Re: Spam problems smtp proxy or patch (tmp solution)

2006-10-25 Thread Nicolas de Bari Embriz Garcia Rojas 
Hi have found a tmp solution for this problem, i installed TMDA and  
configured for all my ldap users, this prevents only incoming email.


for the deliveryProgramPath of all my ldap users i used this: /var/ 
qmail/bin/preline /usr/local/bin/tmda-filter


also for creating the mailMessageStore i used this dirmaker script

 cat dirmaker
#!/bin/sh
echo '-'  /usr/home/ 
qmail/dirmaker.log

date  /usr/home/qmail/dirmaker.log
echo $1  /usr/home/qmail/dirmaker.log
id  /usr/home/qmail/dirmaker.log
mkdir -m 700 -p $1
/var/qmail/bin/maildirmake $1/Maildir
mkdir -p $1/.tmda $1/.tmda/lists $1/.tmda/pending $1/.tmda/responses
/usr/local/bin/tmda-keygen -b  $1/.tmda/crypt_key
touch $1/.tmda/lists/whitelist $1/.tmda/lists/confirmed $1/.tmda/ 
lists/blacklist



later i used this global /etc/tmdarc file
---

# TMDARD

CONFIRM_ACCEPT_NOTIFY = 0
SENDMAIL_PROGRAM = /usr/sbin/sendmail
FULLNAME = 
FILTER_INCOMING = /var/qmail/control/tmda_incoming
FILTER_OUTGOING = /var/qmail/control/tmda_outgoing
MAIL_TRANSFER_AGENT = qmail
RECIPIENT_DELIMITER = -
DELIVERY = | /usr/local/bin/deliverquota -w 90 ./Maildir/  
$MAILDIRQUOTA

BARE_APPEND = ~/.tmda/lists/whitelist
CONFIRM_APPEND = ~/.tmda/lists/confirmed
LOGFILE_INCOMING = /var/qmail/log/tmda/incoming.log
LOGFILE_OUTGOING = /var/qmail/log/tmda/outgoing.log
LOGFILE_DEBUG = /var/qmail/log/tmda/debug.log
---

tmda_incoming:
---
# allow whitelisted email
from-file ~/.tmda/lists/whitelist ok
from-file ~/.tmda/lists/confirmed ok
# drop blacklisted email
from-file ~/.tmda/lists/blacklist drop
# spam
headers X-Spam-Status: YES.* confirm
# 4 *'s or more
headers X-Spam-Level: \*\*\*\*.* confirm
# pass everything else
from * ok
---


and tmda_outgoing:
---
to-file ~/.tmda/lists/whitelist tag
  envelope dated=8d
  from bare

to-file ~/.tmda/lists/confirmed tag
  envelope dated=8d
  from bare

to * tag
   envelope dated=8d
   reply-to dated
   from bare=append
---


for the outgoing mail i use tmda-ofmipd
i created a this daemontools run script:

#!/bin/sh
exec 21
setuidgid vmail /usr/local/bin/tmda-ofmipd -p 0.0.0.0:8025 -d -f -S / 
var/qmail/bin/gethomedir.sh -R pop3://localhost -t /var/qmail/bin/ 
throttle-script.sh


gethomedir.sh is :

#!/bin/sh
MAIL=[EMAIL PROTECTED]
HOME=`ldapsearch -x -b 'dc=toronja,dc=net' ((objectclass=qmailuser) 
(uid=$MAIL)) | grep mailMessageStore | awk '{print $2}'`

echo $HOME

throttle-scrit.sh for now it only have something like this when the  
script exist  0 email can be sent otherwise email is rejected


#!/bin/sh
exit 1  do not send mail
#exit 0 --- allow mail

I plan to create something that counts how many message the users  
send per day, currently i have created the followiing: smtpThrottle  
attributetype for ldap  the one  i put in the inetorgperson.schema :


attributetype ( 2.16.840.1.113730.3.1.221
DESC 'The number of message the user is allowed to send'
EQUALITY integerMatch
NAME 'smtpThrottle'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )

the idea is that the trhottle-script.sh read the smtpTrhottle value  
per user and if the count of sent message is over that number per  
day, start to reject messages.



hope this info can help or give ideas to someone and also if some one  
has a better way of solving this, please share it.



regards.

On Oct 24, 2006, at 11:31 AM, Nicolas de Bari Embriz Garcia Rojas wrote:

For a quick fix  I installed spamguard ( http://www.enderunix.org/ 
spamguard) and is starting to give some results, currently It has  
helpme to identifiy the spamers and the program it self based on  
threshold values moves does users to the /var/qmail/control/ 
badmailfrom.


regards.

On Oct 24, 2006, at 8:27 AM, Felipe Augusto van de Wiel wrote:


On 10/23/2006 03:41 PM, Nicolas de Bari Embriz Garcia Rojas escreveu:
Hi, currently I am using simscan/spamassasin/tarpit/auth/SSL,  
also  have integrated spamassasin to ldap and set  max recipients  
on 2 but   there is always an smart and patience user that start  
sending spam,  they use the webmail or an even a client like  
outlook/kmal/mail and  start to send email one by one.
So i was thinking  on a solution like some other sites do, to  
limit  the outgoing msg per day but is just that I would like to  
know how do  they do it so i can implement it.


I found [1]this on qmail.org.

1. http://spamthrottle.qmail.ca/


There is even a qmail-ldap patch. If it solve your problem,
maybe you can make some comments so we can request the nice qmail- 
ldap

guys to integrate it in the qmail-ldap patch. :-)



regards.


Kind regards,

--
Felipe Augusto van de Wiel [EMAIL PROTECTED]
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)







PGP.sig

Re: Spam problems smtp proxy or patch

2006-10-24 Thread Nicolas de Bari Embriz Garcia Rojas 
Thanks, I will try both, currently I am also testing qconfirm/ask/ 
tdma to see with one works better with qmail-ldap.


regards.

On Oct 24, 2006, at 8:39 AM, Felipe Augusto van de Wiel wrote:


Hey!

On 10/23/2006 03:41 PM, Nicolas de Bari Embriz Garcia Rojas escreveu:
Hi, currently I am using simscan/spamassasin/tarpit/auth/SSL,  
also  have integrated spamassasin to ldap and set  max recipients  
on 2 but   there is always an smart and patience user that start  
sending spam,  they use the webmail or an even a client like  
outlook/kmal/mail and  start to send email one by one.
So i was thinking  on a solution like some other sites do, to  
limit  the outgoing msg per day but is just that I would like to  
know how do  they do it so i can implement it.


I just remember that eMPF is worth to take a look:

http://www.inter7.com/?page=empf



regards.


Kind regards,

--
Felipe Augusto van de Wiel [EMAIL PROTECTED]
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)





PGP.sig
Description: This is a digitally signed message part

Re: Spam problems smtp proxy or patch

2006-10-24 Thread Nicolas de Bari Embriz Garcia Rojas 
For a quick fix  I installed spamguard ( http://www.enderunix.org/ 
spamguard) and is starting to give some results, currently It has  
helpme to identifiy the spamers and the program it self based on  
threshold values moves does users to the /var/qmail/control/badmailfrom.


regards.

On Oct 24, 2006, at 8:27 AM, Felipe Augusto van de Wiel wrote:


On 10/23/2006 03:41 PM, Nicolas de Bari Embriz Garcia Rojas escreveu:
Hi, currently I am using simscan/spamassasin/tarpit/auth/SSL,  
also  have integrated spamassasin to ldap and set  max recipients  
on 2 but   there is always an smart and patience user that start  
sending spam,  they use the webmail or an even a client like  
outlook/kmal/mail and  start to send email one by one.
So i was thinking  on a solution like some other sites do, to  
limit  the outgoing msg per day but is just that I would like to  
know how do  they do it so i can implement it.


I found [1]this on qmail.org.

1. http://spamthrottle.qmail.ca/


There is even a qmail-ldap patch. If it solve your problem,
maybe you can make some comments so we can request the nice qmail-ldap
guys to integrate it in the qmail-ldap patch. :-)



regards.


Kind regards,

--
Felipe Augusto van de Wiel [EMAIL PROTECTED]
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)





PGP.sig
Description: This is a digitally signed message part

Re: Spam problems smtp proxy or patch

2006-10-23 Thread Felipe Augusto van de Wiel 

On 10/23/2006 02:16 AM, Nicolas de Bari Embriz Garcia Rojas escreveu:
I still can not found a  good solution for preventing outgoing SPAM,  I 
am stock in a server where local users start to send spam,  and the  
only  bad solution that currently I have found is to cancel the  
account, but this after hundreds of email have been send.


I would like to know if there is an  smtp proxy or an alternate  
software to qmail-ldap/patch  that can help to prevent this kind of  
SPAM, I have seen that some sites have a protection based on messages  
sent per day, but would like to know how to implement something  
similar. I would like to avoid canceling accounts and just relay on a  
SMTP limit per users so thatI I do not have to worry ir a users tries  
to send 1 or emails.



any ideas to solve this will be appreciated.


Maybe you can use tarpit? Or implement AUTH? Limit the
number of recipients? Those are ideas to make spammer life a little
bit hard, but if the spamming software is smart (and patience),
even on that condition it can send lots and lots of SPAMs.

What about add SpamAssassin checks on the outgoing
messages? You can even integrate it with LDAP, razor and pyzor.

Kind regards,

--
Felipe Augusto van de Wiel [EMAIL PROTECTED]
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)

Re: Spam problems smtp proxy or patch

2006-10-23 Thread Nicolas de Bari Embriz Garcia Rojas 
Hi, currently I am using simscan/spamassasin/tarpit/auth/SSL, also  
have integrated spamassasin to ldap and set  max recipients on 2 but   
there is always an smart and patience user that start sending spam,  
they use the webmail or an even a client like outlook/kmal/mail and  
start to send email one by one.


So i was thinking  on a solution like some other sites do, to limit  
the outgoing msg per day but is just that I would like to know how do  
they do it so i can implement it.


regards.


On Oct 23, 2006, at 12:01 PM, Felipe Augusto van de Wiel wrote:


On 10/23/2006 02:16 AM, Nicolas de Bari Embriz Garcia Rojas escreveu:
I still can not found a  good solution for preventing outgoing  
SPAM,  I am stock in a server where local users start to send  
spam,  and the  only  bad solution that currently I have found is  
to cancel the  account, but this after hundreds of email have been  
send.
I would like to know if there is an  smtp proxy or an alternate   
software to qmail-ldap/patch  that can help to prevent this kind  
of  SPAM, I have seen that some sites have a protection based on  
messages  sent per day, but would like to know how to implement  
something  similar. I would like to avoid canceling accounts and  
just relay on a  SMTP limit per users so thatI I do not have to  
worry ir a users tries  to send 1 or emails.

any ideas to solve this will be appreciated.


Maybe you can use tarpit? Or implement AUTH? Limit the
number of recipients? Those are ideas to make spammer life a little
bit hard, but if the spamming software is smart (and patience),
even on that condition it can send lots and lots of SPAMs.

What about add SpamAssassin checks on the outgoing
messages? You can even integrate it with LDAP, razor and pyzor.

Kind regards,

--
Felipe Augusto van de Wiel [EMAIL PROTECTED]
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/   Phone: (+55 41 3350 3300)





PGP.sig
Description: This is a digitally signed message part