Re: [vchkpw] rblsmtpd with vchkpw
Hi, El Miércoles, 5 de Abril de 2006 06:02, Fernando Milovich escribió: I mean bypass RBL is the client is authenticated. But it seems to be no possibly. This problem is because our customers use ISP connections like ADSL and Dial Up and these connections are blocked by CBL at spamhaus.org I think i´ll have to change the RBL checker. Then create your own rbl whitelist zone and add the desired ip ranges to it. Then use rblsmtpd like this: ... /usr/local/bin/rblsmtpd -b -ayourwhitelist -rsbl.spamhaus.org etc ... As rblsmtpd will match them first, it won' lookup them in CBL neither in any other blacklist. Ruben
Re: [vchkpw] rblsmtpd with vchkpw
Use a scoring based RBL check. rblsmtpd denies all connections existing in RBLs You could modify it to do a scoring algorithm if you wanted, finding only the popular entries. SpamAssassin (with simscan) will do what you want, adding a score based on the credibility and error rates of each RBL. So something in one RBL will have a higher Spam score (and combined with other features may throw it over the edge), but something in three RBLs will be enough to reject the message.You could of course just find RBLs that don't block your customers or have good removal rules.-M Fernando Milovich [EMAIL PROTECTED] wrote: I mean bypass RBL is the client is authenticated. But it seems to be no possibly.This problem is because our customers use ISP connections like ADSL and Dial Up and these connections are blocked by CBL at spamhaus.orgI think i´ll have to change the RBL checker.Thanks so much.- Original Message - From: "John Simpson" To: Sent: Monday, April 03, 2006 7:18 PMSubject: Re: [vchkpw] rblsmtpd with vchkpw
Re: [vchkpw] rblsmtpd with vchkpw
On Monday 03 April 2006 07:24, [EMAIL PROTECTED] wrote: Hi, there is any rule to put in ~vpopmail/etc/tcp.smtp for one user has been authenticated not be IP checked on rblsmtpd ? I think that can be possible using environment variables, may not. Something like this: 111.111.111.111:allow,RBLSMTPD= if you are authenticating with pop-before-smtp, this should be a fairly trivial change to the vpopmail code. Look for the string 'RELAYCLIENT' in the vpopmail source and slap in RBLSMTPD= into there. If you're using smtp auth only, you really can't do what you are asking, other than recoding qmail-smtpd to integrate rblsmtpd support as well as smtp auth *shrugs* -Jeremy -- Jeremy Kitchen ++ [EMAIL PROTECTED] In the beginning was The Word and The Word was Content-type: text/plain -- The Word of Bob. And the lord said unto John; Come forth and receive eternal life. John came fifth and won a toaster. pgpgaomySlwun.pgp Description: PGP signature
Re: [vchkpw] rblsmtpd with vchkpw
On 2006-04-05, at 0002, Fernando Milovich wrote: I mean bypass RBL is the client is authenticated. But it seems to be no possibly. This problem is because our customers use ISP connections like ADSL and Dial Up and these connections are blocked by CBL at spamhaus.org I think i´ll have to change the RBL checker. set up a second SMTP service for your users. it should not use port 25, it should not accept mail at all unless the client has sent a successful AUTH command, and it should not accept an AUTH command unless the connection is encrypted (via SSL or TLS.) depending on the qmail patches you are using, the second and third conditions may not be possible for you- but the first condition, running an SMTP service on some other port, anybody can do. usually the biggest mental hurdle is realizing that it is possible to run multiple SMTP services on the same machine. just take the run script from your existing service and copy it to a new service directory... change the port number from 25 (or smtp, if that's how it's listed in your file) to 587, and fire it up. or run it on port 465, substitute sslserver for tcpserver, make a key pair, and you're up and running with an SSL-secured SMTP server. http://qmail.jms1.net/smtp-service.shtml is a web page i wrote which explains how to set up SMTP services. it's slanted towards people who use my combined patch file (which you may want to take a look at- lots of tasty goodies in there) but the basic idea is the same for any qmail system- you can have as many SMTP services as you need, as long as each one has its own IP/PORT combination. it may contain some helpful information, and it certainly explains things in more detail than this message. enjoy. -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] rblsmtpd with vchkpw
On 2006-04-03, at 1024, [EMAIL PROTECTED] wrote: Hi, there is any rule to put in ~vpopmail/etc/tcp.smtp for one user has been authenticated not be IP checked on rblsmtpd ? if by authenticated you mean that their IP address matches a certain line, yes. the example you include... 111.111.111.111:allow,RBLSMTPD= does exactly what you're asking about. the rblsmtpd program will bypass the RBL checks and just continue on to qmail-smtpd if it sees a RELAYCLIENT envrionment variable, or an RBLSMTPD variable whose value is empty. http://cr.yp.to/ucspi-tcp/rblsmtpd.html explains how this works. however, if by authenticated you mean that the client has sent a successful SMTP AUTH command, no. the AUTH command is processed by qmail-smtpd, while rblsmtpd runs before qmail-smtpd. this means that any RBL checking is done, and blocking (if appropriate) happens, before the client would have a chance to enter an AUTH command (or any command at all, for that matter.) -- | John M. Simpson - KG4ZOW - Programmer At Large | | http://www.jms1.net/ [EMAIL PROTECTED] | -- | Mac OS X proves that it's easier to make UNIX | | pretty than it is to make Windows secure. | -- PGP.sig Description: This is a digitally signed message part
Re: [vchkpw] rblsmtpd with vchkpw
I mean bypass RBL is the client is authenticated. But it seems to be no possibly. This problem is because our customers use ISP connections like ADSL and Dial Up and these connections are blocked by CBL at spamhaus.org I think i´ll have to change the RBL checker. Thanks so much. - Original Message - From: John Simpson [EMAIL PROTECTED] To: vchkpw@inter7.com Sent: Monday, April 03, 2006 7:18 PM Subject: Re: [vchkpw] rblsmtpd with vchkpw