Global SPAM Blacklist and Whitelist

Discussion in 'General' started by iovo, Nov 1, 2006.

  1. iovo

    iovo New Member

    Hello,
    How can i set global SPAM Blacklist and Whitelist for all e-mail user?

    Thanks
     
  2. falko

    falko Super Moderator Howtoforge Staff

    You can set this in SpamAssassin's global configuration file /home/admispconfig/ispconfig/tools/spamassassin/etc/mail/spamassassin/local.cf.
     
  3. AlArenal

    AlArenal New Member

    We are currently running into problems with some of our customers, because mail from addresses hosted on the same box gets incorrectly classified as spam. This morning we had an issue with mail from one person sending an email to another person (same domain) getting classified as spam (score of 5.7-5.9 mostly coming from SORBS (2.0) and NJABL (1.7)).

    I turned RBL off in the global config file and now the customer receives viagra mails... :(

    I understand that you cannot have a spam filter with a 100% correct hits, but there has to be a way to automatically add all domains / email addresses hosted on my box to a global whitelist.

    I cannot find such a feature. Would it be easy to write a plugin for ISPConfig to do that? Is such a feature planned for ISPC 3?
     
  4. falko

    falko Super Moderator Howtoforge Staff

  5. AlArenal

    AlArenal New Member

    All 6 IP addresses of the server are listed clean.

    I know about ISPC's whitelist feature, but using it in this case would mean endless work. Take this scenario as an example:

    - the server hosts 20 webs/domains
    - a new web/domain gets added
    - I'd have to manually add the 20 old domains to the new web's whitelist and add the new domain(s) to the old webs' whitelists

    Easy to imagine that noone would ever want to take such a burden.
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    Your problem is not really ISPConfig related as we have not written our own spamfilter, ISPConfig uses spamassassin. If spamassassin or in your case the sorbs and njabl lists score a message wrong, we can not change that.

    Adding all email addresses or local domains to a whitelist will open up your server to spam too, as spam senders use faked email addresses to send emails which might belong to your server too.

    If you want to add all domains to a whitelist automatically, you will have to write such a feature. ISPConfig 3 useses amavis + spamassassin where a global whitelist might be easier to implement.

    I recommend you to see why you are listed on sorbs instead and to remove your server from the blacklists.

    But why is Sorbs and njabl reporting your mail as spam then? You should check the hostname of your mailserver too or the blacklisting of your server expired already.
     
  7. AlArenal

    AlArenal New Member

    I understand what you mean by saying this problem is not clearly ISPC related. I though a global whitelist would be a solution and after reading your post it seems I'm wrong as I understand your point with faked email addresses.

    The mails that got forwarded to me for further education told me this:
    2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
    address
    [87.161.223.122 listed in dnsbl.sorbs.net]
    1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
    [87.161.223.122 listed in combined.njabl.org]

    Obviously I cannot force our customers to get themselves a static ip address ;) My first guess is, that there has to be a way to say: "This mail got sent through SMTP on this machine and therefore it can be trusted (unless my SMTP is not secure, but then I am in admin hell anyway) regardless from which IP it got sent."

    I concede this all may have to do with the fact I never before had to deal closely with spamassassin and therefore I am lacking some fundamental knowledge of its configuration. Consider me your apprentice ;)
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    I'am using also a dynamic IP on my workstation as most poeple with a "normal" DSL account.

    Please check how your customers ends this mail, I'am pretty sure that he did not use your mailserver as smtp server in his mail client. I guess he runs a local mailserver at home or in office that sends the emails directly by smtp and did not use your server as mail relay. Please ask your customer which exact mailsetup he uses.
     
  9. AlArenal

    AlArenal New Member

    Things tunred out to be a bit more complicated than I thought (they have this tendency, haven't they?). Our customer has got two domains (A, B). Both originally pointed to their old account hosted by another provider. Their 70-something mail addresses were all of the form xyz@A .

    What we did was directing domain B to to our server. After creating all mail addresses with ISPC we changed the clients's configs as well as we let the old mail boxes (by the other hoster) be redirected to our server.

    Beginning at that time they fetched their mail from our mail boxes and used our server as SMTP. Their mail addresses in their clients did not change and were still of the form xyz@A . Domain A still pointed to the other hoster, but I also added A as co-domain for web B on our server.

    It was just yesterday late afternoon when domain A finally got freed by the other provider and reconnected, so that it now points to our server, too.

    Maybe SA got as confused as I think that you must currently be ;)

    I'm gonna change SA's config back, re-enabling the rbl stuff this evening. We'll see what happens...

    If that makes things easier for you as it will surely do for me ( ; ), I may better write you an email in German...
     
  10. PoleCat

    PoleCat New Member

    Why the addition of AMaViS?
    Will it be a ClamAV + AMaViS + Spamassassin + Postfix solution?
    What is the benefits of adding AMaViS?
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    1) First, you need a script that scans the emails with spamassassin. In ISPConfig 2.x, it is a procmail recipe. But scanning with amavis is faster and esier to handle in a virtual mail setup.
    2) Amavis integrates spam scanning + antivirus scanning with many different antivirus engines.
    3) Amavis is able to handle spam quarantining.
    4) Amavis can handle the spam and antivirus preferences for virtual users easily from a SQL database.
     

Share This Page