Rafael Andrade wrote:
Hello all,
Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects
(spamassassin) or not.
What could I be making to get better?
Actually im using Qmailtoaster + Spamdyke with greylist.
Excuse for english.
My confs below:
cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=""
192.168.1.:allow,RELAYCLIENT="",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="120",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJ
Kfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
xxx.xx.xx.xx:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="120",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJKfh",QMAILQUE
UE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIG
N="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.wmv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
idw:.ipt
cat /etc/spamdyke/spamdyke.conf
# rbl
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=dnsbl.sorbs.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=ix.dnsbl.manitu.net
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=dnsbl.njabl.org
# graylist
#graylist-dir=/etc/spamdyke/graylist.d
graylist-dir=/home/vpopmail/graylist.d
graylist-level=always
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5
local-domains-file=/var/qmail/control/rcpthosts
#log-level=debug
log-level=info
log-target=syslog
#log-target=stderr
max-recipients=50
#policy-url=http://my.policy.explanation.url/
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-missing-sender-mx
reject-unresolvable-rdns
tls-certificate-file=/var/qmail/control/servercert.pem
# blacklist and whitelist ip
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-whitelist-file=/etc/spamdyke/whitelist_ip
# blacklist and whitelist keywords
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
# blacklist and whitelist senders
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
# blacklist and whitelist rdns
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
# whitelist dns
dns-whitelist-file=/etc/spamdyke/whitelist_dns
# blacklist and whitelist recipients
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
Raphael,
I just came across what I think is a possible hole in spamdyke's
configuration.
I've been reading through the documentation regarding TLS, and it
appears that with no "tls-level" option specified, if a spammer were to
use TLS (advertised by qmail), spamdyke would be unable to use several
of its filters because the data is encrypted passing through spamdyke to
qmail-smtp.
If you add "tls-level=smtp" to the spamdyke configuration file, this
will cause spamdyke to handle the encryption (as opposed to qmail-smtp),
and all of spamdyke's filters will be effective. I've just now added
this option to my spamdyke configuration, and will be updating the
qtp-install-spamdyke script with it if I don't see any problem. I highly
doubt there will be one.
You probably won't see any real gains in spamdyke's effectiveness with
this, as it would be inefficient for a spammer to go through the
overhead of using TLS (encryption). Adding this option should remove any
doubt about such spam getting through though. ;)
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
