blacklistings RBL, SBl XBL spamhaus.org

[e1kosau]

Hi,

I'm running RH Enterprise 4, Scalix 10 and I was wondering how do I configure RBLs, blacklistings with Scalix's MTA? i notice from another posting that you dont support it with SMTPD. Could you give me some suggestions on how to prevent spam aside from sa-learn? Also, im still getting some spam mails from different source even though I lowered the score to 3.5. Do i have to lower it down to 2.0 just to keep it on the aggressive side?

here are the logs from maillog:

Code: Select all

 
Mar 14 22:56:58 webmail spamd[15606]: processing message <.AAA-merchandizing-28112,378.1142405782@mail-app-1003.vdc.amazon.com> for root:99.
Mar 14 22:57:03 webmail spamd[15606]: clean message (-2.6/3.5) for root:99 in 4.7 seconds, 13747 bytes.
Mar 14 22:57:03 webmail spamd[15606]: result: . -2 - ALL_TRUSTED,HTML_MESSAGE,HTML_SHOUTING6,HTML_TAG_EXIST_TBODY scantime=4.7,size=13747,mid=<.AAA-merchandizing-28112_378.1142405782@mail-app-1003.vdc.amazon.com>,autolearn=failed
Mar 14 22:57:03 webmail sendmail[17323]: k2F6uwPu017323: Milter add: header: X-Spam-Status: No, score=-2.6 required=3.5 tests=ALL_TRUSTED,HTML_MESSAGE,\n\tHTML_SHOUTING6,HTML_TAG_EXIST_TBODY autolearn=failed version=3.0.4
Mar 14 22:57:03 webmail sendmail[17323]: k2F6uwPu017323: Milter add: header: X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on \n\twebmail.domain.com
Mar 14 22:57:03 webmail sendmail[17322]: k2F6utZ0017322: to=<dpan@domain1.com>, delay=00:00:06, xdelay=00:00:05, mailer=relay, pri=42988, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (k2F6uwPu017323 Message accepted for delivery)
Mar 14 22:57:03 webmail sendmail[17329]: k2F6uwPu017323: to=<dpan@domain1.com>, delay=00:00:05, xdelay=00:00:00, mailer=scalix, pri=133193, relay=webmail, dsn=2.0.0, stat=Sent (Ok)
Mar 14 23:02:44 webmail sendmail[17342]: k2F72dA3017342: from=<ashlinga@saltours.it>, size=4305, class=0, nrcpts=1, msgid=<000001c647fe$593923a0$ba48a8c0@zlj41>, proto=ESMTP, relay=root@localhost
Mar 14 23:02:44 webmail sendmail[17343]: k2F72i6O017343: from=<ashlinga@saltours.it>, size=4513, class=0, nrcpts=1, msgid=<000001c647fe$593923a0$ba48a8c0@zlj41>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Mar 14 23:02:44 webmail spamd[15605]: connection from localhost.localdomain [127.0.0.1] at port 39953
Mar 14 23:02:44 webmail spamd[15605]: info: setuid to root succeeded
Mar 14 23:02:44 webmail spamd[15605]: Still running as root: user not specified with -u, not found, or set to root.  Fall back to nobody.
Mar 14 23:02:45 webmail spamd[15605]: processing message <000001c647fe$593923a0$ba48a8c0@zlj41> for root:99.
Mar 14 23:02:46 webmail spamd[15605]: clean message (3.4/3.5) for root:99 in 1.2 seconds, 4890 bytes.
Mar 14 23:02:46 webmail spamd[15605]: result: .  3 - ALL_TRUSTED,HTML_90_100,HTML_MESSAGE,URIBL_JP_SURBL,URIBL_SBL,URIBL_SC_SURBL scantime=1.2,size=4890,mid=<000001c647fe$593923a0$ba48a8c0@zlj41>,autolearn=no
Mar 14 23:02:46 webmail sendmail[17343]: k2F72i6O017343: Milter add: header: X-Spam-Status: No, score=3.4 required=3.5 tests=ALL_TRUSTED,HTML_90_100,\n\tHTML_MESSAGE,URIBL_JP_SURBL,URIBL_SBL,URIBL_SC_SURBL autolearn=no \n\tversion=3.0.4
Mar 14 23:02:46 webmail sendmail[17343]: k2F72i6O017343: Milter add: header: X-Spam-Level: ***
Mar 14 23:02:46 webmail sendmail[17343]: k2F72i6O017343: Milter add: header: X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on \n\twebmail.domain.com
Mar 14 23:02:46 webmail sendmail[17342]: k2F72dA3017342: to=<calonso@domain.com>, delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=34305, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (k2F72i6O017343 Message accepted for delivery)
Mar 14 23:02:46 webmail sendmail[17349]: k2F72i6O017343: to=<calonso@domain.com>, delay=00:00:02, xdelay=00:00:00, mailer=scalix, pri=124513, relay=webmail, dsn=2.0.0, stat=Sent (Ok)



How do i check for the effectiveness of spamassassin? besides that I do not get the emails marked as SPAM by spamassasin? Am i missing something here? I followed all the instructions from the techical notes. Please enlighen.

Thanks. Kudos to the Support team of SCALIX for great service!

Don

[ScalixSupport]

Hi,

couple of things:

- upgrade to SA 3.1
- enable auto-learning
- 3.5 is a waaaaaaaaaaaaaay to low spam-score, 5.5 is the default for a good reason.
- I believe your spamassassin has no file access to your rules, could that be: "Still running as root: user not specified with -u, not found, or set to root. Fall back to nobody. " su to nobody and check if you can cat the rule files.

Please see the wiki on www.spamassassin.org for more information - these are not Scalix specific issues...

Cheers,

Sascha.

[e1kosau]

i followed your documentation in the technical notes. the notes never mentioned anything about changing the user to run spamassassin or spamass-milter. i cant seem to find the right docs at the spamassassin sites it said to run SA with procmail.

do we have to run procmail? do i have to create a user to run spamassassin or just run it as root?

need your help. also, spam thats getting through arent marked as spam either they dont get to the mbox or doesnt get delivered. please enlighten.

thanks.

[jasonesman]

Hi,
You can add dnsbl blacklisting to sendmail with the following
FEATURE(`dnsbl',`relays.ordb.org', `Rejected - see http://ordb.org/')dnl
FEATURE(`dnsbl',`bl.spamcop.net',`Rejected - see http://spamcop.net/')dnl
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected - see http://www.spamhaus.org/')dnl

you can also use the Sare Rules and use Rules Du Jour to keep them updated see
http://rulesemporium.com/


Jason

[koffiejunkie]

Hi,
You can add dnsbl blacklisting to sendmail with the following
FEATURE(`dnsbl',`relays.ordb.org', `Rejected - see http://ordb.org/')dnl
FEATURE(`dnsbl',`bl.spamcop.net',`Rejected - see http://spamcop.net/')dnl
FEATURE(`dnsbl',`sbl.spamhaus.org',`Rejected - see http://www.spamhaus.org/')dnl

you can also use the Sare Rules and use Rules Du Jour to keep them updated see
http://rulesemporium.com/


Jason

Hi,

In which file does this go?

Thanks

[TRACKS]

/etc/mail/sendmail.mc

After adding those lines to your sendmail.mc file all you need to do is as root execute
the following command from the /etc/mail dir.

m4 sendmail.mc > ../sendmail.cf

It would be a good idea to back up your old /etc/sendmail.cf beforehand.
After running the m4 comman restart sendmail and you are done.

[grubi]

/etc/mail/sendmail.mc

After adding those lines to your sendmail.mc file all you need to do is as root execute
the following command from the /etc/mail dir.

m4 sendmail.mc > ../sendmail.cf

It would be a good idea to back up your old /etc/sendmail.cf beforehand.
After running the m4 comman restart sendmail and you are done.

Are you sure this woks without making sendmail the primary mta on port 25? Ohterwise sendmail will allways see connections from localhost which are of course never blacklisted.

grubi.

[grahamk]

Are you sure this woks without making sendmail the primary mta on port 25? Ohterwise sendmail will allways see connections from localhost which are of course never blacklisted.

grubi.

This is the same issue I am having, is there a way to let sendmail see the original sender ip address?

[William]

viewtopic.php?t=3788&highlight=dnsbl - may help.


In sendmail the following fails gracefully when a particular DNSBL fails to respond, since the error message is not specifically defined.
Feature FEATURE(`enhdnsbl',`bl.spamcop.net')dnl
Feature FEATURE(`enhdnsbl',`dnsbl.sorbs.net')dnl
Feature FEATURE(`enhdnsbl',`sbl-xbl.spamhaus.org')dnl
Feature FEATURE(`enhdnsbl',`psbl.surriel.com')dnl
Feature FEATURE(`enhdnsbl',`cbl.abuseat.org')dnl

It may seem odd the above list, but the inclusion of some lists into others takes a significant amount of time so listing them as well makes for better protection.