LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 11-03-2007, 10:20 AM   #61
Apollo77
Member
 
Registered: Feb 2003
Location: Toronto
Distribution: RH8 / FC1 / Gentoo / Debian / FreeBSD / Centos / Ubuntu
Posts: 182

Original Poster
Rep: Reputation: 35

So, a year and a half later I am returning to this idea of a -g option for rblsmtpd. I thought I had found someone (the elusive "Rudolph", who I cannot seem to find) who had implemented exactly what I was proposing:

http://sw.eq.cz/gpforr/

This is interesting. I have tried it out and it works. However, it is not quite what I had in mind. As I understand it, Rudolph's solution essentially switches rblsmtpd into a greylist only program (or perhaps, greylists with whitelists). Just like you can mix whitelists and blacklists now, I want to also throw greylists into the mix (not turning blacklists off and making them greylists instead, which is what Rudolph's solution does ... I think).

Under my proposed solution this is what my qmail "run" file would look like:
================
#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec \
/usr/local/bin/softlimit -m 40000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
rblsmtpd \
-a mylocal.whitelist.zzz \
-r mylocal.blacklist.zzz \
-r zen.spamhaus.org \
-g dnsbl.sorbs.net \
/var/qmail/bin/qmail-smtpd my.domain.com \
/usr/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1


================

So, in my case, incoming connections would first pass through my local whitelist, my local blacklist, spamhaus blacklist, then ... Sorbs would serve as a greylist. A positive hit on Sorbs would cause that ip address to be blocked temporarily (greylisted), for a wait time (the "GREYWAIT" env variable, maybe?) of say 5 minutes. Subsequent hits during this 5 minute GREYWAIT period would cause GREYWAIT to reset. This resetting of GREYWAIT prevents spam from eventually getting through if the sending server is persistent enough to just keep hammering away until the GREYWAIT period expires. Subsequent hits from the same ip address after GREYWAIT (5 minutes) has passed would then be allowed through until some expiry time (the GREYEXPIRY env variable) has passed ... maybe 1 day.

I propose storing greylisted ip addresses in a directory called /var/qmail/greylist. Every time an ip address is greylisted, an empty file would be created in this directory with the ip address as its name. On subsequent hits where ip addresses match a file in the greylist directory, the difference between the current time and the time stamp of the file in question would be compared against GREYWAIT and GREYEXPIRY. There would be three possibilities:

1. If difference is < GREYWAIT, then reset the timestamp on the file (hit occurred before GREYWAIT had passed).
2. If difference is between GREYWAIT and GREYEXPIRY, then let the email pass (probably a legitimate email that you want to let through).
3. If difference is > GREYEXPIRY, then reset the timestamp on the file (essentially, this file had expired and would have soon been removed by some daily or hourly cronjob).

Oh, and I forgot to mention the cronjob. A cronjob is required (hourly or daily, it doesn't really matter) that removes files in the greylist directory where GREYEXPIRY has passed.

One issue is performance when/if the greylist directory gets a lot of files in it. This would not happen on my server, but if you had a really busy email server it might. I propose linking /var/qmail/greylist to a 10MB ram disk. The performance on a ram disk should be quite good.

So, I think that summarizes my vision of how this will work. Looks like I'll be learning some C in the near future. ... unless someone else wants to do this (haha). I'll post back here when I am done. It might be a few months or more.

Paul
 
Old 11-09-2007, 09:37 AM   #62
Apollo77
Member
 
Registered: Feb 2003
Location: Toronto
Distribution: RH8 / FC1 / Gentoo / Debian / FreeBSD / Centos / Ubuntu
Posts: 182

Original Poster
Rep: Reputation: 35
Well, I thought this might take several months. It took 6 days since my last post. I am almost done. I've got this black/white/greylist scheme (with the -g switch) working and it works beautifully.

It will take me maybe another week or so to package this and make it available. I just hate to mess with ucspi-tcp-0.88 (rblsmtpd in particular) because it is a superb piece of programming and has been so reliable. So, I have built a patch that leaves all of the original functionality untouched. The patch adds a new program called "rblsmtpd_bwg" ( bwg = black,white,grey ) to ucspi-tcp-0.88. The new rblsmtpd_bwg is a modified version of rblsmtpd, but rblsmtpd remains even after the patch is applied, so you will be free to use the original rblsmtpd or rblsmtpd_bwg. To activate rblsmtpd_bwg, you will simply apply my patch to ucspi-tcp-0.88, stop qmail, re-install the patched ucspi-tcp-0.88, change "rblsmtpd" to "rbltsmtp_bwg" in your qmail "run" file, then re-start qmail. With no other changes to the qmail run file, everything will function exactly the same as before. However, you will now have the option of changing some or all of your -r switches to -g , thereby using all or some of your rbl's as greylists instead of blacklists. Two other new options (the -w and -e switches) will allow you to set your own greylist "wait" and "expiry" times. Currently, I have the default wait set at 300 seconds (5 minutes) and the default expiry at 86400 seconds (one day). I have been experimenting around and I think I prefer times of 120 seconds and 14400 seconds, respectively. The -w and -e switches will allow you to easily tweak these as you see fit.

Finally, there will be one ruby script based on the "elusive Rudolph" ruby scripts that needs to run as a cron job to clean up the greylist directory periodically. I've got it running hourly and it works well for me.

There is one interesting feature about the "wait" times that may be different from other greylisting schemes. When the same ip address hits a second time within the "wait" period, the wait time gets reset and the waiting period starts over again. This is good because an ip address that continually hammers your mail server or even just hits it once a minute continually will never get through. The entire "wait" time must pass between two attempts from the same rbl-listed ip address before an email will be allowed through. I am finding even with quite small wait times (60 or 120 seconds) greylisting is quite effective and occasional legitimate "false positive" mail from legitimate mail servers gets through with only minor delays.

Not sure if anyone is reading this or cares, but I will make rblsmtpd_bwg available within a week or so. Check back here for details.

Paul

Last edited by Apollo77; 11-09-2007 at 12:28 PM.
 
Old 11-11-2007, 12:15 AM   #63
Apollo77
Member
 
Registered: Feb 2003
Location: Toronto
Distribution: RH8 / FC1 / Gentoo / Debian / FreeBSD / Centos / Ubuntu
Posts: 182

Original Poster
Rep: Reputation: 35
The rblsmtpd_bwg patch is available here:

http://bwg.cooL1.ca

You apply the patch to ucspi-tcp-0.88.

Hope this helps someone.

Paul

Last edited by Apollo77; 11-12-2007 at 02:37 PM.
 
Old 03-29-2008, 05:38 AM   #64
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
hi again.. i am back after very very long time

there is a good software called spamdyke . no patch, just install and add it into smtp-run.. it supports reverse dns check, mx record check, rbl check, blacklists whitelists greylists etc.. plus it does not check anything if user auth via smtpd..

http://www.spamdyke.org/
 
Old 03-29-2008, 09:22 AM   #65
Apollo77
Member
 
Registered: Feb 2003
Location: Toronto
Distribution: RH8 / FC1 / Gentoo / Debian / FreeBSD / Centos / Ubuntu
Posts: 182

Original Poster
Rep: Reputation: 35
Maxut, nice to see you back here.

I have heard of spamdyke, but never checked it out thoroughly until now. Wow, it looks really good! In fact, I am probably going to start using it. Many very good features. I think there is some overlap with magic-smtpd, which I now use. Magic-smtpd is a drop-in replacement for qmail-smtpd. Spamdyke's obvious advantage is that it's a filter and not a patch -- it leaves qmail intact. I like that a lot.

I notice two features it's missing (... I think) that I would like to see:

1) Rejection up-front of messages where the recipient email address does not exist (as opposed to a bounce after accepting the message). Magic-smtpd does this. I am guessing I could keep using magic-smtpd with spamdyke, so this probably is not an issue for me.

2) My greylisting scheme using rblsmtpd_bwg . That is, greylisting based on RBLs. Again, probably not an issue for me because I suspect I could continue using my rblsmtpd_bwg with spamdyke. I am tempted to tweak the code myself to get spamdyke doing this, but maybe I can convince the writer of spamdyke to do it (haha).

So, while I'd like to see these two options, I don't think adding spamdyke to my setup means I need to drop them from my current configuration.

Thanks maxut!

Apollo
 
Old 03-29-2008, 04:33 PM   #66
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
that is so nice to hear from u.. u are really so fast


Quote:
1) Rejection up-front of messages where the recipient email address does not exist (as opposed to a bounce after accepting the message). Magic-smtpd does this. I am guessing I could keep using magic-smtpd with spamdyke, so this probably is not an issue for me.
actually there is a patch called chkuser to check if resipient exist. i use qmail-toaster ( www.qmailtoaster.org ) which includes that patch and so much more... so i already have that thing without magic lol .. qtm is getting much better day by day.. thanks a lot to them i just install and add spamdyke.. i hope they will add spamdyke for next release.. so no need to do anything lol.. also they have good scripts for backup restore and update: http://qtp.qmailtoaster.com/

no idea for the 2nd section.. i think i must try greylists first.. and if i understand codes surely i would like to join them

thanks a lot.
 
Old 03-02-2009, 08:42 AM   #67
akhilkashyap
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Rep: Reputation: 0
Smile Spam Issue not resolve

Quote:
Originally Posted by Apollo77 View Post
As it turns out this was dead simple to implement and it works great. In fact, I am shocked at how well it works. Spam has seemingly been stopped dead while all the good stuff is still getting through.

Here is what I did. First of all you must have ucspi-tcp installed to enable you to run rblsmtpd. Fine I had done that when I originally installed Qmail. All I did was add one thing (see red text below) to this file: /var/qmail/supervise/qmail-smtpd/run

My new "run" file looks like this:
---------------
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" ]; then
echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/qmail-smtpd 2>&1
--------------

All I did was add rblsmtpd -r sbl-xbl.spamhaus.org. That's it. Spamhaus provides info on how to test if spam blocking is working. It is and I can see it in the logs.

Furthermore, this implements exactly what I wanted. Essentially, the SMTP converstation is initiated in the usual way from the spam server. My server then identifies that server as being blacklisted (through the spamhaus service) and terminates the conversation. As I understand it, the spam server gets a message indicating it's been identified on spamhaus, then the conversation is cut off by my server. No spam gets delivered.

This is great.

Apollo

I have tried to implement you script into my qmail-smtpd/run file this is my current file

#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" ; export QMAILQUEUE
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 90000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd mail.iatinfotach.in \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

when i put your file in qmail-smtpd/run file it stoped sending and receiving mails.
and spamassain is running on my server and getting huge amount of spam on evry user mail box.

Please suggest how can i stop this spam mails.
 
Old 03-02-2009, 09:10 AM   #68
akhilkashyap
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Rep: Reputation: 0
hi,

I have tried you script which is below.
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" ]; then
echo QMAILDUID, NOFILESGID, or MAXSMTPD is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
exec /usr/local/bin/softlimit -m 2000000 \
/usr/local/bin/tcpserver -v -R -l 0 -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/qmail-smtpd 2>&1


But when i put this ecript into my /var/qmail/supervise/qmail-smtpd/run file it stop sending and receiving mails.

my file is below

#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" ; export QMAILQUEUE
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 90000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd mail.iapinfotech.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1

Where i sm doing mistake i just simply replace this file with your file and spamassain is running on my server whcih is not worth coz it can't stops spam mails,

Please help
Thanks in Advance
 
Old 03-02-2009, 09:47 AM   #69
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
u may want to try spamdyke.
www.spamdyke.org

if u use qmail-toaster, u can install it by using qtp-plus..
http://qtp.qmailtoaster.com

regards
 
Old 03-02-2009, 12:34 PM   #70
akhilkashyap
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Rep: Reputation: 0
no i have install qmailrocks from qmailrocks.org.

I just configure qmail server i am getting lot of spams how can stop it even clamav and spamassian is running perfectly file in my previous uper post i have sent qmail-smtpd/run file content.

how could i stop these spams mail on my mail server please guide and help to stop spamming.

Akhil
 
Old 03-05-2009, 02:22 AM   #71
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
qmailrocks is very old and not a live project. Especially u need the latest version of clam for security.

if i were u i would install toaster.
toaster has necessary patches for a modern qmail MTA (chkuser,domaikeys,SPF,remote-auth etc..).
The mots of those patches will help u to stop spams. And u should also install spamdyke.

best regards
 
  


Reply

Tags
greylist, qmail


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking SPAM in Sendmail jomy Linux - Networking 4 03-23-2005 01:19 AM
Spam assassin with qmail Rhiannon Fedora 0 05-04-2004 04:57 AM
Sendmail: blocking spam pk21 Linux - Software 1 08-21-2003 05:28 AM
filtering spam in Qmail? IceNineJon Linux - Software 2 07-05-2003 02:35 PM
blocking forum spam with snort rule? JustinHoMi Linux - Security 1 02-04-2002 05:50 PM


All times are GMT -5. The time now is 10:14 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration