areha

Well-Known Member
Oct 30, 2002
52
0
156
Hi

One of my accounts (with Cpanel/whm) recieves millions of spam each month, and I want to take som traffic away from the server by filtering out spam on another server of mine (Debian is installed there, no cpanel).

How can this be done?

I have used a spam filtering service before, then I pointed my mx record to that company. They washed the email and inserted it somehow back to my mail server (by ip somehow I believe). So it should be possible without setting cron jobs to get pop3 or fetchmail for each account on the main server. And that is exactly what i want.

Any reference litterature to get me started? I would like to do as mutch spam wash no that second server as possible, and have looked at http://www.qmailtoaster.com/, even though that package doesn´t support Debian completely. Of course, that only takes care of the mailserver, and I´m also need to find out how to "mail-inject" content into my main server.
 

rustelekom

Well-Known Member
PartnerNOC
Nov 13, 2003
290
0
166
moscow
there is many way exist for realize this idea. you may installl on your "antispam" server just exim, spamassiasin, courier pop server or anything which you prefer and point MX records for your domain to this mail server. Then, you have two way - you may copy all mail settings from your original cpanel server to dedicated mail server but this is will hard work or (more preferable) relay incoming and washed mails to your cpanel server. In last case, mail will not come to your cpanel at all, instead this , it will addressed to dedicated mail server and after clearing will relay to cpanel server. So, your cpanel server have allowed 25 port connection only to your dedicated mail server.
 

areha

Well-Known Member
Oct 30, 2002
52
0
156
"In last case, mail will not come to your cpanel at all, instead this , it will addressed to dedicated mail server and after clearing will relay to cpanel server. So, your cpanel server have allowed 25 port connection only to your dedicated mail server."

That is exatly what I´m looking for. Does this have a term I can search for, I assume it would be called different things in different mail server documentations? I do not understand how to forward the mail or inject it into the cpanel server after it is washed. It can be done by doing some kind of batch telnet thing, but I´m sure there is software for this? Or?

I have everything to get it to the second server (changing mx record and pointing to a mail. subdomain that has a A record to that server), but just don´t know how to go forward it back to the cpanel server.
 

rustelekom

Well-Known Member
PartnerNOC
Nov 13, 2003
290
0
166
moscow
I have no solution, but you may google following: secondary mail server, backup mail server, mail hub, exim secondary config.
I remember that i get lots of documentation which concern to this problem.
 

IRCBrasil

Well-Known Member
Jul 22, 2004
93
0
156
You have 3 goods options:

1 - Install a good antispam system as http://www.rvskin.com/index.php?page=public/antispam (it dont use mailscanner and dont load the server) with apf firewall and bfd for blocking ips of spammers on route talble and be attempt for spam from your phpscripts, as the bcc kind of spam - take a look here: http://www.eth0.us/node/70 - you should put a single line on your modsecyrity config.

2 - Use a Barracuda firewall from a provider as the http://www.ochosting.com/members/spamfirewall.cfm - you just have to point your mx records to then.

3 - Get you server on a datacenter as The Planet that offer the spirus by US 10,00 / month - http://www.theplanet.com/services/upgrades/security/spirus.html
 

MattGetWeb

Well-Known Member
Aug 4, 2005
49
0
156
I use a pair of Debian/postfix/mailscanner machines.

1/ Go to the mailscanner site and have a look at their documentation. The setup guide for mailscanner on postfix is dead simple to follow.

2/ Make sure you have the following two lines in /etc/postfix/main.cf

relay_domains = hash:/etc/postfix/relay_domains
transport_maps = hash:/etc/postfix/transport

In relay domains, you list what domains you will allow to relay through your server (no, really?). Syntax is like "foobar.com OK". One per line.
In transport, you tell postfix where to send mail for a particular domain (bypassing normal MX lookups). The syntax is like "foobar.com smtp:[1.2.3.4]", again one per line. Basically, the ip address is the destination server where the user will collect her email (ie. your cPanel server).

After making changes in those two files, issue the postmap command on each, like so.

postmap /etc/postfix/relay_domains
postmap /etc/postfix/transport

3/ You would then set the MX record for the domain/s in question to point at the new machine you just built.

4/ Test! Test! Test!

5/ Go celebrate a job well done!


- FWIW, I also use spamhaus right at the connect stage. They've been reliable, and I've yet to actually block anything that didn't deserve it! I've found that by simply blocking things in the first place, my overall scan load is reduced. The reject message points the sender at spamhaus, so they can see why they were blocked.

Add/amend this in /etc/postfix/main.cf to do the same

smtpd_client_restrictions = permit_mynetworks, reject_unknown_client, reject_rbl_client sbl-xbl.spamhaus.org

then add "skip_rbl_checks 1" to /etc/MailScanner/spam.assassin.prefs.conf. You need to restart mailscanner and postfix after all these changes, btw.
 
Last edited:

areha

Well-Known Member
Oct 30, 2002
52
0
156
"Technical details of permanent failure:
PERM_FAILURE: SMTP Error (state 9): 550 <[email protected]>: Recipient address rejected: User unknown in local recipient table"

Do I have to adjust any other value to allow all email to @domain.com? I have added everything as described in this post (those two lines wasn´t there, but I added them and created those two files). Should think the relay part was enough?
 

areha

Well-Known Member
Oct 30, 2002
52
0
156
Some percentage does bypass my mailserver, and other hosnames than "H=Mine" seems to connect. It is turned down with no such address here, but I would like to block them completely (authorized outgoing smtp senders must also be allowed on this domain).

Is there a way to only allow my hostname to connect at all for only ONE domain on my Cpanel server? It´s just needed for one domain on server..

I also use APF.
 
Last edited: