Printable Version of Topic
Click here to view this topic in its original format
XMail Forum > XMail Server > Do You Use Spam Protection ?


Posted by: theodoros Mar 22 2004, 02:40 PM
Curious about the results? Then vote! They are directly displayed after voting!

I wan't to know how many administrators use spam protection in xmail server. wacko.gif

Posted by: sc4vengr Mar 22 2004, 02:53 PM
How do i know if spam protection is enabled? hehe

Posted by: atomant Mar 22 2004, 03:09 PM
Running Spamassassin or equvavalent.

Posted by: vegetto34 May 15 2004, 08:52 PM
I just caught the spammers/virus e-mail IP addresses and blocked them in the spammers.tab. I'll vote yes...

Posted by: tac Jun 3 2004, 04:06 AM
As for spam filters there are just too many spam mails to block them all, it is a pointless battle to make the server do the work, that should be done client side. Also clients should use their free accounts like hotmail to sign of for stuff that will spam them.

Posted by: hschneider Jun 3 2004, 07:54 AM
This depends on the user's skill and your own SPAM policy. You can also preprocess SPAM on the server for easier filtering on the client, e.g. by evaluating and rewriting the message topics.


Posted by: sc4vengr Jun 3 2004, 01:51 PM
With CustMapslist and Spamassassin i stop ~90% of all the junk, not bad imo.

Posted by: svenvg Jan 11 2005, 06:13 PM
Hi Guys,

I voted YES, because I run SpamAssassing, but... there is still a lot of Spam, especially the mortgage stuff that gets thru... and on the other hand I have quiet a lot of HAM falsly seen as Spam.. (false positives). I have the Spamassassin on line since 6 months and I have a lot of customers unhappy about mails that never arrive (especially because they are in Spanish and coming from hotmail.com) because it's falsy identyfied as spam...

I see that other ISP's (more and more) immediately check if the FROM address exists, by checking the DNS MX record of the FROM address and then opening a session to that server doing: (lets say I am receiving a mail from me@remotedomain.com)

HELO mydomain.com
250 OK
MAIL FROM:<>
250 OK
RCPT TO:<me@remotedomain.com>

now if the server responds with
250 OK,
then the mail is accepted
if the result is
550 Mailbox unavailable <me@remotedomain.com>

then the mail is not accepted!

always the session is closed with:

RSET
250 OK
QUIT
221 [XMail 1.17 (Win32/Ix86) ESMTP Server] service closing transmission channel

I see that 99..... % of the SPAM that is receiving my server has a from address that doesn't exists...

SO my question is if Xmail has the capability to do this check also, because I don't fond it nowhere in the docs...

I think a combination of this check and a more permisive spamassassin (threshold e.g. 10.0 points) would be much more effective

As always, thanks ina dvance for your answers...

Sven.

Posted by: hschneider Jan 11 2005, 06:37 PM
You can forbid empty MAIL_FROM and check the sender's domain with
CheckMailerDomain and AllowNullSender in server.tab.

If you want to check the username too, then you'll need a custom filter hooked into the SMTP dialog.

SA only gives good results if you use the .cf files which fit your needs. See SA home for resources.

Posted by: svenvg Jan 11 2005, 07:01 PM
Hi Harald,

thanks for your reply.

The CheckMailerDomain I have enabled and AllowNullSender I had enabled and had to disable it again, just because of this ISP doing the username lookup they send MAIL FROM:<> so I could not send mail to any of these ISP's, because they couldn't do the username check they refused mail.
And actually 1 of these ISP's send me a automated mail saying that all my mail was blocked because of not accepting MAIL FROM:<> and that it is against RFC2821, I looked it up and indeed it's like this. (See quotes from RFC down)
Even I saw that 1 of the new things in Xmail 1.21 is that Xmail now also sends these bounce messages from MAIL FROM:<> See the ChangeLog.

E.g. Tiscali is doing this lookup, and they are quiet big and active in half Europe, so I had several customers complaining that mail didn't get delivered, so I had to allow the AllowNullSender...

Do you have more info/recources on how to make such a filter?

thanks,
Sven.

From RFC 2821
QUOTE

One way to prevent loops in error reporting is to specify a null reverse-path
  in the MAIL command of a notification message.  When such a message
  is transmitted the reverse-path MUST be set to null (see section
  4.5.5 for additional discussion).  A MAIL command with a null
  reverse-path appears as follows:

      MAIL FROM:<>


and also
QUOTE


4.5.5  Messages with a null reverse-path

  There are several types of notification messages which are required
  by existing and proposed standards to be sent with a null reverse
  path, namely non-delivery notifications as discussed in section 3.7,
  other kinds of Delivery Status Notifications (DSNs) [24], and also
  Message Disposition Notifications (MDNs) [10].  All of these kinds of
  messages are notifications about a previous message, and they are
  sent to the reverse-path of the previous mail message.  (If the
  delivery of such a notification message fails, that usually indicates
  a problem with the mail system of the host to which the notification
  message is addressed.  For this reason, at some hosts the MTA is set
  up to forward such failed notification messages to someone who is
  able to fix problems with the mail system, e.g., via the postmaster
  alias.)

  All other types of messages (i.e., any message which is not required
  by a standards-track RFC to have a null reverse-path) SHOULD be sent
  with with a valid, non-null reverse-path.

  Implementors of automated email processors should be careful to make
  sure that the various kinds of messages with null reverse-path are
  handled correctly, in particular such systems SHOULD NOT reply to
  messages with null reverse-path.


Posted by: karpa13a Jan 31 2005, 04:48 PM
so

how about check "mail from:<..>" passed to my server from remote client/server?

Posted by: hschneider Dec 14 2005, 09:50 AM
svenvg, pls post a request into the scripting corner.

Posted by: chriwi Mar 17 2006, 07:52 AM
Hello,

no I not yet use spam protection on my xmail server since the server setup is only new and I have no problem with spam on this e-mail adresses now, but it might become neccesary in future.
My Buissnes e-mail accounts got spam protection some time last year, before that I had a big problem there.
This morning i noticed that one of the important e-mail adresses in my private domain hosted by my provider got to wrong hands, so i hav e to take care of that first.
I guess it is also only a matter oft time that I will see spam also on my private xmail server with 11 e-mail accounts in 2 Domains.

beye

chriwi

Posted by: ccthecomputerguy Dec 12 2006, 04:26 AM
Hello;

I am using a SPAM filter that I wrote myself in Perl (wanted to do it). It is working quite well, and I've built up a list of SPAM words, phrases, and domain names over that past 8-10 months. The list is formatted as:

count, return code, SPAM word/phrase

My script increments the "count" field and when done, re-orders the list in highest to lowest count order so that the next time the script runs, it searches for the "most popular" phrase. The return code is 4 for all entries right now (I am thinking of setting it to 6 for some phrases in the future).

The biggest problem I have is attached gif images and/or base64 encoded stuff. Does anyone know how to analyze such stuff?

Oh... I am also willing to share my little script with anyone who might want to use it (or improve upon it --

Charles...

Posted by: Zon Jan 27 2007, 02:47 AM
Hi ccthecomputerguy!
Could you give me the link for download?

Posted by: Nehwon Jan 8 2008, 09:17 AM
Running ASSP with Xmail... 99% of spam blocked.

Posted by: LordLobby Jul 30 2008, 05:01 PM
Using ASSP as well. Best spam blocker I know and I really don't understand why people try anything else.

Since I use it, spam is no problem for me anymore.

Posted by: dien_phan Aug 1 2008, 12:20 AM
I use dspam. Best spam blocker I know and I really don't understand why people try anything else.

Since I use it, spam is no problem for me anymore.

Posted by: mad666 Sep 29 2008, 12:21 PM
I use SA on my server + MapList - 90% spam - works great.

Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)