pleased so far

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Re: pleased so far

Helmut Fritz

Thx!  will go read some more.  J

 

From: users [mailto:[hidden email]] On Behalf Of Gordon Dickens
Sent: Tuesday, April 19, 2016 12:21 PM
To: Exim4U General Discussion
Subject: Re: [Exim4U] pleased so far

 

/usr/local/etc/mail/spamassassin/local.cf is system wide.  However, if I remember correctly, you can combine spamassassin rules.  So, you would combine a whitelist rule with a recipient rule.  You should read the spamassassin documentation.

I don't remember if exim4u_IPwhitelist will resolve hostnames.  You should run some tests.




On 04/19/2016 03:14 PM, Helmut Fritz wrote:

That does beg another question though, sorry.

 

If I whitelist in Spamassassin’s local.cf does that get used everywhere?  Or do I need to whitelist in one of the exim4u files?  Or both?

 

If in an exim4u file, I see exim4u_IPwhitelist but can that take and resolve hostnames as well?

 

From: users [[hidden email]] On Behalf Of Helmut Fritz
Sent: Tuesday, April 19, 2016 12:09 PM
To: 'Exim4U General Discussion'
Subject: Re: [Exim4U] pleased so far

 

Thx Gordon, yeah I kinda figured.  That or they are bulk email provider and do so many that they do not bother with a resend.

 

Now is where per user whitelisting would be nice.  J  Of course in my wife’s case it could be weeks before she realizes she is not getting some of these.  It is my other users I am more concerned about.

 

From: users [[hidden email]] On Behalf Of Gordon Dickens
Sent: Tuesday, April 19, 2016 11:59 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] pleased so far

 

I don't think that they are resending the same message.  The subsequent message is most probably a new email.  A very few number of  special purpose servers (mostly windows server) are not compliant with the rules regarding resending after temporary errors. All legitimate mail servers resend, however, some that don't are direct marketing servers, etc. It would be the same if your server was down for a few minutes due to maintenance....

Whitelisting in Spamassassin will prevent greylisting based on spamscore.  So, I would do that.



On 04/19/2016 02:47 PM, Helmut Fritz wrote:

OK – found the same entry, except for ID, 3 times in the greylist.db.  That explains the relist.  The first column is ID, second is expiry time.

 

"VaVueV6VAzapTPcoUley"         "1460822883"     "198.2.133.190" "mail.private-eclub.com"

"aSSXEAkNnUVM1ggcgYhU"      "1460995856"     "198.2.133.190" "mail.private-eclub.com"

"sdYFNHuQnoXeDxoigBIm"        "1461014544"     "198.2.133.190" "mail.private-eclub.com"

 

That is from the greylist table.  There is no entry in the resenders table, and obviously it is sending again.

 

It seems the issue comes from trying to match the id, and that is not(?) going to happen as it is generated as such:

 

  # Generate a hashed 'identity' for the mail, as described above.

  warn set acl_m_greyident = ${hash{20}{62}{$sender_address$recipients$h_message-id:}}

 

Is the message-id not unique for every message sent?

 

But then again, *something* is working as the resenders database is actually populated with 25 entries. 

 

I guess I have to scrub my logs to see if there are legit senders that do not resend (immediately?) and whitelist them?  or remove greylisting?

 

Thx!

 

 

 

 

 

From: users [[hidden email]] On Behalf Of Gordon Dickens
Sent: Tuesday, April 19, 2016 10:07 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] pleased so far

 

I'm not sure what is going on and which IP address is being greylisted. You could look at the sqlite database to see.  The certificate error doesn't have anything to do with it.


 

On 04/19/2016 12:21 PM, Helmut Fritz wrote:

OK – got it.

 

Both of those emails came in on the same ip address [198.2.133.190], but it looks like the greylisting did not make an entry as it says or the second email was greylisted as well for some reason?

 

Does the certificate lookup have something do to with it (I would not think so, but?)?  there is an ip of [52.35.107.200] the first try and [52.36.64.127] the second time, they resolve to amazon web services.

 

Thx Gordon.

 

From: users [[hidden email]] On Behalf Of Gordon Dickens
Sent: Tuesday, April 19, 2016 6:58 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] pleased so far

 

Greylisting works on the basis of the sending server's IP address.  Many large ISPs and some other companies have multiple sending servers so that is probably why you are seeing the same sender email address greylisted multiple times.
 
This is how greylisting works in Exim4U.  First, If the spamscore > 0 then the IP is greylisted for 5 minutes. A "temporary error" is given to the sending server with the message "Mail is suspicious. Please retry later." Then, after 5 minutes, the IP address is whitelisted for 7 days by default during which time that IP address will no longer by greylisted.

The length of time of the whitelisting can be changed by editing the greylist-tidy.sh script.  You can whitelist forever by never runing the greylist-tidy.sh script. You can also disable greylisting by commenting out the greylisting stanzas in exim.conf.

Gordon


On 04/18/2016 08:04 PM, Helmut Fritz wrote:

Thx.

 

Can I ask how greylisting works?  I am getting some emails greylisted, but then later in the day I see the same(?) email get put into greylisting again?  I know my wife wants these – she likes pickupstix!  J  does the greylist ‘time out’ after a short period and the listing gets removed and then the process starts over with a subsequent email?  One of these also tried to come in on the 16th as well with the same Greylisting results.

 

First one at 9:05:

 

2016-04-18 09:05:52 1asBgO-0008n5-DS DKIM: d=private-eclub.com s=mandrill c=relaxed/relaxed a=rsa-sha

1 [hidden email] [verification succeeded]

2016-04-18 09:05:52 1asBgO-0008n5-DS DKIM: d=mandrillapp.com s=mandrill c=relaxed/relaxed a=rsa-sha25

6 [hidden email] t=1460995555 [verification succeeded]

2016-04-18 09:05:55 1asBgO-0008n5-DS H=mail.private-eclub.com [198.2.133.190] Warning: spam-score-int

: 8 (/). spamreject: 100.

2016-04-18 09:05:55 1asBgO-0008n5-DS [52.35.107.200] SSL verify error: certificate name mismatch: "/C

=US/ST=Georgia/L=Atlanta/O=The Rocket Science Group, LLC/OU=Product Dev/CN=mandrillapp.com"

2016-04-18 09:05:56 1asBgO-0008n5-DS H=mail.private-eclub.com [198.2.133.190] X=TLSv1.2:ECDHE-RSA-AES

256-GCM-SHA384:256 CV=no F=<bounce-md_30309491.571505e3.v1-c52681dae0f448cf8eb38c54b51cc664@mandrilla

pp.com> temporarily rejected after DATA: Greylisted <<30309491.20160418160555.571505e316d8a7.30472963

@mail.private-eclub.com>> from <bounce-md_30309491.571505e3.v1-c52681dae0f448cf8eb38c54b51cc664@mandr

illapp.com> for offences: Message has 8 integer spamscore points,

 

second one at 14:17:

 

2016-04-18 14:17:21 1asGXp-0009aq-6x DKIM: d=private-eclub.com s=mandrill c=relaxed/relaxed a=rsa-sha

1 [hidden email] [verification succeeded]

2016-04-18 14:17:21 1asGXp-0009aq-6x DKIM: d=mandrillapp.com s=mandrill c=relaxed/relaxed a=rsa-sha25

6 [hidden email] t=1461014243 [verification succeeded]

2016-04-18 14:17:23 1asGXp-0009aq-6x H=mail.private-eclub.com [198.2.133.190] Warning: spam-score-int

: 8 (/). spamreject: 100.

2016-04-18 14:17:24 1asGXp-0009aq-6x [52.36.64.127] SSL verify error: certificate name mismatch: "/C=

US/ST=Georgia/L=Atlanta/O=The Rocket Science Group, LLC/OU=Product Dev/CN=mandrillapp.com"

2016-04-18 14:17:24 1asGXp-0009aq-6x H=mail.private-eclub.com [198.2.133.190] X=TLSv1.2:ECDHE-RSA-AES

256-GCM-SHA384:256 CV=no F=<bounce-md_30309491.57154ee3.v1-efd95e1202bd45ab8e34dd3049e13ea9@mandrilla

pp.com> temporarily rejected after DATA: Greylisted <<30309491.20160418211723.57154ee3b7d461.61908974

@mail.private-eclub.com>> from <bounce-md_30309491.57154ee3.v1-efd95e1202bd45ab8e34dd3049e13ea9@mandr

illapp.com> for offences: Message has 8 integer spamscore points,

 

 

From: users [[hidden email]] On Behalf Of Gordon Dickens
Sent: Monday, April 18, 2016 2:44 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] pleased so far

 

All of the dnsbls included in the exim.conf config are used for each incoming email. There are many other dnsbls that are available.  It has been several years since I have looked at it, however, at that time I determined that spamhaus.org, spamcop.net and surriel.com had the most complete listings with the fewest false positives with spamhaus.org being the overall best service.

To get an idea, this site is used to lookup IP addresses on many of the dnsbls:

http://www.dnsbl.info/dnsbl-database-check.php

There are 61 dnsbls listed on that dnsbl.info site alone.

FYI,

Gordon



On 04/17/2016 11:05 PM, Helmut Fritz wrote:

Thx Gordon.

 

I was hoping for each user to be able to do their own spam white and black listing and training, even as far as a per user spam quarantine (ala Barracuda).  I do currently, on my old mail server, set up the white and blacklist myself manually in the config file as you mentioned. 

 

So far it looks like I have only had two false positives due to spamcop, so I did remove them from the check.  All the other rejects have been legit.

 

Does the system rotate through the listed dnsbl’s?  or does ti check each of them for every message?

 

Are there others that are free and have a good reputation (especially no false potitives)?

 

Helmut

 

From: users [[hidden email]] On Behalf Of Gordon Dickens
Sent: Sunday, April 17, 2016 2:37 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] pleased so far

 

Hi Helmut,

Yes, just modify that section of exim.conf and comment out all dnsbl's except spamhaus so that you are only using spamhaus.org.  Recently, over the past  couple of years or so, spamcop has started including some direct marketing domains that are not classic spammers with the theory that, if their bulk mail ends up in their spam traps then they should be blocked no matter who they are.

You can train spamassassin globally or for each local domain but not for exim virtual domains.  Nevertheless, you can probably get where you want to be with whitelisting/blacklisting in /usr/local/etc/mail/spamassassin/local.cf for FreeBSD.  See:

https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html

For example, to whitelist senders, use either whitelist_from_rcvd or whitelist_from.

You can also adjust the Spamassassin Tag Score for each virtual user in the Exim4U web interface.

FYI,

Gordon



On 04/16/2016 11:39 PM, Helmut Fritz wrote:

I believe I have found the proper way to massage the dnsbl’s; seems it is in the exim.conf, these lines (I am not using just the line with spamhaus)::

 

  # exim4u: increment ratelimit rate with RBL detection and rejection.

                drop

#               dnslists        = zen.spamhaus.org:bl.spamcop.net:psbl.surriel.com

#               dnslists        = zen.spamhaus.org:bl.spamcop.net

               dnslists        = zen.spamhaus.org

                log_message     = Spammer rejected. DNSBL listed at $dnslist_domain at $dnslist_text.

Ratelimit incremented.

                ratelimit       = 0 / 2h / strict / per_conn

                message         = Spammer rejected. DNSBL listed at $dnslist_domain at $dnslist_text.

 

Please correct me if I am wrong.

 

Also, as originally asked, is there any facility for per user whitelist/blacklist and ham/spam training?

 

Thx.

 

Helmut

 

From: users [[hidden email]] On Behalf Of Helmut Fritz
Sent: Saturday, April 16, 2016 7:13 PM
To: 'Exim4U General Discussion'
Subject: Re: [Exim4U] pleased so far

 

It looks like spamcop is the offending BL for both of those emails.  Any way to just disable a particular BL?

 

I am digging through config files now, but I am nto clear if I should use this in local.cf for spamassassin:

 

dns_query_restriction deny bl.spamcop.net

 

or do something else?

 

 

 

From: users [[hidden email]] On Behalf Of Helmut Fritz
Sent: Saturday, April 16, 2016 6:32 PM
To: 'Exim4U General Discussion'
Subject: [Exim4U] pleased so far

 

Gordon,

So far I am REALLY liking the exim4u setup.  SPAM has become non-existent on the domain I have moved over to the exim4u server.

 

This work is very much appreciated, and a big thanks to the vexim people too as well and anyone else that has contributed

 

Anyone (if you get to this before Gordon!),

A couple emails have come in (I see them in the logs) that my wife wants ( ugh ) that the rest fo the world, including myself, would consider spam.  How to ensure these come through?  Can she add to whitelist herself through her account management?  I logged in as her but only saw a block filter customization?  Is this something only to be done through webmail?

 

2016-04-15 23:21:18 H=outbound-191-242.usw2.aws.post.pinterest.com [54.149.191.242] X=TLSv1.2:ECDHE-RS

A-AES256-GCM-SHA384:256 CV=no F=<[hidden email]> rejected RCPT <[hidden email]>: Spammer rejected. DNSBL listed at bl.spamcop.net at Blocked - see http://www.spamcop.net/bl.shtml?54.149.191.242. Ratelimit incremented.

 

 

Also, is there a spam/ham training facility either for the server as a whole, per domain, or per user?  i.e. ham@ and spam@ to which emails can be sent to for training?

 

Am I missing a portion of documentation to read?  I am fine with someone stating to RTFM, please tell me where the M is.  J

 

 

Thx.

 

Helmut








_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 







_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 






_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 





_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 




_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 




_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users

 


_______________________________________________
users mailing list
[hidden email]
https://exim4u.org/mailman/listinfo/users
12