You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by se...@insightbb.com on 2006/03/16 08:07:27 UTC
blacklist not working
I have configured SA on my hosting account through Cpanel.
I've set up about 20 blacklist settings. It's supposed to blacklist
according to certain IP addresses. Problem is - none of them are
actually getting blocked! The spams are still streaming in by the dozens
from China and elsewhere.
My hosting company seems to not know what to do. How can I guide
the hosting company (Crucial Paradigm) into fixing their installation
of SpamAssassin to make the IP blacklisting portion operational?
--
** Sean Mattingly (Sean@UltimateGTO.com)
** The Ultimate GTO Picture Site
** featuring Pontiac GTO cars 1964 - 2006.
** http://UltimateGTO.com
Re: blacklist not working
Posted by mouss <us...@free.fr>.
seanmattingly@insightbb.com a écrit :
> Yeah, and how can I implement something like that when
> my host provides Cpanel?
>
> When you throw out those command lines, I'm afraid I
> don't know how/where to add those in. I do know how to
> manipulate Cpanel from a user's standpoint, but that's about it.
> All I'm after is to block emails based on their IP address or IP
> range.
>
if you mean reject these clients, then you'd better do at the MTA level
(I think cpanel uses exim). now you need to check where this exim gets
its config and tune it. so the question is for cpanel or exim
users/forums. If cpanel doesn't already provide this functionality, I'm
afraid you'll need to do that "by hand"....
Re: blacklist not working
Posted by se...@insightbb.com.
Yeah, and how can I implement something like that when
my host provides Cpanel?
When you throw out those command lines, I'm afraid I
don't know how/where to add those in. I do know how to
manipulate Cpanel from a user's standpoint, but that's about it.
All I'm after is to block emails based on their IP address or IP
range.
Thanks for all your help.
--
** Sean Mattingly (Sean@UltimateGTO.com)
** The Ultimate GTO Picture Site
** featuring Pontiac GTO cars 1964 - 2006.
** http://UltimateGTO.com
----- Original Message -----
From: "mouss" <us...@free.fr>
To: "Matt Kettler" <mk...@comcast.net>
Cc: <us...@spamassassin.apache.org>
Sent: Sunday, March 19, 2006 8:31 PM
Subject: Re: blacklist not working
> Matt Kettler a écrit :
> >>header RELAY_CN *X*-*Relay*-*Countries*=~/\bCN\b/
> >>describe RELAY_CN Relayed through china
> >>score RELAY_CN 1.0
> >>
> >>
> >>header RELAY_KR *X*-*Relay*-*Countries*=~/\bKR\b/
> >>describe RELAY_KR Relayed through Korea
> >>score RELAY_KR 1.0
> >>
> >
> >
> > Erk! How'd those *'es get in there.. Evil conversion from HTML bold-text
> > styles I guess..
>
> Thunderbug?
>
> What is the "cost" of the relay country plugin? is it just a lookup (db
> or dns) or does it do more?
>
>
Re: blacklist not working
Posted by mouss <us...@free.fr>.
Matt Kettler a écrit :
>>header RELAY_CN *X*-*Relay*-*Countries*=~/\bCN\b/
>>describe RELAY_CN Relayed through china
>>score RELAY_CN 1.0
>>
>>
>>header RELAY_KR *X*-*Relay*-*Countries*=~/\bKR\b/
>>describe RELAY_KR Relayed through Korea
>>score RELAY_KR 1.0
>>
>
>
> Erk! How'd those *'es get in there.. Evil conversion from HTML bold-text
> styles I guess..
Thunderbug?
What is the "cost" of the relay country plugin? is it just a lookup (db
or dns) or does it do more?
Re: blacklist not working
Posted by Matt Kettler <mk...@comcast.net>.
Matt Kettler wrote:
> seanmattingly@insightbb.com wrote:
>
>> Well, then how do I get SA to read the headers and exclude
>> some IP addresses? Surely there is a command for that - or a
>> box to fill out - or a custom config. I need something to exclude
>> all those bothersome emails from Japan, Nigeria, China, etc.
>>
>>
> The normal way to do this in SA would be to use the RelayCountry plugin,
> and add on rules that match the countries you want to tag.
>
> RelayCountry automatically identifies what countries the IP's in the
> received: path are from.
>
> Once RelayCountry is loaded you can just add rules with country codes:
>
> header RELAY_CN *X*-*Relay*-*Countries*=~/\bCN\b/
> describe RELAY_CN Relayed through china
> score RELAY_CN 1.0
>
>
> header RELAY_KR *X*-*Relay*-*Countries*=~/\bKR\b/
> describe RELAY_KR Relayed through Korea
> score RELAY_KR 1.0
>
Erk! How'd those *'es get in there.. Evil conversion from HTML bold-text
styles I guess..
Here they are corrected:
header RELAY_CN X-Relay-Countries=~/\bCN\b/
describe RELAY_CN Relayed through china
score RELAY_CN 1.0
header RELAY_KR X-Relay-Countries=~/\bKR\b/
describe RELAY_KR Relayed through Korea
score RELAY_KR 1.0
Re: blacklist not working
Posted by Theo Van Dinter <fe...@apache.org>.
On Sat, Mar 18, 2006 at 04:04:10AM -0500, Matt Kettler wrote:
> Admittedly it would be somewhat nice for SA to have this feature, but
> really you're 100% better off doing it at the MTA or firewall layer if
> you're going to do all the work of maintaining an IP address list.
FWIW, there is the AccessDB plugin.
--
Randomly Generated Tagline:
It is pitch black.
You have been eaten by a Grue.
Your score is 0 out of 400.
Re: blacklist not working
Posted by Matt Kettler <mk...@comcast.net>.
seanmattingly@insightbb.com wrote:
> Well, then how do I get SA to read the headers and exclude
> some IP addresses? Surely there is a command for that - or a
> box to fill out - or a custom config. I need something to exclude
> all those bothersome emails from Japan, Nigeria, China, etc.
>
The normal way to do this in SA would be to use the RelayCountry plugin,
and add on rules that match the countries you want to tag.
RelayCountry automatically identifies what countries the IP's in the
received: path are from.
Once RelayCountry is loaded you can just add rules with country codes:
header RELAY_CN *X*-*Relay*-*Countries*=~/\bCN\b/
describe RELAY_CN Relayed through china
score RELAY_CN 1.0
header RELAY_KR *X*-*Relay*-*Countries*=~/\bKR\b/
describe RELAY_KR Relayed through Korea
score RELAY_KR 1.0
If you want a long list of them, here's a post I made on the subject in
some archive (one I didn't even know existed)
http://www.nabble.com/Re%3A-What-countries-to-block--p1456069.html
> How to filter out emails from IP addresses and IP address ranges?
> Is there ANY program that will do it?
>
Any MTA has this built-in.. Firewalls work too.
Admittedly it would be somewhat nice for SA to have this feature, but
really you're 100% better off doing it at the MTA or firewall layer if
you're going to do all the work of maintaining an IP address list.
Re: blacklist not working
Posted by se...@insightbb.com.
Well, then how do I get SA to read the headers and exclude
some IP addresses? Surely there is a command for that - or a
box to fill out - or a custom config. I need something to exclude
all those bothersome emails from Japan, Nigeria, China, etc.
How to filter out emails from IP addresses and IP address ranges?
Is there ANY program that will do it?
Sean
> seanmattingly@insightbb.com wrote:
> > It's in the configuration screens. It's the second screen under cpanel.
> > Do you mean to say that I cannot enter an IP address into the
> > "blacklist_from" boxes?
> >
>
> No, because blacklist_from will blacklist email with matching text in the
From:
> header.
>
> The IP address won't appear in the From: header, unless they format their
email
> address that way.
>
Re: blacklist not working
Posted by Matt Kettler <mk...@evi-inc.com>.
seanmattingly@insightbb.com wrote:
> It's in the configuration screens. It's the second screen under cpanel.
> Do you mean to say that I cannot enter an IP address into the
> "blacklist_from" boxes?
>
No, because blacklist_from will blacklist email with matching text in the From:
header.
The IP address won't appear in the From: header, unless they format their email
address that way.
Re: blacklist not working
Posted by jdow <jd...@earthlink.net>.
It may be that the best shot is a custom rule for the particular header
item you want to catch, a "Received:" header I suspect.
header BAD_IP1 Received =~ /ip1\.ip2\.ip3\.ip4/
describe BAD_IP1 Another bad IP.
score BAD_IP1 20
That sort of a rule should do it. The describe line is entirely optional.
Stick these into a "blacklist.cf" file of your own in /etc/mail/spamassassin
or wherever good local ".cf" files go on your system.
{^_^}
----- Original Message -----
From: <se...@insightbb.com>
> It's in the configuration screens. It's the second screen under cpanel.
> Do you mean to say that I cannot enter an IP address into the
> "blacklist_from" boxes?
>
> --
> ** Sean Mattingly (Sean@UltimateGTO.com)
> ** The Ultimate GTO Picture Site
> ** featuring Pontiac GTO cars 1964 - 2006.
> ** http://UltimateGTO.com
>
> ----- Original Message -----
> From: "Matt Kettler" <mk...@evi-inc.com>
> To: <se...@insightbb.com>
> Cc: <us...@spamassassin.apache.org>
> Sent: Thursday, March 16, 2006 2:49 PM
> Subject: Re: blacklist not working
>
>
>> seanmattingly@insightbb.com wrote:
>> > I have configured SA on my hosting account through Cpanel.
>> > I've set up about 20 blacklist settings. It's supposed to blacklist
>> > according to certain IP addresses. Problem is - none of them are
>> > actually getting blocked! The spams are still streaming in by the
> dozens
>> > from China and elsewhere.
>>
>> Erm.. How'd you blacklist by IP address? SA doesn't have any support for
> that.
>>
>> >
>> > My hosting company seems to not know what to do. How can I guide
>> > the hosting company (Crucial Paradigm) into fixing their installation
>> > of SpamAssassin to make the IP blacklisting portion operational?
>> >
>>
>
Re: blacklist not working
Posted by se...@insightbb.com.
It's in the configuration screens. It's the second screen under cpanel.
Do you mean to say that I cannot enter an IP address into the
"blacklist_from" boxes?
--
** Sean Mattingly (Sean@UltimateGTO.com)
** The Ultimate GTO Picture Site
** featuring Pontiac GTO cars 1964 - 2006.
** http://UltimateGTO.com
----- Original Message -----
From: "Matt Kettler" <mk...@evi-inc.com>
To: <se...@insightbb.com>
Cc: <us...@spamassassin.apache.org>
Sent: Thursday, March 16, 2006 2:49 PM
Subject: Re: blacklist not working
> seanmattingly@insightbb.com wrote:
> > I have configured SA on my hosting account through Cpanel.
> > I've set up about 20 blacklist settings. It's supposed to blacklist
> > according to certain IP addresses. Problem is - none of them are
> > actually getting blocked! The spams are still streaming in by the
dozens
> > from China and elsewhere.
>
> Erm.. How'd you blacklist by IP address? SA doesn't have any support for
that.
>
> >
> > My hosting company seems to not know what to do. How can I guide
> > the hosting company (Crucial Paradigm) into fixing their installation
> > of SpamAssassin to make the IP blacklisting portion operational?
> >
>
Re: blacklist not working
Posted by Matt Kettler <mk...@evi-inc.com>.
seanmattingly@insightbb.com wrote:
> I have configured SA on my hosting account through Cpanel.
> I've set up about 20 blacklist settings. It's supposed to blacklist
> according to certain IP addresses. Problem is - none of them are
> actually getting blocked! The spams are still streaming in by the dozens
> from China and elsewhere.
Erm.. How'd you blacklist by IP address? SA doesn't have any support for that.
>
> My hosting company seems to not know what to do. How can I guide
> the hosting company (Crucial Paradigm) into fixing their installation
> of SpamAssassin to make the IP blacklisting portion operational?
>