Re: How to deal with spam and opensmtpd

[Mik J]

 Thank you Simon for your answer.
Actually, this marketing company is not doing heavy spam so they qualify mail 
adresses then have time to retry to send their email.Their unsubscribe button 
is worthless.
Another option could be to subscribe their services with a spamtrap adress.
But I was wondering what do you guys use to filter content of emails at the 
smtp server level.
Regards

Le mercredi 18 avril 2018 à 22:50:32 UTC+2, Simon McFarlane 
 a écrit :  
 
 On 04/18/2018 01:44 AM, Mik J wrote:> What other (not spamd and 
spamassassing) do you use ?

I use bgp-spamd [1] and a hand-assembled blacklist (using 
dovecot-pigeonhole) of certain terms that usually only appear in spam. 
It's not as good as SpamAssassin but it seems to stop the majority of 
the spam I get. I'm down from 2-3 spam messages per day to one 10 days 
or so.

Simon

[1] https://bgp-spamd.net/

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

  

Trouble configuring OpenSMTPD - every incoming message rejected as 550 Invalid recipient.

[Implausibility]

Hi.

I originally sent this message to m...@openbsd.org, but was asked to post it 
here instead.  I wasn't able to find a mailing list archive to review at the 
URL: https://www.opensmtpd.org/list.html  If there is an archive, please direct 
me to it, so I can benefit from other's misfortune.  :)

I'm trying to build an OpenSMPTD mail server for the first time to replace my 
aging Postfix box.

No matter who I address inbound eMails to (local users or aliases), I always 
get 550: Invalid recipient in response on the sending server and in 
/var/log/maillog.  I've tried more than a dozen configs, and I can't get past 
this problem.

Domains & IPs anonymized for my comfort, but DNS is configured correctly.  I've 
tried to comment everything possible -- if my comment and configs don't match, 
please let me know where I've gone astray!

Here's my entire smtpd.conf file:

# Random global options
queue compression # Compress data in the queue
max-message-size 25M
expire 7d

# Cryptographic Keys and Certificates
pki mydomain.email certificate "/etc/ssl/mydomain.crt"
pki mydomain.email key "/etc/ssl/private/mydomain.key"
pki mydomain.email dhe auto 

# Define tables 
table blacklist file:/etc/mail/blacklist  # Blacklist of irritating IPs
table whitelist file:/etc/mail/whitelist  # Whitelist for misconfigured IPs
table aliases   file:/etc/mail/aliases# Aliases accepted for delivery
table account   file:/etc/mail/account# Virtual mail accounts
table domains   file:/etc/mail/domains# Domains to accept mail for
table users file:/etc/mail/users  # User names with their own mailboxes
table password  file:/etc/mail/password   # Passwords for users


# Allow specific users to send messages as specific eMail addresses
#table senders file:/etc/mail/senders

# Configure interface & standards - add 'verify' to tls-require in the future.
listen on egress tls-require hostname mydomain.email
listen on egress smtps hostname mydomain.email
listen on egress port submission tls-require auth 

# Reject troublemakers
reject from source 

# Add other filters here?  

# Accept from "whitelisted" IPs that are slightly misconfigured 
accept from source 

# Receive eMails to addresses in the aliases table.
accept from any for domain  alias  deliver to mbox

# Receive eMails to addresses in the virtual account table.
accept from any for domain  virtual  deliver to mbox

# Receive eMails for local users
accept from any for local deliver to mbox

# Forward incoming eMails (from authenticated users) to their destination.
accept for any relay


The messages from my existing postfix server:

Apr 18 23:31:08 sybil postfix/smtp[71679]: 55462205F0CD9: 
to=, relay=mydomain.email[98.76.54.32]:25, delay=2, 
delays=0.01/0.06/1.9/0.05, dsn=5.0.0, status=bounced (host 
mydomain.email[98.76.54.32] said: 550 Invalid recipient (in reply to RCPT TO 
command))
Apr 18 23:31:08 sybil postfix/smtp[71679]: 55462205F0CD9: 
to=, relay=mydomain.email[98.76.54.32]:25, delay=2, 
delays=0.01/0.06/1.9/0.06, dsn=5.0.0, status=bounced (host 
mydomain.email[98.76.54.32] said: 550 Invalid recipient (in reply to RCPT TO 
command))

And the messages from /var/log/maillog:

Apr 19 03:31:06 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=connected 
address=12.34.56.78 host=olddomain.com
Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=starttls 
address=12.34.56.78 host=olddomain.com ciphers="version=TLSv1, 
cipher=DHE-RSA-AES256-SHA, bits=256"
Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=failed-command 
address=12.34.56.78 host=olddomain.com command="RCPT TO: 
ORCPT=rfc822;user1@mydomain.email" result="550 Invalid recipient"
Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=failed-command 
address=12.34.56.78 host=olddomain.com command="RCPT 
TO: ORCPT=rfc822;webmaster@mydomain.email" 
result="550 Invalid recipient"
Apr 19 03:31:08 leclerc smtpd[6384]: 8d44a173e36ff947 smtp event=closed 
address=12.34.56.78 host=olddomain.com reason=quit

Any assistance and insight would be greatly appreciated, as well as some 
information on how OpenSMTPD treats local users different from aliases and 
virtual accounts.

Thanks.
--
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: How to deal with spam and opensmtpd

[Martijn van Duren]

Hello Mik,

On 04/19/18 13:18, Mik J wrote:
> Thank you Simon for your answer.
> 
> Actually, this marketing company is not doing heavy spam so they qualify mail 
> adresses then have time to retry to send their email.
> Their unsubscribe button is worthless.
> 
> Another option could be to subscribe their services with a spamtrap adress.
> 
> But I was wondering what do you guys use to filter content of emails at the 
> smtp server level.

For these kind of cases I keep it rather low-tech. I added the following
line to my smtpd.conf:
reject from any sender  for any

and just manually add the the spam addresses to this table.
> 
> Regards
> 
> Le mercredi 18 avril 2018 à 22:50:32 UTC+2, Simon McFarlane  
> a écrit :
> 
> 
> On 04/18/2018 01:44 AM, Mik J wrote:> What other (not spamd and
> 
> spamassassing) do you use ?
> 
> 
> I use bgp-spamd [1] and a hand-assembled blacklist (using
> dovecot-pigeonhole) of certain terms that usually only appear in spam.
> It's not as good as SpamAssassin but it seems to stop the majority of
> the spam I get. I'm down from 2-3 spam messages per day to one 10 days
> or so.
> 
> Simon
> 
> [1] https://bgp-spamd.net/
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org 
> 
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org 
> 
> 
> 

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: How to deal with spam and opensmtpd

[Martijn van Duren]

On 04/19/18 13:36, Mik J wrote:
> I don't know how it works for you but for me these marketing companies change 
> their IPs every week (they use a few different subnets everyweek).
> So this task can be very time consuming.

This filters on sender e-mail address, not ip-address.
> 
> 
> Le jeudi 19 avril 2018 à 13:31:33 UTC+2, Martijn van Duren 
>  a écrit :
> 
> 
> Hello Mik,
> 
> On 04/19/18 13:18, Mik J wrote:
>> Thank you Simon for your answer.
>>
>> Actually, this marketing company is not doing heavy spam so they qualify 
>> mail adresses then have time to retry to send their email.
>> Their unsubscribe button is worthless.
>>
>> Another option could be to subscribe their services with a spamtrap adress.
>>
>> But I was wondering what do you guys use to filter content of emails at the 
>> smtp server level.
> 
> For these kind of cases I keep it rather low-tech. I added the following
> line to my smtpd.conf:
> reject from any sender  for any
> 
> and just manually add the the spam addresses to this table.
>>
>> Regards
>>
>> Le mercredi 18 avril 2018 à 22:50:32 UTC+2, Simon McFarlane > > a écrit :
>>
>>
>> On 04/18/2018 01:44 AM, Mik J wrote:> What other (not spamd and
>>
>> spamassassing) do you use ?
>>
>>
>> I use bgp-spamd [1] and a hand-assembled blacklist (using
>> dovecot-pigeonhole) of certain terms that usually only appear in spam.
>> It's not as good as SpamAssassin but it seems to stop the majority of
>> the spam I get. I'm down from 2-3 spam messages per day to one 10 days
>> or so.
>>
>> Simon
>>
>> [1] https://bgp-spamd.net/
>>
>> --
>> You received this mail because you are subscribed to misc@opensmtpd.org 
>>  > >
>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org 
>>  > >
> 
>>
>>
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org 
> 
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org 
> 
> 

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Re: How to deal with spam and opensmtpd

[Mik J]

I don't know how it works for you but for me these marketing companies change 
their IPs every week (they use a few different subnets everyweek).So this task 
can be very time consuming.
 

Le jeudi 19 avril 2018 à 13:31:33 UTC+2, Martijn van Duren 
 a écrit :  
 
 Hello Mik,

On 04/19/18 13:18, Mik J wrote:
> Thank you Simon for your answer.
> 
> Actually, this marketing company is not doing heavy spam so they qualify mail 
> adresses then have time to retry to send their email.
> Their unsubscribe button is worthless.
> 
> Another option could be to subscribe their services with a spamtrap adress.
> 
> But I was wondering what do you guys use to filter content of emails at the 
> smtp server level.

For these kind of cases I keep it rather low-tech. I added the following
line to my smtpd.conf:
reject from any sender  for any

and just manually add the the spam addresses to this table.
> 
> Regards
> 
> Le mercredi 18 avril 2018 à 22:50:32 UTC+2, Simon McFarlane  
> a écrit :
> 
> 
> On 04/18/2018 01:44 AM, Mik J wrote:> What other (not spamd and
> 
> spamassassing) do you use ?
> 
> 
> I use bgp-spamd [1] and a hand-assembled blacklist (using
> dovecot-pigeonhole) of certain terms that usually only appear in spam.
> It's not as good as SpamAssassin but it seems to stop the majority of
> the spam I get. I'm down from 2-3 spam messages per day to one 10 days
> or so.
> 
> Simon
> 
> [1] https://bgp-spamd.net/
> 
> -- 
> You received this mail because you are subscribed to misc@opensmtpd.org 
> 
> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org 
> 
> 
> 

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

  

Re: How to deal with spam and opensmtpd

[Peter N. M. Hansteen]

On Wed, Apr 18, 2018 at 08:44:19AM +, Mik J wrote:
> I'm using Openbsd and Opensmtpd + Spamd. I have been able to reduce the spam.
> However there are some marketing companies that constantly change their IPs 
> and pass through the greylisting, they really attempt to send the mail 
> (multiple times).
> I looked at bogofilter and it looks nice.However I would like to know if 
> there's a way for opensmtpd to work with bogofilter.So that the mails can be 
> trashed or classified as spam.
> First I read that bogofilter works at the user level, I'd like it to work at 
> the server mail level.
> What other (not spamd and spamassassing) do you use ?

I know you said not spamassassin, but please do take a peek at 
Aaron Poffenberger's BSDCan slides about a working OpenSMTPD setup
with content filtering: 
https://github.com/akpoff/talks/tree/master/slides/2016/bsdcan_2016/2016_smtpd

- Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org