gmane.mail.exim.user

Re: Denying spam with forged from

2008-12-01T16:30:26

See my config attached to http://wiki.exim.org/DbLessGreyListingRun

Re: setting up personal ip blacklist

eximmail — 2008-12-01T02:27:21

Thanks for the replies and input as I now have things working as they are supposed to be working. I knew that I was missing something stupid. After looking at things for so long everything jumbles up then you miss something easy. Again thanks for the help it was greatly appreciated

Re: Denying spam with forged from

W B Hacker — 2008-12-01T01:58:23

I wouldn't waste any time on spf. But there are several other tools. - rDNS fail - dynamic-IP RBL - local BL on IP and/or regexp (HELO) The way to keep so-called 'false' positives down is to; - whitelist those whom you feel you must - preferably by one (or few) IP rather than REGEXP. We even have a 'few' that pass only between specific 'pairs' of correspondents (branch office <=> HQ over pure-crap connectivity ISP / dumbhost that gets nearly *everything* wrong). - assign *weighted* scores for each faux pas, accumulate them, then compare the sum to per-domain if not per-user thresholds. A bit of tweaking of whitelists and score weighting, and most users 'regular' correspondents are not a problem even if trying to run their own MTA over dial-up off a Linux laptop. Yet you can still kill zombies effectively and 'early enough'. You need to wait until acl_smtp_rcpt to have the most info and options at hand, but any time *before* entering DATA phase is nearly as good as at first 'CONNECT' as far

Re: setting up personal ip blacklist

Dave Pooser — 2008-12-01T00:59:32

What I do is I define my list of addresses as a hostlist before the ACL section in my exim.conf file: hostlist block_by_ip = /etc/exim/files/blacklist_ip Then in my acl_smtp_rcpt (linewraps are an artifact of my MUA): deny message = Message rejected because $sender_host_address is in a local block list. hosts = +block_by_ip

Re: setting up personal ip blacklist

eximmail — 2008-11-30T20:22:52

Ok I just figured out it has to do with the formatting of my blacklist file I deleted all but 1 entry and all works fine!! So now I have to figure out the proper way to format my list. Thanks

Re: setting up personal ip blacklist

eximmail — 2008-11-30T19:58:02

message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster hosts = ${if exists{/etc/exim/blacklist_ip}\ {/etc/exim/blacklist_ip}\ {}} this is still blocking all mail and inserting the message

Re: setting up personal ip blacklist

Steve Kemp — 2008-11-30T19:09:27

This is your mistake; you're using 'dnslists' when you want to use 'hosts'. For example this is included in the stock Debian exim4 configuration file: message = sender IP address $sender_host_address is locally blacklisted here . If you think this is wrong, get in touch with postmaster hosts = ${if exists{CONFDIR/local_host_blacklist}\ {CONFDIR/local_host_blacklist}\ {}} Steve

setting up personal ip blacklist

eximmail — 2008-11-30T19:01:58

I have been trying setup exim to have my own personal IP blacklist and I am having many problems implementing it. I have compiled a list of IP address i a list and then added this to my exim conf file and this blocks all mail to my server deny message = rejected because $sender_host_address is in a black list at $etc\exim\blacklist_ip\n$blaclist_ip dnslists = blacklist_ip I have changed the variation several way and still not good. My other black listing is working by host (dns blacklisting) : cbl.abuseat.org : list.dsbl.org : I know I am missing something stupid here that is simple but I can't figure it out with out some help. also in my list is this the right format #Ip Blacklist 216.193.192.0/18 216.193.235.00 216.193.235.01 216.193.235.02 216.193.235.03 Thanks for any pointers in advance

Re: Denying spam with forged from

Dave Pooser — 2008-11-30T18:49:39

Not necessarily useless; you can still block on the low-hanging fruit and then use other checks in SpamAssassin scoring and also use delays to bore spambots into submission. A couple of snippets from my own ACLs (beware line wrap): No legitimate host, no matter how sloppily configured, should HELO with an IP address: deny message = Remote host used IP address in HELO/EHLO greeting !hosts = +whitelisted condition = ${if isip {$sender_helo_name}{true}{false}} Or with your own hostname: deny message = Remote host used our name in HELO/EHLO greeting. !hosts = +whitelisted condition = ${if match_domain{$sender_helo_name} {$primary_hostname:+local_domains:+relay_to_domains}} Then I start throwing delays around for other checks (this works best if you disable pipelining): warn message = X-Warning: $sender_helo_name failed verification !hosts = +whitelisted !verify = helo delay = 15s Many spambots will get impatient and ei

Re: Help needed to configure domain

Marco van Oostende — 2008-11-30T17:38:43

I'm sure that was the only thing changed: - added the lines - restarted exim - noticed that all mail got rejected - commented out the added lines - restarted exim for further research - found some example pages that used quotes - removed the comment #s and added the quotes - restarted exim Anyway, it works like a charm now. Thank you all. Best regards, Marco Kjetil Torgrim Homme wrote:

Re: Denying spam with forged from

Patryk Rzadzinski — 2008-11-29T15:19:27

Hello, Thanks for all the input. I have removed my domains from spamd's whitelist and this problem is obviously gone, however this means it is gone after the content scan. I tried verify = helo and deny spf = fail, however both those checks were too strict for some popular mail servers used in my country, which I assume renders them useless in my situation. This is of course true, but is there any other way to drop the mail beforehand, if verify helo and spf are not options? Thank you in advance, -- Patryk

Re: Help needed to configure domain

Kjetil Torgrim Homme — 2008-11-30T14:40:25

no, the quotes are not important, there has to be something else wrong. you can test using exim -bh IPADDRESS

Re: Help needed to configure domain

Marco van Oostende — 2008-11-30T12:48:08

Wow. That was easy. I had to change it a little to get it to work. The script is now deny message = Blocking incoming mail for domains blah blah !hosts = 89.146.30.0/29 domains = "abc.com" : "xyz.com" The quotes around the domain names are important. It didn't work without them, so the filter itself works but every mail was blocked. After adding the quotes, mail gets accepted properly. Now I have to wait for a mail that gets send straight into the server. I'm sure it will get blocked though. Thanks! Marco lee wrote:

Re: Help needed to configure domain

lee — 2008-11-30T01:55:01

When you take a look at acl_smtp_rcpt and $sender_host_address, it seems that you could put a check into that ACL to verify the IP address of the sending host against the range of IP addresses and to deny the mail from the sending host if it is for one of the domains that must not receive mail from any other IP addresses than those in the given range. Hm, having that said, it could even be something simple like this (added to acl_smtp_rcpt): deny !hosts = 89.146.30.0/29 domains = abc.com : xyz.com ... but that's no more than a guess, I'd have to read the documentation carefully to figure it out. --- Of course, instead of putting the domains directly into the configuration file, you might want to use a lookup of some sorts to specify them. It is supposed to mean that if the IP of the sending host is not within the range 89.146.30.0/29 and if the recipient domain is either abc.com or xyz.com, then the message must be denied.

Re: Denying spam with forged from

Kjetil Torgrim Homme — 2008-11-29T19:22:29

as others have said, this is a bad idea, so don't do it. the reason it doesn't work is that Return-Path isn't part of the message received by Exim, it is added during final delivery. you need to check $sender_address instead.

Help needed to configure domain

Marco van Oostende — 2008-11-29T15:51:30

Hi All, I have a huge problem configuring the following scenario: I have a server with an ISP-like configuration. Several domains exist on it. It is administered with DirectAdmin. There is a domain on the server, say abc.com, that gives an issue. It has a domain pointer/alias xyz.com. The domain owner decided to use an external mailscanner (IronPort) to prevent excessive spamming. Since there are only mail adresses for the abc.com domain and not for xyz.com, its abc.com's MX record is changed to send everything to that filter, and it routes the filtered mail back to my server. Now the following happens: some spammers send mail to my server based on the A record of the server, so the spamfilter gets skipped. Also, all mail to the alias xyz.com still arrives in the client's mailbox since that MX record cannot be redirected to the spamfilter ($$). Basically, what I need is to check for both domains whether the IP address where the mail comes from is within the IronPort range of 89.146.30.0/29 (2

Re: setup a backup MX

Graeme Fowler — 2008-11-29T09:23:17

It will do this according to the retry rules you have. Normally, yes. Or you could do the following: # Put the backup MX domains in this file in this format: # domain: remote_server_address1:remote_server_address2 domainlist backup_domains = lsearch;/etc/exim/backup_domains ...more config... # Probably after some ACL checks over recipients and so on # in the RCPT ACL: deny domains = +filter_domains:+backup_domains !verify = recipient/callout=30s,defer_ok,no_cache,use_sender/no_details accept domains = +backup_domains ...more config... In the routers: backup_domains: driver = manualroute domains = +backup_domains transport = backup_domains_remote_smtp route_list = $domain ${lookup{$domain}lsearch{/etc/exim/backup_domains}} no_more In the transports: backup_domains_remote_smtp: driver = smtp Works for me! Graeme

Re: Denying spam with forged from

Knaupp, Thomas — 2008-11-28T14:24:53

setup a backup MX

Rakotomandimby Mihamina — 2008-11-28T20:42:27

I would like to setup a backup MX on de rented dedicated server but the main MX would be the one at home, that have more probability to be down. Is http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECTrelaycontrol the documentation I should read? I am OK but: - How to indicate Exim to try to deliver to the main server periodically? Does it retries himself, until death? - How to indicate him the main server? Does it look up the MX priority to know whos the main? Thanks for indications. I am using Ubuntu Intrepid server.

Re: Building virtual domain on multiple mail server

lee — 2008-11-28T18:52:50

You can set up an internal name server with MX entries somewhere or use smarthost routers on the routing server.

Re: Denying spam with forged from

Dave Pooser — 2008-11-28T16:39:35

whitelist of spamd (it has to be, No, actually it *doesn't* have to be, and the folks over at the SpamAssassin mailing list consider whitelisting your own domain to be one of the most common and most significant errors you can make. The best approach is to simply exempt authenticated users from SpamAssassin checks, force all your users to use SMTP AUTH, and watch the problem go away. it I've added an acl check that would compare return-path field from field. If they are different, it most probably is spam. Like, say, this very message coming from this mailing list, which has mismatching return-path and from?