#1  
Old 23rd August 2010, 18:50
Morons Morons is offline
Senior Member
 
Join Date: Aug 2006
Posts: 199
Thanks: 8
Thanked 15 Times in 7 Posts
Thumbs down Please remove ZEN!

http://www.spamhaus.org/zen/ Sais!

Quote:
Caution: Because ZEN includes the XBL and PBL lists, do not use ZEN on smarthosts or SMTP AUTH outbound servers for your own customers (or you risk blocking your own customers). Do not use ZEN in filters that do any ‘deep parsing’ of Received headers, or for anything other than checking IP addresses that hand off to your mailservers.
Due to this I have LOST millions of mail incomming to "Legal" mail accounts and also lost many customers due to mail never reaching the destination, In My country We do not have any fixed IP numbers 90% is Dynamic and therefore all my valid mail end up in /dev/null

I am SCREEMING mad about this as I did not chose to have this included as it only started to become a problem during the last 2 updates of ISPC2. I guess I have to make some amends to my ISPC3 server also!

Please alow Us to chose the RBL defaults!
Reply With Quote
Sponsored Links
  #2  
Old 24th August 2010, 09:22
Morons Morons is offline
Senior Member
 
Join Date: Aug 2006
Posts: 199
Thanks: 8
Thanked 15 Times in 7 Posts
Default

Sorry for this Posting Above, Frustration and anger boiled up to high.
I realise ISPC is not at fault, but rather spammers, and my own knowledge of how it works and how the spamassassin changed over time

This is the correct version of the issue

Some countries have 90% dynamic IP's and only a handful fixed IP's that is used for DNS servers and large Corporate!

Smaller organisations have to use dynamic IP's and DDNS technology to get the work done.

Spamhaus and other list all dynamic MX servers as unwanted by default and does not include specific IP 's in the databases, If I then accept legal Mail to such an MX then my own server dump the incomming legal non-spam mail into /dev/null and is lost
Outgoing mail is always as in the past forwarded to relayhost on an fixed IP and therefore it is ok.

I will have to include into my /etc/postfix/main.cf some URBI/RBL's etc but I need a good list that exclude those blocking Dynamic IP's

So again Accept my appologies for the rude post - Thanx you
Reply With Quote
  #3  
Old 24th August 2010, 10:06
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,001
Thanks: 840
Thanked 5,650 Times in 4,460 Posts
Default

You might want to take a look at the nixspam URIBL:

http://www.heise.de/ix/NiX-Spam-DNSB...ad-499637.html

Just a general note: In germany, almost all end user internet access accounts have dynamic IP addresses but this does not matter for blacklists on mailservers, as every end user and company with own local mailserver normally relays trough the mail server of its ISP which has a fixed IP address. Emails sent trough a dynamic IP address are about 99.x% spam and you will not be able to send to a hotmail, gmail, yahoo, ... account from a dynamic IP anyway. So are you really sure that the dynamic IP URIBL is the source of your problem? Almost all mail servers worldwide have a dynamic IP address filter enabled and thats why it is the default of spamassassin too.

If your server has delted some non spam mails, you should check if the spam score is not set too low for these accounts. It might be that the spamassassin scores are more accurate, means higher, in latest spamassassin versions. A safe score should be about 4 - 5.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.

Last edited by till; 24th August 2010 at 10:09.
Reply With Quote
  #4  
Old 24th August 2010, 10:18
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

Millions of mails, from dynamic ip's? I'd rather not have those ..

only a few might have been valid, but the other 999.990 probably are all spam ..

And i don't think it's your problem, but more or less the problem of the system admin that runs the small companies network. He should be aware of the drawbacks of running mailservers on a dynamic ip, and rather should've used google's MX servers (to just name an example) to send out mail ..

Only one to blame here is the small companies that don't spend enough time in the technology they're using. And ehm, sorry to say sir, but that would be you ..

It sucks i know

soooo .. i'd suggest you start using google's MX servers, or your ISP's mx servers for your mail.
Reply With Quote
  #5  
Old 24th August 2010, 13:45
Morons Morons is offline
Senior Member
 
Join Date: Aug 2006
Posts: 199
Thanks: 8
Thanked 15 Times in 7 Posts
Default I think !!!

Quote:
Originally Posted by till View Post
You might want to take a look at the nixspam URIBL:

..................... <Sniped>
I will explain by means of the Spamassasin report

The RCVD_IN_PBL is the problem because my customers come in via routers with port forward and the outside address is dynamic. This cause the mail from those addresses - even from people authenticating to send from server 1 to another server 2 inside the same network. The routers differ in that some routers do not route internal addresses properly and those that does cause the issue.

How it is is that some routers dont route your outside ip through the nat proper for example. If you have ip block 192.168.10.0/24 inside and dynamic outside and from the inside do an dns lookup and you get the outside IP, the router will not NAT you proper from the routers LAN ports through the natted inside, however some routers does that properly. If its done correct all internal mail will be stamped with the outside dynamic IP and therefore be seen as SPAM as per spamhaus.org/PBL.

Code:
Spam detection software, running on the system "hera.domain.tld", has identified this incoming email as possible spam.  The original message has been attached to this so you can view it (if it isn't spam) or label similar future email.  If you have any questions, see jpb@domain.tld for details.

Content preview:  From: Person 1 [mailto:jpb@domain1.tld] Sent: 23 August
   2010 12:25 To: 'Person 2' Subject: FW: Urgent - Email Addresses Importance:
   High From: Original Person [mailto:marius@domain3.tld] Sent: 23 August
   2010 12:24 To: 'Person 2' Cc: jpb@domain1.tld.za Subject: FW: Urgent -
   Email Addresses Importance: High [...] 

Content analysis details:   (7.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 0.0 RCVD_IN_SORBS_DUL      RBL: SORBS: sent directly from dynamic IP address
                            [DynamicIP Numerals here listed in dnsbl.sorbs.net]
 1.3 RCVD_IN_RP_RNBL        RBL: Relay in RNBL,
                            https://senderscore.org/blacklistlookup/
                           [DynamicIP Numerals here listed in bl.score.senderscore.com]
 3.6 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
                            [DynamicIP Numerals here listed in zen.spamhaus.org]
 0.4 RDNS_DYNAMIC           Delivered to internal network by host with
                            dynamic-looking rDNS
 1.8 MISSING_MIMEOLE        Message has X-MSMail-Priority, but no X-MimeOLE

The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam.  If you wish to view it, it may be safer to save it to a file and open it with an editor.
Maybe i'm wrong - I happen to change my routers from d-link that DONT route proper to edimax that does!
Reply With Quote
  #6  
Old 24th August 2010, 13:56
Morons Morons is offline
Senior Member
 
Join Date: Aug 2006
Posts: 199
Thanks: 8
Thanked 15 Times in 7 Posts
Smile

Quote:
Originally Posted by Mark_NL View Post
Millions of mails, from dynamic ip's? I'd rather not have those ..

only a few might have been valid, but the other 999.990 probably are all spam ..

And i don't think it's your problem, but more or less the problem of the system admin that runs the small companies network. He should be aware of the drawbacks of running mailservers on a dynamic ip, and rather should've used google's MX servers (to just name an example) to send out mail ..

Only one to blame here is the small companies that don't spend enough time in the technology they're using. And ehm, sorry to say sir, but that would be you ..

It sucks i know

soooo .. i'd suggest you start using google's MX servers, or your ISP's mx servers for your mail.
The problem is not sending, that is why it took me so long to debug this, I do use upstream smtp it is the mail incomming from my own internal servers which have dynamic IP's and spamassasin does an lookup - ask spamhouse then fail it.

What I have done is changed spamassasin in
/home/admispconfig/ispconfig/tools/spamassassin/etc/mail/spamassassin/local.cf
and added
Code:
skip_rbl_checks 1
I will dig deeper and maybe have to modify the spamassasin lookup - Just a lot of modifications each time I upgrade ISPC!

My modifications done to ISPC includes already clamdscan vs clamscan. If Till can make clamdscan an option along with allow changes to the URIBL such as include and exclude providers it will be awesome.
Reply With Quote
  #7  
Old 24th August 2010, 14:02
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

just create a diff patch as soon as you're done with one server, so you can easily replicate your modifications on a future one.
Reply With Quote
  #8  
Old 24th August 2010, 14:13
Morons Morons is offline
Senior Member
 
Join Date: Aug 2006
Posts: 199
Thanks: 8
Thanked 15 Times in 7 Posts
Default

Quote:
Originally Posted by Mark_NL View Post
just create a diff patch as soon as you're done with one server, so you can easily replicate your modifications on a future one.
Can you teach me how to make and apply this "diffpatch" a lil howto will be awesome please.
Reply With Quote
  #9  
Old 24th August 2010, 14:21
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
 
Default

http://stephenjungels.com/jungels.ne...n-minutes.html
Reply With Quote
The Following User Says Thank You to Mark_NL For This Useful Post:
Morons (24th August 2010)
Reply

Bookmarks

Tags
spamhaus

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable and remove ClamAV Meph Tips/Tricks/Mods 22 1st February 2013 09:54
mirroring issue lifeisboost Installation/Configuration 10 18th May 2010 18:43
error: File /root/rpm/SOURCES/postfix-2.3.3-vda.patch: No such file or directory mxtdn Installation/Configuration 1 25th July 2009 10:20
Help needed error rpmbuild -ba postfix.spec mr_bo Installation/Configuration 2 15th May 2009 10:47
If I remove a user how do i remove the email dhonnoll78 Installation/Configuration 2 17th January 2007 05:15


All times are GMT +2. The time now is 06:19.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.