A little addition to Rockys excellent

Discussion in 'Tips/Tricks/Mods' started by filfish, Nov 11, 2009.

  1. filfish

    filfish New Member

    A little addition to Rockys excellent spamsnake

    Creating a whitelisting web page to help simplify our lives just a little.

    This is my little addition, and it's aimed at any of you who like me (until a few months ago) wondered why when I added someone to the whitelist through the mailwatch pages, those senders emails still got stuck in the greylist, and also for those that know why but go in and do it manually through mysql commands. I don't pretend this is the best way to do this, but this is my way for now, hopefully this will inspire others to come up with and share better solutions.

    A basic overview first!

    The perfect spamsnake is a bit like a double edged knife, on one side greylisting, on the other side spam filtering. greylisting is where the server rejects emails from senders until a pre-defined time has passed, unless that sender is in a specific whitelist. on the other side of the blade is spam filtering, this is the process of checking emails that have been allowed past the greylisting side for spam, again these also have a whitelist to allow senders or sender/recipient pairs to go through unchecked, this is the whitelist that you add emails to if you add them via the mailwatch web pages setup during the spamsnake tutorial.

    So you receive emails from [email protected] almost everyday, and these are often mission critical emails, you need to get them through without delay, you've added them to the whitlist in the mailwatch page, but they are still delayed. Ok so now you know why, what can we do about it?

    Originally I started off by manually entering them one by one directly through mysql, i'd login through ssh and run a command

    <code>
    mysql> insert into whitelist values ('<ip address>','<Domain Name>');
    </code>

    This worked fine, but was a bit cumbersome when adding quite a few especially as you had to find the ip address of the sending server first, i found that the easiest way was to find the ip[ address through mailwatch of ones that had already come through, especially as safesender.com has several mail servers

    mail1.safesender.com 123.456.789.123
    mail2.safesender.com 123.456.789.124
    mail3....

    if I searched the logs when an email was expected, i might see mail2.safesender.com and whitelist that, but the very next send from them may come from mail1 etc

    So I took to doing a round of nslookup, if a senders mail server had a number in it that looked like it might be a counter eg mail1 would be quite a good indicator that there may be more than one mail server at the sending domain, so a quick nslookup

    nslookup mail2.safesender.com
    nslookup mail3.safesender.com
    etc..

    quickly finds all the (assumed) other sending servers for safesender.com (If you know a better way please do share it with us.)

    Know we know how to get some ip addresses, if like me, you keep the mailwatch page open allday (for keeping an eye on quarantine etc) but would rather not have an ssh link in all day, how else can we do this?

    Easy, through a web page, and you can put it in the same directory on the server as your mailwatch pages and also add the session details to it to ensure it is covered by the same login session as your mailwatch page.

    Here' how:-

    First of all create a blank page in your mailwatch web folder called whitelist.php, default location is /var/www/mailscanner/

    Now I'm not a web developer so I'm using tables for my layout rather than css2 but you can play around with the layout and do it how you like, also my php isn't that hot either so comments to tidy it up are always welcome, but here's mine anyway, it works at least!

    Please dont use the <code> and <\code> tags, they are simply there to show you which bits are the actual code I used.

    First things first add the following to the top of the page

    <code>
    <?
    require("./functions.php");
    authenticate();
    ?>
    <\code>

    This know ties the page into the login sessions so you cant access it unless you log in first.

    Create a table and a link back to the mailwatch page and also a logout link.

    <code>
    <table width='100%'>
    <tr>
    <td width='50%' align='left'><a href='index.php'>Back to MailScanner Front Page.</a></td>
    <td width='50%' align='right'><a href='logout.php'>Log Out</a></td></tr></table>
    <\code>

    I have a small form at the top of my page so I can search for domains to see what is already listed
    if I serach for safesender i get a list off ALL the listings for <any prefix>.safesender.<any extension>
    This is great so i don't needlesly add the same on over and over again.

    <code>
    <h2>Pre-check</h2>
    <form actio=whitelist.php method='POST' name='precheck'>
    Domain Name:<input type='text' name='dcheck'>
    <input type='submit' value='Pre-Check Domain Name'>
    </form>
    </code>

    Lets check that a domain name was entereed, if so, we can run a search on the database and display the results or a message if no domain was found.
    the default database for this if you follwed the tutorial id gld_db.

    <code>
    <?
    if($_POST['dcheck']) {
    mysql_connect("localhost", "<dbuser>", "<dbpassword>") or die(mysql_error());
    mysql_select_db("<database>") or die(mysql_error());
    $my_query_string=$_POST['dcheck'];
    $result = mysql_query("SELECT * FROM whitelist where comment like '%$my_query_string%'")
    or die(mysql_error());

    // store the record of the "example" table into $row
    // $row = mysql_fetch_array( $result );

    $num_rows = mysql_num_rows($result);

    if($num_rows > 0) {
    echo "The following are already entered in the whitelist!";
    echo "<table width='500' border='1'><tr><td><b>IP Address</b></td><td><b>Domain</b></td></tr>";

    while($i<$num_rows) {
    $ipaddress=mysql_result($result,$i,'mail');
    $domainname=mysql_result($result,$i,'comment');
    echo "<tr><td>$ipaddress</td><td>$domainname</tr>";
    $i++;
    }

    echo "</table>";
    } else {
    echo "Domain <b>" . $my_query_string . "</b> not found in the white list.<br>";
    }
    mysql_close();
    $i=0;
    }
    ?>
    <\code>

    Now lets create a form for the domain name and IP address we want to enter into the whitelist.
    (as i've been rather lazy with my code, you must add a domain and an ip address or it won't work, but that's a good thing so at least you know who you've whitelisted!)

    <code>
    <h2>White listing</h2>

    When inserting the domain name, if possible add the server name as well such as mail1.safesender.com<br><br>

    You must enter both the IP Address and the Domain name<br><br>


    <form actio=whitelist.php method='POST'>
    Domain Name:<input type='text' name='domain'><br>
    IP Address :<input type='text' name='address'><br>
    <input type='submit' value='Add to Whitelist'>
    </form>

    <?
    if ($_POST['domain'] && $_POST['address']) {

    $myDomain=$_POST['domain'];
    $myAddress=$_POST['address'];


    mysql_connect("localhost", "<dbuser>", "<dbpassword>") or die(mysql_error());
    mysql_select_db("<database>") or die(mysql_error());

    mysql_query("INSERT INTO whitelist
    (mail,comment) VALUES('$myAddress', '$myDomain' ) ")
    or die(mysql_error());

    mysql_close();

    echo "Added $myDomain to the whitelist";

    }
    ?>
    <\code>

    That's about the web page done, but you need one last thing to make it a bit easier, a link from the mailwatch pages in to this one.

    Again, i've been very crude with this, I've just added a plain text link at the top of everypage. Open up the functions.php file from your mailwatch folder (/var/www/mailscanner by default) and just bellow

    </HEAD>
    <BODY>

    add

    <code>
    A href='whitelist.php' target='_blank'>Click here to add to whitelist sending servers</a>
    </code>

    And that is about it.

    There are many areas that could be tidied up, but by doing this, I no longer need to ssh into my spamsnake to whitelist sending servers, you will still need to add the to the mailwatch whitelist if you wish to avoid them being scanned for spam.

    How you use this page is up to you, this is how I do it for a university and it works great for me, if you try it my way and it breaks something, i'm not to blame, this works on my setup but i can't guarantee it will on yours, this is purely here as an information point so that people can discuss and create a better way of adding to their whitelist, you can add as many functions to this as you like, i also have a link to print out my whitelist, and another to download a tab delimited text file of it so i can import it to another server with ease if needed.

    Enjoy

    Phil
     
    Last edited: Nov 11, 2009
    filfish, Nov 11, 2009
    #1

Share This Page