1 (edited by OviVan 2011-09-04 17:54:45)

Topic: problem with black list

Hello,

have just noticed that black list is not blocking all the domains in the list.
In my case I added this domain to the block list because of the mass spam that
are not being filtered out.

I added this domain to the block list as: @w.cn and w.cn

not sure how to check which iRedmail ver I am using ?
I only know that I am using iRedAdmin-Pro-MySQL ver 1.3.0

not sure if the problem could be the domain characters which means that domain name
must have minimum 3 or more characters to be processed ?

Thank You

2

Re: problem with black list

How did you add blacklist? with iRedAdmin-Pro-MySQL or iRedAdmin-Pro-LDAP? Add in which page?

3 (edited by OviVan 2011-09-04 17:55:32)

Re: problem with black list

Hello Zhang,

thank you for reply. I added it with iRedAdmin-Pro-MySQL and I did it as described below:

1. Logged on to iRedAdmin panel
2. clicked on the link "ADD" than "BLACKLIST"
3. than in the form field named "Black Lists Records" I added the domain as follows:

    @w.cn and than I clicked on to "ADD", after that I typed the domain name only as follows:
    w.cn and again I clicked on to "ADD"...

But still I am receiving a spam email from this domain even if it`s in the Block List...

PS: and I corrected my first post where I replaced the iRedMail with iRedAdmin-Pro-MySQL ...
with specified version... Sorry my mistake...

4

Re: problem with black list

Do you have blacklisting enabled in Policyd?
You should have this setting in /etc/policyd.conf (RHEL/CentOS/openSUSE) or /etc/postfix-policyd.conf (Debian/Ubuntu) or /usr/local/etc/policyd.conf (FreeBSD):

BLACKLISTING=1
BLACKLISTDNSNAME=1
BLACKLIST_NETBLOCK=0

5

Re: problem with black list

This is what I found in my conf file:

BLACKLISTING=1
BLACKLISTDNSNAME=0
BLACKLIST_NETBLOCK=0

I changed it to:

BLACKLISTING=1
BLACKLISTDNSNAME=1
BLACKLIST_NETBLOCK=0

is it corect now ?

6

Re: problem with black list

now 10 min ago since I changed the policy as in my last post, I received again
an email from the domain which is in the blocked list:

@w.cn
w.cn

I cannot understand it.....

7

Re: problem with black list

Do you have below setting in policyd.conf?

BLACKLISTSENDER=1

My mistake that didn't mention this in previous reply. Sorry.

8

Re: problem with black list

no problems at all ...
yes I have it and it`s configured as you mentioned:

BLACKLISTSENDER=1

9

Re: problem with black list

Could you please show me output of command "postconf -n"?

10

Re: problem with black list

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = mydomain.co
myhostname = mail.mydomain.co
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = mail.mydomain.co
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.5.9/README_FILES
recipient_bcc_maps = proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:mysql:/etc/postfix/mysql/relay_domains.cf
relayhost = mail.broadpark.no
sample_directory = /usr/share/doc/postfix-2.5.9/samples
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_domain.cf, proxy:mysql:/etc/postfix/mysql/sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:mysql:/etc/postfix/mysql/transport_maps_user.cf, proxy:mysql:/etc/postfix/mysql/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql/virtual_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_maps.cf, proxy:mysql:/etc/postfix/mysql/catchall_maps.cf, proxy:mysql:/etc/postfix/mysql/domain_alias_catchall_maps.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf
virtual_minimum_uid = 500
virtual_transport = dovecot
virtual_uid_maps = static:500

11

Re: problem with black list

any progress on this ?

12

Re: problem with black list

any progress on this ?

13

Re: problem with black list

As shown in "postconf -n", you have below settings which means you have Policyd enabled:

smtpd_recipient_restrictions = ..., check_policy_service inet:127.0.0.1:10031

In Policyd (/etc/policyd.conf), you have below settings which means you have blacklisting enabled:

BLACKLISTING=1
BLACKLISTSENDER=1

I have no idea why it doesn't work for you.

- May i know which domain name you want to block? The real email domain name is 'w.cn' or it's just an example domain name?
- Does emails sent from "@w.cn" come from external network or your internet?
- Did you create a sample email domain "w.cn" and account with iRedAdmin-Pro, then sent email with your iRedMail to test whether or not it will be blocked? If so, it won't be blocked, because Postfix will bypass all mails sent by SASL authenticated account, it won't go through Policyd (blacklisting) at all.

14 (edited by OviVan 2011-09-07 20:45:37)

Re: problem with black list

I will check the email source...
but the domain name w.cn is coming from external network somewhere out there on the internet....
and it seems to be a working domain name, see below:

>ping w.cn

Pinging w.cn [122.225.105.10] with 32 bytes of data:
Reply from 122.225.105.10: bytes=32 time=443ms TTL=48
Reply from 122.225.105.10: bytes=32 time=428ms TTL=49
Reply from 122.225.105.10: bytes=32 time=442ms TTL=48
Reply from 122.225.105.10: bytes=32 time=425ms TTL=49

15

Re: problem with black list

the w.cn is a real domain name ... and there is several mail addresses on this domain, so I will block whole domain
as follows:

@w.cn
w.cn

that`s it.....

16

Re: problem with black list

how can I check which iRedMail ver I am using ?
I know that I have: iRedAdmin-Pro     v1.3.0 (MySQL)

17

Re: problem with black list

OviVan wrote:

how can I check which iRedMail ver I am using ?

You can find iRedMail version number in many config files, e.g. /etc/postfix/mysql/*.cf.

About block with DNS name, i'm afraid that it won't work for "w.cn", because it's forward and reverse DNS name doesn't match, so it won't work in Policyd.

About block with sender address, '@w.cn' should work with your current Policyd setting, but still no idea why it doesn't.

Another way to block it is Postfix setting "header_checks". For example, in /etc/postfix/main.cf:

header_checks = pcre:/etc/postfix/header_checks.pcre

Content of /etc/postfix/header_checks.pcre:

/^From:.*@w.cn/ DISCARD Discard mail from @w.cn.

Reference: http://www.postfix.org/header_checks.5.html

18 (edited by OviVan 2011-09-08 21:37:38)

Re: problem with black list

I fixed it the hard way this time, created the access list in the Cisco firewall and blocked whole subnet 122.225.105.x
now they can try again smile there was no emails since I blocked them and the access-lists counter shows over 5 matches...

so just forget about this ....

I have tested the block-list blocked my hotmail account and the block list is working...

BUT however, there is some users who receives a lot of spam emails, so is it possible to do something about that ?
I think that most of users would like to have self-learned spam system if it`s possible to implement...

But I also remember that you told us once that you are not planning to implement it, in case that what is the real reason behind it ?

Thank You for helping

19

Re: problem with black list

PS: about to find out the iRedMail ver, I could not locate any file in that folder that shows the iRedMail ver or I am blind ?

this is the file list I see in the : /etc/postfix/mysql/

catchall_maps.cf               sender_bcc_maps_user.cf
domain_alias_catchall_maps.cf  sender_login_maps.cf
domain_alias_maps.cf           transport_maps_domain.cf
recipient_bcc_maps_domain.cf   transport_maps_user.cf
recipient_bcc_maps_user.cf     virtual_alias_maps.cf
relay_domains.cf               virtual_mailbox_domains.cf
sender_bcc_maps_domain.cf      virtual_mailbox_maps.cf

20

Re: problem with black list

OviVan wrote:

BUT however, there is some users who receives a lot of spam emails, so is it possible to do something about that ?
I think that most of users would like to have self-learned spam system if it`s possible to implement...

Will consider achieving auto-learning in SpamAssassin. But it will take some more system resource.

21

Re: problem with black list

glad to know that, don`t worry about the system resource it`s worth it !! as I hate the spam !!!!!
just a suggestion, you can add auto-learn in the new version but make it possible to "disable" for those who don`t have the system resource to run it ....... sounds fair enough......

22

Re: problem with black list

OviVan wrote:

glad to know that, don`t worry about the system resource it`s worth it !! as I hate the spam !!!!!
just a suggestion, you can add auto-learn in the new version but make it possible to "disable" for those who don`t have the system resource to run it ....... sounds fair enough......

Agreed. Will post update in forum about auto-learning.

23

Re: problem with black list

thank you very much !

24

Re: problem with black list

ZhangHuangbin wrote:

Do you have blacklisting enabled in Policyd?
You should have this setting in /etc/policyd.conf (RHEL/CentOS/openSUSE) or /etc/postfix-policyd.conf (Debian/Ubuntu) or /usr/local/etc/policyd.conf (FreeBSD):

BLACKLISTING=1
BLACKLISTDNSNAME=1
BLACKLIST_NETBLOCK=0

Hi.
I have iRedMail (v.8.3) iRedAdmin-Pro-LDAP (v.1.8.1) on ubuntu 12.04LTS
I read this post but can't find file /etc/postfix-policyd.conf sad
Did find anywhere:
"find / -name "postfix-policyd.conf"
"find / -name "policyd.conf"
no result.
How do I enable  blacklist?

25

Re: problem with black list

Hi Hoper,

Ubuntu 12.04 (and later releases) doesn't have Policyd-1.8 package, it provides Cluebringer (a.k.a. Policyd v2) instead.
Unfortunately, iRedAdmin-Pro doesn't support Cluebringer yet, but you can manage white-/blacklist with its own web ui. It's httpS://[your_server]/cluebringer/ by default.