The antispam module can detect and tag most spam message passing ClearOS, however SA is CPU intensive and does sometimes miss the odd spam message.
Postfix has some impressive built in features that allow you to filter out message that dont comply to RFC standards (Most Spammers ignore this) before it even enters the queue
vi /etc/postfix/main.cf
add this to your config file;
disable_vrfy_command = yes
smtpd_helo_required = yes
strict_rfc821_envelopes=yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
permit
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_invalid_hostname,
reject_rhsbl_sender dsn.rfc-ignorant.org
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
reject_rbl_client 2.0.0.127.b.barracudacentral.org
permit
save your main.cf
type;
monitor the log file for any weird errors....
Create this custom ruleset to add more RBL inside SA to lookup urls and IP's in the message headers that are blacklisted
Create a new file
vi /etc/mail/spamassassin/RBL.cf
past the following rules in the file
## DNS Blocklists
header RCVD_IN_WPBL eval:check_rbl_txt('wpbl-notfirsthop', 'db.wpbl.info')
describe RCVD_IN_WPBL Listed in db.wpbl.info
tflags RCVD_IN_WPBL net
score RCVD_IN_WPBL 1.0
header BL_SPAMCANNIBAL eval:check_rbl('SPAMCANNIBLA-notfirsthop','bl.spamcannibal.org')
describe BL_SPAMCANNIBAL Listed in SpamCannibal
score BL_SPAMCANNIBAL 0.5
header SORBS_SPAM eval:check_rbl ('SORBS_SPAM-notfirsthop','spam.dnsbl.sorbs.net')
describe SORBS_SPAM Listed in SORBS-SPAM
score SORBS_SPAM 0.5
header RCVD_IN_SWINOG_SPAM eval:check_rbl('swinog-notfirsthop', 'dnsrbl.swinog.ch.', '127.0.0.3')
describe RCVD_IN_SWINOG_SPAM Listed in dnsrbl.swinog.ch.
tflags RCVD_IN_SWINOG_SPAM net
score RCVD_IN_SWINOG_SPAM 2.5
header RCVD_IN_NIX_SPAM eval:check_rbl('nix-spam-notfirsthop','ix.dnsbl.manitu.net.')
describe RCVD_IN_NIX_SPAM Listed in NIX-SPAM DNSBL (heise.de)
tflags RCVD_IN_NIX_SPAM net
score RCVD_IN_NIX_SPAM 1.0
header RCVD_IN_BRBL eval:check_rbl('brbl-notfirsthop', 'b.barracudacentral.org')
describe RCVD_IN_BRBL received via a relay in b.barracudacentral.org
tflags RCVD_IN_BRBL net
score RCVD_IN_BRBL 2.5
## URI Blocklists
uridnsbl URIBL_SBLXBL sbl-xbl.spamhaus.org. TXT
body URIBL_SBLXBL eval:check_uridnsbl('URIBL_SBLXBL')
describe URIBL_SBLXBL Contains a URL listed in the SBL/XBL blocklist
score URIBL_SBLXBL 2.0
uridnsbl URIBL_RBLJP url.rbl.jp TXT
body URLBL_RBLJP eval:check_uridnsbl('URLBL_RBLJP')
describe URLBL_RBLJP Has URI in url.rbl.jp
tflags URLBL_RBLJP net
score URLBL_RBLJP 4.0
urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
tflags URIBL_JP_SURBL net
score URIBL_JP_SURBL 4.0
urirhssub URIBL_BLACK multi.uribl.com. A 2
body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe URIBL_BLACK Contains an URL listed in the URIBL blacklist
tflags URIBL_BLACK net
score URIBL_BLACK 3.0
urirhssub URIBL_GREY multi.uribl.com. A 4
body URIBL_GREY eval:check_uridnsbl('URIBL_GREY')
describe URIBL_GREY Contains an URL listed in the URIBL greylist
tflags URIBL_GREY net
score URIBL_GREY 2.0
urirhsbl URIBL_SC_SWINOG uribl.swinog.ch. A
body URIBL_SC_SWINOG eval:check_uridnsbl('URIBL_SC_SWINOG')
describe URIBL_SC_SWINOG URI's listed in uribl.swinog.ch.
tflags URIBL_SC_SWINOG net
score URIBL_SC_SWINOG 0 0.900 0 1.500
save the file and close your editor
Spamassassin will automatically pickup the new file and use it.
Postfix has some impressive built in features that allow you to filter out message that dont comply to RFC standards (Most Spammers ignore this) before it even enters the queue
vi /etc/postfix/main.cf
add this to your config file;
disable_vrfy_command = yes
smtpd_helo_required = yes
strict_rfc821_envelopes=yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
permit
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_invalid_hostname,
reject_rhsbl_sender dsn.rfc-ignorant.org
reject_unknown_sender_domain,
permit
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
reject_rbl_client 2.0.0.127.b.barracudacentral.org
permit
save your main.cf
type;
service postfix reloadtail -f /var/log/maillogmonitor the log file for any weird errors....
Create this custom ruleset to add more RBL inside SA to lookup urls and IP's in the message headers that are blacklisted
Create a new file
vi /etc/mail/spamassassin/RBL.cf
past the following rules in the file
## DNS Blocklists
header RCVD_IN_WPBL eval:check_rbl_txt('wpbl-notfirsthop', 'db.wpbl.info')
describe RCVD_IN_WPBL Listed in db.wpbl.info
tflags RCVD_IN_WPBL net
score RCVD_IN_WPBL 1.0
header BL_SPAMCANNIBAL eval:check_rbl('SPAMCANNIBLA-notfirsthop','bl.spamcannibal.org')
describe BL_SPAMCANNIBAL Listed in SpamCannibal
score BL_SPAMCANNIBAL 0.5
header SORBS_SPAM eval:check_rbl ('SORBS_SPAM-notfirsthop','spam.dnsbl.sorbs.net')
describe SORBS_SPAM Listed in SORBS-SPAM
score SORBS_SPAM 0.5
header RCVD_IN_SWINOG_SPAM eval:check_rbl('swinog-notfirsthop', 'dnsrbl.swinog.ch.', '127.0.0.3')
describe RCVD_IN_SWINOG_SPAM Listed in dnsrbl.swinog.ch.
tflags RCVD_IN_SWINOG_SPAM net
score RCVD_IN_SWINOG_SPAM 2.5
header RCVD_IN_NIX_SPAM eval:check_rbl('nix-spam-notfirsthop','ix.dnsbl.manitu.net.')
describe RCVD_IN_NIX_SPAM Listed in NIX-SPAM DNSBL (heise.de)
tflags RCVD_IN_NIX_SPAM net
score RCVD_IN_NIX_SPAM 1.0
header RCVD_IN_BRBL eval:check_rbl('brbl-notfirsthop', 'b.barracudacentral.org')
describe RCVD_IN_BRBL received via a relay in b.barracudacentral.org
tflags RCVD_IN_BRBL net
score RCVD_IN_BRBL 2.5
## URI Blocklists
uridnsbl URIBL_SBLXBL sbl-xbl.spamhaus.org. TXT
body URIBL_SBLXBL eval:check_uridnsbl('URIBL_SBLXBL')
describe URIBL_SBLXBL Contains a URL listed in the SBL/XBL blocklist
score URIBL_SBLXBL 2.0
uridnsbl URIBL_RBLJP url.rbl.jp TXT
body URLBL_RBLJP eval:check_uridnsbl('URLBL_RBLJP')
describe URLBL_RBLJP Has URI in url.rbl.jp
tflags URLBL_RBLJP net
score URLBL_RBLJP 4.0
urirhssub URIBL_JP_SURBL multi.surbl.org. A 64
body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL')
describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html
tflags URIBL_JP_SURBL net
score URIBL_JP_SURBL 4.0
urirhssub URIBL_BLACK multi.uribl.com. A 2
body URIBL_BLACK eval:check_uridnsbl('URIBL_BLACK')
describe URIBL_BLACK Contains an URL listed in the URIBL blacklist
tflags URIBL_BLACK net
score URIBL_BLACK 3.0
urirhssub URIBL_GREY multi.uribl.com. A 4
body URIBL_GREY eval:check_uridnsbl('URIBL_GREY')
describe URIBL_GREY Contains an URL listed in the URIBL greylist
tflags URIBL_GREY net
score URIBL_GREY 2.0
urirhsbl URIBL_SC_SWINOG uribl.swinog.ch. A
body URIBL_SC_SWINOG eval:check_uridnsbl('URIBL_SC_SWINOG')
describe URIBL_SC_SWINOG URI's listed in uribl.swinog.ch.
tflags URIBL_SC_SWINOG net
score URIBL_SC_SWINOG 0 0.900 0 1.500
save the file and close your editor
Spamassassin will automatically pickup the new file and use it.
Share this post:
Responses (22)
-
Accepted Answer
-
Accepted Answer
Try googling something like "add email header postfix". If you get it working (it looks quite simple), can I ask you to post back and share your solution with the community? -
Accepted Answer
question, more of an tip ?
if i wanted to add message to header to every email leaves out of the system to say
X-Report-Abuse: Please report abuse https://xxxxx.com/contact
how can this be done ? -
Accepted Answer
Home now. I use:
Put "warn_if_reject" before any element if you want to check it., so you could do:smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_invalid_hostname, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client 2.0.0.127.b.barracudacentral.org
if you just wanted a warning about unauthorised pipelining.smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, warn_if_reject reject_unauth_pipelining, reject_invalid_hostname,.... -
Accepted Answer
I think you need a comma after each line except the last, but why not do something bigger similar to Joe's original post. Something like Joe recommended:
or at least:smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client 2.0.0.127.b.barracudacentral.org
The minimal one stops RBL lookups for traffic on your LAN. Research some of the other ones as well. I'll post my config when I'm home but I think I had to drop something out as it was too strict. There is an option which warns only instead of permit or reject which you may want to use initially on some of the checks to see if they suit. You'll have to check the docs to see what it is.smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client 2.0.0.127.b.barracudacentral.org -
Accepted Answer
this will be my final code to add, on your end does it look correct ?
smtpd_sender_restrictions =
reject_invalid_hostname,
reject_rbl_client 2.0.0.127.b.barracudacentral.org
reject_rbl_client zen.spamhaus.org
Nick Howitt wrote:
Add "reject_rbl_client zen.spamhaus.org" as well. Have a look for your smtpd_recipient_restrictions line in /etc/postfix/main.cf and add your bits at the end of it. You may want to post the line here. Then reload postfix with a "service postfix reload". -
Accepted Answer
-
Accepted Answer
i noticed as well, so is best to just have
reject_rbl_client 2.0.0.127.b.barracudacentral.org
?
is there any other code to add with it ? or adding "reject_rbl_client 2.0.0.127.b.barracudacentral.org" will start working ?
Nick Howitt wrote:
Ivan Gonzalez wrote:
That part goes into /etc/postfix/main.cf as part of the smtpd_recipient_restrictions. You'll then need to reload postfix.
Question, i like like these to reject spam so i just add this code or is more i need to do ?
reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
reject_rbl_client 2.0.0.127.b.barracudacentral.org
Can I suggest you don't put in spamcop as it is not particularly reliable. I believe any user can make a report to spamcop and they don't get verified. It is better to leave spamcop to spamassassin/amavisd where it will just add to the spam score, then, if you allow spam through, it will get flagged but not bounced so the users can make their own decisions. I believe spamhaus comes from honeypots and, as such is much more reliable. -
Accepted Answer
Ivan Gonzalez wrote:
For reporting I use logwatch with the amavis-logwatch and postfix-logwatch extensions installed.
diop78 wrote:
Hmm it would be really nice to integrate dnsbl configuration into webconfig,
also a report page would be helpful to have informations about which IP's been rejected by which dnsbl servers...
anyway, dear Joe if you modify your rbl.cf, dont hesitate to post it (you found some new and/or reliable, better etc etc dnsbl server...), Thank you. (:
I agree -
Accepted Answer
Ivan Gonzalez wrote:
That part goes into /etc/postfix/main.cf as part of the smtpd_recipient_restrictions. You'll then need to reload postfix.
Question, i like like these to reject spam so i just add this code or is more i need to do ?
reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
reject_rbl_client 2.0.0.127.b.barracudacentral.org
Can I suggest you don't put in spamcop as it is not particularly reliable. I believe any user can make a report to spamcop and they don't get verified. It is better to leave spamcop to spamassassin/amavisd where it will just add to the spam score, then, if you allow spam through, it will get flagged but not bounced so the users can make their own decisions. I believe spamhaus comes from honeypots and, as such is much more reliable. -
Accepted Answer
diop78 wrote:
Hmm it would be really nice to integrate dnsbl configuration into webconfig,
also a report page would be helpful to have informations about which IP's been rejected by which dnsbl servers...
anyway, dear Joe if you modify your rbl.cf, dont hesitate to post it (you found some new and/or reliable, better etc etc dnsbl server...), Thank you. (:
I agree -
Accepted Answer
-
Accepted Answer
Some of it is OK, some not. I used to use it but had to remove some of the restrictions as they were over tight and genuine mail from slightly misconfigured servers was being blocked. As an example, EE a big mobile phone operator, sent there e-mails from a .local domain (i.e. internal to their LAN). This, of course failed any tests to see if it was a valid domain. From smtpd_recipient_restrictions I dropped reject_unknown_sender_domain and reject_unknown_recipient_domain. I also removed "reject_rbl_client bl.spamcop.net" as it was not reliable enough and but just used it in the anti-spam configuration, so instead of rejecting, it just added to the spam score.
From smtpd_sender_restrictions I removed reject_rhsbl_sender dsn.rfc-ignorant.org reject_unknown_sender_domain.
I removed the smtpd_helo_restrictions but I can't remember why. I'm not sure they achieved mucu.
I removed the single line permit_sasl_authenticated as I only do authenticated sending from external networks on port 587 and not port 25.
I also added "smtpd_client_restrictions = reject_unknown_reverse_client_hostname" which stops anyone whose IP does not have a reverse DNS record. It does not test the validity and it is not recommended to, just that one exists.
You must remove the "permit" lines. It is the default operation at the end of these chosen restrictions and one of them breaks when you enable greylisting.
For the spamassassin list you need to check if the lists still exist. I think they do. Their weighting is entirely up to you. -
Accepted Answer
Hello....
Is this code at the begining of the post good for ClearOs 7.2 with Zarafa?
Regards!
Location [ View Larger Map ]
-
Accepted Answer
I've found and try this configuration:
Open /etc/postfix/main.cf file
vi /etc/postfix/main.cf
Set/modify configuration as follows
disable_vrfy_command = yes
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
permit_mynetworks,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20
Save and close the file. Restart postfix:
service postfix restart
Watch out maillog file. Now you should see lots of spam email blocked by above configuration directive:
tail -f /var/log/maillog
all works fine. -
Accepted Answer
I have added the following RBL configuration to main.cf :
smtpd_recipient_restrictions =
reject_invalid_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client bl.spamcop.net
reject_rbl_client zen.spamhaus.org
permit
EDIT : doesn't work - it passed spam through which was on the Zen blocklist. :/ -
Accepted Answer
-
Accepted Answer
When I do a
tail -f /var/log/maillog
to locate the problem, it seeems that this is not correct :
disable_vrfy_command = yes
smtpd_helo_required = yes
strict_rfc821_envelopes=yes
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_helo_hostname,
permit
The log have the following entries :
Apr 23 13:48:59 system postfix[11617]: fatal: /etc/postfix/main.cf, line 674: missing '=' after attribute name: "permit_mynetworks,"
What is the correct syntax? I've tried adding = mynetwork.co.za, but it doesn't work.
Regards -
Accepted Answer
-
Accepted Answer
Hmm it would be really nice to integrate dnsbl configuration into webconfig,
also a report page would be helpful to have informations about which IP's been rejected by which dnsbl servers...
anyway, dear Joe if you modify your rbl.cf, dont hesitate to post it (you found some new and/or reliable, better etc etc dnsbl server...), Thank you. (: -
Accepted Answer
-
Accepted Answer
Joe,
This looks like very interesting solution to catch more spam Good work.
Looking at the barracudacentral.org registration page, they are asking you to list your IP addresses that will be making the queries. How would this work if your using ClearOS DNS Service which is Dynamic IP's? Which DNS Would I need to use? ClearOS Name Server or MX servers?
Will try both and see what happens.. :laugh:
Thanks for the post! 
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »