Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-29, 11:39:01

Author Topic: spamdyke 5.0 recipient-reject  (Read 6962 times)

0 Members and 1 Guest are viewing this topic.

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
spamdyke 5.0 recipient-reject
« on: 2014-03-05, 03:32:09 »
Mustafa, after the recent posts from Kloxo-DR and researching new functions of spamdyke 5, please compile spamdyke-qrv so we can use recipient-reject as Kloxo-DR has proposed.  After emailing back and forth with Sam, I am told that we have to declare where to find spamdyke-qrv in the conf, as spamdyke will not search for it in PATH.

From spamdyke:
   to use recipient-reject....you'll need to compile and install the spamdyke-qrv
   command as well:
     cd spamdyke-x.y.z/spamdyke-qrv
     ./configure
     make

   Copy the spamdyke-qrv executable to /usr/local/bin:
     su
     cp spamdyke-qrv /usr/local/bin/
     chown root /usr/local/bin/spamdyke-qrv
     chmod u+s /usr/local/bin/spamdyke-qrv

Links:
http://www.spamdyke.org/documentation/INSTALL.txt
http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS

Please investigate, compile, and include in spamdyke repo.  This is VERY important.

Thank you
« Last Edit: 2014-03-05, 03:35:04 by chrisf »
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline MRatWork

  • Administrator
  • The Elite
  • *****
  • Posts: 15,807
  • Karma: +119/-11
  • Gender: Male
    • View Profile
    • MRatWork Forum
Re: spamdyke 5.0 recipient-reject
« Reply #1 on: 2014-03-05, 04:56:43 »
Update your spamdyke to 5.0.0-3.

Note: spamdyke and spamdyke binary exist in /usr/bin instead /usr/local/bin.
..:: MRatWork (Mustafa Ramadhan Projects) ::..
-- Server/Web-integrator - Web Hosting (Kloxo-MR READY!) --

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: spamdyke 5.0 recipient-reject
« Reply #2 on: 2014-03-05, 05:01:31 »
Ok.  Updating now, will test and verify recipient-reject settings and conf needed.
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: spamdyke 5.0 recipient-reject
« Reply #3 on: 2014-03-05, 05:52:44 »
Mustafa, please recompile spamdyke-qrv with vpopmail support.

http://www.spamdyke.org/documentation/README_spamdyke_qrv.html

If vpopmail is in use, spamdyke-qrv should be compiled with vpopmail support, which will allow it to execute two of vpopmail's programs in the final stages of validating an address. These two programs are:

valias: This program looks up an address to determine if it is an alias for a real mailbox (vpopmail uses its own internal system for aliases instead of creating .qmail files). If a recipient address is actually a vpopmail alias, spamdyke-qrv has no way to look it up and may mistakenly reject the address without valias.

vuserinfo: This program returns information about a recipient address; spamdyke-qrv uses it simply to determine if the address exists. Because vpopmail keeps its own list of valid addresses, it is possible for an address to appear valid (e.g. the correct files and directories exist on disk) when it is not.

Before executing either of these programs, spamdyke-qrv will drop its root privileges so they will run as the vpopmail user. However, because this user typically has access to every mailbox on the server, executing extra binaries represents a potential security risk. For this reason, the full path to each program must be given when spamdyke-qrv is compiled -- paths to the vpopmail binaries cannot be supplied on the command line and they will not be found using the PATH. To specify the path to the programs, use the configure script with the VALIAS_PATH and VUSERINFO_PATH options:

./configure --with-vpopmail-support VALIAS_PATH=/path/to/valias VUSERINFO_PATH=/path/to/vuserinfo
« Last Edit: 2014-03-05, 05:55:45 by chrisf »
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: spamdyke 5.0 recipient-reject
« Reply #4 on: 2014-03-05, 06:32:02 »
./configure --with-vpopmail-support VALIAS_PATH=/home/vpopmail/bin/valias VUSERINFO_PATH=/home/vpopmail/bin/vuserinfo

;)
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: spamdyke 5.0 recipient-reject
« Reply #5 on: 2014-03-05, 07:22:59 »
Hi Chris,

To everyone, please read my post of Reply #41 on: March 04, 2014, 07:32:19 PM here:

http://forum.mratwork.com/kloxo-mr-development/%28qmail%29-recipient-verification-to-avoid-spamming/30/

Mustafa, after the recent posts from Kloxo-DR and researching new functions of spamdyke 5, please compile spamdyke-qrv so we can use recipient-reject as Kloxo-DR has proposed.  After emailing back and forth with Sam, I am told that we have to declare where to find spamdyke-qrv in the conf, as spamdyke will not search for it in PATH.
Please investigate, compile, and include in spamdyke repo.  This is VERY important.

Chris, I pleased to find that you carefully read and followed my posts. Keep it up to maintain your commitment and spirit to opensource community. Your research is correct and accurate. However, I want to extend your investigation, which you missed to understand earlier.

While Spamdyke 4.3.1 was not able to work with Qmail's CHKUSER patch for Reject-Non-Existant-Recipient, it would be Qmail to generate and send an undelivered email. This did not work, when Spamdyke would need to handle multiple connections FROM THE SAME IP ADDRESS.

The first connection FROM THE SAME IP ADDRESS will make Spamdyke busy and it begins to identify recipie from the spamdyke.conf. All subsequent multiple connections IN THE SAME SECOND and FROM THE SAME IP ADDRESS shall be allowed to pass through.

This is a flaw of spamdyke 4.xx.xx to have Qmail check rcphosts file only. Thereafter, Qmailtoaster is left in  state "as if Spamdyke or firewall is just not there". The, netmail-1.05 of 2004 with the Qmailtoaster shall not give a proper "bounce" configuration from the CHKUSER patch.

You have tested and found that there was no bounce function activated in Qmailtoaster. Catchall was activated.

spamdyke-qrv is an add-on in version 5.0.0 that brough me to the idea, that certain parameters in Qmailtoaster with spamdyke 4.3.1 and CHKUSER patch should be activated before compiling the Qmailtoaster. Because they remained deactivated, there was no bounce function activated.

I described this problem. It was due to this, the spammer was able to make multiple connections and passby Spamdyke 4.3.1 to attack the Qmailtoaster. You told me that "that's the reason why we have Spamdyke!" and the bounce function is there.

Spamdyke 5.0.0 shall not allow multiple connections from the same ip address as well as it will check the recipient before on a PER DOMAIN basis, if necessary.

The only difference in my trouble tracing of Qmailtoaster with Spamdyke version 4.3 and 5.0 was the Qmailtoaster. If Spamdyke 5.0 has exactly the function to stop spamming AND DID NOT WORK with Qmailtoaster, then it was not properly compiled earlier with Spamdyke 4.3.1. This explains why the "bounce" did not work earlier. Understand?

Whether Mustafa or you coud reproduce the problem or not, Mustafa must recompile Qmailtoaster again. This is what I said, and shall say this further.
« Last Edit: 2014-03-05, 07:26:15 by Kloxo-DR »

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: spamdyke 5.0 recipient-reject
« Reply #6 on: 2014-03-05, 07:31:28 »
Hi Mustafa,
./configure --with-vpopmail-support VALIAS_PATH=/home/vpopmail/bin/valias VUSERINFO_PATH=/home/vpopmail/bin/vuserinfo

Again, I draw your attention to my message of Reply #17 on: February 25, 2014, 02:56:04
http://forum.mratwork.com/kloxo-mr-development/(qmail)-recipient-verification-to-avoid-spamming/30/

I have already mentioned that I tried to configure followng in tcp.smtp with paratemers and CHKUSER_VPOPMAIL _MUST_ be activated in specs before compiling:
Quote
CHKUSER_ALWAYS_ON, CHKUSER_VPOPMAIL, CHKUSER_DOMAIN_WANTED, CHKUSER_ENABLE_USERS,
CHKUSER_ENABLE_LOGGING, CHKUSER_LOG_VALID_RCPT, CHKUSER_LOG_VALID_SENDER,
CHKUSER_RCPT_DELAY_ANYERROR, CHKUSER_ERROR_DELAY_INCREASE, CHKUSER_RCPTLIMIT="5", CHKUSER_WRONGRCPTLIMIT="5"
Mustafa says that this could be done in tcp.smtp rules and I do not know things. I felt like an idiot.

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: spamdyke 5.0 recipient-reject
« Reply #7 on: 2014-03-05, 07:51:27 »
@Kloxo-DR, please refrain from hijacking posts.  We have read your posts, and 'I' am trying to offer a solution for you.  Spamdyke 5 will handle your problem without qmt (qmail toaster) recompile.  By using vpopmail in spamdyke-qrv we will always have correct valid/invalid, even if qmail chkuser fails.

I have understood.  I am investigating this issue for YOUR problems.  Please await my findings after Mustafa recompiles spamdyke-qrv for vpopmail support.  This is what THIS thread is about.

Furthermore, I use CSF to watch my mail ports.  If a single IP connects more than 10 times in 1 second it is temporarily  blocked for one hour.  After 3 blocks in a 24 hour period, the block is permanent.  Flooding is futile.

Mustafa, please recompile spamdyke-qrv with vpopmail support as requested above.

Thank you
« Last Edit: 2014-03-05, 08:04:06 by chrisf »
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: spamdyke 5.0 recipient-reject
« Reply #8 on: 2014-03-05, 10:48:48 »
Hello Chris,
@Kloxo-DR, please refrain from hijacking posts.Spamdyke 5 will handle your problem without qmt (qmail toaster) recompile.
Are we in a nursery that you need to bark at me to not to hijack your posts? What does this mean:

"However, I want to extend your investigation, which you missed to understand earlier."

You did not understand certain aspect of the issue. Only now you do more than any othere here, and do find it necessary.

Mustafa need not recompile for only me, but for the community.

Participating in a thread in some manner means an active participation to an issue. Doing that one also gets notification and could participate further. There is nothing like Hijacking and nothing like ownership.

What you posted here could also have been posted in my thread and support my request. Instead, the show cannot come down to the matter raised by you needs better attention now than by myself before.

No real reason to boss around. We are all users and could support in any other form actively or passively. If it was not my extraordinary hard efforts, you, and all others would not have known about the issue discussed. So, stop barking at anyone on hijacking of threads.

Offline zenkul

  • Global Moderator
  • Master
  • *****
  • Posts: 383
  • Karma: +3/-0
    • View Profile
    • home & decor
Re: spamdyke 5.0 recipient-reject
« Reply #9 on: 2014-03-05, 22:38:08 »
i get the point

Kloxo-DR  :
-------------------------------------------------------
.. If Spamdyke 5.0 has exactly the function to stop spamming AND DID NOT WORK with Qmailtoaster. .... Mustafa must recompile Qmailtoaster.
-------------------------------------------------------


chrisf :
-----------------------------------------------------------------
.. Spamdyke 5 will handle .... problem without qmt (qmail toaster) recompile ...
-----------------------------------------------------------------


please be straight to the topic and let see @Crisf proofing his hypothesis
easy, secure and speed up web panel ===> Kloxo-MR

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: spamdyke 5.0 recipient-reject
« Reply #10 on: 2014-03-06, 04:51:30 »
I am working very hard to figure out spamdyke, tls ssl,  and qrv recipient rejection.  I have found some trouble in a few areas, will start a new thread and hopefully bring better security to our mail servers.

As of right now, ANY tls / ssl connection to our server bypasses spamdyke.  I have a fix.

Second, Mustafa compiled spamdyke-qrv with vpopmail support, which bypasses the chkuser problems.  I have been able to get spamdyke-qrv to work properly on the command line, exiting with correct values for valid/invalid email.  When enabled in spamdyke, it has a problem with vpopmail exiting.  I am working on a solution and emailed samc (spamdyke Creator).

Need more time.

Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline chrisf

  • Senior Master
  • **
  • Posts: 883
  • Karma: +11/-1
  • Gender: Male
  • Be the change that you wish to see in the world.
    • View Profile
    • Conviction's Hosting
Re: spamdyke 5.0 recipient-reject
« Reply #11 on: 2014-03-06, 18:37:10 »
I have a reject-recipient spamdyke 5.0 working properly.  There are changes needed in 3 supervise/run files, spamdyke.conf, and a few other things.  I am going to message the run file changes to Mustafa to be added to the repo, without them, spamdyke is useless.

I am tired, need sleep.  Will post all later ;)

Here are my logs.  Remember exit code for recipient , valid is 1, invalid is 2.

Maillog Valid:
Mar  6 11:49:46 cc-server spamdyke[1754]: DEBUG(exec_command_argv()@exec.c:480): executing command: /usr/bin/spamdyke-qrv
Mar  6 11:49:46 cc-server spamdyke[1754]: DEBUG(exec_command_argv()@exec.c:661): command exited with code 1: /usr/bin/spamdyke-qrv

Mail was delivered successfully, then tried fake account 'test'

Maillog invalid recipient:
Mar  6 11:17:11 cc-server spamdyke[25607]: DEBUG(exec_command_argv()@exec.c:480): executing command: /usr/bin/spamdyke-qrv
Mar  6 11:17:11 cc-server spamdyke[25607]: DEBUG(exec_command_argv()@exec.c:661): command exited with code 2: /usr/bin/spamdyke-qrv
Mar  6 11:17:11 cc-server spamdyke[25607]: DEBUG(filter_recipient_valid_inner()@filter.c:3030): output from validation command (0 bytes): /usr/bin/spamdyke-qrv [removed].com test#012(null)
Mar  6 11:17:11 cc-server spamdyke[25607]: FILTER_INVALID_RECIPIENT recipient: test@[removed].com
Mar  6 11:17:11 cc-server spamdyke[25607]: DENIED_INVALID_RECIPIENT from: [removed]@gmail.com to: test@[removed].com origin_ip: 209.85.214.169 origin_rdns: mail-ob0-f169.google.com auth: (unknown) encryption: TLS reason: (empty)

Bounce message from Gmail:
Delivery to the following recipient failed permanently:     test@[removed].com

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain
[removed].com by mail.[removed].com. [IP removed].

The error that the other server returned was: 554 Refused. The recipient address does not exist.

So, it works and well.  Will post all my findings later, with all changes necessary.
« Last Edit: 2014-03-06, 18:53:18 by chrisf »
Christopher

Knowledge in: PHP, Perl, MySQL, Javascript, Actionscript, FLASH, HTML, CSS
Server Administrator / Developer: https://convictionshosting.com

Offline Kloxo-DR

  • Senior Member
  • *
  • Posts: 239
  • Karma: +3/-9
    • View Profile
Re: spamdyke 5.0 recipient-reject
« Reply #12 on: 2014-03-07, 07:06:11 »
Hi Chris,

If you achieved "554 Refused", then thats a fantastic news!

Without your solution, which is not yet populated in the repo, I have an observation to inform you.

I made an update of spamdyke from the repo, which is 5.0.0-3 (32bits). I think this included the path as you suggested, or some other changes. Since then, the combination of Spamdyke and connection tracking in csf has improved. Earlier, csf connection tracking did not worked properly, although the values were OK.

Without any changes in csf config (keeping Qmailtoaster + csf the same), now csf is able to detect connection tracking @ Port 25 BECAUSE OF THE RECENT UPDATE OF SPAMDYKE.

On the contrary, the Process checking has shown a change effecting qmaild to run longer. Here, I think this may not have anything to do with bugs or general problem, as this may be local. I use some servers for checking of RBL and they may bring down the qmaild to run longer.

Remember, I had mentioned that Spamdyke checked only one connection, out of 10 or more, earlier. The earlier configuration has some drawback with an impact of connection tracking in csf too. Although I have not observed if this has changed, I do think that this will be different.  I shall report here, should this not be the case.

 


MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix
Click Here

Page created in 0.032 seconds with 19 queries.

web stats analysis