Global SPAM Blacklist and Whitelist

[iovo]

Hello,
How can i set global SPAM Blacklist and Whitelist for all e-mail user?

Thanks

[falko]

You can set this in SpamAssassin's global configuration file /home/admispconfig/ispconfig/tools/spamassassin/etc/mail/spamassassin/local.cf.

[AlArenal]

We are currently running into problems with some of our customers, because mail from addresses hosted on the same box gets incorrectly classified as spam. This morning we had an issue with mail from one person sending an email to another person (same domain) getting classified as spam (score of 5.7-5.9 mostly coming from SORBS (2.0) and NJABL (1.7)).

I turned RBL off in the global config file and now the customer receives viagra mails...

I understand that you cannot have a spam filter with a 100% correct hits, but there has to be a way to automatically add all domains / email addresses hosted on my box to a global whitelist.

I cannot find such a feature. Would it be easy to write a plugin for ISPConfig to do that? Is such a feature planned for ISPC 3?

[falko]

You can use the whitelist feature on the User & Email tab of each web site.
Have you checked if your server got blacklisted? http://www.mxtoolbox.com/blacklists.aspx

[AlArenal]

All 6 IP addresses of the server are listed clean.

I know about ISPC's whitelist feature, but using it in this case would mean endless work. Take this scenario as an example:

- the server hosts 20 webs/domains
- a new web/domain gets added
- I'd have to manually add the 20 old domains to the new web's whitelist and add the new domain(s) to the old webs' whitelists

Easy to imagine that noone would ever want to take such a burden.

[till]

Your problem is not really ISPConfig related as we have not written our own spamfilter, ISPConfig uses spamassassin. If spamassassin or in your case the sorbs and njabl lists score a message wrong, we can not change that.

Adding all email addresses or local domains to a whitelist will open up your server to spam too, as spam senders use faked email addresses to send emails which might belong to your server too.

If you want to add all domains to a whitelist automatically, you will have to write such a feature. ISPConfig 3 useses amavis + spamassassin where a global whitelist might be easier to implement.

I recommend you to see why you are listed on sorbs instead and to remove your server from the blacklists.

Quote:

All 6 IP addresses of the server are listed clean.

But why is Sorbs and njabl reporting your mail as spam then? You should check the hostname of your mailserver too or the blacklisting of your server expired already.

[AlArenal]

I understand what you mean by saying this problem is not clearly ISPC related. I though a global whitelist would be a solution and after reading your post it seems I'm wrong as I understand your point with faked email addresses.

The mails that got forwarded to me for further education told me this:
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
[87.161.223.122 listed in dnsbl.sorbs.net]
1.7 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
[87.161.223.122 listed in combined.njabl.org]

Obviously I cannot force our customers to get themselves a static ip address My first guess is, that there has to be a way to say: "This mail got sent through SMTP on this machine and therefore it can be trusted (unless my SMTP is not secure, but then I am in admin hell anyway) regardless from which IP it got sent."

I concede this all may have to do with the fact I never before had to deal closely with spamassassin and therefore I am lacking some fundamental knowledge of its configuration. Consider me your apprentice

[till]

I'am using also a dynamic IP on my workstation as most poeple with a "normal" DSL account.

Please check how your customers ends this mail, I'am pretty sure that he did not use your mailserver as smtp server in his mail client. I guess he runs a local mailserver at home or in office that sends the emails directly by smtp and did not use your server as mail relay. Please ask your customer which exact mailsetup he uses.

[AlArenal]

Things tunred out to be a bit more complicated than I thought (they have this tendency, haven't they?). Our customer has got two domains (A, B). Both originally pointed to their old account hosted by another provider. Their 70-something mail addresses were all of the form xyz@A .

What we did was directing domain B to to our server. After creating all mail addresses with ISPC we changed the clients's configs as well as we let the old mail boxes (by the other hoster) be redirected to our server.

Beginning at that time they fetched their mail from our mail boxes and used our server as SMTP. Their mail addresses in their clients did not change and were still of the form xyz@A . Domain A still pointed to the other hoster, but I also added A as co-domain for web B on our server.

It was just yesterday late afternoon when domain A finally got freed by the other provider and reconnected, so that it now points to our server, too.

Maybe SA got as confused as I think that you must currently be

I'm gonna change SA's config back, re-enabling the rbl stuff this evening. We'll see what happens...

If that makes things easier for you as it will surely do for me ( ; ), I may better write you an email in German...

[PoleCat]

Quote:

Originally Posted by till

ISPConfig 3 useses amavis + spamassassin where a global whitelist might be easier to implement.

Why the addition of AMaViS?
Will it be a ClamAV + AMaViS + Spamassassin + Postfix solution?
What is the benefits of adding AMaViS?