The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Exim and Spamd

Discussion in 'General Discussion' started by sigmaw, Feb 11, 2006.

  1. sigmaw

    sigmaw Member

    Joined:
    May 19, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    As previously noted I'm getting spam blowback from other servers on mail forwarded by aliases on my server.

    It would appear that the only functional way to solve that problem is force spam protection on my users. Unfortumately, it would also appear that spamd is not invoked for aliases, so it doesn't do anything to solve the problem.

    Is there a way to config Exim to use spamd for all mail, not just mail to local accounts?

    Is there something else I can integrate into Exim that will do the trick?
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    You can write your own program to dectect bad or insecure scripts used to send out SPAM through your server. Exim and SPAMD are not designed to do what you need here.
     
  3. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    AFAIK, you cannot configure the way cPanel has implemented spam scanning with SpamAssassin to scan forwarded email.

    However, if you use a third-party scanner that acts as a man-in-the-middle then you can. MailScanner does that for you:
    http://www.configserver.com/free/mailscanner.html
     
  4. sigmaw

    sigmaw Member

    Joined:
    May 19, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I'll probably give that a try.

    One question though. Doesn't putting the spam filter up front force it to scan all the junk being thrown at bad addresses (a lot)? Seems like that would jack up the server load.
     
  5. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Since exim does the RCPT checking before the email is handed to MailScanner, so it only scans email actually intended for delivery. If you coupele it with a dictionary attack ACL in exim it can cut down on the spam getting to the point of being scanned. Of course, there is always a price to pay for scanning emails, with those with high throughput and high spam loads paying more, but there are ways to mitigate such load through tuning.
     
  6. sigmaw

    sigmaw Member

    Joined:
    May 19, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    I put it in and don't see any load problems.

    When a spam e-mail is "deleted" is the sender notified in any way that it was rejected?

    Sure is nice to have all that spam just magically disappear!
     
  7. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    No, the sender is not notified - that would just exacerbate the problem.
     
  8. sigmaw

    sigmaw Member

    Joined:
    May 19, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1

    Good, that's what I thought.

    Which raises the stupid question:

    "Why were all those ISP's sending me notification that they were rejecting mail which had been forwarded through my server because it was spam?"
     
  9. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    They're probably bouncing at the SMTP level rather than actually sending a bounce email. There's a difference. The former tells the sending SMTP server "Sorry, not accepting this email, you'll have to send it back to whoever relayed it through you". The latter is an email actually addressed to the supposed sender of the email, which is almost always forged in the case of spam/viruses and should never be sent. Most ISP's are probably doing the former, sadly some ignorant ones still do that latter.
     
  10. sigmaw

    sigmaw Member

    Joined:
    May 19, 2005
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1

    OK, so my initial presenting problem was that my server was getting the first kind of response from the ISP server it was trying to forward to and then, being a nice compliant server, was trying to vainly tell the original sending server that it couldn't deliver the message. Thus queue full of garbage.

    So this kind of issue would be inherent in forwarding addresses, right?
     
  11. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    Yes, it is unfortunately.
     
Loading...

Share This Page