[qmailtoaster] Re: Spam Help Plz

[Eric Shubert]

Thanks, Michael. I agree.

I just happened to think of this as I was communicating with Sam about 
adding an option to spamdyke which will require TLS before 
authentication. Would be a nice enhancement. Dovecot can do this.

Michael Colvin wrote:
Good point Eric...  I didn't think of this, since I'm not yet using the QMT
in production yet, and am still using Qmailrocks (Is that a 4 letter word
around here? :-)  ) w/Spamdyke set to handle TLS directly...So, in my case,
only Spamdyke is handling TLS, since my Qmail doesn't support it.  (I don't
think I ever configured it, or installed the patch, or whatever..I forget
now!)

I didn't like the way Spamdyke worked when allowing the TLS connection to
bypass it, so I felt it better to have Spamdyke offer TLS, and then still be
able to utilize all of it's filters.

Although, I think the most of it's filters would still work, those based on
the initial SMTP connection (RBL's etc), but graylisting, white/black listed
sender/recipients, etc would not, so it could be exploited to some degree.

I still think the best way to determine your issue Raphael is to provide the
e-mail headers...  :-)  I've got my users trained...When they have any
issues, either with spam getting through, or someone trying to send e-mail
to them getting a bounce, they send me headers.  Usually makes short work of
figuring out the problem.
 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



-----Original Message-----
From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert
Sent: Thursday, November 05, 2009 11:02 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Spam Help Plz

Rafael Andrade wrote:
Hello all,

Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects
(spamassassin) or not.

What could I be making to get better?

Actually im using Qmailtoaster + Spamdyke with greylist.

Excuse for english.

My confs below:

cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=""

192.168.1.:allow,RELAYCLIENT="",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_R
CPTLIMIT="120",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJ

Kfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/con
trol/domainkeys/%/private",NOP0FCHECK="1"

xxx.xx.xx.xx:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="120
",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJKfh",QMAILQUE

UE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/control/domainke
ys/%/private",NOP0FCHECK="1"

:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRO
NGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIG
N="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"

cat /var/qmail/control/simcontrol

:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p

l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
idw:.ipt

cat /etc/spamdyke/spamdyke.conf
# rbl
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=dnsbl.sorbs.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=ix.dnsbl.manitu.net
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=dnsbl.njabl.org


# graylist
#graylist-dir=/etc/spamdyke/graylist.d
graylist-dir=/home/vpopmail/graylist.d
graylist-level=always
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5


local-domains-file=/var/qmail/control/rcpthosts
#log-level=debug
log-level=info
log-target=syslog
#log-target=stderr
max-recipients=50
#policy-url=http://my.policy.explanation.url/
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-missing-sender-mx
reject-unresolvable-rdns
tls-certificate-file=/var/qmail/control/servercert.pem
# blacklist and whitelist ip
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-whitelist-file=/etc/spamdyke/whitelist_ip

# blacklist and whitelist keywords
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords

# blacklist and whitelist senders
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders

# blacklist and whitelist rdns
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns

# whitelist dns
dns-whitelist-file=/etc/spamdyke/whitelist_dns

# blacklist and whitelist recipients
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients

Raphael,

I just came across what I think is a possible hole in spamdyke's
configuration.

I've been reading through the documentation regarding TLS, and it
appears that with no "tls-level" option specified, if a spammer were to
use TLS (advertised by qmail), spamdyke would be unable to use several
of its filters because the data is encrypted passing through spamdyke to
qmail-smtp.

If you add "tls-level=smtp" to the spamdyke configuration file, this
will cause spamdyke to handle the encryption (as opposed to qmail-smtp),
and all of spamdyke's filters will be effective. I've just now added
this option to my spamdyke configuration, and will be updating the
qtp-install-spamdyke script with it if I don't see any problem. I highly
doubt there will be one.

You probably won't see any real gains in spamdyke's effectiveness with
this, as it would be inefficient for a spammer to go through the
overhead of using TLS (encryption). Adding this option should remove any
doubt about such spam getting through though. ;)

--
-Eric 'shubes'



--
-Eric 'shubes'


---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
    
     To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com