LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 09-24-2007, 12:08 PM   #1
TexasMike
LQ Newbie
 
Registered: Jun 2006
Posts: 19

Rep: Reputation: 0
Questions about Sendmail, Spamassassin, MailScanner


Hello all,
This may not be the correct forum for my question but I shall try it here. (Moderator: Please feel free to move to appropriate forum if necessary)

I run RHEL (ES) Ver. 4.x as a small server, hosting several small domains. This system runs Sendmail, Spamassassin, and MailScanner. All appear to be working well. My problem is that I need assistance with tweaking the configuration to make the system better. I am including a copy of my daily system LogWatch report for reference, at the end of this message. What I want to know is how to add the IP addresses for certain sites to some file/DB/whatever so that these emails are refused - not accepted for delivery (I get several hundred per day as system admin). I want to add all those in the "Top relays" section, the "Relaying denied" section, the "Client quit before communicating" section, and the "Authentication warnings" section. All these addresses are apparently malicious in one way or another. I want to stop this stuff from even reaching my Inbox as much as possible.

Additionally, I would like to add IPs or Domain Names for anything that Spamassassin marks as {SPAM} in the header of received messages (in an email program such as Evolution, Outlook, etc.), after verification that it is SPAM, and coming from some "unknown" rather a "known" email address. I have one other little issue - Spamassassin/MailSacnner is marking my system/daily-report emails to the "root" user as follows:
To: root@mom-3.com
Subject: {Spam?} LogWatch for mom-3.com
(these are the emails sent to the administrator or"root" user from the system for daily reports).
How do I correct this "error" and make it quit flagging my root mail (from the internal system reports) as SPAM?

Also, is there a program or applet that will give me a "user friendly" administration interface that could do all this? Getting this far has been a bit of a chore. It would be nice if there was a "centralized" (even GUI) interface for administering these features on a daily basis.
I guess that about covers my "Wish List"!! So... here is the Logwatch report received today:

BEGIN LOGWATCH:

################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Mon Sep 24 04:02:03 2007
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: mom-3.com
################################################################

--------------------- httpd Begin ------------------------

Requests with error response codes
GET /Page748.htm HTTP/1.0 with response code(s) 404 2 responses
HEAD / HTTP/1.1 with response code(s) 403 1 responses, 404 2 responses
GET /robots.txt HTTP/1.1 with response code(s) 404 7 responses
GET / HTTP/1.0 with response code(s) 401 2 responses, 403 1 responses
GET /cgi-bin/awstats.pl HTTP/1.0 with response code(s) 404 1 responses
GET /robots.txt HTTP/1.0 with response code(s) 401 4 responses, 404 33 responses
GET /LPRng/IFHP-HOWTO-7.html HTTP/1.0 with response code(s) 404 1 responses
GET /LPRng/LPRng-HOWTO-12.html HTTP/1.0 with response code(s) 404 1 responses
GET /favicon.ico HTTP/1.1 with response code(s) 404 4 responses
GET / HTTP/1.1 with response code(s) 401 2 responses, 403 1 responses, 404 2 responses
GET /july2007newsletter.pdf HTTP/1.0 with response code(s) 404 2 responses

---------------------- httpd End -------------------------


--------------------- MailScanner Begin ------------------------


MailScanner Status:
919 messages Scanned by MailScanner
2798438 Total Bytes
663 Spam messages detected by MailScanner
919 Messages delivered by MailScanner

Content Report: (Total Seen = )
and have disarmed phishing tags in HTML message: 2 Times(s)
and have disarmed script tags in HTML message: 1 Times(s)
and have disarmed web bug tags in HTML message: 60 Times(s)
and have disarmed web bug, form tags in HTML message: 1 Times(s)
and have disarmed web bug, phishing tags in HTML message: 1 Times(s)

**Unmatched Entries**
Expired 1 records from the SpamAssassin cache : 79 Time(s)
Expired 2 records from the SpamAssassin cache : 40 Time(s)
Expired 4 records from the SpamAssassin cache : 37 Time(s)
Expired 3 records from the SpamAssassin cache : 26 Time(s)
Connected to SpamAssassin cache database : 24 Time(s)
Read 794 hostnames from the phishing whitelist : 24 Time(s)
Enabling SpamAssassin auto-whitelist functionality... : 24 Time(s)
Using SpamAssassin results cache : 24 Time(s)
Using locktype = posix : 24 Time(s)
SpamAssassin temporary working directory is /var/spool/MailScanner/incoming/SpamAssassin-Temp : 24 Time(s)
Creating hardcoded struct_flock subroutine for linux (Linux-type) : 24 Time(s)
Expired 5 records from the SpamAssassin cache : 12 Time(s)
Expired 7 records from the SpamAssassin cache : 10 Time(s)
Expired 6 records from the SpamAssassin cache : 8 Time(s)
Expired 8 records from the SpamAssassin cache : 4 Time(s)
Expired 11 records from the SpamAssassin cache : 2 Time(s)
Expired 9 records from the SpamAssassin cache : 2 Time(s)
Found phishing fraud from view.beliefnet.com claiming to be www.beliefnet.com in l8N9kFFx032315 : 2 Time(s)
SpamAssassin cache hit for message l8NJ9GaZ008193 : 1 Time(s)
Expired 19 records from the SpamAssassin cache : 1 Time(s)
Expired 17 records from the SpamAssassin cache : 1 Time(s)
Expired 13 records from the SpamAssassin cache : 1 Time(s)
SpamAssassin cache hit for message l8NNPbQs011546 : 1 Time(s)
SpamAssassin cache hit for message l8NK1vYY008912 : 1 Time(s)
SpamAssassin cache hit for message l8NFVeSB005985 : 1 Time(s)
Expired 15 records from the SpamAssassin cache : 1 Time(s)
SpamAssassin cache hit for message l8NHWmwx007290 : 1 Time(s)
Found phishing fraud from countryfinder.com claiming to be www.rightherewithinsurance.com in l8O1LcKw012721 : 1 Time(s)
Found phishing fraud from moneymanagergps-id006565096.citizensbank.com.du4rdom1.gz.cn claiming to be www.moneymanagergps-id006565096.citizensbank.com in l8NK4ueA009083 : 1 Time(s)
SpamAssassin cache hit for message l8NFVgTk005989 : 1 Time(s)
SpamAssassin cache hit for message l8NEnxiE005411 : 1 Time(s)
SpamAssassin cache hit for message l8O0Empn012050 : 1 Time(s)
SpamAssassin cache hit for message l8NMnOo6011122 : 1 Time(s)
Expired 10 records from the SpamAssassin cache : 1 Time(s)
SpamAssassin cache hit for message l8NCR0iJ001858 : 1 Time(s)

---------------------- MailScanner End -------------------------


--------------------- sendmail Begin ------------------------



Bytes Transferred: 2338431
Messages Sent: 985
Total recipients: 1025

Unknown local users:

Total: 177


Top relays (recipients/connections - min 10 rcpts, max 50 lines):
71/71: 94.mon.static.versans1.com [216.66.235.94]
42/42: 94.box.static.gigecalnet.com [209.101.75.94]
38/38: 64.bo.static.versans1.com [216.66.235.64]
28/28: 174.mon.static.versans1.com [216.66.235.174]
20/20: 64.ip.static.gigecalnet.com [209.101.75.64]
20/20: 174.box.static.gigecalnet.com [209.101.75.174]
10/10: 200.84.194-174.dyn.dsl.cantv.net [200.84.194.174]


Relaying denied:
From 61-224-32-175.dynamic.hinet.net [61.224.32.175] to dvdr_mail2000@yahoo.com.cn: 1 Time(s)
From [212.96.200.55] to frankb@cts.bz: 1 Time(s)

Total: 2


Client quit before communicating:
116.45.135.184 : 1 Time(s)
121.63.248.161 : 1 Time(s)
123.195.85.82 : 1 Time(s)
124.120.14.71 : 8 Time(s)
151.199.58.77 : 1 Time(s)
166.102.205.70 : 1 Time(s)
189.130.51.55 : 10 Time(s)
189.48.244.78 : 1 Time(s)
190-39-94-95.dyn.dsl.cantv.net : 1 Time(s)
190.142.8.224 : 1 Time(s)
193.111.11.143 : 2 Time(s)
193.77.177.228 : 1 Time(s)
195.161.212.173 : 1 Time(s)
195.28.33.162 : 4 Time(s)
200.28.169.8 : 2 Time(s)
200.74.109.222 : 1 Time(s)
201-255-54-147.mrse.com.ar : 1 Time(s)
201.24.42.196 : 1 Time(s)
201.27.157.252 : 1 Time(s)
201.67.110.205 : 1 Time(s)
201.79.103.205 : 1 Time(s)
203.149.56.172 : 1 Time(s)
209.101.75.174 : 3 Time(s)
209.101.75.64 : 4 Time(s)
209.101.75.94 : 14 Time(s)
210.188.78.66.aeneasdsl.com : 1 Time(s)
213.178.245.40 : 1 Time(s)
213.87.52.68 : 1 Time(s)
216.66.235.174 : 9 Time(s)
216.66.235.64 : 3 Time(s)
216.66.235.94 : 6 Time(s)
218.107.56.7 : 1 Time(s)
218.202.222.138 : 1 Time(s)
218.211.77.211 : 1 Time(s)
219.103.189.159 : 1 Time(s)
219.128.22.173 : 1 Time(s)
219.162.236.145 : 1 Time(s)
58.181.233.150 : 1 Time(s)
61.224.32.175 : 1 Time(s)
62.30.73.22 : 1 Time(s)
62.42.14.149.dyn.user.ono.com : 2 Time(s)
64.31.151.164 : 1 Time(s)
65.244.16.243 : 5 Time(s)
67.163.216.92 : 1 Time(s)
71.103.117.31 : 1 Time(s)
71.190.160.178 : 5 Time(s)
71.199.245.36 : 1 Time(s)
71.6.145.101 : 1 Time(s)
71.6.145.104 : 1 Time(s)
72.10.72.211 : 1 Time(s)
74.61.89.211 : 1 Time(s)
76.24.90.54 : 1 Time(s)
78-131-148-6.tktelekom.pl : 1 Time(s)
78.48.125.102 : 1 Time(s)
78.84.22.41 : 3 Time(s)
80.251.192.4 : 1 Time(s)
81.198.136.192 : 1 Time(s)
82.115.92.63 : 1 Time(s)
82.135.192.139 : 6 Time(s)
84.164.126.191 : 1 Time(s)
84.204.79.29 : 3 Time(s)
87.18.244.31 : 1 Time(s)
87.97.120.249 : 1 Time(s)
89.2.176.222 : 1 Time(s)
89.223.47.21 : 6 Time(s)
89.232.8.20 : 6 Time(s)
89.33.180.213 : 1 Time(s)
90.40.180.204 : 1 Time(s)
HSI-KBW-091-089-099-248.hsi2.kabelbw.de : 1 Time(s)
dsl-189-152-25-139.prod-infinitum.com.mx : 1 Time(s)
h213.80.88.75.ip.alltel.net : 1 Time(s)
pool-138-89-46-160.mad.east.verizon.net : 1 Time(s)


Authentication warnings:
61-224-32-175.dynamic.hinet.net [61.224.32.175] didn't use HELO protocol: 1 Time(s)

**Unmatched Entries**
SYSERR(root): collect: read timeout on connection from 66-190-241-226.dhcp.klmt.or.charter.com, from=<fxhmzbadnbv@charter.com>: 1 Time(s)
SYSERR(root): collect: read timeout on connection from dsl-189-130-51-55.prod-infinitum.com.mx, from=<jramsay@sabatini.tv>: 1 Time(s)
SYSERR(root): collect: read timeout on connection from [121.63.248.161], from=<Stanley1Holden@freemen.com>: 1 Time(s)


Summary:
Total Mail Rejected: 179

---------------------- sendmail End -------------------------



------------------ Disk Space --------------------

/dev/mapper/VolGroup00-LogVol00
36G 12G 23G 34% /
/dev/hda1 99M 42M 53M 45% /boot


###################### LogWatch End #########################


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


END LOGWATCH

Any assistance or pointers will be most appreciated.....

Regards...
TexasMike
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Running Mailscanner with sendmail, spamassassin and ClamAV the_gripmaster Linux - Software 0 07-19-2007 10:05 AM
Mailscanner With Spamassassin + Clamav On The Same Server treedstang Linux - Enterprise 3 02-09-2006 10:53 PM
problem with mailscanner & spamassassin jrafalek Linux - Software 1 03-27-2005 03:51 AM
i need a mailscanner or spamassassin conf files gigi Linux - Software 1 02-01-2005 08:01 AM
MailScanner and Spamassassin Question? gsmonk Linux - Software 4 01-06-2004 01:03 AM


All times are GMT -5. The time now is 07:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration