Results 1 to 6 of 6

Thread: [SOLVED] Help with outbound blacklisting

  1. #1
    su_A_ve is offline Advanced Member
    Join Date
    Dec 2006
    Posts
    181
    Rep Power
    8

    Unhappy [SOLVED] Help with outbound blacklisting

    Hello,

    We've got some targeted phishing scams lately, and trying to figure out how to blacklist outbound mail, so my lusers who still reply to those are at least dropped. Bottom line, lusers reply with their passwords, then hackers log in and spam out.

    I enabled sender_scores_sitewide in amavisd's config file and works great for incoming messages, however I don't think it works for outgoing (this is for sender, not recipient - never got an answer from the amavis list on how to accomplish this).

    So I tried what it had worked for me in the past, which was adding to salocal.cf:

    blacklist_to teachers.org

    Which should just blacklist this. However it's not, and the only guess I take it that since it is the local server, the trusted networks might trump it ?

    Oh, note that yes, I edited the salocal.cf.in and amavisd.conf.in and then restarted with zmamavisdctl

    TIA...

  2. #2
    su_A_ve is offline Advanced Member
    Join Date
    Dec 2006
    Posts
    181
    Rep Power
    8

    Default

    OK - answering my own questions???

    Got a bit further... Apparently the blacklist_to needs an actual full email address or at least an *@domain.tld

    But I'm adding about 10 points to the score. It's sets it as SPAM in the logs, but the message still gets delivered out the door.

    AFAIK, unless it's 15+ it won't get dropped/quarantined...

  3. #3
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,017
    Rep Power
    24

    Default

    Code:
    su - zimbra
    zmprov gacf | grep Percent
    so we can see what your tag/kill SPAM scores are set to please.

  4. #4
    su_A_ve is offline Advanced Member
    Join Date
    Dec 2006
    Posts
    181
    Rep Power
    8

    Default

    zimbraSpamKillPercent: 75
    zimbraSpamTagPercent: 33

    Looking at the amavisd.conf.in evasive actions is set to 15. I didn't want to change our overall rules, however was looking for an option similar to sender_scores_sitewide, or adjust the score for the individual domain

    So far fromt he amavis list, I got zilch - Marc Martine is pretty good about replying...

    TIA.

  5. #5
    su_A_ve is offline Advanced Member
    Join Date
    Dec 2006
    Posts
    181
    Rep Power
    8

    Default

    bump ?

    Again, an external file being read such as sender_scores would be ideal...

  6. #6
    su_A_ve is offline Advanced Member
    Join Date
    Dec 2006
    Posts
    181
    Rep Power
    8

    Default

    The following code was given by Mark Martinec, author of amavisd. It needs to be placed right after the end of the @score_sender_maps array and before the @decoders array in amavisd.conf.in

    Code:
    ### The following will read a hash of recipients and scores
    { my($hr) = read_hash("/etc/zimbra/recip_scores_sitewide");
      my($outer) = {};
      while (my($recip,$score) = each %$hr) { $outer->{$recip} = [{'.'=>$score}] }
        push(@score_sender_maps, $outer);
    }
    Then simply create a text file named recip_scores_sitewide and the fomat would be like:

    Code:
    blocked_recip@domain.com  +50
    .spamdomain.com +50
    whitelisted_recip@otherdomain.com -50
    .gooddomain.com -50
    And reload with zmamavisdctl

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. stop outbound external mail
    By Dirk in forum Administrators
    Replies: 8
    Last Post: 06-02-2011, 08:57 PM
  2. Outbound mail archiving
    By abreaux in forum Administrators
    Replies: 14
    Last Post: 01-28-2009, 07:33 AM
  3. Disable outbound SA check, and/or remove headers?
    By RACjr in forum Administrators
    Replies: 6
    Last Post: 01-22-2009, 09:20 AM
  4. Outbound MTAs on multi-server install
    By gmsmith in forum Administrators
    Replies: 1
    Last Post: 04-17-2007, 09:13 AM
  5. Outbound queue problem & fetchmail question
    By phoenix in forum Administrators
    Replies: 7
    Last Post: 01-25-2006, 11:59 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •