Re: [qmailtoaster] Authentication to bypass spam checks
Tek Support wrote: Thanks Eric, I realize I don't need 587 at all with spamdyke, I was trying to ask if I needed 587 if spamdyke was using spamhaus. Since spamhaus used by itself was causing rejections to my at home dynamic users it seemed strange that spamhaus was blocking my dynamic users but it was not blocking them when run with spamdyke. Since I don't fully understand the internals, I was asking about that specifically so I don't screw up my at home users. Let me see if I can explain this. You don't need port 587 with spamdyke because spamdyke turns off all of its filtering if the connection (sender) authenticates successfully. On the other hand, rblsmtpd is oblivious to authentication, so it rejects connections which might otherwise be able to authenticate. It's simply a weakness in the rblsmtpd program. And I believe it is true, that if I have dynamic IP users, and I'm using spamhaus by itself, then I do require port 587. Isn't that true? Not exactly. It's the combination of rblsmtpd and spamhaus which requires you to use port 587. spamhaus with spamdyke is ok on port 25. So it's more the case of the use of rblsmtpd (with certain blocklists which block dynamic addresses) which requires the use of port 587. And again if I have dynamic IP users, and I'm using spamdyke which includes spamhaus, then I don't need to use 587. Is that right? Yes, for the most part. I hate to split hairs, but in this case it might be appropriate. Regarding for the most part, spamdyke doesn't necessarily (or really) include spamhaus. If you'd have said I'm using spamdyke *with* spamhaus, that would be (slightly) clearer. You can use spamdyke with or without spamhaus (or any other RBL). Using spamhaus (and a few others) is highly recommended though. Thanks again, I'm just trying to be clear. No problem. I hope I can help you understand how it works. John On Fri, Aug 8, 2008 at 1:33 PM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: So if I understand correctly, spamdyke can use spamhaus, and I do see it in my /etc/spamdyke/spamdyke.conf file (uncommented). Which means I don't need the BLACKLIST= in my run file, is this correct? Yes. Spamdyke does everything that rblsmtpd used to do (and a lot more). And if I might ask a followup question, it was said in another post that spamdyke allows authenticated users in past spamhaus. Ok, but if spamdyke allows authenticated users in, while using spamhaus, then why do I need port 587? You don't need port 587 if you're using spamdyke. You do need port 587 if you're not using spamdyke. And just out of curiosity, if spamdyke is a more versitile product, allowing my dynamic users to authenticate and send mail on port 25 while also using spamhaus dynamic blocking, why isn't spamdyke installed by default? spamdyke is fairly new to the toaster. I expect that it will become part of the stock toaster at some point, but that's up to Erik Espinoza, who is the toaster maintainer. Thanks John On Fri, Aug 8, 2008 at 10:02 AM, Eric Shubert [EMAIL PROTECTED] wrote: Sam Clippinger wrote: To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The default configuration of spamdyke (as installed by QTP) does not include Spamhaus, however. I beg your pardon. ;) Here are the default RBLs as installed by QTP: check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org If you are using spamdyke version 3.1.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: check-dnsrbl=zen.spamhaus.org If you are using spamdyke version 4.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: dns-blacklist-entry=zen.spamhaus.org To add multiple DNS RBLs, simply repeat the line with different values. -- Sam Clippinger QTP only installs/upgrades spamdyke 3.1.x at this time. I hope to add 4.x capability soon. It'll likely be a couple weeks before I get to it though. Anil Aliyan wrote: pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions
Re: [qmailtoaster] Authentication to bypass spam checks
Eric, thank you that helps and I understand the process better - at least for my implementation. I also appreciate you and others here which have helped with my questions. I know you and Eric Espinoza work hard to help everyone and keep the qmailtoaster upgraded - thank you. And with that job comes answering questions, and so I just wanted to make sure I said Thank you. John On Sat, Aug 9, 2008 at 8:57 AM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: Thanks Eric, I realize I don't need 587 at all with spamdyke, I was trying to ask if I needed 587 if spamdyke was using spamhaus. Since spamhaus used by itself was causing rejections to my at home dynamic users it seemed strange that spamhaus was blocking my dynamic users but it was not blocking them when run with spamdyke. Since I don't fully understand the internals, I was asking about that specifically so I don't screw up my at home users. Let me see if I can explain this. You don't need port 587 with spamdyke because spamdyke turns off all of its filtering if the connection (sender) authenticates successfully. On the other hand, rblsmtpd is oblivious to authentication, so it rejects connections which might otherwise be able to authenticate. It's simply a weakness in the rblsmtpd program. And I believe it is true, that if I have dynamic IP users, and I'm using spamhaus by itself, then I do require port 587. Isn't that true? Not exactly. It's the combination of rblsmtpd and spamhaus which requires you to use port 587. spamhaus with spamdyke is ok on port 25. So it's more the case of the use of rblsmtpd (with certain blocklists which block dynamic addresses) which requires the use of port 587. And again if I have dynamic IP users, and I'm using spamdyke which includes spamhaus, then I don't need to use 587. Is that right? Yes, for the most part. I hate to split hairs, but in this case it might be appropriate. Regarding for the most part, spamdyke doesn't necessarily (or really) include spamhaus. If you'd have said I'm using spamdyke *with* spamhaus, that would be (slightly) clearer. You can use spamdyke with or without spamhaus (or any other RBL). Using spamhaus (and a few others) is highly recommended though. Thanks again, I'm just trying to be clear. No problem. I hope I can help you understand how it works. John On Fri, Aug 8, 2008 at 1:33 PM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: So if I understand correctly, spamdyke can use spamhaus, and I do see it in my /etc/spamdyke/spamdyke.conf file (uncommented). Which means I don't need the BLACKLIST= in my run file, is this correct? Yes. Spamdyke does everything that rblsmtpd used to do (and a lot more). And if I might ask a followup question, it was said in another post that spamdyke allows authenticated users in past spamhaus. Ok, but if spamdyke allows authenticated users in, while using spamhaus, then why do I need port 587? You don't need port 587 if you're using spamdyke. You do need port 587 if you're not using spamdyke. And just out of curiosity, if spamdyke is a more versitile product, allowing my dynamic users to authenticate and send mail on port 25 while also using spamhaus dynamic blocking, why isn't spamdyke installed by default? spamdyke is fairly new to the toaster. I expect that it will become part of the stock toaster at some point, but that's up to Erik Espinoza, who is the toaster maintainer. Thanks John On Fri, Aug 8, 2008 at 10:02 AM, Eric Shubert [EMAIL PROTECTED] wrote: Sam Clippinger wrote: To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The default configuration of spamdyke (as installed by QTP) does not include Spamhaus, however. I beg your pardon. ;) Here are the default RBLs as installed by QTP: check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org If you are using spamdyke version 3.1.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: check-dnsrbl=zen.spamhaus.org If you are using spamdyke version 4.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: dns-blacklist-entry=zen.spamhaus.org To add multiple DNS RBLs, simply repeat the line with different values. -- Sam Clippinger QTP only installs/upgrades spamdyke 3.1.x at this time. I hope to add 4.x capability soon. It'll likely be a couple weeks before I get to it though. Anil Aliyan wrote: pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control
Re: [qmailtoaster] Authentication to bypass spam checks
pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Authentication to bypass spam checks
The answer to question 2) is quite simple: Only authenticated users can relay via this port. Additionally usage of TLS is suggested. Qmailtoaster is prepeared for it, but each client must enable it; for security reasons (to force man in the middle attacs) each client should not only prefer but force TLS to be used. Best regards, Johannes Weberhofer Anil Aliyan wrote: pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- |- | weberhofer GmbH | Johannes Weberhofer | information technologies | Austria, 1080 Wien, Blindengasse 52/3 | | Firmenbuch: 225566s, Handelsgericht Wien | UID: ATU55277701 | | phone : +43 (0)1 5454421 0| email: [EMAIL PROTECTED] | fax : +43 (0)1 5454421 19 | web : http://weberhofer.at | mobile: +43 (0)699 11998315 |--- - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Authentication to bypass spam checks
Hi, you can check the file /etc/spamdyke/spamdyke.conf here are the rbl servers now. Mario - Mensaje original - De: Tek Support [EMAIL PROTECTED] Para: qmailtoaster-list@qmailtoaster.com Enviado: Jueves, 07 de Agosto de 2008 10:41 p.m. Asunto: Re: [qmailtoaster] Authentication to bypass spam checks Opps, I forgot to add the before and after /var/qmail/supervise/smtp/run file. ---Before Begin--- #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 8500 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 21 ---Before End--- ---After Begin--- #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE=/usr/local/bin/spamdyke SPAMDYKE_CONF=/etc/spamdyke/spamdyke.conf SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 8500 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 21 ---After End--- You can see the BLACKLIST=`cat /var/qmail/control/blacklists` is no longer listed. Thanks John On Thu, Aug 7, 2008 at 9:07 PM, Tek Support [EMAIL PROTECTED] wrote: Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus Database: 270.5.12/1599 - Release Date: 07/08/2008 20:49 - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Authentication to bypass spam checks
To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The default configuration of spamdyke (as installed by QTP) does not include Spamhaus, however. If you are using spamdyke version 3.1.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: check-dnsrbl=zen.spamhaus.org If you are using spamdyke version 4.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: dns-blacklist-entry=zen.spamhaus.org To add multiple DNS RBLs, simply repeat the line with different values. -- Sam Clippinger Anil Aliyan wrote: pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Authentication to bypass spam checks
Sam Clippinger wrote: To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The default configuration of spamdyke (as installed by QTP) does not include Spamhaus, however. I beg your pardon. ;) Here are the default RBLs as installed by QTP: check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org If you are using spamdyke version 3.1.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: check-dnsrbl=zen.spamhaus.org If you are using spamdyke version 4.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: dns-blacklist-entry=zen.spamhaus.org To add multiple DNS RBLs, simply repeat the line with different values. -- Sam Clippinger QTP only installs/upgrades spamdyke 3.1.x at this time. I hope to add 4.x capability soon. It'll likely be a couple weeks before I get to it though. Anil Aliyan wrote: pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Authentication to bypass spam checks
So if I understand correctly, spamdyke can use spamhaus, and I do see it in my /etc/spamdyke/spamdyke.conf file (uncommented). Which means I don't need the BLACKLIST= in my run file, is this correct? And if I might ask a followup question, it was said in another post that spamdyke allows authenticated users in past spamhaus. Ok, but if spamdyke allows authenticated users in, while using spamhaus, then why do I need port 587? And just out of curiosity, if spamdyke is a more versitile product, allowing my dynamic users to authenticate and send mail on port 25 while also using spamhaus dynamic blocking, why isn't spamdyke installed by default? Thanks John On Fri, Aug 8, 2008 at 10:02 AM, Eric Shubert [EMAIL PROTECTED] wrote: Sam Clippinger wrote: To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The default configuration of spamdyke (as installed by QTP) does not include Spamhaus, however. I beg your pardon. ;) Here are the default RBLs as installed by QTP: check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org If you are using spamdyke version 3.1.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: check-dnsrbl=zen.spamhaus.org If you are using spamdyke version 4.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: dns-blacklist-entry=zen.spamhaus.org To add multiple DNS RBLs, simply repeat the line with different values. -- Sam Clippinger QTP only installs/upgrades spamdyke 3.1.x at this time. I hope to add 4.x capability soon. It'll likely be a couple weeks before I get to it though. Anil Aliyan wrote: pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Authentication to bypass spam checks
Tek Support wrote: So if I understand correctly, spamdyke can use spamhaus, and I do see it in my /etc/spamdyke/spamdyke.conf file (uncommented). Which means I don't need the BLACKLIST= in my run file, is this correct? Yes. Spamdyke does everything that rblsmtpd used to do (and a lot more). And if I might ask a followup question, it was said in another post that spamdyke allows authenticated users in past spamhaus. Ok, but if spamdyke allows authenticated users in, while using spamhaus, then why do I need port 587? You don't need port 587 if you're using spamdyke. You do need port 587 if you're not using spamdyke. And just out of curiosity, if spamdyke is a more versitile product, allowing my dynamic users to authenticate and send mail on port 25 while also using spamhaus dynamic blocking, why isn't spamdyke installed by default? spamdyke is fairly new to the toaster. I expect that it will become part of the stock toaster at some point, but that's up to Erik Espinoza, who is the toaster maintainer. Thanks John On Fri, Aug 8, 2008 at 10:02 AM, Eric Shubert [EMAIL PROTECTED] wrote: Sam Clippinger wrote: To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The default configuration of spamdyke (as installed by QTP) does not include Spamhaus, however. I beg your pardon. ;) Here are the default RBLs as installed by QTP: check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org If you are using spamdyke version 3.1.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: check-dnsrbl=zen.spamhaus.org If you are using spamdyke version 4.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: dns-blacklist-entry=zen.spamhaus.org To add multiple DNS RBLs, simply repeat the line with different values. -- Sam Clippinger QTP only installs/upgrades spamdyke 3.1.x at this time. I hope to add 4.x capability soon. It'll likely be a couple weeks before I get to it though. Anil Aliyan wrote: pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Eric 'shubes' - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED
Re: [qmailtoaster] Authentication to bypass spam checks
Thanks Eric, I realize I don't need 587 at all with spamdyke, I was trying to ask if I needed 587 if spamdyke was using spamhaus. Since spamhaus used by itself was causing rejections to my at home dynamic users it seemed strange that spamhaus was blocking my dynamic users but it was not blocking them when run with spamdyke. Since I don't fully understand the internals, I was asking about that specifically so I don't screw up my at home users. And I believe it is true, that if I have dynamic IP users, and I'm using spamhaus by itself, then I do require port 587. Isn't that true? And again if I have dynamic IP users, and I'm using spamdyke which includes spamhaus, then I don't need to use 587. Is that right? Thanks again, I'm just trying to be clear. John On Fri, Aug 8, 2008 at 1:33 PM, Eric Shubert [EMAIL PROTECTED] wrote: Tek Support wrote: So if I understand correctly, spamdyke can use spamhaus, and I do see it in my /etc/spamdyke/spamdyke.conf file (uncommented). Which means I don't need the BLACKLIST= in my run file, is this correct? Yes. Spamdyke does everything that rblsmtpd used to do (and a lot more). And if I might ask a followup question, it was said in another post that spamdyke allows authenticated users in past spamhaus. Ok, but if spamdyke allows authenticated users in, while using spamhaus, then why do I need port 587? You don't need port 587 if you're using spamdyke. You do need port 587 if you're not using spamdyke. And just out of curiosity, if spamdyke is a more versitile product, allowing my dynamic users to authenticate and send mail on port 25 while also using spamhaus dynamic blocking, why isn't spamdyke installed by default? spamdyke is fairly new to the toaster. I expect that it will become part of the stock toaster at some point, but that's up to Erik Espinoza, who is the toaster maintainer. Thanks John On Fri, Aug 8, 2008 at 10:02 AM, Eric Shubert [EMAIL PROTECTED] wrote: Sam Clippinger wrote: To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The default configuration of spamdyke (as installed by QTP) does not include Spamhaus, however. I beg your pardon. ;) Here are the default RBLs as installed by QTP: check-dnsrbl=zen.spamhaus.org check-dnsrbl=bl.spamcop.net check-dnsrbl=list.dsbl.org If you are using spamdyke version 3.1.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: check-dnsrbl=zen.spamhaus.org If you are using spamdyke version 4.x, edit the configuration file /etc/spamdyke/spamdyke.conf and add the following line: dns-blacklist-entry=zen.spamhaus.org To add multiple DNS RBLs, simply repeat the line with different values. -- Sam Clippinger QTP only installs/upgrades spamdyke 3.1.x at this time. I hope to add 4.x capability soon. It'll likely be a couple weeks before I get to it though. Anil Aliyan wrote: pretty smart question John, I also would like to hear the answer for it from the experts. - Original Message - From: Tek Support [EMAIL PROTECTED] To: qmailtoaster-list@qmailtoaster.com Sent: Friday, August 08, 2008 8:37 AM Subject: Re: [qmailtoaster] Authentication to bypass spam checks Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John -- -Eric 'shubes
Re: [qmailtoaster] Authentication to bypass spam checks
worked perfectly.. Thanks. Sincerely, Luis Lopez * *--- IT Support Kiwibox.com http://kiwibox.com/ [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * * Eric Shubert wrote: Also, be sure to use TLS/SSL along with authentication. Otherwise your login/password would be sent in the clear and could be stolen relatively easily. Phil Leinhauser wrote: Good news! You didn't configure QMT wrong. This is the way it should be. You'll need him to use the submission port (587) on his client instead of 25. He'll also need to use smtp auth. to send. In fact, you should make it standard procedure now to have all of your clients submit on port 587 with SMTP auth from now on. This will make it easier in the long run. You'll start seeing more and more post offices going this way. Phil -Original message- From: Luis Lopez [EMAIL PROTECTED] Date: Tue, 05 Aug 2008 14:39:50 -0400 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Authentication to bypass spam checks Hi All, My first message to this mailing list. :-) Problem: One of my developers is complaining that is not possible for him to send email from his house. I noticed that the range of IPs from his block has been flagged as spam. Q. What's the correct procedure to have him authenticated and bypass the spam mechanism? I know that I probably configured QT wrong, lets see if I can get it right this time. Thanks in advance. -- Sincerely, Luis Lopez * *--- IT Support Kiwibox.com http://kiwibox.com/ [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] --- 330 W. 38th #1602 New York, NY 10018 --- Office(212) 239-8210 Fax(212) 239-8422* *Mobile (917) 385-2541 --- * * * Information contained in this email and any attachments thereto shall be considered privileged and/or confidential. You are hereby notified that any dissemination, distribution or copying of this email or attachments is prohibited, unless you have expressed permission. If you have received this email in error, please notify the sender and delete the email and the attachments. * * * * * * *
Re: [qmailtoaster] Authentication to bypass spam checks
Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [qmailtoaster] Authentication to bypass spam checks
Opps, I forgot to add the before and after /var/qmail/supervise/smtp/run file. ---Before Begin--- #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 8500 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 21 ---Before End--- ---After Begin--- #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE=/usr/local/bin/spamdyke SPAMDYKE_CONF=/etc/spamdyke/spamdyke.conf SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 8500 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 21 ---After End--- You can see the BLACKLIST=`cat /var/qmail/control/blacklists` is no longer listed. Thanks John On Thu, Aug 7, 2008 at 9:07 PM, Tek Support [EMAIL PROTECTED] wrote: Hi all, I have a few question. Before I learned of this port 587, my only option was to disable spamhaus. And all I did to disable it was to remove it from my /var/qmail/control/blacklists file. So, the other day I needed some addition reporting and I remembered the toaster plus, so I downloaded the Repo and ran the yum install for it. I then also decided to run the spamdyke filter. So, now that I've realized that port 587 is available for my users to send on, I went back to add the spamhaus. However, it's no longer in the /var/qmail/supervise/smtp/run file. It would appear that spamdyke has removed it. So I have 2 questions: 1) Are spamdyke and spamhaus compatible? Why would or why does spamdyke remove blacklist from the run file. Here are the before and after. ---Begin--- ---End--- 2) Since I've just found out that port 587 is available, and 587 does not run spamhaus the dynamic ip checker, then what is keeping a spammer from trying to use this 587? I mean I'm a little confused. If my port 25 won't allow any non-authenticated users to send smtp (presuming it's not an open relay), then why would I even need port 587? I understand the need to have 587 if I'm using spamhaus on port 25, and 25 is now blocked to my dynamic users (workers from home). So it seems a bit unnecessary to have both ports. And why couldn't a spammer start sending spam to my users on 587 - if it even works that way, which I'm not sure yet if it can? Qmailtoaster is a pretty popular thing, so someone, somewhere would certainly try port 587 in order to get around spamhaus wouldn't they? Thanks for your time on this, I'm not trying to be difficult, only trying to understand how and why. Thanks John - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[qmailtoaster] Authentication to bypass spam checks
Hi All, My first message to this mailing list. :-) Problem: One of my developers is complaining that is not possible for him to send email from his house. I noticed that the range of IPs from his block has been flagged as spam. Q. What's the correct procedure to have him authenticated and bypass the spam mechanism? I know that I probably configured QT wrong, lets see if I can get it right this time. Thanks in advance. -- Sincerely, Luis Lopez * *--- IT Support Kiwibox.com http://kiwibox.com/ [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] --- 330 W. 38th #1602 New York, NY 10018 --- Office(212) 239-8210 Fax(212) 239-8422* *Mobile (917) 385-2541 --- * * * Information contained in this email and any attachments thereto shall be considered privileged and/or confidential. You are hereby notified that any dissemination, distribution or copying of this email or attachments is prohibited, unless you have expressed permission. If you have received this email in error, please notify the sender and delete the email and the attachments. * * * * * * *
Re: [qmailtoaster] Authentication to bypass spam checks
Good news! You didn't configure QMT wrong. This is the way it should be. You'll need him to use the submission port (587) on his client instead of 25. He'll also need to use smtp auth. to send. In fact, you should make it standard procedure now to have all of your clients submit on port 587 with SMTP auth from now on. This will make it easier in the long run. You'll start seeing more and more post offices going this way. Phil -Original message- From: Luis Lopez [EMAIL PROTECTED] Date: Tue, 05 Aug 2008 14:39:50 -0400 To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Authentication to bypass spam checks Hi All, My first message to this mailing list. :-) Problem: One of my developers is complaining that is not possible for him to send email from his house. I noticed that the range of IPs from his block has been flagged as spam. Q. What's the correct procedure to have him authenticated and bypass the spam mechanism? I know that I probably configured QT wrong, lets see if I can get it right this time. Thanks in advance. -- Sincerely, Luis Lopez * *--- IT Support Kiwibox.com http://kiwibox.com/ [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] --- 330 W. 38th #1602 New York, NY 10018 --- Office(212) 239-8210 Fax(212) 239-8422* *Mobile (917) 385-2541 --- * * * Information contained in this email and any attachments thereto shall be considered privileged and/or confidential. You are hereby notified that any dissemination, distribution or copying of this email or attachments is prohibited, unless you have expressed permission. If you have received this email in error, please notify the sender and delete the email and the attachments. * * * * * * * - QmailToaster hosted by: VR Hosted http://www.vr.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]