Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #21  
Old 9th January 2007, 17:01
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Looks ok.

Quote:
Originally Posted by Daisy
hmmmm, but now I don't seem to be getting any mail. Can anyone tell me what this means? It's from my maillog.

Jan 7 10:26:00 mailserver postfix/local[8271]: BFB0E28812D: to=<web3_spamtrap@mailserver.com>, orig_to=<spamtrap@mailserver.com>, relay=local, delay=18, status=sent (delivered to command: /usr/bin/procmail -f-)
Jan 7 10:26:00 mailserver postfix/qmgr[8241]: BFB0E28812D: removed
What's in the .procmailrc file of the web3_spamtrap user?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Sponsored Links
  #22  
Old 9th January 2007, 19:28
Daisy Daisy is offline
Senior Member
 
Join Date: Dec 2006
Posts: 112
Thanks: 0
Thanked 3 Times in 1 Post
Default

MAILDIR=$HOME/Maildir/
DEFAULT=$MAILDIR
ORGMAIL=$MAILDIR

INCLUDERC=/var/www/web3/user/web3_spamtrap/.mailsize.rc
## INCLUDERC=/var/www/web3/user/web3_spamtrap/.quota.rc
## INCLUDERC=/var/www/web3/user/web3_spamtrap/.antivirus.rc
INCLUDERC=/var/www/web3/user/web3_spamtrap/.local-rules.rc
INCLUDERC=/var/www/web3/user/web3_spamtrap/.html-trap.rc
## INCLUDERC=/var/www/web3/user/web3_spamtrap/.spamassassin.rc
## INCLUDERC=/var/www/web3/user/web3_spamtrap/.autoresponder.rc
~
Reply With Quote
  #23  
Old 10th January 2007, 18:11
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Quote:
Originally Posted by Daisy
INCLUDERC=/var/www/web3/user/web3_spamtrap/.local-rules.rc
INCLUDERC=/var/www/web3/user/web3_spamtrap/.html-trap.rc
Please disable Mailscan in that user's ISPConfig settings. I'm not sure, but it is possible that Mailscan deletes the Eicar test virus.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #24  
Old 10th January 2007, 19:01
edge edge is offline
Moderator
 
Join Date: Dec 2005
Location: The Netherlands
Posts: 2,042
Thanks: 269
Thanked 154 Times in 133 Posts
Default

Daisy,

Small note on your main.cf (postfix),

remove:
Code:
reject_rbl_client relays.ordb.org,
ordb.org is no more (gone)!
Reply With Quote
  #25  
Old 23rd January 2007, 08:18
Daisy Daisy is offline
Senior Member
 
Join Date: Dec 2006
Posts: 112
Thanks: 0
Thanked 3 Times in 1 Post
Default

Thanks for all the tips. Everything seems to be working well now. I've actually gotten complaints about it being TOO strict from friends who's stupid ISP's have gotten their mailservers blacklisted.

One last question, I opted to have the subject rewritten but, instead of just getting a changed subject, I get a whole new email with the old email as an attachment. If I try to forward this on to my account at spamcop, they can't find the headers. Should the headers be changed so? What's going on?
Reply With Quote
  #26  
Old 24th January 2007, 13:02
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Quote:
Originally Posted by Daisy
One last question, I opted to have the subject rewritten but, instead of just getting a changed subject, I get a whole new email with the old email as an attachment.
That's strange. Did you disable Mailscan?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #27  
Old 24th January 2007, 13:19
Daisy Daisy is offline
Senior Member
 
Join Date: Dec 2006
Posts: 112
Thanks: 0
Thanked 3 Times in 1 Post
Default

Yep. mailscan and antivirus are disabled. only spamfilter, Rewrite Subject, and Use URIBL are checked. I just disabled all my rbl client rejects so I'll grab the next spam that comes in and post the headers. to show you what I mean.
Reply With Quote
  #28  
Old 24th January 2007, 15:26
Daisy Daisy is offline
Senior Member
 
Join Date: Dec 2006
Posts: 112
Thanks: 0
Thanked 3 Times in 1 Post
Default

ok, so here's what I get:
Code:
Received: from localhost by mysite.com
	with SpamAssassin (version 3.1.7);
	Wed, 24 Jan 2007 07:03:06 -0600
From: "CSS" <mlijghev@co.th>
To: me@mysite.com
Subject: ***SPAM*** All you favorite games 
Date: Wed, 24 Jan 2007 20:05:03 -0700
Message-Id: <27F12A03C4C9013.E79BA94F3A@co.th>
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mysite.com
X-Spam-Level: *******************************
X-Spam-Status: Yes, score=31.6 required=5.0 tests=DATE_IN_FUTURE_12_24,
	DCC_CHECK,DIGEST_MULTIPLE,HELO_DYNAMIC_IPADDR,HTML_FONT_BIG,
	HTML_MESSAGE,MIME_HTML_ONLY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,
	RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,
	RCVD_IN_NJABL_DUL,URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,
	URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL autolearn=spam version=3.1.7
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_45B7590A.A8B2BAE2"

This is a multi-part message in MIME format.

------------=_45B7590A.A8B2BAE2
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "mysite.com", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email.  If you have any questions, see
the administrator of that system for details.

Content preview:  Only from the most noble of all casinos you could except
  such a Regal gift: 300% Bonus on your First Deposit!!! Deposit 100 €/$
  and Play with 400 €/$!!! And on top of that, a service at such a level
  you would not find in the best Royal Families of Europe. [...] 

Content analysis details:   (31.6 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 3.4 HELO_DYNAMIC_IPADDR    Relay HELO'd using suspicious hostname (IP addr
                            1)
 2.3 DATE_IN_FUTURE_12_24   Date: is 12 to 24 hours after Received: date
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.3 HTML_FONT_BIG          BODY: HTML tag for a big font size
 0.0 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
                            above 50%
                            [cf: 100]
 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
                            above 50%
                            [cf: 100]
 0.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/)
 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
                            [cf: 100]
 2.8 PYZOR_CHECK            Listed in Pyzor (http://pyzor.sf.net/)
 1.4 DCC_CHECK              Listed in DCC (http://rhyolite.com/anti-spam/dcc/)
 1.7 RCVD_IN_NJABL_DUL      RBL: NJABL: dialup sender did non-local SMTP
                            [124.120.75.104 listed in combined.njabl.org]
 1.1 URIBL_SBL              Contains an URL listed in the SBL blocklist
                            [URIs: royal-casinos.net]
 3.3 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL blocklist
                            [URIs: royal-casinos.net]
 3.4 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL blocklist
                            [URIs: royal-casinos.net]
 1.5 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL blocklist
                            [URIs: royal-casinos.net]
 2.6 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL blocklist
                            [URIs: royal-casinos.net]
 3.6 URIBL_SC_SURBL         Contains an URL listed in the SC SURBL blocklist
                            [URIs: royal-casinos.net]
 0.2 DIGEST_MULTIPLE        Message hits more than one network digest check

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.


------------=_45B7590A.A8B2BAE2
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit

Return-Path: <mlijghev@co.th>
X-Original-To: me@mysite.com
Delivered-To: me@mysite.com
Received: from ppp-124.120.75.104.revip2.asianet.co.th (ppp-124.120.75.104.revip2.asianet.co.th [124.120.75.104])
	by mysite.com (Postfix) with ESMTP id 6D93728812D
	for <me@mysite.com>; Wed, 24 Jan 2007 07:02:54 -0600 (CST)
From:	"CSS" <mlijghev@co.th>
To: me@mysite.com
Subject: All you favorite games 
Date:	Wed, 24 Jan 2007 20:05:03 -0700
MIME-Version: 1.0
Content-Type: multipart/related;
	boundary="----=_NextPart_000_0004_01C73FF2.EF359450"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: Acc/8u81fpkgH5tzTVSodtW9OyefTg==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-Id: <27F12A03C4C9013.E79BA94F3A@co.th>

------=_NextPart_000_0004_01C73FF2.EF359450
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR>
<STYLE></STYLE>

</HEAD>
<BODY><p align=3D"center"><font face=3D"Arial, Helvetica, sans-serif"><b>
<font size=3D"+1" color=3D"#00CC00" face=3D"Courier New, Courier, mono">Only from the most noble of all<br>
casinos you could except such a Regal gift:</font><br><br>

<font size=3D"+2" color=3D"#FF0000">300% Bonus on your <font color=3D"#0000FF">First Deposit!!!</font></font><br><br>

<font style=3D"font-size:13pt" color=3D"#000000">Deposit 100 €/$ and Play with 400 €/$!!!</font><br>
And on top of that, a service at such a<br>
level you would not find in the best<br>
Royal Families of Europe.<br><br>

<a href=3D"http://royal-casinos.net"> Come and play at Royal VIP Casino!!! </a></b></font><br><br>

If you didn’t sign up click <a href=3D"http://royal-casinos.net/unsub.php">here</a>
</p>
</BODY></HTML>

------=_NextPart_000_0004_01C73FF2.EF359450--


------------=_45B7590A.A8B2BAE2--
if I click on the attachment and view that email, it shows this:
Code:
Return-Path: <mlijghev@co.th>
X-Original-To: me@mysite.com
Delivered-To: me@mysite.com
Received: from ppp-124.120.75.104.revip2.asianet.co.th (ppp-124.120.75.104.revip2.asianet.co.th [124.120.75.104])
	by mysite.com (Postfix) with ESMTP id 6D93728812D
	for <me@mysite.com>; Wed, 24 Jan 2007 07:02:54 -0600 (CST)
From:	"CSS" <mlijghev@co.th>
To: me@mysite.com
Subject: All you favorite games 
Date:	Wed, 24 Jan 2007 20:05:03 -0700
MIME-Version: 1.0
Content-Type: multipart/related;
	boundary="----=_NextPart_000_0004_01C73FF2.EF359450"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: Acc/8u81fpkgH5tzTVSodtW9OyefTg==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Message-Id: <27F12A03C4C9013.E79BA94F3A@co.th>

------=_NextPart_000_0004_01C73FF2.EF359450
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<META content=3D"MSHTML 6.00.2900.2963" name=3DGENERATOR>
<STYLE></STYLE>

</HEAD>
<BODY><p align=3D"center"><font face=3D"Arial, Helvetica, sans-serif"><b>
<font size=3D"+1" color=3D"#00CC00" face=3D"Courier New, Courier, mono">Only from the most noble of all<br>
casinos you could except such a Regal gift:</font><br><br>

<font size=3D"+2" color=3D"#FF0000">300% Bonus on your <font color=3D"#0000FF">First Deposit!!!</font></font><br><br>

<font style=3D"font-size:13pt" color=3D"#000000">Deposit 100 €/$ and Play with 400 €/$!!!</font><br>
And on top of that, a service at such a<br>
level you would not find in the best<br>
Royal Families of Europe.<br><br>

<a href=3D"http://royal-casinos.net"> Come and play at Royal VIP Casino!!! </a></b></font><br><br>

If you didn’t sign up click <a href=3D"http://royal-casinos.net/unsub.php">here</a>
</p>
</BODY></HTML>

------=_NextPart_000_0004_01C73FF2.EF359450--
I forwarded both as an attachment to spamcop and the first, the one that had been altered got me the "No source IP address found, cannot proceed." error message from spamcop that I've been getting. The second parsed ok. Now, I'm thinking that having to open the email (not using a preview pane) and then opening an attached email, and then forwarding the now opened attachment of the email is a bit of a hassle. Is this working right or do I have some setting wrong?
Attached Images
 
Reply With Quote
  #29  
Old 25th January 2007, 19:54
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

Quote:
Originally Posted by Daisy
Is this working right or do I have some setting wrong?
I've never had this problem, so I don't know why it isn't working for you. Maybe some kind of encoding problem?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #30  
Old 26th January 2007, 09:09
Daisy Daisy is offline
Senior Member
 
Join Date: Dec 2006
Posts: 112
Thanks: 0
Thanked 3 Times in 1 Post
 
Default

? encoding?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting e-mail working hansoffate Installation/Configuration 29 13th August 2008 17:33
spamassassin stop working after woody to sarge update shark_tico Server Operation 1 19th October 2006 15:01
1 email working, but others arent? lipp9000 Installation/Configuration 8 22nd July 2006 17:35
PHP & MySQL working, but AREN'T WORKING???? lipp9000 Installation/Configuration 4 21st July 2006 18:01
ftp not working pesja Installation/Configuration 3 17th July 2006 13:37


All times are GMT +2. The time now is 13:38.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.