Re: Spam problems smtp proxy or patch (tmp solution)
Hi have found a tmp solution for this problem, i installed TMDA and configured for all my ldap users, this prevents only incoming email. for the deliveryProgramPath of all my ldap users i used this: /var/ qmail/bin/preline /usr/local/bin/tmda-filter also for creating the mailMessageStore i used this dirmaker script cat dirmaker #!/bin/sh echo '-' /usr/home/ qmail/dirmaker.log date /usr/home/qmail/dirmaker.log echo $1 /usr/home/qmail/dirmaker.log id /usr/home/qmail/dirmaker.log mkdir -m 700 -p $1 /var/qmail/bin/maildirmake $1/Maildir mkdir -p $1/.tmda $1/.tmda/lists $1/.tmda/pending $1/.tmda/responses /usr/local/bin/tmda-keygen -b $1/.tmda/crypt_key touch $1/.tmda/lists/whitelist $1/.tmda/lists/confirmed $1/.tmda/ lists/blacklist later i used this global /etc/tmdarc file --- # TMDARD CONFIRM_ACCEPT_NOTIFY = 0 SENDMAIL_PROGRAM = /usr/sbin/sendmail FULLNAME = FILTER_INCOMING = /var/qmail/control/tmda_incoming FILTER_OUTGOING = /var/qmail/control/tmda_outgoing MAIL_TRANSFER_AGENT = qmail RECIPIENT_DELIMITER = - DELIVERY = | /usr/local/bin/deliverquota -w 90 ./Maildir/ $MAILDIRQUOTA BARE_APPEND = ~/.tmda/lists/whitelist CONFIRM_APPEND = ~/.tmda/lists/confirmed LOGFILE_INCOMING = /var/qmail/log/tmda/incoming.log LOGFILE_OUTGOING = /var/qmail/log/tmda/outgoing.log LOGFILE_DEBUG = /var/qmail/log/tmda/debug.log --- tmda_incoming: --- # allow whitelisted email from-file ~/.tmda/lists/whitelist ok from-file ~/.tmda/lists/confirmed ok # drop blacklisted email from-file ~/.tmda/lists/blacklist drop # spam headers X-Spam-Status: YES.* confirm # 4 *'s or more headers X-Spam-Level: \*\*\*\*.* confirm # pass everything else from * ok --- and tmda_outgoing: --- to-file ~/.tmda/lists/whitelist tag envelope dated=8d from bare to-file ~/.tmda/lists/confirmed tag envelope dated=8d from bare to * tag envelope dated=8d reply-to dated from bare=append --- for the outgoing mail i use tmda-ofmipd i created a this daemontools run script: #!/bin/sh exec 21 setuidgid vmail /usr/local/bin/tmda-ofmipd -p 0.0.0.0:8025 -d -f -S / var/qmail/bin/gethomedir.sh -R pop3://localhost -t /var/qmail/bin/ throttle-script.sh gethomedir.sh is : #!/bin/sh MAIL=[EMAIL PROTECTED] HOME=`ldapsearch -x -b 'dc=toronja,dc=net' ((objectclass=qmailuser) (uid=$MAIL)) | grep mailMessageStore | awk '{print $2}'` echo $HOME throttle-scrit.sh for now it only have something like this when the script exist 0 email can be sent otherwise email is rejected #!/bin/sh exit 1 do not send mail #exit 0 --- allow mail I plan to create something that counts how many message the users send per day, currently i have created the followiing: smtpThrottle attributetype for ldap the one i put in the inetorgperson.schema : attributetype ( 2.16.840.1.113730.3.1.221 DESC 'The number of message the user is allowed to send' EQUALITY integerMatch NAME 'smtpThrottle' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) the idea is that the trhottle-script.sh read the smtpTrhottle value per user and if the count of sent message is over that number per day, start to reject messages. hope this info can help or give ideas to someone and also if some one has a better way of solving this, please share it. regards. On Oct 24, 2006, at 11:31 AM, Nicolas de Bari Embriz Garcia Rojas wrote: For a quick fix I installed spamguard ( http://www.enderunix.org/ spamguard) and is starting to give some results, currently It has helpme to identifiy the spamers and the program it self based on threshold values moves does users to the /var/qmail/control/ badmailfrom. regards. On Oct 24, 2006, at 8:27 AM, Felipe Augusto van de Wiel wrote: On 10/23/2006 03:41 PM, Nicolas de Bari Embriz Garcia Rojas escreveu: Hi, currently I am using simscan/spamassasin/tarpit/auth/SSL, also have integrated spamassasin to ldap and set max recipients on 2 but there is always an smart and patience user that start sending spam, they use the webmail or an even a client like outlook/kmal/mail and start to send email one by one. So i was thinking on a solution like some other sites do, to limit the outgoing msg per day but is just that I would like to know how do they do it so i can implement it. I found [1]this on qmail.org. 1. http://spamthrottle.qmail.ca/ There is even a qmail-ldap patch. If it solve your problem, maybe you can make some comments so we can request the nice qmail- ldap guys to integrate it in the qmail-ldap patch. :-) regards. Kind regards, -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) PGP.sig
Re: Spam problems smtp proxy or patch
Thanks, I will try both, currently I am also testing qconfirm/ask/ tdma to see with one works better with qmail-ldap. regards. On Oct 24, 2006, at 8:39 AM, Felipe Augusto van de Wiel wrote: Hey! On 10/23/2006 03:41 PM, Nicolas de Bari Embriz Garcia Rojas escreveu: Hi, currently I am using simscan/spamassasin/tarpit/auth/SSL, also have integrated spamassasin to ldap and set max recipients on 2 but there is always an smart and patience user that start sending spam, they use the webmail or an even a client like outlook/kmal/mail and start to send email one by one. So i was thinking on a solution like some other sites do, to limit the outgoing msg per day but is just that I would like to know how do they do it so i can implement it. I just remember that eMPF is worth to take a look: http://www.inter7.com/?page=empf regards. Kind regards, -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) PGP.sig Description: This is a digitally signed message part
Re: Spam problems smtp proxy or patch
For a quick fix I installed spamguard ( http://www.enderunix.org/ spamguard) and is starting to give some results, currently It has helpme to identifiy the spamers and the program it self based on threshold values moves does users to the /var/qmail/control/badmailfrom. regards. On Oct 24, 2006, at 8:27 AM, Felipe Augusto van de Wiel wrote: On 10/23/2006 03:41 PM, Nicolas de Bari Embriz Garcia Rojas escreveu: Hi, currently I am using simscan/spamassasin/tarpit/auth/SSL, also have integrated spamassasin to ldap and set max recipients on 2 but there is always an smart and patience user that start sending spam, they use the webmail or an even a client like outlook/kmal/mail and start to send email one by one. So i was thinking on a solution like some other sites do, to limit the outgoing msg per day but is just that I would like to know how do they do it so i can implement it. I found [1]this on qmail.org. 1. http://spamthrottle.qmail.ca/ There is even a qmail-ldap patch. If it solve your problem, maybe you can make some comments so we can request the nice qmail-ldap guys to integrate it in the qmail-ldap patch. :-) regards. Kind regards, -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) PGP.sig Description: This is a digitally signed message part
Re: Spam problems smtp proxy or patch
On 10/23/2006 02:16 AM, Nicolas de Bari Embriz Garcia Rojas escreveu: I still can not found a good solution for preventing outgoing SPAM, I am stock in a server where local users start to send spam, and the only bad solution that currently I have found is to cancel the account, but this after hundreds of email have been send. I would like to know if there is an smtp proxy or an alternate software to qmail-ldap/patch that can help to prevent this kind of SPAM, I have seen that some sites have a protection based on messages sent per day, but would like to know how to implement something similar. I would like to avoid canceling accounts and just relay on a SMTP limit per users so thatI I do not have to worry ir a users tries to send 1 or emails. any ideas to solve this will be appreciated. Maybe you can use tarpit? Or implement AUTH? Limit the number of recipients? Those are ideas to make spammer life a little bit hard, but if the spamming software is smart (and patience), even on that condition it can send lots and lots of SPAMs. What about add SpamAssassin checks on the outgoing messages? You can even integrate it with LDAP, razor and pyzor. Kind regards, -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
Re: Spam problems smtp proxy or patch
Hi, currently I am using simscan/spamassasin/tarpit/auth/SSL, also have integrated spamassasin to ldap and set max recipients on 2 but there is always an smart and patience user that start sending spam, they use the webmail or an even a client like outlook/kmal/mail and start to send email one by one. So i was thinking on a solution like some other sites do, to limit the outgoing msg per day but is just that I would like to know how do they do it so i can implement it. regards. On Oct 23, 2006, at 12:01 PM, Felipe Augusto van de Wiel wrote: On 10/23/2006 02:16 AM, Nicolas de Bari Embriz Garcia Rojas escreveu: I still can not found a good solution for preventing outgoing SPAM, I am stock in a server where local users start to send spam, and the only bad solution that currently I have found is to cancel the account, but this after hundreds of email have been send. I would like to know if there is an smtp proxy or an alternate software to qmail-ldap/patch that can help to prevent this kind of SPAM, I have seen that some sites have a protection based on messages sent per day, but would like to know how to implement something similar. I would like to avoid canceling accounts and just relay on a SMTP limit per users so thatI I do not have to worry ir a users tries to send 1 or emails. any ideas to solve this will be appreciated. Maybe you can use tarpit? Or implement AUTH? Limit the number of recipients? Those are ideas to make spammer life a little bit hard, but if the spamming software is smart (and patience), even on that condition it can send lots and lots of SPAMs. What about add SpamAssassin checks on the outgoing messages? You can even integrate it with LDAP, razor and pyzor. Kind regards, -- Felipe Augusto van de Wiel [EMAIL PROTECTED] Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) PGP.sig Description: This is a digitally signed message part