Page 1 of 2

Request Interface for Spam

Posted: Thu Jan 03, 2019 11:16 am
by rj2010ism
Hi is there a way to control the spam and monitor what mail address is sending continues mail?

Iv seen something called rSpamd that looks nice...

Also is there a fail2ban for web-mail clients? say if tried 4times on web client and failed they will be blocked?




regards..

Re: Request Interface for Spam

Posted: Thu Mar 14, 2019 11:15 pm
by dreiggy
Hi,
you may try to replace spamassassin with rspamd. I have writed an article how to do this here.

Re: Request Interface for Spam

Posted: Sun Mar 24, 2019 12:00 pm
by rj2010ism
I tried to follow the steps but don't understand a few parts..

can you please make a video or a manual with pictures..

Also im using CentOs 6.10 i found to much problems with CentOs 7

Thanks...

Re: Request Interface for Spam

Posted: Mon Mar 25, 2019 4:51 pm
by dreiggy
Please clarify what parts are not understandable for you? Where are you stuck?

Re: Request Interface for Spam

Posted: Mon Mar 25, 2019 8:01 pm
by rj2010ism
Iv figured it out and got it to work after some confusing thanks alot!....

It works almost great! nice but it doesn't show:


# what sender is blocked for example user@mail1.com message for user@mail2.com is spam
# cant detect virus signature...


also can rSPAMD be configured to detect internal mail spam before sending it? example say domain1.tld have a user on that domain and the userPC is infected sending out spam can it be blocked if the same message sent multiple times?

also is there a way to block specific domains as spam?



Thanks...

Re: Request Interface for Spam

Posted: Mon Mar 25, 2019 8:22 pm
by dreiggy
rj2010ism wrote:
Mon Mar 25, 2019 8:01 pm
# what sender is blocked for example user@mail1.com message for user@mail2.com is spam
# cant detect virus signature...
At my configuration rspamd only discard high score spam mails. If mail is marked as spam, then rspamd add spam header: X-Spam-Status: Yes
and exim router should route to spamdelivery transport.

You may configure scores in rspamd web-console:
Image

Rspamd and spamassassin they are for spam scanning. For virus signatures, you should enable clamav scan.
rj2010ism wrote:
Mon Mar 25, 2019 8:01 pm
also can rSPAMD be configured to detect internal mail spam before sending it? example say domain1.tld have a user on that domain and the userPC is infected sending out spam can it be blocked if the same message sent multiple times?
It may should be configured in exim ACL section. You can read here about exim integration: https://www.rspamd.com/doc/integration.html

You can replace:

Code: Select all

  warn   !authenticated = *
         hosts          = !+relay_from_hosts
         condition      = ${if < {$message_size}{200K}}
         condition      = ${if eq{$acl_m1}{yes}{yes}{no}}
         spam           = nobody:true
to:

Code: Select all

  # do not scan messages submitted from our own hosts
  # +relay_from_hosts is assumed to be a list of hosts in configuration
  accept hosts = +relay_from_hosts

  # do not scan messages from submission port (or maybe you want to?)
  accept condition = ${if eq{$interface_port}{587}}

  # skip scanning for authenticated users (if desired?)
  accept authenticated = *

  # scan the message with rspamd
  warn spam = nobody:true
rj2010ism wrote:
Mon Mar 25, 2019 8:01 pm
also is there a way to block specific domains as spam?
To block or whitelist specific domains you should add them to these files:

Code: Select all

hostlist whitelist = net-iplsearch;/etc/exim/white-blocks.conf
hostlist spammers = net-iplsearch;/etc/exim/spam-blocks.conf

Re: Request Interface for Spam

Posted: Tue Mar 26, 2019 6:55 pm
by rj2010ism
Dreiggy

is there a way to set the password correctly for rspamd?

at the moment i found a way around..

i edited this:

etc/rspamd/worker-controller.inc

added the line:
secure_ip = "192.168.100.12";

this allows me to login to the webgui without password cause the password i set during rspamadm config wizard doesnt work..

Re: Request Interface for Spam

Posted: Wed Mar 27, 2019 1:17 pm
by dreiggy
rj2010ism wrote:
Tue Mar 26, 2019 6:55 pm
Dreiggy

is there a way to set the password correctly for rspamd?

at the moment i found a way around..

i edited this:

etc/rspamd/worker-controller.inc

added the line:
secure_ip = "192.168.100.12";

this allows me to login to the webgui without password cause the password i set during rspamadm config wizard doesnt work..
Here is described how to set password manually: https://www.rspamd.com/doc/quickstart.html
Find title: Setting the controller password

Re: Request Interface for Spam

Posted: Wed Mar 27, 2019 4:30 pm
by rj2010ism
Thanks..

Re: Request Interface for Spam

Posted: Sun Apr 14, 2019 1:19 pm
by rj2010ism
Iv tried the password steps. didn't work for me.
also iv tried the steps you explained also didn't work.. didn't scan internal mail for possible spam when sending mail..
or maybe i just did it wrong?