The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Antispam MX server

Discussion in 'General Discussion' started by areha, Jan 9, 2006.

  1. areha

    areha Well-Known Member

    Joined:
    Oct 30, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Hi

    One of my accounts (with Cpanel/whm) recieves millions of spam each month, and I want to take som traffic away from the server by filtering out spam on another server of mine (Debian is installed there, no cpanel).

    How can this be done?

    I have used a spam filtering service before, then I pointed my mx record to that company. They washed the email and inserted it somehow back to my mail server (by ip somehow I believe). So it should be possible without setting cron jobs to get pop3 or fetchmail for each account on the main server. And that is exactly what i want.

    Any reference litterature to get me started? I would like to do as mutch spam wash no that second server as possible, and have looked at http://www.qmailtoaster.com/, even though that package doesn´t support Debian completely. Of course, that only takes care of the mailserver, and I´m also need to find out how to "mail-inject" content into my main server.
     
  2. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    there is many way exist for realize this idea. you may installl on your "antispam" server just exim, spamassiasin, courier pop server or anything which you prefer and point MX records for your domain to this mail server. Then, you have two way - you may copy all mail settings from your original cpanel server to dedicated mail server but this is will hard work or (more preferable) relay incoming and washed mails to your cpanel server. In last case, mail will not come to your cpanel at all, instead this , it will addressed to dedicated mail server and after clearing will relay to cpanel server. So, your cpanel server have allowed 25 port connection only to your dedicated mail server.
     
  3. areha

    areha Well-Known Member

    Joined:
    Oct 30, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    "In last case, mail will not come to your cpanel at all, instead this , it will addressed to dedicated mail server and after clearing will relay to cpanel server. So, your cpanel server have allowed 25 port connection only to your dedicated mail server."

    That is exatly what I´m looking for. Does this have a term I can search for, I assume it would be called different things in different mail server documentations? I do not understand how to forward the mail or inject it into the cpanel server after it is washed. It can be done by doing some kind of batch telnet thing, but I´m sure there is software for this? Or?

    I have everything to get it to the second server (changing mx record and pointing to a mail. subdomain that has a A record to that server), but just don´t know how to go forward it back to the cpanel server.
     
  4. rustelekom

    rustelekom Well-Known Member
    PartnerNOC

    Joined:
    Nov 13, 2003
    Messages:
    290
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    moscow
    I have no solution, but you may google following: secondary mail server, backup mail server, mail hub, exim secondary config.
    I remember that i get lots of documentation which concern to this problem.
     
  5. IRCBrasil

    IRCBrasil Well-Known Member

    Joined:
    Jul 22, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    You have 3 goods options:

    1 - Install a good antispam system as http://www.rvskin.com/index.php?page=public/antispam (it dont use mailscanner and dont load the server) with apf firewall and bfd for blocking ips of spammers on route talble and be attempt for spam from your phpscripts, as the bcc kind of spam - take a look here: http://www.eth0.us/node/70 - you should put a single line on your modsecyrity config.

    2 - Use a Barracuda firewall from a provider as the http://www.ochosting.com/members/spamfirewall.cfm - you just have to point your mx records to then.

    3 - Get you server on a datacenter as The Planet that offer the spirus by US 10,00 / month - http://www.theplanet.com/services/upgrades/security/spirus.html
     
  6. MattGetWeb

    MattGetWeb Well-Known Member

    Joined:
    Aug 4, 2005
    Messages:
    49
    Likes Received:
    0
    Trophy Points:
    6
    I use a pair of Debian/postfix/mailscanner machines.

    1/ Go to the mailscanner site and have a look at their documentation. The setup guide for mailscanner on postfix is dead simple to follow.

    2/ Make sure you have the following two lines in /etc/postfix/main.cf

    relay_domains = hash:/etc/postfix/relay_domains
    transport_maps = hash:/etc/postfix/transport

    In relay domains, you list what domains you will allow to relay through your server (no, really?). Syntax is like "foobar.com OK". One per line.
    In transport, you tell postfix where to send mail for a particular domain (bypassing normal MX lookups). The syntax is like "foobar.com smtp:[1.2.3.4]", again one per line. Basically, the ip address is the destination server where the user will collect her email (ie. your cPanel server).

    After making changes in those two files, issue the postmap command on each, like so.

    postmap /etc/postfix/relay_domains
    postmap /etc/postfix/transport

    3/ You would then set the MX record for the domain/s in question to point at the new machine you just built.

    4/ Test! Test! Test!

    5/ Go celebrate a job well done!


    - FWIW, I also use spamhaus right at the connect stage. They've been reliable, and I've yet to actually block anything that didn't deserve it! I've found that by simply blocking things in the first place, my overall scan load is reduced. The reject message points the sender at spamhaus, so they can see why they were blocked.

    Add/amend this in /etc/postfix/main.cf to do the same

    smtpd_client_restrictions = permit_mynetworks, reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org

    then add "skip_rbl_checks 1" to /etc/MailScanner/spam.assassin.prefs.conf. You need to restart mailscanner and postfix after all these changes, btw.
     
    #6 MattGetWeb, Jan 9, 2006
    Last edited: Jan 9, 2006
  7. areha

    areha Well-Known Member

    Joined:
    Oct 30, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    "Technical details of permanent failure:
    PERM_FAILURE: SMTP Error (state 9): 550 <user@domain.com>: Recipient address rejected: User unknown in local recipient table"

    Do I have to adjust any other value to allow all email to @domain.com? I have added everything as described in this post (those two lines wasn´t there, but I added them and created those two files). Should think the relay part was enough?
     
  8. areha

    areha Well-Known Member

    Joined:
    Oct 30, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Got it to work :) Thanks!!
     
  9. areha

    areha Well-Known Member

    Joined:
    Oct 30, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Some percentage does bypass my mailserver, and other hosnames than "H=Mine" seems to connect. It is turned down with no such address here, but I would like to block them completely (authorized outgoing smtp senders must also be allowed on this domain).

    Is there a way to only allow my hostname to connect at all for only ONE domain on my Cpanel server? It´s just needed for one domain on server..

    I also use APF.
     
    #9 areha, Jan 10, 2006
    Last edited: Jan 10, 2006
Loading...

Share This Page