Re: [qmailtoaster] How to avoid this kind of emails
Hi Eric, Thanks for your advise. Am using spamassassin now and not running spamdyke package on my system . kindly let me know to add blacklist in spamassassin file. On Thu, May 8, 2014 at 3:02 AM, Eric Shubert e...@shubes.net wrote: On 05/04/2014 08:36 PM, Chandran Manikandan wrote: Dear All, I have received such emails like below as generated from my domain and send to my domain. How to avoid this kind of emails. It's generated from my domain name but it's does not have this email account in my domain. *From:* panasiagroup@panasiagroup.net [ mailto:panasiagroup@panasiagroup.netpanasiagroup@panasiagroup.net] *Sent:* Friday, 2 May, 2014 3:54 PM *Subject:* Financial Management ICV Information Session -- *Thanks,* *Manikandan.C* *System Administrator* So long as all of your users authenticate when submitting emails and they submit only via your server, you can blacklist your domain in the spamdyke blacklist_senders file: @shubes.net This is counter intuitive, but it works great. Since all legit senders authenticate, the spamdyke filters don't apply to them. This effectively says if the message says it's coming from my domain and the sender hasn't authenticated, reject it. -- -Eric 'shubes' -- *Thanks,* *Manikandan.C* *System Administrator*
[qmailtoaster] Re: How to avoid this kind of emails
Spamdyke augments other spam filters (it's not a matter of using one or another, you should use both), and is highly efficient. It will actually lessen the load on your server considerably. This is because it can reject spam before it's even transmitted or scanned. Spamdyke also has virtually no false positives (subject to configuration of course). You really should be running spamdyke. Installing it is as simple as running the qtp-install-spamdyke script, which is included in the qmailtoaster-plus package. Spamdyke is also included in the 'stock' configuration for QMT going forward (beginning with the yum-capable binary packages). That being said, if you're not using spamdyke and you want to add or change the RBLs being used, you should modify the /var/qmail/control/rblsmtpd file appropriately. RBLs are generally implemented outside the scope of spamassassin, as it's more effectively done there. Note, spamdyke also has RBL filtering, so if using spamdyke, that's the place to manage your RBLs. -- -Eric 'shubes' On 05/07/2014 11:39 PM, Chandran Manikandan wrote: Hi Eric, Thanks for your advise. Am using spamassassin now and not running spamdyke package on my system . kindly let me know to add blacklist in spamassassin file. On Thu, May 8, 2014 at 3:02 AM, Eric Shubert e...@shubes.net mailto:e...@shubes.net wrote: On 05/04/2014 08:36 PM, Chandran Manikandan wrote: Dear All, I have received such emails like below as generated from my domain and send to my domain. How to avoid this kind of emails. It's generated from my domain name but it's does not have this email account in my domain. * * *From:*panasiagroup@panasiagroup.net mailto:panasiagroup@panasiagroup.net [mailto:panasiagroup@panasiagroup.net] *Sent:* Friday, 2 May, 2014 3:54 PM *Subject:* Financial Management ICV Information Session -- *Thanks,* *Manikandan.C* *System Administrator* So long as all of your users authenticate when submitting emails and they submit only via your server, you can blacklist your domain in the spamdyke blacklist_senders file: @shubes.net http://shubes.net This is counter intuitive, but it works great. Since all legit senders authenticate, the spamdyke filters don't apply to them. This effectively says if the message says it's coming from my domain and the sender hasn't authenticated, reject it. -- -Eric 'shubes' -- *Thanks,* *Manikandan.C* *System Administrator* - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] building another one to replace my old one
Ok, a few points to update my official opinions : wink a) the QMT project now has ISOs available with a COS6 32-bit build and QMT already installed (I think -- if not a full ISO, then a KVM ISO :)) b) COS 6 is the _/LAST /_RHEL-based product that will support 32-bit builds (long rumored, now confirmed): RHEL7rc is out, and it is 64-bit only (kernel-wise, anyway -- there are some 32-bit libraries for compatibility) b1) Personally, I think that is a mistake (the 64-bit only decision), as I am in agreement with Eric Shubert that 32-bit KVM clients are smaller faster b2) I lost the election for King and Emperor of all Linux, so my opinion doesn't matter that much :) RHEL and COS will go on without me :( c) One final correction: the latest COS5 is either 10 or 11 (I saw a 5.10 ISO on a mirror, but have been told in another forum that there is a 5.11). Regardless, the preferred CentOS 5 build is the latest - I see no value in building off of 5.8 (or 5.9 for that matter). So, all of that said, I will weigh in here and say that I recommend Eric's CentOS 6 build for new systems. 32 or 64 bit, there are new features and new supported add-ons that I think are worth it. I just re-built one of my backup mail servers, and ran Eric's install scripts flawlessly. THANKS FOR ALL THE GREAT WORK, ERIC! Dan McAllister QMT DNS/Mirror Admin (and official pain-in-the-project-part) On 5/8/2014 1:03 PM, Jim Shupert wrote: Friends, I have happily been running Qmaltoaster for years . I wish to build a new one - new hardware current os etc etc I see on the website a suggestion for centos 5.8 http://wiki.qmailtoaster.com/index.php/Main_Page#Installation CentOS 5, i386 x86_64 but I have seen ( i think ) talk on mailing list centos 6 so what distro is suggested? and should i follow http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install also I think my hardware is going to be 32 bit -- i seem to recall Dan McA saying if 32 bit then stick with centos 5.6 could I go with 32 bit hardware and centos 5.8 ? also also I very much wish to be able to do a 'better' job of controlling spam that i do currently I want spamassassin ( i have that currently ) but also spamdyke fail2ban and any other magic wand or practices that will allow me to stop / reduce that darn spam. thanks js -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail!
[qmailtoaster] stripped attachments...part II
Hello list, I've had this ongoing problem but have left it hanging as it is difficult to test sometimes, but one of my clients' clients has just gotten around to sending a test email with attachments to me (to test) and several of my client's employees and we're all experiencing stripped attachments from said email. Both my client and I use QMT hosts on CentOS 5 similarly configured, both using DSPAM. Below are 1) the clients QMT clamd and send logs and 2) my QMT clamd and send logs. The test email was sent by the sender to my client and me with 4 pdf attachments to users on each QMT host. As you can see in each log there the 4 scanned attachments (clamd log) and larger sized email logged (send log). Viewing the mail on the server and in the email client the attachments are gone and the size of the email changed. I've changed user and domain info, everything else is un-touched. 1a) Client's clamd log of questionable email 2014-05-08 10:31:16.745172500 Listening daemon: PID: 1606 2014-05-08 10:31:16.745177500 MaxQueue set to: 100 2014-05-08 10:40:28.678671500 /var/qmail/simscan/1399567228.63204.1757/msg.1399567228.63204.1757: OK 2014-05-08 10:40:28.679188500 /var/qmail/simscan/1399567228.63204.1757/addr.1399567228.63204.1757: OK 2014-05-08 10:40:28.680575500 /var/qmail/simscan/1399567228.63204.1757/textfile1: OK 2014-05-08 10:40:28.680735500 /var/qmail/simscan/1399567228.63204.1757/textfile2: OK 2014-05-08 10:41:06.642352500 /var/qmail/simscan/1399567258.553367.1809/msg.1399567258.553367.1809: OK 2014-05-08 10:41:06.642528500 /var/qmail/simscan/1399567258.553367.1809/addr.1399567258.553367.1809: OK 2014-05-08 10:41:06.643731500 /var/qmail/simscan/1399567258.553367.1809/textfile1: OK 2014-05-08 10:41:06.643909500 /var/qmail/simscan/1399567258.553367.1809/textfile2: OK 2014-05-08 10:41:06.644907500 /var/qmail/simscan/1399567258.553367.1809/Roof CMU Veneer Wall.pdf: OK 2014-05-08 10:41:06.645739500 /var/qmail/simscan/1399567258.553367.1809/Panel Wall.pdf: OK 2014-05-08 10:41:06.648692500 /var/qmail/simscan/1399567258.553367.1809/BPS_Elevations_100% SD.PDF: OK 2014-05-08 10:41:06.650922500 /var/qmail/simscan/1399567258.553367.1809/20140414111036551.pdf: OK 2014-05-08 10:51:05.884090500 No stats for Database check - forcing reload 1b) Client's send log of questionable email 2014-05-08 10:41:06.879908500 new msg 655979 2014-05-08 10:41:06.879931500 info msg 655979: bytes 2962846 from clientscli...@clientsclientdomain.com qp 1820 uid 89 2014-05-08 10:41:06.881908500 starting delivery 6524: msg 655979 to local mydomain.com...@mydomain.com 2014-05-08 10:41:06.883269500 status: local 1/10 remote 0/60 2014-05-08 10:41:11.099262500 delivery 6524: success: did_0+0+1/ 2014-05-08 10:41:11.099263500 status: local 0/10 remote 0/60 2014-05-08 10:41:11.099263500 end msg 655979 .. 2a) My clamd log of questionable email: 2014-05-08 10:38:34.593747500 /var/qmail/simscan/1399567110.56384.1642/msg.1399567110.56384.1642: OK 2014-05-08 10:38:34.593750500 /var/qmail/simscan/1399567110.56384.1642/addr.1399567110.56384.1642: OK 2014-05-08 10:38:34.595607500 /var/qmail/simscan/1399567110.56384.1642/textfile1: OK 2014-05-08 10:38:34.596172500 /var/qmail/simscan/1399567110.56384.1642/textfile2: OK 2014-05-08 10:38:34.598097500 /var/qmail/simscan/1399567110.56384.1642/Roof CMU Veneer Wall.pdf: OK 2014-05-08 10:38:34.603765500 /var/qmail/simscan/1399567110.56384.1642/Panel Wall.pdf: OK 2014-05-08 10:38:34.604838500 /var/qmail/simscan/1399567110.56384.1642/BPS_Elevations_100% SD.PDF: OK 2014-05-08 10:38:34.609207500 /var/qmail/simscan/1399567110.56384.1642/20140414111036551.pdf: OK 2b) My send log of questionable email: 2014-05-08 10:38:35.010130500 new msg 2883665 2014-05-08 10:38:35.010132500 info msg 2883665: bytes 2962824 from clientscli...@clientsclientdomain.com qp 1648 uid 89 2014-05-08 10:38:35.026076500 starting delivery 14591: msg 2883665 to local clientdomain.com-postmas...@clientdomain.com 2014-05-08 10:38:35.026079500 status: local 1/10 remote 0/60 2014-05-08 10:38:35.026080500 starting delivery 14592: msg 2883665 to local clientdomain.com-employ...@clientdomain.com 2014-05-08 10:38:35.026082500 status: local 2/10 remote 0/60 2014-05-08 10:38:35.393330500 delivery 14591: success: did_0+0+1/ 2014-05-08 10:38:35.393332500 status: local 1/10 remote 0/60 2014-05-08 10:38:35.782489500 delivery 14592: success: did_0+0+1/ 2014-05-08 10:38:35.782492500 status: local 0/10 remote 0/60 2014-05-08 10:38:35.782493500 end msg 2883665 This is a relatively new but ongoing issue. Can anyone point me in the right direction to solve this? EricB - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: building another one to replace my old one
Thanks for the chuckle, Dan. I needed a smile. :) I'd go with the COS6 install too (have done so numerous times myself). The documentation is a little behind (as typical), but here are the installation directions: https://github.com/QMailToaster/qmailtoaster-util/blob/master/README.install It's quite a bit simpler than it used to be. The only gotcha I'm aware of is if your QMT runs behind a NAT router (has a private IP address), you'll need to tweak the qt-setup-firewall script. I'm working on getting that straightened out. spamdyke is included in the stock QMT now, but fail2ban is still a manual process. There are some good f2b instructions on the wiki now. If you have any problem with it, let us know about it here so we can get it fixed. Thanks. -- -Eric 'shubes' On 05/08/2014 11:10 AM, Dan McAllister wrote: Ok, a few points to update my official opinions : wink a) the QMT project now has ISOs available with a COS6 32-bit build and QMT already installed (I think -- if not a full ISO, then a KVM ISO :)) b) COS 6 is the _/LAST /_RHEL-based product that will support 32-bit builds (long rumored, now confirmed): RHEL7rc is out, and it is 64-bit only (kernel-wise, anyway -- there are some 32-bit libraries for compatibility) b1) Personally, I think that is a mistake (the 64-bit only decision), as I am in agreement with Eric Shubert that 32-bit KVM clients are smaller faster b2) I lost the election for King and Emperor of all Linux, so my opinion doesn't matter that much :) RHEL and COS will go on without me :( c) One final correction: the latest COS5 is either 10 or 11 (I saw a 5.10 ISO on a mirror, but have been told in another forum that there is a 5.11). Regardless, the preferred CentOS 5 build is the latest - I see no value in building off of 5.8 (or 5.9 for that matter). So, all of that said, I will weigh in here and say that I recommend Eric's CentOS 6 build for new systems. 32 or 64 bit, there are new features and new supported add-ons that I think are worth it. I just re-built one of my backup mail servers, and ran Eric's install scripts flawlessly. THANKS FOR ALL THE GREAT WORK, ERIC! Dan McAllister QMT DNS/Mirror Admin (and official pain-in-the-project-part) On 5/8/2014 1:03 PM, Jim Shupert wrote: Friends, I have happily been running Qmaltoaster for years . I wish to build a new one - new hardware current os etc etc I see on the website a suggestion for centos 5.8 http://wiki.qmailtoaster.com/index.php/Main_Page#Installation CentOS 5, i386 x86_64 but I have seen ( i think ) talk on mailing list centos 6 so what distro is suggested? and should i follow http://wiki.qmailtoaster.com/index.php/CentOS_5_QmailToaster_Install also I think my hardware is going to be 32 bit -- i seem to recall Dan McA saying if 32 bit then stick with centos 5.6 could I go with 32 bit hardware and centos 5.8 ? also also I very much wish to be able to do a 'better' job of controlling spam that i do currently I want spamassassin ( i have that currently ) but also spamdyke fail2ban and any other magic wand or practices that will allow me to stop / reduce that darn spam. thanks js -- IT4SOHO, LLC 33 - 4th Street N, Suite 211 St. Petersburg, FL 33701-3806 CALL TOLL FREE: 877-IT4SOHO 877-484-7646 Phone 727-647-7646 Local 727-490-4394 Fax We have support plans for QMail! - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: stripped attachments...part II
On 05/08/2014 11:17 AM, Eric Broch wrote: Hello list, I've had this ongoing problem but have left it hanging as it is difficult to test sometimes, but one of my clients' clients has just gotten around to sending a test email with attachments to me (to test) and several of my client's employees and we're all experiencing stripped attachments from said email. Both my client and I use QMT hosts on CentOS 5 similarly configured, both using DSPAM. Below are 1) the clients QMT clamd and send logs and 2) my QMT clamd and send logs. The test email was sent by the sender to my client and me with 4 pdf attachments to users on each QMT host. As you can see in each log there the 4 scanned attachments (clamd log) and larger sized email logged (send log). Viewing the mail on the server and in the email client the attachments are gone and the size of the email changed. I've changed user and domain info, everything else is un-touched. 1a) Client's clamd log of questionable email 2014-05-08 10:31:16.745172500 Listening daemon: PID: 1606 2014-05-08 10:31:16.745177500 MaxQueue set to: 100 2014-05-08 10:40:28.678671500 /var/qmail/simscan/1399567228.63204.1757/msg.1399567228.63204.1757: OK 2014-05-08 10:40:28.679188500 /var/qmail/simscan/1399567228.63204.1757/addr.1399567228.63204.1757: OK 2014-05-08 10:40:28.680575500 /var/qmail/simscan/1399567228.63204.1757/textfile1: OK 2014-05-08 10:40:28.680735500 /var/qmail/simscan/1399567228.63204.1757/textfile2: OK 2014-05-08 10:41:06.642352500 /var/qmail/simscan/1399567258.553367.1809/msg.1399567258.553367.1809: OK 2014-05-08 10:41:06.642528500 /var/qmail/simscan/1399567258.553367.1809/addr.1399567258.553367.1809: OK 2014-05-08 10:41:06.643731500 /var/qmail/simscan/1399567258.553367.1809/textfile1: OK 2014-05-08 10:41:06.643909500 /var/qmail/simscan/1399567258.553367.1809/textfile2: OK 2014-05-08 10:41:06.644907500 /var/qmail/simscan/1399567258.553367.1809/Roof CMU Veneer Wall.pdf: OK 2014-05-08 10:41:06.645739500 /var/qmail/simscan/1399567258.553367.1809/Panel Wall.pdf: OK 2014-05-08 10:41:06.648692500 /var/qmail/simscan/1399567258.553367.1809/BPS_Elevations_100% SD.PDF: OK 2014-05-08 10:41:06.650922500 /var/qmail/simscan/1399567258.553367.1809/20140414111036551.pdf: OK 2014-05-08 10:51:05.884090500 No stats for Database check - forcing reload 1b) Client's send log of questionable email 2014-05-08 10:41:06.879908500 new msg 655979 2014-05-08 10:41:06.879931500 info msg 655979: bytes 2962846 from clientscli...@clientsclientdomain.com qp 1820 uid 89 2014-05-08 10:41:06.881908500 starting delivery 6524: msg 655979 to local mydomain.com...@mydomain.com 2014-05-08 10:41:06.883269500 status: local 1/10 remote 0/60 2014-05-08 10:41:11.099262500 delivery 6524: success: did_0+0+1/ 2014-05-08 10:41:11.099263500 status: local 0/10 remote 0/60 2014-05-08 10:41:11.099263500 end msg 655979 .. 2a) My clamd log of questionable email: 2014-05-08 10:38:34.593747500 /var/qmail/simscan/1399567110.56384.1642/msg.1399567110.56384.1642: OK 2014-05-08 10:38:34.593750500 /var/qmail/simscan/1399567110.56384.1642/addr.1399567110.56384.1642: OK 2014-05-08 10:38:34.595607500 /var/qmail/simscan/1399567110.56384.1642/textfile1: OK 2014-05-08 10:38:34.596172500 /var/qmail/simscan/1399567110.56384.1642/textfile2: OK 2014-05-08 10:38:34.598097500 /var/qmail/simscan/1399567110.56384.1642/Roof CMU Veneer Wall.pdf: OK 2014-05-08 10:38:34.603765500 /var/qmail/simscan/1399567110.56384.1642/Panel Wall.pdf: OK 2014-05-08 10:38:34.604838500 /var/qmail/simscan/1399567110.56384.1642/BPS_Elevations_100% SD.PDF: OK 2014-05-08 10:38:34.609207500 /var/qmail/simscan/1399567110.56384.1642/20140414111036551.pdf: OK 2b) My send log of questionable email: 2014-05-08 10:38:35.010130500 new msg 2883665 2014-05-08 10:38:35.010132500 info msg 2883665: bytes 2962824 from clientscli...@clientsclientdomain.com qp 1648 uid 89 2014-05-08 10:38:35.026076500 starting delivery 14591: msg 2883665 to local clientdomain.com-postmas...@clientdomain.com 2014-05-08 10:38:35.026079500 status: local 1/10 remote 0/60 2014-05-08 10:38:35.026080500 starting delivery 14592: msg 2883665 to local clientdomain.com-employ...@clientdomain.com 2014-05-08 10:38:35.026082500 status: local 2/10 remote 0/60 2014-05-08 10:38:35.393330500 delivery 14591: success: did_0+0+1/ 2014-05-08 10:38:35.393332500 status: local 1/10 remote 0/60 2014-05-08 10:38:35.782489500 delivery 14592: success: did_0+0+1/ 2014-05-08 10:38:35.782492500 status: local 0/10 remote 0/60 2014-05-08 10:38:35.782493500 end msg 2883665 This is a relatively new but ongoing issue. Can anyone point me in the right direction to solve this? EricB - While dspam isn't officially supported, we can certainly do our best to help you get things fixed up. I would suspect that the problem is happening during delivery. IOW, the attachments are making to the queue, but they're being stripped between the queue and
