PDA

View Full Version : Hooking Up Blacklists To Sendmail?



JDE
11-29-2003, 03:20 PM
Can anyone suggest what went wrong?
Following Instructions from a dozen websites dealing with connecting spam lists to sendmail it is still not working. (The only one with a real test is Spamhaus)

First step: Enter code into sendmail.mc

FEATURE(`dnsbl', `sbl.spamhaus.org', `"Email blocked using spamhaus.org - see http://www.spamhaus.org/SBL/"')dnl

Second step: Generate new sentmail.cf, FTP to /ect/mail and exacute
m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

Third step: check sendmail.cf, sure enough it changed, this was added:

# DNS based IP address spam list sbl.spamhaus.org
R$* $: $&{client_addr}
R::ffff:$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1.sbl.spamhaus.org. $: OK $)
R$-.$-.$-.$- $: <?> $(host $4.$3.$2.$1.sbl.spamhaus.org. $: OK $)
R<?>OK $: OKSOFAR
R<?>$+ $#error $@ 5.7.1 $: "Email blocked using spamhaus.org - see http://www.spamhaus.org/SBL/"

Step 4: Send E-mail to nelson-SBL-test@crynwr.com from the domain.

Step 5 Got an e-mail back in about 30 seconds from nelson-SBL-test@crynwr.com with Note "Uh-oh, your SBL block is not working!"

Aside from the fact that I have no idea what version of sendmail westhost is using (which could make a difference in the sendmail.mc file entry) What got left out? after two days of this I am going blind looking at the screen!

Johnie

jalal
12-01-2003, 08:21 AM
I've got version 8.11.6

To see the version, type:
$ /usr/sbin/sendmail -v -d0.1 < /dev/null

JDE
12-03-2003, 03:48 PM
Jalal,
Taking your suggestion from an earlier post, I read every document on the Spamassassin and Sendmail websites. from my reading Spam assassin 2.6 uses several spamlists like Spamhaus as defaults. So I am no longer concerned about it. I just wonder how long Westhost will take to upgrade it.

Johnie

jalal
12-03-2003, 04:40 PM
Except that I don't think the Westhost installation of SpamAssassin uses blacklists.
It complains that Net::DNS::Resolver is not found, and it would need that to do DNS look ups.
I think... I'm not sure about this at the moment.

JDE
12-04-2003, 06:24 PM
The local.cf file indicates that Westhost is using version 2.5 from what I have been reading this is only supported by version 2.6. This was why I was attempting to connect using sendmail. I would not have bothered if SpamAssassin version 2.6 were installed. I don't think we can run our own upgrades of spamassassin, I expermented with changing the permissions on a couple files and it would not let me. Cataloging the paths is not worth the effort the files appear to be scattered all over the place. I figure best let Westhost get around to upgrading it.

Johnie

jalal
12-05-2003, 02:13 AM
I upgraded to spamassassin V2.6 without a problem.

But the point I was making was that when SpamAssassin starts up it checks what Perl modules are available for its use, and it doesn't find the DNS resolvers module and so disables online RBL lookups.

Run:
$ spamassassin -D --lint < /dev/null

to get some idea on what is happening.

JDE
12-06-2003, 11:42 AM
Jalal,

I installed the DNS resolver Module, The installation appeared to go without any problems. That is, went well after I installed a couple perl modules missing on Westhosts Perl installation.

I untared spamassassin with no problem, but when running Makemaker I got a warning that my version of Makemaker was out of date and the Installation was likely to fail, the warning gave a link to upgrade Makemaker.

I stopped at that point. Is this something to worry about? Something I can Ignor?

It seems every time I turn around I'm having to search for and install another Perl module. Upgrading the systems Makefile sounds rather complicated, possibly more so than installing my own version of Perl.

Johnie

jalal
12-06-2003, 11:57 AM
Should not be a problem to upgrade Makemaker, its "just another Perl module".
Ignoring it shouldn't be a problem either, if you follow the instructions on my site, then the new SpamAssassin installation is in its own directory and will not affect anything that currently works. The big changeover happens when you modify procmailrc to point to the new spamassassin script. So, if the spamassassin upgrade fails, just install Makemaker and then redo the SpamAssassin 2.60 install.

JDE
12-06-2003, 02:34 PM
All Was well until your post.
first I noticed Shawn installed DNS resolver but got an MD5 missing error so I installed Digest MD5 or course it did not work without Digest-1.05 so I installed it, the DNS resolver also needed libnet which I found in a package called libwww-perl-5.64. Of course it would not work without the latest updates of URI, MIME-base64, HTML-Parser, and amazingly enough Digest MD5. Spamassassian kept giving me an error stating it could not find digestbase.pm. Only after I found (took a while) and installed digestbase did Spamassassian install without a hitch.

I imagine in order to change procmail it will be necessary to know where Spamassassin 2.60 placed all it files. Lesson learned! I should have copied and printed all the paths after the installation. I'll just have to re-instal it again. Should be no problem now that I have half the perl modules in existance installed.

Thanks
Johnie

JDE
01-09-2004, 06:53 PM
A while back I was looking at other web mail programs, having developed a distaste for what westhost was offering. I found a number of superior programs, while researching "how to" with VPS I kept running across Postfix. It appears to do everything above, Plus. There was an enormus amount of documentation on the net on how to tweek it. It appears to be a drop-in replacement for sendmail.
has anyone used it?
it caught my eye because one of the hosts I use did not support Post Method (required by my form encryption program) very unhandy. I'm still reading up on it but now I am at the point of wondering why we are still using sendmail? Habit?
Johnie

FZ
02-01-2004, 07:55 PM
JDE,

Just wondering if you got DNSBL for spamhaus.org working or not. I just tried to get it working myself, but have the same problem as you - apparently it's not working. If you did manage to get it working, could you please let me know how? I am already using an up-to-date SpamAssassin (non-Westhost install).

JDE
02-16-2004, 03:10 PM
FZ,

I got spamhaus and a couple other blacklist databases working but I did not do it with Spam assassin, As Jalal indicated spamassassin on Westhost does not seem have these enabled.

Are they working? Considering my spam is down from a couple hundred a day to less than a dozen, I guess it is. Thatís the only indication I have that it works. I donít remember exactly what I did but I left this I left this post a while back.

ďI did get the Spamhaus and ORDB Blacklists working. At least the test passed although Spamhaus is down as much as it's up. I did not (obviously) use spamassassin. I added features to sendmail.mc then ran it. Sure enough they were added to sendmail.cf.

FEATURE(dnsbl, `sbl.spamhaus.org',`"550 Mail from " $&{client_addr} " refused. Rejected AS SPAM, for more information see http://www.spamhaus.org/SBL/"')

FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl

Apparently there is more than just one way of killing spam.Ē


So I guess the above is what I did. Later I eliminated Spamhaus and substituted two other lists. There is not a lack of choice, there are plenty of these services on the net and many are free. Spamhaus is too un-reliable.

What I would like to do is figure out how to block countries with spamassassin, most of my spam seems to originate from Asia and South America, I can do without e-mail from both.

Johnie

FZ
02-21-2004, 07:46 PM
Hi Johnie,

Thanks for the info. I think I got the Spamhaus blacklist working with Sendmail - but in the test e-mail it said something about using tcp_wrappers to terminate the connection, and how it wasn't good, etc. So I decided to not bother with Sendmail blacklists. Later that same week, I figured out that to enable network tests in SpamAssassin (which incidently include Spamhaus by default) all you need to do is install Net::DNS (and maybe a newer version of SpamAssassin than Westhost provides - I have 2.63). Sure, it takes up more resources and still allows the mail to come through (instead of Sendmail rejecting it before receiving) but I don't "see" that so it's not too much of a problem.

Thanks again.