Author Topic: [SOLVED] Incoming email blacklisting  (Read 3283 times)

mikeee404

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +4/-0
    • View Profile
[SOLVED] Incoming email blacklisting
« on: March 04, 2016, 09:22:05 pm »
I have had Zentyal 4.2 up and running for awhile at home and so far so good. Everything has been working great, but I am trying to get a handle on the SPAM situation. On my previous email server I had the option of entering TLDs to be blocked with a wildcard in front, for example: I see a ton of spam coming from domains like @example.top or @example.review or @example.download  So I would just setup SpamAssasin to block everything with the sending address ending in .top, .review., or .download. This worked quite well. I am adding email addresses as fast as they come in, but as you all know, the domain names change as fast as you can add them and now I have a few hundred rules to filter spam which is not even close to being effective. Is there a way to utilize a spam blacklist to block mail already listed on a blacklist before it ever reaches the mail filter, such as this article I found below (or will this work):

   
Code: [Select]
sudo nano /etc/dovecot/dovecot.conf
Add the following code in the ## Plugin settings section at the bottom of the file:

   
Code: [Select]
plugin {
    sieve = ~/.dovecot.sieve
    sieve_global_path = /etc/dovecot/sieve/default.sieve
    sieve_dir = ~/sieve
    sieve_global_dir = /etc/dovecot/sieve/global/
}

Create the global directory, if it doesn’t already exist:

   
Code: [Select]
sudo mkdir -p /etc/dovecot/sieve/global
And add your Sieve rule file to move all incoming email into the Spam/ Junk folder which has the X-Spam-Flag set by SpamAssassin:

Code: [Select]
require ["fileinto"];
# rule:[SPAM]
if header :contains "X-Spam-Flag" "YES" {
        fileinto "Spam";
}

Finally you’ll need to restart dovecot for the changes to be picked up.
« Last Edit: March 08, 2016, 07:18:48 am by mikeee404 »

mikeee404

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +4/-0
    • View Profile
Re: Incoming email blacklisting
« Reply #1 on: March 04, 2016, 11:30:47 pm »
 :P Just realized that example just sorts the mail marked as spam to the junkmail folder, what I would like to do is eliminate it before that point.

mikeee404

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +4/-0
    • View Profile
Re: Incoming email blacklisting
« Reply #2 on: March 06, 2016, 02:17:34 am »
Ok, since there has not been a solution posted quite yet I resumed my search for a good solution to this. Everything says that I should be able to enable RBL in postfix, but I have tried adding this to the /etc/postfix/main.cf file under "smtpd_recipient_restrictions =" without any success:
Code: [Select]
reject_unauth_destination, reject_rbl_client multi.uribl.com, reject_rbl_client dsn.rfc-ignorant.org, reject_rbl_client dul.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client cbl.abuseat.org, reject_rbl_client ix.dnsbl.manitu.net, reject_rbl_client combined.rbl.msrbl.net, reject_rbl_client rabl.nuclearelephant.com
When I add it and restart the service it seems to strip the newly added code from the configuration file  :-\

Twice I have added it and twice after a restart the code is gone and the spam just resumes. Any ideas what I am doing wrong here? I am adding it the existing configuration code on that line, not replacing it.

mikeee404

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +4/-0
    • View Profile
[SOLVED] Incoming email blacklisting
« Reply #3 on: March 08, 2016, 07:17:31 am »
Well I got some help in another forum, which is disappointing given that this is supposed to be the go to for Zentyal help. But anyway, I took a chance at reformatting the /etc/postfix/main.cf file to eliminate the long single line format of the "# recipient restrictions" area. By doing it this way the changes stayed after a service restart when previously they would disappear (odd to say the least), and the "Mail" logs show the incoming spam being rejected based on spam blocklists which is everything I wanted to accomplish.

Code: [Select]
# recipient restrictions
smtpd_recipient_restrictions =
        permit_sasl_authenticated,
        permit_mynetworks,
        reject_unauth_destination,
        reject_unauth_pipelining,
        reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        reject_unknown_recipient_domain,
        reject_invalid_helo_hostname,
        reject_invalid_hostname,
        reject_non_fqdn_helo_hostname,
        reject_rbl_client dnsbl.sorbs.net,
        reject_rbl_client sbl-xbl.spamhaus.org,
        reject_rbl_client bl.spamcop.net,
        check_helo_access pcre:/etc/postfix/helo_checks.pcre
        permit
submission_recipient_restrictions =
        reject_non_fqdn_sender,
        reject_non_fqdn_recipient,
        permit_sasl_authenticated,
        permit_mynetworks, reject
smtpd_restriction_classes = submission_recipient_restrictions

The newly formatted configuration seems to survive the service restart and does seem to show new spam being rejected in the mail logs. So for now, so far so good. I am going to keep a close eye on this setup for a few days to make sure valid email is not being interfered with, and will post something if it is causing issues.

Hopefully this may help others.....

mikeee404

  • Zen Apprentice
  • *
  • Posts: 12
  • Karma: +4/-0
    • View Profile
Re: Incoming email blacklisting
« Reply #4 on: March 08, 2016, 09:19:50 pm »
Update to the fix---

Realized that the config change was still being over-written, did not realize right away that Zentyal utilizes templates to generate its config files. So, I had to modify the template file located at: /usr/share/zentyal/stubs/mail/main.cf.mas  (after creating a backup of the original of course)

The SMTPD Recipient Restrictions area of my config file now looks like this:
Code: [Select]
my $smtpRecipientRestrictions;
$smtpRecipientRestrictions .= 'permit_sasl_authenticated, ';
$smtpRecipientRestrictions .=  'permit_mynetworks, ';
#at his point all mail for whom the server isn't the final point or the
#forwarder has been rejected so the next restrictions only applies in this two cases
$smtpRecipientRestrictions .= 'reject_unauth_destination, ';

$smtpRecipientRestrictions .= 'reject_non_fqdn_sender, ';
$smtpRecipientRestrictions .= 'reject_unknown_sender_domain, ';

$smtpRecipientRestrictions .= 'reject_invalid_helo_hostname, ';
$smtpRecipientRestrictions .= 'reject_invalid_hostname, ';
$smtpRecipientRestrictions .= 'reject_non_fqdn_helo_hostname, ';
$smtpRecipientRestrictions .= 'reject_rbl_client dnsbl.sorbs.net, ';
$smtpRecipientRestrictions .= 'reject_rbl_client zen.spamhaus.org, ';
$smtpRecipientRestrictions .= 'reject_rbl_client bl.spamcop.net, ';
$smtpRecipientRestrictions .= 'reject_rbl_client b.barracudacentral.org, ';

$smtpRecipientRestrictions .= 'check_helo_access pcre:/etc/postfix/helo_checks.pcre';
if ($greylist) {
    my $greylistRecipientRestriction = "check_policy_service inet:" .
                                        $greylistAddr . ':' .
                                        $greylistPort ;
    $smtpRecipientRestrictions .= ", $greylistRecipientRestriction";
}

Went to the Zentyal Dashboard and restarted the "Mail" module and then confirmed it over-wrote the /etc/postfix/main.cf config file, and it did. Now my logs reflect that all sorts of spam is being rejected based on the RBLs added.

expertgeeks

  • Forum Moderator
  • Zen Warrior
  • *****
  • Posts: 124
  • Karma: +11/-0
    • View Profile
Re: [SOLVED] Incoming email blacklisting
« Reply #5 on: March 23, 2016, 08:22:13 pm »
That's pretty handy. Thanks for reporting back with your solution.