Block Mail To Single User Account

Support section for FREESCO v0.3.x 3rd Party Packages

Postby Thasaidon » Wed Apr 16, 2008 9:44 am

In my Exim setup, I made it possible for mail to be send to any user on my Freesco
even non-existing ones...
Meaning... anything put in front of the @ will be delivered to a certain existing account on my Freesco.

Code: Select all
system_aliases:
  driver = redirect
  allow_fail
  allow_defer
  data = ${lookup{$local_part}lsearch*@{/etc/aliases}}


This way, I have an unlimited amount of email addresses I can use without having to create the appropriate user account to go with it.

Now I'm getting spam on 1 such "virtual" user because the one and only company I use this address for either has sold the e-mail addresses or someone hacked their user mail database.

Either way, I want to have this one username blocked from receiving mail, but still have the ability of using my unlimited number of e-mail addresses.

I was thinking of using the aliases file for this.
(with user3 being the user where spam is send to)
something like this:
Code: Select all
user1: user1
user2: user2
user3: "user does not exist message to spammer"
*: user1

the * stands for "all other user names used before the @ sign"
but I'm not sure what the proper code would be to achieve the "user does not exist message to spammer" part.
I've searched this and the archived forum, but came up blank so far.
Also some google searches didn't turn up the desired solution (yet).

So is this actually the way to go (using the aliases file) and if so, how do I achieve this?
Experience shared, is experience gained.

Thasaidon's Freesco Page




Image
User avatar
Thasaidon
Advanced Member
 
Posts: 411
Joined: Tue Feb 05, 2002 9:38 am
Location: The Netherlands

Postby Thasaidon » Thu Apr 17, 2008 11:39 am

Instead of using a "user does not exist message to spammer"
just plain blocking this message or having it deleted from the server would be an option too.
But I still haven't found a way to do this, at least not from the aliases file.
Experience shared, is experience gained.

Thasaidon's Freesco Page




Image
User avatar
Thasaidon
Advanced Member
 
Posts: 411
Joined: Tue Feb 05, 2002 9:38 am
Location: The Netherlands

Postby Slowpoke » Thu Apr 17, 2008 12:46 pm

OK, I don't use Exim (yet - I'm still waiting to get a proper virus scan solution set up first), but perhaps this might work:

<a href='http://mirrors.fourbatons.com/exim/exim-html-4.20/doc/html/FAQ_4.html#TOC148' target='_blank'>http://mirrors.fourbatons.com/exim/exim-ht...Q_4.html#TOC148</a>
<!--QuoteBegin-"FAQ_4.html#TOC148"+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE ("FAQ_4.html#TOC148")</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Q0416:  What is quickest way to set up Exim so any message sent to a non-existing user would bounce back with a different message, based on the name of non-existing user?

A0416:  Place this router last, so that it catches any local addresses that are not otherwise handled:

  non_exist:
    driver = accept
    transport = non_exist_reply
    no_verify

Then add the following transport to the transports section:

  non_exist_reply:
    driver = autoreply
    user = exim
    to = $sender_address
    subject = User does not exist
    text = You sent mail to $local_part. That's not a valid user here. \
            The subject was: $subject.

If you want to pick up a message from a file, you can use the file option (use file_expand if you want its contents expanded).[/quote]

Now, I realize that you have a catch-all set up, however, what would happen if you changed the spam-user alias to a non-existent account?
user1: user1
user2: user2
user3: baduser
*: user1
I'm not sure if Exim will take the alias to a bad account and not let it fall through to the catch-all, but if this doesn't work, perhaps this may spark a different way of thinking on how to approach it...

I also found this PDF through Google:
<a href='http://ws.edu.isoc.org/workshops/2004/CEDIA/presentaciones/bc/correo/exim/AfNOG.pdf' target='_blank'>AfNOG 2003 The Exim Mail Transfer Agent (A brief introduction)</a>
(Google's "as HTML" link: <a href='http://64.233.169.104/search?q=cache:8ZJo1F0EfnEJ:ws.edu.isoc.org/workshops/2004/CEDIA/presentaciones/bc/correo/exim/AfNOG.pdf+exim+mail+bounce+%22/etc/aliases%22&hl=en&ct=clnk&cd=3&gl=us' target='_blank'>http://64.233.169.104/search?q=cache:8ZJo1...clnk&cd=3&gl=us</a>)
If nothing else, that document seemed to be a good reference... (But again, I'm not an advanced Exim user yet... :P )
---

Another idea (from the same site):
<a href='http://mirrors.fourbatons.com/exim/exim-html-4.20/doc/html/FAQ_6.html#TOC185' target='_blank'>http://mirrors.fourbatons.com/exim/exim-ht...Q_6.html#TOC185</a>
<!--QuoteBegin-"FAQ_6.html#TOC185"+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE ("FAQ_6.html#TOC185")</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Q0605:  If a user's mailbox is over quota, is there a way for me to set it up so that the mail bounces to the sender and is not stored in the mail queue?

A0605:  In the retry section of the configuration, put

  *@your.dom.ain        quota

That is, provide no retry timings for over quota errors. They will then bounce immediately. Alternatively, you can set up retries for a short time only, or use something like this:

  *@your.dom.ain        quota_7d
  *@your.dom.ain        quota      F,2h,15m; F,3d,1h

which bounces immediately if the user's mailbox hasn't been read for 7 days, but otherwise tries for up to 3 days after the first quota failure.[/quote]Set a quota for the spam-user account to somthing really low, and just let everything from now on bounce due to a full account.


<shrug> :rolleyes:

I, too, am interested in how this resolves, as I had intended on doing something similar once I'm completely set up.
User avatar
Slowpoke
Advanced Member
 
Posts: 233
Joined: Fri Aug 12, 2005 4:08 pm
Location: Upstate New York, USA

Postby spaceman » Thu Apr 17, 2008 12:47 pm

SMTP auth ??? :) *G*
<img src='http://home.wanadoo.nl/tmuller/picies/on.gif' border='0' alt='user posted image' /><br>we just love it.
User avatar
spaceman
Junior Member
 
Posts: 34
Joined: Thu May 15, 2003 3:45 pm
Location: Netherlands, some where in the bush bush :)

Postby Thasaidon » Fri Apr 18, 2008 4:37 am

Thanx for the suggestions.
But all options I found so far require valid user accounts for all mail addresses.
That means, for every mail address I use now, I need to add a valid user on Freesco.

And believe me, those are a lot of user to add.

Whenever I need to enter a valid e-mail on some (vendor) site, I just enter an e-mail address containing the site (or vendor) name. This way I know where the mail actually comes from when I receive mail.

So thanx for the help
but I'm still looking for options...
Experience shared, is experience gained.

Thasaidon's Freesco Page




Image
User avatar
Thasaidon
Advanced Member
 
Posts: 411
Joined: Tue Feb 05, 2002 9:38 am
Location: The Netherlands

Postby dRB » Tue Apr 22, 2008 9:23 pm

you can edit exim.conf / acl section and simply drop any email going to user XYZ

or you can use user-specific blocklists, where you can control email blocks per user, without affecting the rest of your user base (which this solution is just the first solution on steroids)

I currently have my mail server setup this way, with tight anti-spam algorithms and blacklists ... works very nicely

example user defined blocklists; which has been added near top of acl_check_rcpt section. This acl uses reference to user specific blocklist, if that list exists (you will need to do up a front-end to give users ability to modify their list)

Code: Select all
 #############################
#  user defined blocklists

deny message     = REJECTED [$sender_address] blacklisted
log_message     = REJECTED [$sender_address] blacklisted by $local_part
       senders     = /usr/local/exim/blocklists/blocklist : ${if exists {/usr/local/exim/blocklists/$local_part}\
                   {/usr/local/exim/blocklists/$local_part}\
                                                  {!*}}


in addition to DNSLISTS, I've integrated a regex-filter that deals with email content and header info that is spamware related. This uses an external filter, and I have also setup a front-end that allows editing of that file's content, for use on the fly with exim (located near the top of the acl_check_content section)
Code: Select all
.include_if_exists /usr/local/exim/regex/exim.regex


attached the file so you can see/use the content

/dRB
Please bear with me ... I seemed to have lost my marbles.
User avatar
dRB
Junior Advanced Member
 
Posts: 196
Joined: Tue Apr 30, 2002 2:08 am
Location: Dryden, Ontario. CANADA

Postby dRB » Tue Apr 22, 2008 9:29 pm

also attached a MASTER blocklist that my mail server uses, which affects all users on my system (which of course only I have access to)

... as for each user, defined in the above post, the blocklist has the same name as that user

/dRB

ps.
all of this code, along with the user-control front-end, including exim/courier, I plan on packaging at some point for everyone here to benefit from ... seems to me I've said that before ... I just need to sit down and do just that ... soon I hope
Please bear with me ... I seemed to have lost my marbles.
User avatar
dRB
Junior Advanced Member
 
Posts: 196
Joined: Tue Apr 30, 2002 2:08 am
Location: Dryden, Ontario. CANADA

Postby dilberts_left_nut » Wed Apr 23, 2008 2:36 am

Apologies for hijacking the thread ;)

Do you use a bayesian spam filter?

Is it possible to integrate one?

The reason I ask is that I have a Mercury mailserver running on windows, and am looking to get rid of my windows box.

I have found blocklists to be of limited value in stopping spam.

A good bayesian filter, such as the excellent Spamwall plugin for Mercury, is MUCH more effective, once properly trained.

I have looked at various MTA's in linux and nothing has come close to it in terms of usability, transparency, or spam filtering.

Maybe with a bit more effort (and a LOT more reading) I could cobble something together, but was wondering if there was an 'out of the box' solution for plugging in a reasonable bayesian filter?
User avatar
dilberts_left_nut
Member
 
Posts: 71
Joined: Thu Sep 02, 2004 8:25 am
Location: Christchurch, NZ

Postby dRB » Wed Apr 23, 2008 10:34 am

I agree, blocklists are very limited, and serve only to deal with nuisance-valid email addresses (which seems to be what Thasaidon is referring to)

exim with the integration of spamassassin, and blacklists and an assortment of other acls to deal with spoofing etc. is very effective.

spamassassin filter uses an assortment of rules to establish threshold values that are used in determining probability of spam. SpamAssassin by default tries to reinforce its own rules through Bayesian filtering.

I'm sure there are many solutions in the fight against spam.

My server went 3-4 years without one chunk of spam in my mail bins. And since I've had to "relax" some of the code because of my growing user base, I get maybe 1 or 2 spam emails per month. Nice numbers.

dnslist acl at top of acl_check_rcpt section:
Code: Select all
drop log_message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text
!hosts = +relay_from_hosts
!authenticated = *
dnslists = psbl.surriel.com : korea.services.net : dnsbl.njabl.org : bl.spamcop.net : zen.spamhaus.org : sbl.spamhaus.org : list.dsbl.org : cbl.abuseat.org : proxies.blackholes.easynet.nl : dynablock.easynet.nl : blackholes.easynet.nl


/dRB
Please bear with me ... I seemed to have lost my marbles.
User avatar
dRB
Junior Advanced Member
 
Posts: 196
Joined: Tue Apr 30, 2002 2:08 am
Location: Dryden, Ontario. CANADA

Postby Thasaidon » Wed Apr 23, 2008 12:19 pm

Thanx for the input dRB.
I didn't read it until now, because for some reason the forum didn't send me any e-mail on your first reply.

I'll have a look at your suggestion, it sound good to me, since I am the only one using the mail server for all my accounts ;)

As for this being a limited means of blocking spam.
So far, this is the very first spam I ever got since I'm running Exim/Teapop on my Freesco. So I consider being spam free for more than 6 years a real achievement! :P

And if it wasn't for that one vendor either selling or "leaking" my addy, I would still be spam free on my Freesco mail domains.
Experience shared, is experience gained.

Thasaidon's Freesco Page




Image
User avatar
Thasaidon
Advanced Member
 
Posts: 411
Joined: Tue Feb 05, 2002 9:38 am
Location: The Netherlands

Postby dRB » Wed Apr 23, 2008 2:25 pm

The good thing about being under constant bombardment is that you are forced to "solve" the problem ... or live with the problem (which isn't an option for me).

Unfortunately, my mail server gets pounded continually. I really don't get why this is the case, but it is. And as a result, my reject logs grow at incredible rates. Some of these spammers even get down-right personal and threating in their attacks ... fudging the header info knowing that some of that info is recorded in the logs: saying things like "you f***ing ***hole", and other colorful remarks.

So if you are not having to deal with that level of bombardment then you are fortunate. Regardless, I think it is agreed that there is a problem of spam abuse ... and the available solutions are many ... fortunately.

/dRB
Please bear with me ... I seemed to have lost my marbles.
User avatar
dRB
Junior Advanced Member
 
Posts: 196
Joined: Tue Apr 30, 2002 2:08 am
Location: Dryden, Ontario. CANADA

Postby Thasaidon » Thu Apr 24, 2008 8:46 am

Yup, I agree.
even one spam message that reaches the inbox is one too many.

That's why I used some "tricks" to try and avoid spam.
My website domains are different than my e-mail domains,
so bot that find any of my sites and try to send mail to the webmaster etc get blocked by exim because those domains are not configured to receive mail.

Also, all e-mail links in my html code are not in plain text but in ascii code.
This way bot's can not read my addresses because they are not looking for that ascii code (yet).

Furthermore, I never ever give out my e-mail addresses on sites unless it's a vendor/shop site I trust, or a forum like this one.
For all other stuff, I just give them my hotmail address.

And like discussed here, I use a different address for each vendor/shop I leave my address at. So in case of spam, I know where it comes from (allegedly).

Thanx for the help so far.
I hope to get on this this weekend... if I get the time.
Experience shared, is experience gained.

Thasaidon's Freesco Page




Image
User avatar
Thasaidon
Advanced Member
 
Posts: 411
Joined: Tue Feb 05, 2002 9:38 am
Location: The Netherlands

Postby justdave » Tue Aug 19, 2008 11:26 am

Did this ever get resolved? Could you post the correct code to put in the acl part of exim.conf in order to deny an email to a specific local user with a response to the sending server?

thanks
justdave
Junior Advanced Member
 
Posts: 124
Joined: Sat Dec 22, 2001 2:00 am
Location: san jose Ca USA

Postby Thasaidon » Wed Aug 20, 2008 2:35 am

Nope, not yet.

I created a user called "spam" on my Freesco
and added a "redirect" in the aliasses file so the "spammed accounts" will be directed to the "spam" user.
Then in cron, I added a job to clear the "spam" users e-mail every week.

But for some reason, the messages still end up in my general mail box.
This could be because I have also added the "redirect all" to my main account.

But this line is last in the alliasses file, so I don't get it why it still redirects the spam mail to my general account and not to the "spam" account.

Unfortunately, I didn't have the time to dive further into this because of lack of time...
:( :( :(

But I'll keep you posted.
Experience shared, is experience gained.

Thasaidon's Freesco Page




Image
User avatar
Thasaidon
Advanced Member
 
Posts: 411
Joined: Tue Feb 05, 2002 9:38 am
Location: The Netherlands

Postby Thasaidon » Wed Aug 20, 2008 4:47 am

Well, I found the reason why the messages to the spammed users weren't getting in the spam mailbox.
For some reason the /etc/aliases file should symlink to the /pkg/mail/aliases file, but that didn't work.
so I re-enabled the symlink but this time to /pkg/etc/aliases, and things seem to work again.

I just send an e-mail to both accounts that were spammed, and they both ended up in the spam mail folder.
So everything seems to work ok now.
Now it's up to the cron job to delete the spam every week. :D :D

Thanx for reminding me ;-)
Experience shared, is experience gained.

Thasaidon's Freesco Page




Image
User avatar
Thasaidon
Advanced Member
 
Posts: 411
Joined: Tue Feb 05, 2002 9:38 am
Location: The Netherlands

Next

Return to 3rd Party Package Support for FREESCO v0.3.x

Who is online

Users browsing this forum: No registered users and 2 guests