A new howto has been added to my site:
http://www.helpmehost.com

I have copied it here for convienience.

***Disclaimers follow***

The following information was tested on my ensim box. Use at your own risk. I take no responsibility if you break something.


1. Backup your existing sendmail.cf file
cp /etc/sendmail.cf /etc/sendmail.cf.old
2. Go to your Ensim mail configuration directory
cd /usr/lib/opcenter/sendmail/install/
3. Backup your existing sendmail.mc file
cp sendmail.mc sendmail.mc.working
4. Edit the sendmail.mc file with Pico.
pico sendmail.mc
5. Add the following lines at the end of the features section. Make sure none of the files wrap to the next line.
FEATURE(`dnsbl', `relays.ordb.org', `Rejected - see http://ordb.org/')dnl
FEATURE(dnsbl, `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?" $&{client_addr}')dnl
6. Rebuild the sendmail.cf file
m4 sendmail.mc > /etc/sendmail.cf
7. Restart sendmail
/etc/init.d/sendmail restart

I wish I read this before I did mine... I did not backup my sendmail.cf or sendmail.mc files when I did this and now I cannot get my system to work

I even rpm -ihv --force sendmail back on the system to get the old sendmail.cf and sendmail.mc files but that still did not work... fun is.

I am glad you got this working though.

i would be willing to bet that your .mc file has a line-wrap in it. Open up your SSH/telnet client full screen. pico the .mc file and verify that none of the lines have wrapped. If you are unsure, you can email it to me and I will look over it for you. I had this happen to me atleast 2 times without realizing it and it WILL NOT WORK if you do.

I actually found someone else that had the same kind of problem I did (and you even went over it without me knowing) I was trying to use /etc/mail/sendmail.mc instead of /usr/lib/opcenter/sendmail/install/

I believe I have it working now... rebooting the server to make sure it will keep working

Well what I did actually was an rpm -ihv --force sendmail (putting the cf file along with other things back) and when I did that I noticed that it saved sendmail.rmpsave in /init.d for some reason.

Everytime I restart my server the mail keeps looping and I never get it but if I do the sendmail_app_init restart then it works. I noticed that it actually (instead of a symbolic link) put a sendmail program in there. I just removed the program and made the symbolic link and now everything is back to normal and I even watched the maillog reject some mail so I know everything is working

I tried the above, following all the instructions and backing up the files. There are no line wraps in my edited sendmail.mc file, but sendmail will not restart. I replaced the files with the originals I saved, but still sendmail will not restart. I get this message:

Shutting down sendmail: [FAILED]
Starting sendmail: 554 5.0.0 No local mailer defined
554 5.0.0 QueueDirectory (Q) option must be set
[FAILED]

Any suggestions would be greatly apprectated.

Thanks,
mk


Addendum:

My problem was the line:

m4 sendmail.mc > /etc/sendmail.cf

It needed to be

m4 /usr/lib/opcenter/sendmail/install/sendmail.mc > /etc/sendmail.cf

All now works fine.

I seem to be having a similar problem, but I am stumped as to what to do. I made the modifications described above, but am no longer able to receive mail. I can send it fine however. Can you explain further what you did, or how I can fix this?

Thanks,
mk

I use 4 different ones for spam blocking:

When editing in pico where the line may go over the edge of the screen, use:
pico -w
instead of:
pico
The -w turns off line wrapping.

Since half of RS's IP addresses are listed by at least relays.osirusoft.com I'd probably suggest not using that.

Have you checked recently? I think between RS's new policy and RS taking actions against spam, I think most of the blocking issues have been resolved.

I know a couple of my IP addresses are still in it, checked today! Old entries from even before RS got the netblock it seems.

I applaud RS' newfound agressive stance against spam, but it is not somthing that is going to change everything overnight. Those who manage these lists are not responsible to anyone. A wrong tone of voice and they'll simply hang up on you.

I added all of these lines --

FEATURE(`dnsbl', `relays.ordb.org', `Rejected - SPAM - Complain To http://www.ordb.org/')dnl
FEATURE(`dnsbl', `relays.osirusoft.com', `Rejected - SPAM - Complain To http://relays.osirusoft.com/')dnl
FEATURE(`dnsbl', `dev.null.dk', `Rejected - SPAM - Complain To http://www.null.dk/')dnl
FEATURE(dnsbl, `bl.spamcop.net', `"Spam blocked see: http://spamcop.net/bl.shtml?" $&{client_addr}')dnl

to my sendmail.mc, restarted, but my users have seen no decrease in the amount of spam. Is there some way for me to test if I have this working correctly?

Thanks,
mk

You have to use M4 to build the mc file into a cf file....

I did that, I just didn't put it into my post.

Any other suggestions?

Thanks,
mk

I think you'd be better off blocking servers that use these lists.

These people get a hair up there ass and block entire blocks of ip's playing god with their list power. Against the innocent that don't send spam! I would never use something like this.

Just my opinion, I hate spam as much as the next person, but don't like the way these list are managed and operated. They are totally unjustified in some of their ways. You try to reason with them and they laugh @ you and insult you.

I've never been listed with them, but I've seen some of the threads where innocent domains request to be unlisted, not a pretty site.

I agree with ebay_nut and Madsere, it might be unwise to use lists compiled by people who are accountable to no-one. Furthermore what right do I, as server administrator, have, to say what mail my clients will receive and what mail they will not. If this was implementable on a client by client basis and the client asked me to install it - OK. But it's not, it affects all my clients whether they want it or not.

I installed this feature weeks ago and have taken it off today. To uninstall simply delete the lines you added and recompile and restart.

Sometimes getting too fancy can be a bad thing.

You can manually skim through your new .cf file and find the lines for spamcop, ordb, and such... If they are in there (and you restarted sendmail) then all is well. If not, you did something wrong.

I know I will regret posting to this thread but I can not let these statements go unanswered because they are just totally, completely wrong.

Without organized anti-spam groups the net would have backed up and exploded long ago. Don't you understand that these are the only people who are doing something about spammers? The government does not care, the ISP's do not care, nobody else does anything at all to stem the flow of this garbage and that is not going to change in the near future.

Yes, the anti-spammers are mean people, they are supposed to be and I can't blame them. They fight an endless battle dealing with uncooperative ISPs and spammers who have no respect for laws or ethics or rules. As soon as they shut one down he goes somewhere else and uses exploited relays by the hundreds faster than they can notify clueless admins who enable spammers by having open relays to begin with.

They don't block entire ranges just to be mean and flaunt power, they do so because that is the only way ISPs and hosts will take action against the spammers. Blocking one IP does no good what-so-ever, they are forced to block entire ranges when their warnings go unanswered because the ISP or host is either clueless or don't care.

When an ISP or host is blocked, they are forced to take action against spammers only because their legitimate customers leave. That is the only way to get spammers removed from most systems. Don't blame the anti-spam groups, blame the unresponsive ISPs and hosts who cause these problems for themselves.

Thankfully, RS is doing the right thing, only a zero tolerance policy will keep our ranges here off RBL lists and once these guys see this policy in action, they will work with RS to identify spammers and keep the network we use clean.

Anyone using a blocked ISP or host is part of the problem because they are supporting someone who supports and condones spamming. The fact that spammers now have to use exploited open relays, hacked form mail scripts and servers in China is evidence that the anti-spam efforts are semi-effective.

There is an effort underway to cut off all of China and Korea from the rest of the world because of the spew coming out of those countries. That is what it takes, you can't reason with spammers or the people they pay to provide them with bandwidth, you can only force them into submission.

Rick

That's exactly what I'm referring to! Now it's countries / continents?

You are entitled to your opinion, yet so am I.

Fighting spam is a great thing, until innocent people are affected in the effort!

If that is what it takes I am all for it. We get well over a hundred spam mails per day, 99% of it is trapped by spamcop but the vast majority of this spew is sent from mailservers or have sites hosted by spam supporters in those counties.

They have the right to use the net like everyone else but they do not have the right to spam me or clog up the Internet in general with their garbage.

If anyone is flaunting power it is them. They think that because they are outside of our borders that they are untouchable but they will soon find this is not the case. When their teachers, doctors and politicians can no longer send email to the free world, they will take a different attitude and begin to eliminate their servers as the cause of this problem. Eventually, spammers will have no place to hide and that is the intended result.

40% of all email traffic is spam, do you realize how many terabytes of data that amounts to and how it slows down the entire Internet mail system? You and I pay for that bandwidth every day and our access is slowed down because of it. That is not to mention all the frustration cause for billions of users who do not want garbage in their mailbox.

Yes, you certainly are entitled to your opinion but thankfully you are in the minority. The fight against spam will continue and it will only become more rabid until this problem no longer exists.

Rick

I won't be cutting off China and Korea from my box!

I hear New york has a high crime rate, maybe we should ship all New Yorkers off to prison... just to make sure we get all the crims, ya know. Stopping spam needs to be undertaken care of by individuals. For those of you that haven't installed Sanitizer, it has a wonderful function that kills webbugs, I've noticed a marked decrease in HTML spam since using it. Spammers like to send to real addresses, emails that dissapear into black holes also disappear of lists. AND it can be setup on an account by account basis, AND it doesn't destroy emails thus affecting the innocent.

True something needs to be done about spam, but spam listers are not the answer. Thank god people that use them are in the minority.

I think if I was with a host that cut me off from receiving email from half the world, I would move to a new host. Also, I never said I was against fighting spam. I clearly stated "I hate spam just as much as the next person". What I don't agree with is the way they are trying to fight it! And I'm glad the "majority" of the servers don't use these lists. So us minority innocent emailers can get there non-spam email through to it's destinations.

The people that control these lists are truly unprofessional, rude and arrogant.

Has anyone tried this?

http://opensource.confusticate.com/rbl-milter/

I found it minutes ago, and it seems to be the ideal solution: instead of letting sendmail block mail that comes from a blacklisted IP, it lets that IP send the mail but it adds a tag to the email, so that you can filter it with your mail reader.

PLEASE, PLEASE don't make general accusations about spam blocking lists, many, many of the lists, the ones that work on a open relay basis, have completely automated systems that only block single IPs, and can be easily removed once the open relay is closed. ORDB.org is a example of one of those, they only block individual IPs, and as long as your system is configured properly, you will NEVER be blocked by them, and if you ever were due to a misconfiguration, you could get yourself off completely automatically in a few hours. Only some of the stricter ones have the bad reputation, but don't make the assumption that because you have heard bad things about one that they are all that way, to believe so is simply ignorant of the way that the sites work (as always, there are choices as to who uses what).

Meballard, this is exactly what I was referring to with my first post: "Since half of RS's IP addresses are listed by at least relays.osirusoft.com I'd probably suggest not using that.".

I use ordb.org and null.dk as they seem relatively responsible lists.

For an inconsequential, irresponsible list just look at the FAQ at http://relays.osirusoft.com/faq.html

I previously mentioned in a post that it was probably not ethical/moral to block mail intended for a third party, without that third parties permission. Having thought about it, I've come to the conclusion that it probably is not legal either. I know there is no law in this regard, but the laws pertaining to physical mail would probably set a precedence in any case before the courts. In Australia it is a criminal offence to block delivery of someone's postal mail, it is probably a federal offence in the USA too. I imagine that if someone brought a court case against a system administrator for blocking their email without permission, they would win.

I have some basis for saying this, having studied tax law, contracts law and business law at the degree level. I think that any sysadmin that collects email on their server for a third party should think very carefully before implementing this system. If you must implement this system make sure you give yourself some protection by stating in your AUP and TOS that email will be blocked according to lists provided by xyz.com and abc.com. You may lose customers but you may be able to head off a law suite before it costs you money.

Of course the best solution is to get professional legal advice before implementing this. If it is illegal to implement this, RS may turn your server off. To be honest, it just ain't worth the risk. Would welcome comments from any practicing attorneys out there.

PS. I don't support spam, but I do believe there is a right way to do things and a wrong way. In my opinion this isn't the right way.

Just a couple of thoughts when it comes to the legal factor, for one thing, email on a particular server is provided by the server owner, not as a public service, but as a service to themselves and/or their customers, and I don't believe it's illegal to block things in private situations, does UPS or FedEx have to accept every package that someone wants to send through them?

Also, if a lawsuit were to come up over it, I would be surprised if it hasn't already, being that many large ISPs, including for example EarthLink, and I believe Hotmail and AOL, block email based on open relays (I found out because that happened at the company I work at after someone changed the configuration of the server), and it actually took longer to get off the EarthLink list (which I believe is maintained internally), than it did the ordb.org list.

I have seen a multitude of spammers insist they they are going to sue anti-spam ISPs and anti-spam organizations out of business over the years in the Spamcop newsgroups. I have yet to hear about a single case actually brought to court, much less won.

The latest one that has provided an endless amount of humor is quoted below...

Subject: HUMOR: Fw: Now it's your turn!
Date: Fri, 24 May 2002 15:00:53 +0800
From: Suresh Ramasubramanian
Newsgroups: news.admin.net-abuse.email

----- Forwarded message from tommy@removeyou.org -----

From: tommy@removeyou.org
Date: 15 May 2002 18:52:43 -0000
To: postmaster@outblaze.com
Subject: Now it's your turn!
X-Mailer: MIME-tools 5.411 (Entity 5.404)

IP Address :: 64.200.56.124
Date Entered :: 2002-04-18
Reject Reason :: Osirusoft Spamsource


Hello,
I have just authorized my law firm to file suite against your company.
You
should know that we are about to take Spamcop off-line perminately and
now we
are comming after you. We certainly hope that you have adiquate defense
funding because you are about to be hauled into Federal court by a
multi-million dollar corporation. Removeyou.org does not settle or make
deals.
Thanks,
Tommy Brock
President
Removeyou.org
tommy@removeyou.org


Even funnier is this little tidbit from a resourceful web author who happens to live in the area this spammer operates from...

http://www.ste-marie.net/brock.html

Rick

Very good point freddo!

Legal or Not! It just makes good sense! I'd be the first to complain to the host that filtered my mail without me requesting it.

Fine, if a user wants some sort of filter in place, I'll go out of my way to install it for that "individual".

I could see a TOS now for a system that uses "ALL" the available spam list filters.

SPAMFREE HOSTING Terms Of Service Email Policy / Agreement:

Our System checks every incoming message and decides whether you should receive it or not (sorry you have no choice in this matter), based on the following criteria!

We check the IP it originated from (or in many cases the IP Block) and if it is listed with our spam filters, your email is promptly deleted.
The Country of origin (We sincerely hope you have no friends or business relations in China or Korea, as mail from these countries will be deleted immediately, we could care less what system it’s from, or how important this email was to you).
Any hostname / system that has ever sent spam (or maybe sent spam, or was on the same provider as another system who sent spam) emails will also be deleted.
You have no choice in this matter!
If you agree to the above click here to “sign up for a hosting package now"

I guess i was specifically thinking about clients sueing sysadmins (hosting business) for "loss of business" if they fail to receive an important email. You seem to think this software ONLY filters spam, no, it filters all email from an IP (or block). Thus important business email could be deleted from a business person who unwittingly has formmail installed.

I agree with Meballard that private systems can decide what they will carry and what they will not. But I'd like to point out their contract stiplulates exactly what they will carry and what they will not. My point about including your email blocking practices in your TOS and AUP is important. FEDEX does NOT decide what it won't handle on an ad hoc basis, they clearly stipulate what they will not deliver. If you are doing hosting and blocking emails you should clearly stiplulate this, to protect yourself.

Spamcop's front page:

This blocking list is somewhat experimental and should not be used in a production environment where legitimate email must be delivered. It is growing more stable and is used by many large sites now. However SpamCop is agressive and often errs on the side of blocking mail - users should be warned and given information about how their mail is filtered. Ideally they should have a choice of filtering options. Many mailservers can operate with blacklists in a "tag only" mode, which is preferable in many situations

We don't filter server wide mail through any blocking lists, instead, we tell clients to use spamcop if they want protection from spam. It holds flagged mail for release, whitelisting or reporting rather than just refusing it.

We do block most of China and Korea from the entire server via firewall rules but it is not because of spam, it is because of the 200-300 port scans a day we were seeing from those countries.

All clients on the box were consulted about this policy before we implemented it and none had any concerns or opposition to it. They, like us, could care less about anyone from those countries having access to their sites or email.

You do know that the average citizen in China has no access to the Internet don't you? Did you know that they were number 4 on the "Top 20 enemies of the Internet" list?

http://www.rferl.org/nca/special/enemies.html

Did you know that hacking from China directed at US computers has been so bad that it has prompted an official gov warning? "China, which is reportedly considering developing a fourth branch of its People's Liberation Army devoted solely cyberwarfare..."

http://www.tecsoc.org/natsec/focuscyberwar.htm

If you want to let those people hit your box with port scans and exploit attempts all day long, that is your business, by all means, carry on!

Rick

Point of this statistic?




I believe the subject was filtering email (spam). Drifting slightly...

It is no surprise that a lot of the regions problematic for spam are also hotbeds for hackers... get a lot of auction orders from China do ya?

Rick

Now that makes perfect sense, and is the point we have been trying to get accross this entire thread.

As I've stated, I am against spam, yet it should be an "individual choice" as to being filtered.

Ric,

you obviously know exactly what you are doing. No server wide email blocking and a strong consultatative attitude in respect to clients and http blocking countries. I have no problems with webmasters deciding who will see their site and who will not, and if ALL webmasters agree then it's easiest to implement server-wide.

I am cautioning the less experienced sysadmin that blocking email that is addressed to someone else without their permission or knowledge is a mistake. I think you'd probably agree with me?

Personally, I get more port scans from the USA than anywhere else.

Actually most of our auction wins come from USA, Canada, and Australia and that's yet another thread...

Our auctions have nothing to do with hosting or servers, so I guess it wouldn't even belong on this bb @ all.

I do and you both have a valid point there. I just don't like seeing the anti-spam groups attacked with a broad brush because the vast majority of them are responsible people. The few that are not, nobody significant uses their lists anyway.



Now that we have the China and Korea hackers under control, the vast majority of our logged hack/scan attempts come from the US and Canada with a few thrown in from around the world. Since we sell to these people every day it is not practical to block them en mass so we block specific IPs and/or work with ISP abuse depts to keep it at a minimum.

Rick

Is there a way to apply this to a single domain? I have one guy who whines to the heavens about spam, and I'd love to implement this for his domain alone.

Thanks!

Tell him to use spamcop, $3.00 per month and worth every cent.

Rick

Need some more info info on this.

On my ensim box, each domain has its own sendmail.cf and mc files. I located the template in two locations:

/usr/lib/opcenter/sendmail/install/sendmail.mc
/home/virtual/FILESYSTEMTEMPLATE/sendmail/etc/mail/sendmail.mc

Plus the server has its own in the /etc/ directory.

If I change the one in the root etc directory will that affect the entire server?

If I just manuall change one in a domain will it only work in that domain?

Thanks!

Hi Got-Hosting,
I tried several different spam filters for Outlook, some were free ones, and they all worked quite well, but the one that I found works the best is one called Postal Inspector. You can download a free trial, but to buy it it's $19.95 until Aug 31. It doesn't delete your spam, but dumps it in another folder automatically.
You should get him to download it, he'll love it.
I got about 295 spams in the last two days and only about 4 or 5 of them got through the filter, and no legitimate mail was diverted.
I got it at http://www.giantcompany.com

Hope this helps

I am looking for something server-based. I have one client in particular that bugs me about spam, and he is not interested in a subscription service.

Plus I think it would be a nice value-added feature.

There are a lot of third party filters that will run your mail through various rbl's but I think it is the clients place to deal with spam. Spamcop is $3.00 a month and there are filters for email clients available free, it's not like they are expensive or complicated.

Google with Qmail +RBL and you will find a few scripts if you really want to do it.

Rick

Well, actually, just this morning I was fiddling around with some things, and it looks like you can manually add this on a per domain basis. I added it to just one of my domains, and redid the .cf file, restarted sendmail and it at least came back up.

Unfortunately, I do not know how to TEST if it works. I suppose I could drop a note in a newsgroup with an e-mail address from that domain...I should start seeing some spam in a couple of days after that.

Hi again Got-Hosting
Postal Inspector is not a subscription service, but it does run on your client.
I figure the problem with server based anti spam filters is it would have to be run quite loose so as not to delete any legitimate email, and you will still probably receive quite a bit of spam.
Unless you just get it to mark the headers as possible spam in which case he would get it anyway and have and have to filter it on the client regardless.
I am totally happy with it. It's the next best thing to all the spammers dropping dead.
It costs nothing to try it.

That's just my opinion (for now anyway) until something else comes along to change my mind.

cheers

Is there anything that can be setup in the user admin section that each user (end user, not site adimn or server admin) can control the level of spam protection for their address only?

I went camping for 3 days, and when I got back last night, I checked my mail and had 959 emails of which about 940 were spam. The filter on my Outlook caught most of them, but I think I'm going to put a filter on the server as well.
These spammers... I hate em, I hate em, I hate em, I hate em, I hate em, I hate em, I hate em, I hate em.
They just pi$$ me off so bad.

I don't trust outlook to filter anything... I find so many e-mails throw in the trash by the filter that I actually need and looking at their e-mail address and then looking at the list of spam addresses they do not match. Although I do have some 200+ e-mail addresses that are spam but that should not be an issue. I find spamcop and ordb to be a much better way of stopping spam. I checked the first week that I was running spamcop and ordb and they had blocked over 1k e-mails in just one week and all I had to do was report spam that actually made it through to spamcop much easier than messing around with outlook.