PDA

View Full Version : RBL Filter before forwarding E-mail?



rufus
04-23-2004, 10:49 PM
I have to forward e-mail from a Westhost account to another e-mail address that uses RBL to block SPAM. The RBL on my other account completely stops SPAM, but everything sent to my Westhost account comes through unmolested (because it's sent by Westhost, not someone on the RBL).

Is there an easy way to implement an RBL before forwarding e-mail? I found this post...


I added features to sendmail.mc then ran it. Sure enough they were added to sendmail.cf.

FEATURE(dnsbl, `sbl.spamhaus.org',`"550 Mail from " $&{client_addr} " refused. Rejected AS SPAM, for more information see http://www.spamhaus.org/SBL/"')

FEATURE(`dnsbl', `relays.ordb.org', `"550 Email rejected due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl

Apparently there is more than just one way of killing spam.


at: http://forums.westhost.com/phpBB2/viewtopic.php?t=1423

but I'm new to Unix and don't know what I need to do to 'run it' to make this work. Is there an explicit set of directions someplace. I've heard that SendMail is easy to mess up.

Thanks in advance!

FZ
04-24-2004, 09:56 AM
Hi rufus,

I've tried the method in that post myself to get RBL, but it did not work for me. Yes, Sendmail can be messed up pretty easily, so I wouldn't recommend touching that. HOWEVER, there is another method you can use: you can enable SpamAssassin on your WestHost account, and enable RBL's in SpamAssassin itself. In that case, then, you'd need to make the forwarding alias a "proper POP3" with a home directory, and then use Procmail to forward anything that is not marked as spam, or any e-mail that does not contain SpamAssassin's RBL tests (as positive).

This shouldn't be too difficult to do, so if you'd like to give it a go, let me know.

Alternatively if you want to give the Sendmail version a go, just follow the instructions on that post exactly, but first make a backup of the files you modify/replace. If it doesn't work out, just restore your backup copies.

Good luck!

rufus
04-24-2004, 04:27 PM
Thanks! I don't mind juryrigged fixes if they work. It would be nice if Westhost provided a script that you could run to enable RBL in Sendmail, but it doesn't sound like they do and I don't want to mess up my account.

If you can tell me how to forward SpamAssassin filtered e-mail from a Westhost POP3 account using Procmail, I'd be very much obliged.

From previous posts, it sounds like I need to upgrade SpamAssassin too (using directions found in http://codeworks.gnomedia.com/westhost/perl.php)? Is there anything about this that I should be aware of?

Again, all suggestions/comments are welcome.

FZ
04-24-2004, 04:54 PM
Yeah, it would be excellent if WestHost took seriously the problem with Spam and provided certain measures (Sendmail RBL included) for us to implement.

You do NOT need to install the latest version of SpamAssassin for this (however, if you want the best Spam filtering, you should). The WestHost provided version will do. Just install that via your control panel.

Next, you need to convert the forwarding alias into an e-mail account: delete it (the alias) via your Site Manager, and add it as an e-mail account (quota usage and all that is up to you, you should just make it 20MB since you'll be forwarding the mail anyway). Make sure you give it a home directory on the FTP section of that dialogue (can be any directory).

Now, send some mail to that account, download that e-mail (or use Webmail to view it) and make sure (by inspecting the headers) that it has been through SpamAssassin. If it has, all you need to do now is make/upload a file called .procmailrc (yes, no file name, it's all just an extension) in the home directory for that account, with the following code in it:


:0
! myaddress@anotherisp.com

and obviously replace the address there with the address you want to forward your mail to. Now send another e-mail to the original account, and it should show up at the other account with SpamAssassin headers in tact.

If you are going to be uploading the file, make sure to do so in ASCII/Text mode, and once uploaded, CHMOD the file to 644.

Once you get this working, we'll work on enabling RBL for SpamAssassin (not too difficult, you need to use SSH though) and header conditions (can be tricky).

rufus
04-24-2004, 07:37 PM
Done and working but the Westhost SpamAssassin headers are replaced by SpamAssassin running at "other_isp.com".

On a related note, is there something I should do to keep the .procmailrc that I placed in the new name's /ftp/pub secure? In other words, can someone use a spambot to find .procmailrc and get "myaddress@other_isp.com"

FZ
04-24-2004, 08:24 PM
Hmm, I see. Well, do you have access to the SpamAssassin configuration at the other ISP? If so, you could just enable RBL's for that SA install.

The whole point of me suggesting was that you'd be able to forward only mail that did NOT match RBL tests on the WestHost server (and delete those that did, i.e. not bother forwarding them at all).

I don't think the home directory you've assigned (/ftp/pub/username?) is accessible by the public without a username and password, so security should not be an issue. However, if you are paranoid about it, you could create the home directories for your accounts in /usr/home/username, meaning they would definitely not be accessible without the FTP login details for the account.

Anyway, now you need to get the Perl module "Net::DNS" installed to enable SA's RBL tests:

1. Start an SSH session.

2. Type cpan and press enter, if this is your first time using it it will ask you some config questions, if you're unsure, just hit enter and it will use the default value each time.

3. Type install Net::DNS and press enter. It should show a flurry of activity, and in the end should install it successfully.

4. Type exit and press enter.

5. Type spamassassin -D --lint and press enter, have a look at the output and it should have a line something like this:


debug: is Net::DNS::Resolver available? yes

6. That's it. RBL lists should be enabled for SA. You can close the SSH session by typing exit and pressing enter.

7. Now have a look at http://www.spamassassin.org/tests.html for the RBL tests you want to filter.

8. Add conditions to your .procmailrc that exclude mail that contains the relevant strings, like this (will match most of the test names, but not all, feel free to customize):


:0DH:
* RCVD_IN_
/dev/null

This code would go above your existing code (i.e. the code that will now forward the "remaining mail").

I would recommend you replace the line /dev/null with something like spambox to move mail that is detected as being blacklisted to a mailbox (text) file, so you can monitor mail for a few days and confirm that no legitimate mail is deleted. Once you are sure that the filtering is working 100%, just replace it with the original code (i.e. /dev/null).

Let me know how it goes :)

rufus
04-24-2004, 09:01 PM
Thanks for your help with this. I tried installing Net:DNS but got an error message:


Warning: Cannot install Net:DNS, don't know what it is..

rufus
04-24-2004, 09:06 PM
I went ahead and ran: "install Bundle:CPAN and reload cpan"

FZ
04-24-2004, 09:08 PM
Net::DNS vs. Net:DNS ;)

The correct one to type is the one with two (2) colons: Net::DNS

I believe it is also case sensitive, so make sure you type it exactly as it appears here.

rufus
04-24-2004, 09:17 PM
Working now. :D I'll go through and edit the SA 'tests'.

One more question. Is there a way to send a bounce message to those messages I determine to be spam, so that if I reject a legit message the sender will know to contact me via some other means?

I really appreciate your help! Thanks a million.

FZ
04-24-2004, 09:31 PM
:oops: I was afraid of this... It was my original post that had the error (one colon as opposed to two), so it wasn't your fault! I've edited my original post.

Glad you got it working! As for bouncing spam, I would not recommend it (most spam is sent from spoofed addresses, so this is just a waste of resources), but if you really want to do it, I'll explain how (luckily, I've helped other people do this before). Just replace the previous (rule checking) code with this:


:0DH
* RCVD_IN_
{
EXITCODE=67
:0i
/dev/null
}

Lastly, if you want to, you can delete (and bounce) all mail marked as spam (regardless of its BL status):

Replace [b]* RCVD_IN_ with * RCVD_IN_|^X-Spam-Flag: YES

Let me know how it goes. If you are interested, (one of) the original post(s) is here: http://forums.westhost.com/phpBB2/viewtopic.php?t=1155

rufus
04-24-2004, 10:49 PM
I have a small problem with procmail because I really don't understand the coding. When I enter:

:0DH:
* RCVD_IN_
/usr/home/localuser/rejected

:0:
! name@forwarding.address.com
it works. But when I try:

:0DH
* RCVD_IN_|^X-Spam-Flag: YES

{
EXITCODE=67
:0i
/usr/home/localuser/rejected
}

:0:
! name@forwarding.address.com
the whole thing gets rejected and I don't get any bounce notice. Any idea what I did wrong?

rufus
04-25-2004, 12:24 AM
dup

FZ
04-25-2004, 04:37 AM
There can be no extra whitespace between the :0:, * and {

You have an extra blank line between * RCVD_IN_|^X-Spam-Flag: YES and { so remove that and you should be fine...

rufus
04-25-2004, 07:52 AM
Thank you so much. I decided you were right and I won't bounce the e-mail, but will use pine to view rejected e-mail until SA can build a whilte-list. Thanks again!

FZ
04-25-2004, 08:49 AM
No problem - did removing the whitespace fix the problem? Is it working 100% now?

rufus
04-25-2004, 09:58 AM
Seems to be working.... we'll know in a couple of days. I'll let you know. Thanks!

FZ
04-29-2004, 02:30 PM
Hey rufus.

I was just looking over my log files today (after a long while) and saw a few notices/warnings in my Procmail log, that are from when I tested the Procmail recipe I posted here (the code to forward e-mail). My apologies, but the second colon in


:0:
! myaddress@anotherisp.com

Is redundant (the reason for the warnings in my log file). You should remove it, so your (entire) code should look like:


:0DH
* RCVD_IN_|^X-Spam-Flag: YES
{
EXITCODE=67
:0i
/usr/home/localuser/rejected
}

:0
! name@forwarding.address.com

I've modified my original post to reflect this change. You might want to remove that second colon too in case you have enabled logging for Procmail.