Re: Spamassassin RBL's

[Warren Block]

On Tue, 12 Jun 2007, Reko Turja wrote:

IMHO mail gateway isn't the point of checking whether machines inside are 
virus free or not. There should be other practises used on workstations 
ensuring that the inside environment is virus free at any given moment.


It's impossible to guarantee that the LAN machines are virus-free at any 
given time, particularly if they run Windows or are portable and move in 
and out of the LAN.


The idea of virus-checking outgoing email isn't to tell whether LAN 
machines are infected, but to prevent abuse of other networks and 
possible loss of connectivity because a virus got through the first-line 
defenses.


-Warren Block * Rapid City, South Dakota USA
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Spamassassin RBL's

[Olivier Nicole]

> IMHO mail gateway isn't the point of checking whether machines inside 
> are virus free or not. There should be other practises used on 
> workstations ensuring that the inside environment is virus free at any 
> given moment.

There should be. But there are also users that decide to use their own
XYZ anti virus because their uncle told them it is better than the one
choosen by the professionals in charge of the system. That is why
outgoing mail gateway is a good place to check that inside machines
are not infected.

I once got my email outgoing gateway inform me that some user had his
machine infected, he had an antivirus, but was one week late for
update... At least my outgoing mail gateway, I have control on it and
the antiviruses are updated every 2 hours :)

Security is better design by adding several layer of checking. At
least IMHO too :)

Bests,

olivier
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Spamassassin RBL's

[Reko Turja]

The directive above tells  postfix to add information into
headers that tell Amavis the mail was sent by someone who was
authenticated by the system and thus trusted.


I expect that the above mentionned headers cannot be forged. Else 
that

would be a nice way for spam to avoid filtering.

Beside, I am not sure it is a good measure to disable Amavis for any
email. First goal of amavis is virus scanning, even a
trusted/authenticated sender could have his machine infected and 
could

be spreading viruses.


Using the header above of course implies that the machine running 
postfix will relay to amavis only on loopback, not via regular IP - or 
using other method that can be counted as secure. And of course for 
viruses authenticating via SASL using encrypted authentication and 
real user/password pair isn't usually successful :)


IMHO mail gateway isn't the point of checking whether machines inside 
are virus free or not. There should be other practises used on 
workstations ensuring that the inside environment is virus free at any 
given moment.


-Reko 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Spamassassin RBL's

[Olivier Nicole]

> The directive above tells  postfix to add information into 
> headers that tell Amavis the mail was sent by someone who was 
> authenticated by the system and thus trusted.

I expect that the above mentionned headers cannot be forged. Else that
would be a nice way for spam to avoid filtering.

Beside, I am not sure it is a good measure to disable Amavis for any
email. First goal of amavis is virus scanning, even a
trusted/authenticated sender could have his machine infected and could
be spreading viruses.

My 2 cents.

Olivier
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Spamassassin RBL's

[Reko Turja]

I see, I disabled bayes and awl in spamassassin, and updated 
amavisd-new
from ports. I have a different problem. Mail I am sending out is 
being
thrown away because it's being flagged as spam. I'm stumped, it 
never did

this before.


From memory, you can tell amavis which are your networks, so it 
doesnt scan emails on the way out. (or maybe you tell postfix to 
>only send the email via amavis on the way out, not in... i cant 
remember nor check atm).


If you use SASL authentication and Postfix, you can use the following 
postfix directive:


smtpd_sasl_authenticated_header = yes

in main.cf in order to bypass the mail heading outside to be marked as 
spam. The directive above tells  postfix to add information into 
headers that tell Amavis the mail was sent by someone who was 
authenticated by the system and thus trusted. I needed the above as 
the system relays mail from authenticated users from outside the 
netblock the server resides.


In addition Amavis can read the relay_domains database created for 
Postfix in defining what domains are OK to send and receive mail, 
using for example something like:


read_hash(\%local_domains, '/usr/local/etc/postfix/relay_domains');

in amavisd.conf.

Hope these help you!

-Reko 


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Spamassassin RBL's

[Norberto Meijome]

On Sun, 10 Jun 2007 12:33:00 -0700 (PDT)
Peter Pluta <[EMAIL PROTECTED]> wrote:

> I see, I disabled bayes and awl in spamassassin, and updated amavisd-new
> from ports. I have a different problem. Mail I am sending out is being
> thrown away because it's being flagged as spam. I'm stumped, it never did
> this before. 

From memory, you can tell amavis which are your networks, so it doesnt scan 
emails on the way out. (or maybe you tell postfix to only send the email via 
amavis on the way out, not in... i cant remember nor check atm).

B

_
{Beto|Norberto|Numard} Meijome

Sysadmins can't be sued for malpractice, but surgeons don't have to
deal with patients who install new versions of their own innards.

I speak for myself, not my employer. Contents may be hot. Slippery when wet. 
Reading disclaimers makes you go blind. Writing them is worse. You have been 
Warned.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Spamassassin RBL's

[Olivier Nicole]

> How can I enable spamassasssin RBL's. I'm running FreeBSD 6.1, postfix,
> amavisd-new, and spamassassin with razor. I'm getting many spams that
> shouldn't be getting thru with RBL's. I havent been able to find anything
> useful on Google that can explain how to get RBL working with spamassassin.
> Any feedback would be greatly appreciated. 
 
RDL test are enabled in SA if you configure it in the local.cf
configuration. My config file is in /etc/mail/spamassassin.

I can find a lines saying:

skip_rbl_checks 0
rbl_timeout 30
dns_available yes

that means that I use RBL, and that I wait up to 30 seconds to get an
answer. I don't remember about the 3rd line, but it could be related.

Reason that your RBL rules are never triggered could be that the time
out is too low or that you have disabled RBL checks. Or that when you
received the spam, the sender was not yet listed. But was listed lated
when you did the dnsstuff.com check.

If I am not confused, the list of RBL configured in SA by default is
quite short, you may find it usefull to add more RBL to SA. But you
are faced with the risk of adding lists that are poorly managed and
have a lot of false positive.

Like mentionned bellow:

> Or you can out and out block servers in the RBL from your MTA. You
> probably want to be carefull with the latter technique since is
> transfers onus of the work of delivering the mail into the wrong
> hands.

If you do RBL at the MTA level, you better be sure that the RBL you
use are not polluted with false positives.

I'd try to run the ugly spam through SA by hand (spamassassin -t
) and see what the output is. You'll see if the RBL are
triggered or not.

If you are new to SA, I woudl warn you against modifying the scores
for RBL, unless you no what you are doing. SA scoring is a difficulte
and delicate task and modifying the scores may result in unwanted
situation.

Best regards,

Olivier
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Spamassassin RBL's

[Peter Pluta]

Christopher Hilton wrote:
> 
> Peter Pluta wrote:
>> 
>> Mikhail Goriachev-2 wrote:
>>> Peter Pluta wrote:
 How can I enable spamassasssin RBL's. I'm running FreeBSD 6.1, postfix,
 amavisd-new, and spamassassin with razor. I'm getting many spams that
 shouldn't be getting thru with RBL's. I havent been able to find
 anything
 useful on Google that can explain how to get RBL working with
 spamassassin.
 Any feedback would be greatly appreciated. 
>>>
>>> 
> 
> [snip]
> 
>>> /usr/local/share/spamassassin/20_dnsbl_tests.cf
>>>
>>>
> 
> You will also want to look at:
> 
>   /usr/local/share/spamassassin/5-_scores.cf
> 
> There are two ways to use the rbls. You can either raise the score for 
> being in the RBL above SA's threshold. Or you can out and out block 
> servers in the RBL from your MTA. You probably want to be carefull with 
> the latter technique since is transfers onus of the work of delivering 
> the mail into the wrong hands.
> 
> I just spent 3 hours diagnosing a problem for a client on Friday. It 
> turns out that people weren't able to deliver email to him and for the 
> past 6 months he's believed that there was some intermittent problem 
> with his ISP's mailserver. The actual problem is that his ISP is using 
> an overzealous RBL. I found out about this because my delivery server 
> was listed in his RBL due to some mistake that happened in 1999 before 
> my ISP got the IP address. The practical upshot for my client was that 
> until he could find someone who could both see and diagnose the problem 
> he just wasn't receiving mail and thus he was loosing business. Nota 
> Bene for all users of RBLs.
> 
> -- 
>__o  "All I was doing was trying to get home from work."
>  _`\<,_   -Rosa Parks
> ___(*)/_(*)___
> Christopher Sean Hilton
>  pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
> 
> 

I see, I disabled bayes and awl in spamassassin, and updated amavisd-new
from ports. I have a different problem. Mail I am sending out is being
thrown away because it's being flagged as spam. I'm stumped, it never did
this before. 

Log entry:
Jun 10 14:23:59 mail amavis[541]: (00541-04) cached
f6255bb01c648fe967714d52a89e8e9c from <[EMAIL PROTECTED]> (1,0)
Jun 10 14:24:00 mail amavis[541]: (00541-04) Blocked SPAM, [67.175.92.171]
[67.175.92.171] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,
Message-ID: <[EMAIL PROTECTED]   ublishing.net>, mail_id:
kj76mFHOu5uA, Hits: 5.651, size: 775, 638 ms
Jun 10 14:24:00 mail postfix/smtp[785]: 7A5215083F:
to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.84,
delays=0.18/0.01/0/0.64, dsn=2.7.0, status=sent (250 2.7.0Ok,
discarded, id=00541-04 - SPAM)

-- 
View this message in context: 
http://www.nabble.com/Spamassassin-RBL%27s-tf3896464.html#a11051531
Sent from the freebsd-questions mailing list archive at Nabble.com.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Spamassassin RBL's

[Christopher Hilton]

Peter Pluta wrote:


Mikhail Goriachev-2 wrote:

Peter Pluta wrote:

How can I enable spamassasssin RBL's. I'm running FreeBSD 6.1, postfix,
amavisd-new, and spamassassin with razor. I'm getting many spams that
shouldn't be getting thru with RBL's. I havent been able to find anything
useful on Google that can explain how to get RBL working with
spamassassin.
Any feedback would be greatly appreciated. 





[snip]


/usr/local/share/spamassassin/20_dnsbl_tests.cf




You will also want to look at:

 /usr/local/share/spamassassin/5-_scores.cf

There are two ways to use the rbls. You can either raise the score for 
being in the RBL above SA's threshold. Or you can out and out block 
servers in the RBL from your MTA. You probably want to be carefull with 
the latter technique since is transfers onus of the work of delivering 
the mail into the wrong hands.


I just spent 3 hours diagnosing a problem for a client on Friday. It 
turns out that people weren't able to deliver email to him and for the 
past 6 months he's believed that there was some intermittent problem 
with his ISP's mailserver. The actual problem is that his ISP is using 
an overzealous RBL. I found out about this because my delivery server 
was listed in his RBL due to some mistake that happened in 1999 before 
my ISP got the IP address. The practical upshot for my client was that 
until he could find someone who could both see and diagnose the problem 
he just wasn't receiving mail and thus he was loosing business. Nota 
Bene for all users of RBLs.


--
  __o  "All I was doing was trying to get home from work."
_`\<,_   -Rosa Parks
___(*)/_(*)___
Christopher Sean Hilton
pgp key: D0957A2D/f5 30 0a e1 55 76 9b 1f 47 0b 07 e9 75 0e 14
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Spamassassin RBL's

[Peter Pluta]

Mikhail Goriachev-2 wrote:
> 
> Peter Pluta wrote:
>> How can I enable spamassasssin RBL's. I'm running FreeBSD 6.1, postfix,
>> amavisd-new, and spamassassin with razor. I'm getting many spams that
>> shouldn't be getting thru with RBL's. I havent been able to find anything
>> useful on Google that can explain how to get RBL working with
>> spamassassin.
>> Any feedback would be greatly appreciated. 
> 
> 
> RBL is already enabled in SA. Probably you should increase the values SA 
> assigns to RBL checks. See:
> 
> http://www.spamhaus.org/effective_filtering.html
> 
> Skim through:
> 
> /usr/local/share/spamassassin/20_dnsbl_tests.cf
> 
> 
> Just a thought. You may consider implementing RBL at MTA level (postfix 
> in your case). It is a lot faster then processing through SA, which is a 
> resource hog.
> 
> 
> 
> Regards,
> Mikhail.
> 
> -- 
> Mikhail Goriachev
> Webanoide
> 
> Telephone: +61 (0)3 62252501
> Mobile Phone: +61 (0)4 38255158
> E-Mail: [EMAIL PROTECTED]
> Web: www.webanoide.org
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "[EMAIL PROTECTED]"
> 
> 

Thanks, I think postfix already does the basic RBl's. PTR records and stuff
like that, but i'm still getting some ugly spam. When I feed the spam ip's
into dnsstuff.com's spam database many of the databases show it as
blacklisted, so i'm guessing the RBL's are not functioning correctly. 
-- 
View this message in context: 
http://www.nabble.com/Spamassassin-RBL%27s-tf3896464.html#a11050907
Sent from the freebsd-questions mailing list archive at Nabble.com.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Spamassassin RBL's

[Mikhail Goriachev]

Peter Pluta wrote:

How can I enable spamassasssin RBL's. I'm running FreeBSD 6.1, postfix,
amavisd-new, and spamassassin with razor. I'm getting many spams that
shouldn't be getting thru with RBL's. I havent been able to find anything
useful on Google that can explain how to get RBL working with spamassassin.
Any feedback would be greatly appreciated. 



RBL is already enabled in SA. Probably you should increase the values SA 
assigns to RBL checks. See:


http://www.spamhaus.org/effective_filtering.html

Skim through:

/usr/local/share/spamassassin/20_dnsbl_tests.cf


Just a thought. You may consider implementing RBL at MTA level (postfix 
in your case). It is a lot faster then processing through SA, which is a 
resource hog.




Regards,
Mikhail.

--
Mikhail Goriachev
Webanoide

Telephone: +61 (0)3 62252501
Mobile Phone: +61 (0)4 38255158
E-Mail: [EMAIL PROTECTED]
Web: www.webanoide.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Spamassassin RBL's

[Peter Pluta]

How can I enable spamassasssin RBL's. I'm running FreeBSD 6.1, postfix,
amavisd-new, and spamassassin with razor. I'm getting many spams that
shouldn't be getting thru with RBL's. I havent been able to find anything
useful on Google that can explain how to get RBL working with spamassassin.
Any feedback would be greatly appreciated. 
-- 
View this message in context: 
http://www.nabble.com/Spamassassin-RBL%27s-tf3896464.html#a11046174
Sent from the freebsd-questions mailing list archive at Nabble.com.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"