter "API"? I didn't find anything on opensmtpd.org. Or > should I just check the source code of already existing filters as example? > the filter API is not yet documented, i'm working on it at the moment. if you plan on working on filters, you should join our IRC channel or be prepared to face subtle changes that aren't documented yet ;-) -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: RBLs?
On 7/2/19 10:31 PM, mabi wrote: > ‐‐‐ Original Message ‐‐‐ > On Tuesday, July 2, 2019 11:44 AM, Gilles Chehade wrote: > >> if you configure rspamd to flag spam mail as reject, smtpd will reject them. > > Glad to hear that this is possible with rspamd! Because with SpamAssassin it > is only possible to tag the mail as spam but not to reject it upfront. I want > to reject the mail immediately if it detected as spam so that it does not get > relayed further (out to another mail server). > I think it could be possible to write a filter-spamassassin, that way smtpd could reject based on SpamAssassin tags. Giovanni -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: RBLs?
‐‐‐ Original Message ‐‐‐ On Tuesday, July 2, 2019 11:44 AM, Gilles Chehade wrote: > if you configure rspamd to flag spam mail as reject, smtpd will reject them. Glad to hear that this is possible with rspamd! Because with SpamAssassin it is only possible to tag the mail as spam but not to reject it upfront. I want to reject the mail immediately if it detected as spam so that it does not get relayed further (out to another mail server). -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: RBLs?
On Tue, Jul 02, 2019 at 06:54:02AM +, mabi wrote: > ? Original Message ? > On Sunday, June 30, 2019 1:46 PM, Gilles Chehade wrote: > > > I'm currently working on bringing a filter-rspamd to life, see: > > > > https://poolp.org/posts/2019-06-30/june-2019-report-fion-bpg-and-smtpd/ > > Fantastic Gilles, thanks for your great work! I am looking forward to try > this filter out. > > [...] > > So basically I am not interested in the score but just in a boolean > true/false if the mail is spam or not and then have OpenSMTPD refuse the > submission/relaying of the mail to further mail servers on the internet. > yes, filter-rspamd will apply the policy configured in rspamd. if you configure rspamd to flag spam mail as reject, smtpd will reject them. > My impression is that this right now is not possible with OpenSMTPD. Am I > right here? > No, it is not possible with OpenSMTPD. You need a filter to do this and filter-rspamd is such a filter. -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: RBLs?
‐‐‐ Original Message ‐‐‐ On Sunday, June 30, 2019 1:46 PM, Gilles Chehade wrote: > I'm currently working on bringing a filter-rspamd to life, see: > > https://poolp.org/posts/2019-06-30/june-2019-report-fion-bpg-and-smtpd/ Fantastic Gilles, thanks for your great work! I am looking forward to try this filter out. Question: will your rspamd filter be able also to simply reject a mail if rspamd detects it as spam? I am looking for such a feature in order to block user submission of spam mails as explained here: https://www.mail-archive.com/misc@opensmtpd.org/msg04379.html So basically I am not interested in the score but just in a boolean true/false if the mail is spam or not and then have OpenSMTPD refuse the submission/relaying of the mail to further mail servers on the internet. This is a typical scenario where you don't trust your users or have users which often get infected by malwares and having for example their outlook client sending (authenticated) spam mails... My impression is that this right now is not possible with OpenSMTPD. Am I right here? -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: RBLs?
Hello Gilles, I'm not at all familiar with filters but it seems to me that everyone has its own way to fight spam: shell script, python script, filters... Right now I'm not able to avoid spam I use spamd and grey/black listing but it's not enough. I don't find a simple way to avoid mails with a specific regexp in the subject or body of the mail. Or synchronise with RBLs or ask opensmtpd to make some checks."if IP of the sender is not a mx for the sender domain then reject" with an opensmtpd rule."if subject of the domain is in table then reject" That's what I mean by native. Probably you'll answer that the goal of smtpd is to deliver mails not to do this kind of tasks. Regards Le dimanche 30 juin 2019 à 13:47:04 UTC+2, Gilles Chehade a écrit : On Sat, Jun 29, 2019 at 01:03:46PM +, Mik J wrote: > Hello, Hello, > I'm also interested in this topic. A lot of spam are still passing through. > On my personal mailbox, I receive almost no spam.But on addresses that are > visible on a website I receive spam, two/three per day many are blocked > though. > I have the same strategy as Thomas and use spamd and spam trap mails. > I'm currently working on bringing a filter-rspamd to life, see: https://poolp.org/posts/2019-06-30/june-2019-report-fion-bpg-and-smtpd/ > Joerg your filter looks nice but I don't understand how it works.I'm looking > forward to have something native with opensmtpd, spam is a pain. > I don't understand what you mean by "native". -- Gilles Chehade @poolpOrg https://www.poolp.org patreon: https://www.patreon.com/gilles -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: RBLs?
On Sat, Jun 29, 2019 at 01:03:46PM +, Mik J wrote: > Hello, Hello, > I'm also interested in this topic. A lot of spam are still passing through. > On my personal mailbox, I receive almost no spam.But on addresses that are > visible on a website I receive spam, two/three per day many are blocked > though. > I have the same strategy as Thomas and use spamd and spam trap mails. > I'm currently working on bringing a filter-rspamd to life, see: https://poolp.org/posts/2019-06-30/june-2019-report-fion-bpg-and-smtpd/ > Joerg your filter looks nice but I don't understand how it works.I'm looking > forward to have something native with opensmtpd, spam is a pain. > I don't understand what you mean by "native". -- Gilles Chehade @poolpOrg https://www.poolp.orgpatreon: https://www.patreon.com/gilles -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: RBLs?
Hello, I'm also interested in this topic. A lot of spam are still passing through. On my personal mailbox, I receive almost no spam.But on addresses that are visible on a website I receive spam, two/three per day many are blocked though. I have the same strategy as Thomas and use spamd and spam trap mails. Joerg your filter looks nice but I don't understand how it works.I'm looking forward to have something native with opensmtpd, spam is a pain. Regards Le vendredi 21 juin 2019 à 14:08:00 UTC+2, Joerg Jung a écrit : On 20. Jun 2019, at 00:40, Thomas Smith wrote: Hi, I’ve been using a combination of OpenSMTPd and spamd on OpenBSD (currently at 6.5) for some time and with success. However, there are still some false-negatives and I’m looking at ways of reducing those. One way is by making use of RBLs. (I’ve evaluated delivered spam and the majority of it seems to be coming from IPs that are on various blacklists but aren’t being caught by greylisting.) spamd doesn’t support RBLs, at least that I’ve found, it can only use lists that can be downloaded locally—the particular service I’m wanting to use only provides DNS-based RBLs. So that’s my problem… I’m looking for ways of including an RBL in either spamd or OpenSMTPd, preferring to stay in OpenBSD base as much as possible. (In other words, I’d prefer to not rip out spamd or replace or supplement it with SpamAssassin or rspamd—I’d rather find a solution that will plugin _specifically_ for RBLs without all of the other bloat that SpamAssassin and similar products bring. Can anyone offer some input on this please? I’m not opposed to writing an OpenSMTPd filter, though I’d need to locate some documentation for that (I’ve looked but haven’t been able to find it, so I’m probably looking in the wrong places—suggestions welcomed). I’ve written a filter already: https://www.umaxx.net/dl/filter-dnsbl-0.4.tar.gzDon’t expect support, see other mails and comments from Gilles on the filter topic.
Re: RBLs?
> On 20. Jun 2019, at 00:40, Thomas Smith wrote: > > Hi, > > I’ve been using a combination of OpenSMTPd and spamd on OpenBSD (currently at > 6.5) for some time and with success. However, there are still some > false-negatives and I’m looking at ways of reducing those. One way is by > making use of RBLs. > > (I’ve evaluated delivered spam and the majority of it seems to be coming from > IPs that are on various blacklists but aren’t being caught by greylisting.) > > spamd doesn’t support RBLs, at least that I’ve found, it can only use lists > that can be downloaded locally—the particular service I’m wanting to use only > provides DNS-based RBLs. So that’s my problem… > > I’m looking for ways of including an RBL in either spamd or OpenSMTPd, > preferring to stay in OpenBSD base as much as possible. (In other words, I’d > prefer to not rip out spamd or replace or supplement it with SpamAssassin or > rspamd—I’d rather find a solution that will plugin _specifically_ for RBLs > without all of the other bloat that SpamAssassin and similar products bring. > > Can anyone offer some input on this please? > > I’m not opposed to writing an OpenSMTPd filter, though I’d need to locate > some documentation for that (I’ve looked but haven’t been able to find it, so > I’m probably looking in the wrong places—suggestions welcomed). I’ve written a filter already: https://www.umaxx.net/dl/filter-dnsbl-0.4.tar.gz <https://www.umaxx.net/dl/filter-dnsbl-0.4.tar.gz> Don’t expect support, see other mails and comments from Gilles on the filter topic.
Re: RBLs?
Hi >Hi, > >I’ve been using a combination of OpenSMTPd and spamd on OpenBSD (currently at >6.5) for some time and with success. However, there are still some >false-negatives and I’m looking at ways of reducing those. One way is by >making use of RBLs. > >(I’ve evaluated delivered spam and the majority of it seems to be coming from >IPs that are on various blacklists but aren’t being caught by greylisting.) > >spamd doesn’t support RBLs, at least that I’ve found, it can only use lists >that can be downloaded locally—the particular service I’m wanting to use only >provides DNS-based RBLs. So that’s my problem… > >I’m looking for ways of including an RBL in either spamd or OpenSMTPd, >preferring to stay in OpenBSD base as much as possible. (In other words, I’d >prefer to not rip out spamd or replace or supplement it with SpamAssassin or >rspamd—I’d rather find a solution that will plugin _specifically_ for RBLs >without all of the other bloat that SpamAssassin and similar products bring. > >Can anyone offer some input on this please? > >I’m not opposed to writing an OpenSMTPd filter, though I’d need to locate some >documentation for that (I’ve looked but haven’t been able to find it, so I’m >probably looking in the wrong places—suggestions welcomed). > >~ Tom I wrote a python script (enclosed) that scans the spamd logs, looks up new ip address in zen.spamhaus.org and blacklists if found. It keeps a cache of what it has done to keep the load down and expires it over time. If run at least once within the whitelisting period it will do the RBL thing for you. The script has various command line options (mostly for testing) but oddly if you want to change the RBL you are going to have to edit the script (hopefully obvious). I have this line in roots crontab to run it every 15mins */15* * * * /usr/local/bin/dnsbl-scan.py Hope that helps JC dnsbl-scan.py Description: Binary data
Re: RBLs?
Hi Tom, Getting a filter to do this would be great. I had a similar discussion on Mastodon the other day and there is an RBL which can be download and used with spamd. It already helps a lot on our setup. I am using the following script to collect the RBLs and to make them usable for spamd. ### fetch script ### #!/bin/sh openrsync rsync-mirrors.uceprotect.net::RBLDNSD-ALL/dnsbl-1.uceprotect.net /tmp/ > /dev/null 2>&1 openrsync rsync-mirrors.uceprotect.net::RBLDNSD-ALL/dnsbl-2.uceprotect.net /tmp/ > /dev/null 2>&1 openrsync rsync-mirrors.uceprotect.net::RBLDNSD-ALL/ips.whitelisted.org /tmp/ > /dev/null 2>&1 openrsync psbl-mirror.surriel.com::psbl/psbl.txt /etc/mail/ > /dev/null 2>&1 # strip out all non IP lines sed -i '/^#/d;/^\$/d;/^!/d;/^:/d;/Test Record/d' /tmp/dnsbl-1.uceprotect.net sed -i '/^#/d;/^\$/d;/^!/d;/^:/d;/Test Record/d' /tmp/dnsbl-2.uceprotect.net sed -i '/^#/d;/^\$/d;/^!/d;/^:/d;/Test Record/d' /tmp/ips.whitelisted.org # cp dnsbl1 cp /tmp/dnsbl-1.uceprotect.net /etc/mail # copy only IPs to the destination awk '{print $1}' /tmp/dnsbl-2.uceprotect.net > /etc/mail/dnsbl-2.uceprotect.net cp /tmp/ips.whitelisted.org /etc/mail ### The reason for /dev/null is openrsync doesn't have a quiet mode (yet). :) ### spamd.conf ### all:\ :nixspam:bsdly:dnsbl-1:dnsbl-2:psbl::dnsbl-white:localwhite:localblack: dnsbl-1:\ :black:\ :msg="Your address %A is listed on UCEPROTECT-Level 1\n\ See http://www.uceprotect.net/en":\ :method=file:\ :file=/etc/mail/dnsbl-1.uceprotect.net dnsbl-2:\ :black:\ :msg="Your address %A is listed on UCEPROTECT-Level 2\n\ See http://www.uceprotect.net/en":\ :method=file:\ :file=/etc/mail/dnsbl-2.uceprotect.net psbl:\ :black:\ :msg="Your address %A is listed on PSBL\n\ See https://psbl.org/":\ :method=file:\ :file=/etc/mail/psbl.txt dnsbl-white:\ :white:\ :method=file:\ :file=/etc/mail/ips.whitelisted.org ### Hope this helps. Mischa > On 20 Jun 2019, at 00:40, Thomas Smith wrote: > > Hi, > > I’ve been using a combination of OpenSMTPd and spamd on OpenBSD (currently at > 6.5) for some time and with success. However, there are still some > false-negatives and I’m looking at ways of reducing those. One way is by > making use of RBLs. > > (I’ve evaluated delivered spam and the majority of it seems to be coming from > IPs that are on various blacklists but aren’t being caught by greylisting.) > > spamd doesn’t support RBLs, at least that I’ve found, it can only use lists > that can be downloaded locally—the particular service I’m wanting to use only > provides DNS-based RBLs. So that’s my problem… > > I’m looking for ways of including an RBL in either spamd or OpenSMTPd, > preferring to stay in OpenBSD base as much as possible. (In other words, I’d > prefer to not rip out spamd or replace or supplement it with SpamAssassin or > rspamd—I’d rather find a solution that will plugin _specifically_ for RBLs > without all of the other bloat that SpamAssassin and similar products bring. > > Can anyone offer some input on this please? > > I’m not opposed to writing an OpenSMTPd filter, though I’d need to locate > some documentation for that (I’ve looked but haven’t been able to find it, so > I’m probably looking in the wrong places—suggestions welcomed). > > ~ Tom > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
RBLs?
Hi, I’ve been using a combination of OpenSMTPd and spamd on OpenBSD (currently at 6.5) for some time and with success. However, there are still some false-negatives and I’m looking at ways of reducing those. One way is by making use of RBLs. (I’ve evaluated delivered spam and the majority of it seems to be coming from IPs that are on various blacklists but aren’t being caught by greylisting.) spamd doesn’t support RBLs, at least that I’ve found, it can only use lists that can be downloaded locally—the particular service I’m wanting to use only provides DNS-based RBLs. So that’s my problem… I’m looking for ways of including an RBL in either spamd or OpenSMTPd, preferring to stay in OpenBSD base as much as possible. (In other words, I’d prefer to not rip out spamd or replace or supplement it with SpamAssassin or rspamd—I’d rather find a solution that will plugin _specifically_ for RBLs without all of the other bloat that SpamAssassin and similar products bring. Can anyone offer some input on this please? I’m not opposed to writing an OpenSMTPd filter, though I’d need to locate some documentation for that (I’ve looked but haven’t been able to find it, so I’m probably looking in the wrong places—suggestions welcomed). ~ Tom -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org