filtering mail before forwarding

[ajd5327]

Hey, I was wondering if anyone else was having this problem or knew of a fix. Some clients on my servers will set up their mail to forward to external email accounts, like yahoo or aol. They have spamassassin activated, but it seems that mail is forwaded BEFORE it gets filtered by spamassassin. This causes two problems:

1) they still get all that spam at their external account

2) more importantly for me - the external service provider, AOL for example, sees that spam is being delivered to an aol address and that it was bounced through my server - so it identifies my server as a spam source and blocks its IP.

This has caused real problems, because other users on my servers try sending mail to AOL accounts and have it rejected because the IP has been blocked--all because of those stupid forwarders.

Any ideas?

 

[brianoz]

This is a frequently discussed topic, do a search and you'll find 2 or 3 major threads on it.

In short, there's no way to filter reliably that people have come up. Many people just disable forwarding to AOL et al.

 

[ajd5327]

Thanks, i had done a few searches but everything that came up looked a few years old. also, none of them discussed the IP-blocking result.

i cant see that blocking all users from forwarding to aol, et al, is a viable solution. isnt there some way to change the forwarding order? someone has to have figured this out or all cPanel servers would be getting blocked by aol, yahoo, comcast, gmail, etc.

 

[brianoz]

What on earth do you mean by forwarding order??

 

[ajd5327]

i mean the order between filtering and forwarding mail, so that it filters first before forwarding

 

[alan-tor]

Don't allow forwarding to AOL addresses. Many web hosts now have this policy, because AOL is the biggest problem in this regard.

AOL blocks mail from a server that sent suspected spam, but AOL doesn't check to find and block the originator of the spam. Instead it blocks even the forwarder. If someone with a domain name has mail to their domain forwarded to an AOL mailbox, and if they ever receive spam, AOL may block all mail forwarded from their domain and from the entire server. Here's another explanation, from a reseller at my host:

A lot of the spam problem is from mail that is forwarded from email accounts on the servers rather than generated from the server itself. If you have an email account that is set up to forward your mail to an AOL account then all the spam that gets sent to you will be forwarded as well. As far as AOL is concerned our servers are the last "Sender" then it is flagged as sending spam emails, regardless that they are just the middleman passing on the emails.

Here are two more references:
http://support.rapidsystem.net/allsupport/aol.htm
http://support.netraising.com/support/index.php?_m=news&_a=viewnews&newsid=10

So, don't allow forwarding to AOL addresses.

But yes, it would be useful if SpamAssassin could be applied to mail before forwarding. Unfortunately that seems to be impossible in the current cPanel.

 

[ajd5327]

Thanks. is there any way to actually prevent set the server not to forward mail to AOL accounts, or is it a matter of asking clients nicely not to set that up and/or manually removing those forwarders that are?

 

[alan-tor]

That's a good question. It would require some script to check mail forwarder destinations, and delete or disable any ending in "@aol.com". Even better would be to return an error when the user tried to save that forwarder, with a message explaining why you don't allow forwarding to AOL. I don't know how to do that, but perhaps someone else does.

A sneaky hack would be to create a cPanel account for aol.com on each shared server. Then set all mail arriving at that account to :fail:

 

[ajd5327]

A sneaky hack would be to create a cPanel account for aol.com on each shared server. Then set all mail arriving at that account to :fail:

Hmm, that might accompliish too much: while that would prevent any mail from being forwarded to aol accounts, wouldn't it block all mail from shared server accounts from arriving at aol accounts too?

 

[alan-tor]

Yes, it would. It's not a great solution.

I've directed clients using AOL to those links I provided, and I explain why AOL causes many problems for web hosts and mail hosts. I've managed to convince many clients to leave AOL and switch to a real ISP.

 

[forlinuxsupport]

1. Type the following when logged in via SSH
vi /etc/staticroutes

2. Add entries in the format:
domainname.com: target.mail.server
E.g forlinux.co.uk: 1.2.3.4

3. exit the editor.

4. chmod 0644 /etc/staticroutes

5. In WHM, under 'Service Configuration' choose 'Exim Configuration Editor', then click 'Switch to Advanced Editor'.

6. Scroll down to the 'ROUTERS CONFIGURATION' section, and in the white space underneath, add the following:

static_route:
driver = manualroute
condition = "${perl{checkspam}}"
transport = remote_smtp
route_data = ${lookup{$domain}lsearch{/etc/staticroutes}}


7. Scroll to the bottom of the page and click 'Save' - Exim will automatically restart.

The condition = "${perl{checkspam}}" does SPAM checking for forwarded mail, leave it out if you DONT want to scan for spam !!

8. On the command line tail -f /var/log/exim_mainlog
Make sure there are no errors !!!!!!!!

 

[alan-tor]

1. Type the following when logged in via SSH
vi /etc/staticroutes

<snip details>

The condition = "${perl{checkspam}}" does SPAM checking for forwarded mail, leave it out if you DONT want to scan for spam !!

8. On the command line tail -f /var/log/exim_mainlog
Make sure there are no errors !!!!!!!!

Perhaps you could explain that last step further.

Has this been tested? Does it enable SpamAssassin to scan and filter mail before it is forwarded via a cPanel mail forwarder? If so, this is the first solution I've seen documented, as everyone else has said that there is no way on cPanel to apply SpamAssassin to mail forwarders.

 

[forlinuxsupport]

Perhaps you could explain that last step further.

Has this been tested? Does it enable SpamAssassin to scan and filter mail before it is forwarded via a cPanel mail forwarder? If so, this is the first solution I've seen documented, as everyone else has said that there is no way on cPanel to apply SpamAssassin to mail forwarders.

Hi

Yes to all your questions. clients moaning about forward email spam, turned that on, now no more complaints

Its easy enough to do, so try it and see for yourself

You will need to turn spamassassin ON for that domain as it uses those settings for that domains forwarded email. so set to delete or just mark etc

Regards
Andy

 

[brianoz]

That looks fantastic. Could you take a minute to explain what it does and how it works for those of us who are exim-challenged?

 

[forlinuxsupport]

Hey

Sorry im also one of those exim-challenged folkes. I found the solution somewhere.. might even have been from a cpanel techie. Those exim configs can be tricky and I also have trouble following them.

static_route: <- a new route
driver = manualroute <- its a manual route ?
condition = "${perl{checkspam}}" <- do spam checking on this route (leave this line out to just forward WITHOUT scanning)
transport = remote_smtp <- rmote because its being forwarded
route_data = ${lookup{$domain}lsearch{/etc/staticroutes}} <- use your staticroutes file to know where
to forward to


I think a more experienced exim hacker can give a better / fuller explaination.

Regards
Andy

 

[alan-tor]

1. Type the following when logged in via SSH
vi /etc/staticroutes

I don't have a file named "staticroutes" in the etc directory of my client accounts or my reseller account. Is this something that can be enabled by a reseller who doesn't own the server? IOW, I have a reseller plan with WHM/cPanel access that I buy from the host who controls the servers and has the "master" WHM.

2. Add entries in the format:
domainname.com: target.mail.server
E.g forlinux.co.uk: 1.2.3.4

Is "domainname.com" the domain/account for which you want to enable SpamAssassin before forwarding, so you do this for each domain? Or is this the reseller domain? Or the hostname of the server?

Likewise, what is "target.mail.server"?

 

[forlinuxsupport]

hi

just create the file

touch /etc/staticroutes
chmod 0644 /etc/staticroutes

then add entries of the format
domain.co.uk : 213.143.x.xx

Where domain.co.uk is the "domain.co.uk" you receive the emails on
and 213.143.x.x is the ip of the server you want the mails to be forwarded to (e.g. an office server etc)


Andy

 

[alan-tor]

then add entries of the format
domain.co.uk : 213.143.x.xx

Where domain.co.uk is the "domain.co.uk" you receive the emails on
and 213.143.x.x is the ip of the server you want the mails to be forwarded to (e.g. an office server etc)

Sorry, maybe I'm dense. Let's say I have a cPanel account for AlanDomain.com. Mail for [email protected] would therefore first arrive at my cPanel server. I have a cPanel mail forwarder to forward mail for [email protected] to [email protected].

1. So in your model of domain.co.uk : 213.143.x.xx, do I specify:

AlanDomain.com : followed by the IP of Gmail's server?

2. Is there a way to specify the final mail server as domain name rather than IP? Domain name is more usual. IP would require us to do detective work to find the IP of Gmail, Hotmail, or wherever the user was receiving the forwarded mail. Also, IP may change more often than the domain name of the final mail server.

 

[forlinuxsupport]

yes i think thats all right.

try just put this in static routes

AlanDomain.com : gmail.com

ALL mail to AlanDomain.com will be forwarded.. If you only want a single email address forwarded then use email forwarders in the cpanel

I think that will work.. do it then send him an email and tail the logs.. it should be relayed.

you can also check it by doing

exim -bt [email protected]

 

[alan-tor]

try just put this in static routes

AlanDomain.com : gmail.com

ALL mail to AlanDomain.com will be forwarded..

That's not what I want. I don't want all mail for the entire domain forwarded to the same destination. I want individual mail addresses forwarded to different targets, so each user can have his mail forwarded to his ISP mailbox or other external mail account. Mail for [email protected] might forward to [email protected], while mail for [email protected] might forward to [email protected]

If you only want a single email address forwarded then use email forwarders in the cpanel

Sorry, that's what I'm talking about. I am using cPanel mail forwarders, but I would like to have that mail first scanned/filtered by SpamAssassin and cPanel/Exim mail filters before it is forwarded. Is that not possible?

you can also check it by doing

exim -bt [email protected]

Can a reseller, like me, do that?

Is this something that can be enabled by a reseller who doesn't own the server? IOW, I have a reseller plan with WHM/cPanel access that I buy from the host who controls the servers and has the "master" WHM. i don't have access to overall server config or server logs. I just buy a reseller account from the host who owns the servers.