RBL Checks within mailscanner - no spam scanning

Richard Mealing richard at fastnet.co.uk
Thu Jul 7 09:22:14 UTC 2016 

This is a bespoke solution for their helpdesk who want their own servers incoming and outgoing. They don’t have much SSH experience, so I wanted to allow mailscanner to do the RBL checks and possibly quarantine the RBL emails, so they can see this via mailwatch. I’m thinking that this will fill up the drives for the machine, but the drives are going to be pretty large so I don’t think that would be a problem.
I might just use the mta to run my rbl checks to be honest, because I know this is the best option, but I thought I would ask the question since I have never tried this before. I want to give them some options but I want to give them the correct options.

Or, does anyone know if there is a sendmail plugin that could inject the RBL sql queries into the mailwatch database, or another database I could link to the mailwatch database?

Thanks,
Rich


From: MailScanner [mailto:mailscanner-bounces+richard=fastnet.co.uk at lists.mailscanner.info] On Behalf Of Jorge Amador Arenas Quezada
Sent: Wednesday, July 6, 2016 20:00
To: 'MailScanner Discussion' <mailscanner at lists.mailscanner.info>
Subject: RE: RBL Checks within mailscanner - no spam scanning

Virus Scanning = yes
Spam checks = yes
Spam List =  spamhaus-ZEN spamhaus.org spamhaus-XBL RATS NJABL spamcop.net             CBL BARRACUDA                JustSpam UCEPROTECT
Spam List To Be Spam = 2
Spam List to Reach High Score = 3
Use Spamassassin = no

Jorge Arenas


From: MailScanner [mailto:mailscanner-bounces+jorgeaaq=gmail.com at lists.mailscanner.info] On Behalf Of Martin Hepworth
Sent: miércoles, 6 de julio de 2016 01:07 p. m.
To: MailScanner Discussion <mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>>
Subject: Re: RBL Checks within mailscanner - no spam scanning

Sure its possible and you can set to a min. Number of rbls before its marked as spam

but why is the client asking for this? Seems like youve got a solution to a problem but whats the problem?
On Wed, 6 Jul 2016 at 18:13, Peter Lemieux <mailscanner at replies.cyways.com<mailto:mailscanner at replies.cyways.com>> wrote:
I prefer to let SpamAssassin do the RBL checks since they give the different
RBLs varying weights.  Using a milter or some other method requires you to
make a yes or no decision during the SMTP exchange.  Leaving it to SA lets
you put the RBL results into a bigger context.

However your client's request might work better at the SMTP level though
since they only want to use blacklists.  So you could use some form of
milter with your mail exchanger (sendmail, Postfix, exim, etc.) and turn off
spam scanning in MailScanner altogether.

Alternatively, you could put a copy of /usr/share/spamassassin/72_scores.cf<http://72_scores.cf>
in /etc/mail/spamassassin and set all the scores to zero except for the
RBL-related ones.  Then you can let MailScanner invoke SpamAssassin and only
the RBL scores will apply.

I definitely agree with Kevin that bouncing either spam or viruses back to
their alleged "senders" is a bad idea. You'll just flood your outbound mail
queue with undeliverable messages directed to bogus spamming accounts.

Peter


On 07/06/2016 12:43 PM, Kevin Miller wrote:
> You don’t want to bounce mail from w/in MailScanner – so much of it (close
> to all I’d wager) has a forged from address and/or envelope sender address
> that the bounce will end up going to someone that had nothing to do with the
> spam.  That’s a good way to get yourself blacklisted.  An old trick of
> spammers is to send to bogus addresses with a good from address.  The spam
> is bounced to the from address who is the real target, disguised as a
> non-delivery report.  Pretty sleazy.
>
> The proper way is to reject at the MTA rather than in MailScanner, as that
> deals directly with the sending server.
>
> ...Kevin
>
> --
>
> Kevin Miller
>
> Network/email Administrator, CBJ MIS Dept.
>
> 155 South Seward Street
>
> Juneau, Alaska 99801
>
> Phone: (907) 586-0242, Fax: (907) 586-4588 Registered Linux User No: 307357
>
> *From:*MailScanner
> [mailto:mailscanner-bounces+kevin.miller<mailto:mailscanner-bounces%2Bkevin.miller>=juneau.org at lists.mailscanner.info<mailto:juneau.org at lists.mailscanner.info>]
> *On Behalf Of *Richard Mealing
> *Sent:* Wednesday, July 06, 2016 7:57 AM
> *To:* MailScanner discussion (mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>)
> *Subject:* RBL Checks within mailscanner - no spam scanning
>
> Hi everyone,
>
> I have a request from a client who wants to see all the RBL checks within
> mailscanner, but they don’t want to do any SA spam scanning, just AV scanning.
>
> Is this possible?
>
> I’ve never done RBL checks on mailscanner before. I’m wondering how it
> works. I read somewhere that is quarantines the emails, is that correct? Is
> there any way to bounce the emails back to the sender?
>
> Thanks,
>
> Rich
>
>
>
>
>


--
MailScanner mailing list
mailscanner at lists.mailscanner.info<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/listinfo/mailscanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20160707/900f8089/attachment.html>

More information about the MailScanner mailing list