Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: exim: users

Outbound Spam Protection

 

 

exim users RSS feed   Index | Next | Previous | View Threaded


doctor at doctor

Jan 2, 2012, 6:59 AM

Post #1 of 13 (590 views)
Permalink
Outbound Spam Protection

Is their a feture set / way to turn on
Outbound Spam protection in Exim?

--
Member - Liberal International This is doctor [at] nl2k Ici doctor [at] nl2k
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
https://www.fullyfollow.me/rootnl2k
Merry Christmas 2011 and Happy New Year 2012 !

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


tlyons at ivenue

Jan 2, 2012, 7:40 AM

Post #2 of 13 (580 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On Mon, Jan 2, 2012 at 6:59 AM, The Doctor <doctor [at] doctor> wrote:
> Is their a feture set / way to turn on
> Outbound Spam protection in Exim?

In your DATA acl, chances are you have something limiting when the
spam scan get done, such as "not local hosts" or "not local users".
Just remove that limitation. If you require help, post your ACL
section of your exim.conf. Also do tell us if this is a cpanel
installation or some other all-in-one type system. They typically do
things in a very complicated way, and you'll likely get better results
seeking help from them. But you can still post it here, we might spot
something easy to adjust.

...Todd

--
SOPA: Any attempt to [use legal means to] reverse technological
advances is doomed.  --Leo Leporte

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


doctor at doctor

Jan 2, 2012, 9:35 AM

Post #3 of 13 (576 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On Mon, Jan 02, 2012 at 07:40:21AM -0800, Todd Lyons wrote:
> On Mon, Jan 2, 2012 at 6:59 AM, The Doctor <doctor [at] doctor> wrote:
> > Is their a feture set / way to turn on
> > Outbound Spam protection in Exim?
>
> In your DATA acl, chances are you have something limiting when the
> spam scan get done, such as "not local hosts" or "not local users".
> Just remove that limitation. If you require help, post your ACL
> section of your exim.conf. Also do tell us if this is a cpanel
> installation or some other all-in-one type system. They typically do
> things in a very complicated way, and you'll likely get better results
> seeking help from them. But you can still post it here, we might spot
> something easy to adjust.
>
> ...Todd
>

An example of how this should look in a
configuration file would be of help.

I install from source.


> --
> SOPA: Any attempt to [use legal means to] reverse technological
> advances is doomed.  --Leo Leporte
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

--
Member - Liberal International This is doctor [at] nl2k Ici doctor [at] nl2k
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
https://www.fullyfollow.me/rootnl2k
Merry Christmas 2011 and Happy New Year 2012 !

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


warren at decoy

Jan 2, 2012, 10:20 AM

Post #4 of 13 (576 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On Mon, Jan 2, 2012 at 7:35 PM, The Doctor <doctor [at] doctor> wrote:
>
> An example of how this should look in a
> configuration file would be of help.
>
> I install from source.


http://wiki.exim.org/SpamFiltering - there are quite a few examples there.


--
.warren

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


doctor at doctor

Jan 2, 2012, 11:35 AM

Post #5 of 13 (575 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On Mon, Jan 02, 2012 at 08:20:41PM +0200, Warren Baker wrote:
> On Mon, Jan 2, 2012 at 7:35 PM, The Doctor <doctor [at] doctor> wrote:
> >
> > An example of how this should look in a
> > configuration file would be of help.
> >
> > I install from source.
>
>
> http://wiki.exim.org/SpamFiltering - there are quite a few examples there.
>

Back to you in a moment.

>
> --
> .warren
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

--
Member - Liberal International This is doctor [at] nl2k Ici doctor [at] nl2k
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
https://www.fullyfollow.me/rootnl2k
Merry Christmas 2011 and Happy New Year 2012 !

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


doctor at doctor

Jan 2, 2012, 11:49 AM

Post #6 of 13 (577 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On Mon, Jan 02, 2012 at 12:35:26PM -0700, The Doctor wrote:
> On Mon, Jan 02, 2012 at 08:20:41PM +0200, Warren Baker wrote:
> > On Mon, Jan 2, 2012 at 7:35 PM, The Doctor <doctor [at] doctor> wrote:
> > >
> > > An example of how this should look in a
> > > configuration file would be of help.
> > >
> > > I install from source.
> >
> >
> > http://wiki.exim.org/SpamFiltering - there are quite a few examples there.
> >
>
> Back to you in a moment.
>


Nope!

I am using mbox.

The bigger sticker is this:

someone poisons an account with a spamming script.

The only way to detect this is the set up outbound spam
detection to protect your reputation.

> >
> > --
> > .warren
> >
> > --
> > ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> > ## Exim details at http://www.exim.org/
> > ## Please use the Wiki with this list - http://wiki.exim.org/
>
> --
> Member - Liberal International This is doctor [at] nl2k Ici doctor [at] nl2k
> God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
> https://www.fullyfollow.me/rootnl2k
> Merry Christmas 2011 and Happy New Year 2012 !
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

--
Member - Liberal International This is doctor [at] nl2k Ici doctor [at] nl2k
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
https://www.fullyfollow.me/rootnl2k
Merry Christmas 2011 and Happy New Year 2012 !

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


warren at decoy

Jan 3, 2012, 1:28 AM

Post #7 of 13 (577 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On Mon, Jan 2, 2012 at 9:49 PM, The Doctor <doctor [at] doctor> wrote:
> Nope!
>
> I am using mbox.
>
> The bigger sticker is this:
>
> someone poisons an account with a spamming script.
>
> The only way to detect this is the set up outbound spam
> detection  to protect your reputation.


What I meant is have a look at the various links to get an idea or, as
Todd has already mentioned, look at your Data ACL where you might have
something that negates checking your local hosts/users for spam.

If you are using SpamAssassin you might have something like this in
your Data ACL:

deny
!hosts = +relay_from_hosts
message = This message was considered to be spam
spam = <spamuser>:true
condition = ${if >{$spam_score_int}{<some_score>}{true}{false}}

The !hosts line above doesn't check that specific hostlist for spam.
So you could remove that line to have the check applied to that
hostlist.
Have a look at 41.3 in the spec for more information on calling
SpamAssassin from an ACL and the various variables you can use.


--
.warren

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


graeme at graemef

Jan 3, 2012, 1:42 AM

Post #8 of 13 (581 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On Mon, 2012-01-02 at 12:49 -0700, The Doctor wrote:
> The only way to detect this is the set up outbound spam
> detection to protect your reputation.

No it isn't. Think laterally.

Regardless of whether you think mail is inbound or outbound, you need to
think like an MTA.

You do spam detection when the MTA *receives* the email, that is
_inbound_ to the MTA.

Right now you will have an exclusion on spam checking for submitted,
authenticated or locally-injected messages. It is this restriction which
needs to be lifted.

That said, *how* you lift it depends upon your configuration, and how
the messages are submitted to your MTA.

Graeme


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


doctor at doctor

Jan 3, 2012, 7:06 AM

Post #9 of 13 (568 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On Tue, Jan 03, 2012 at 11:28:15AM +0200, Warren Baker wrote:
> On Mon, Jan 2, 2012 at 9:49 PM, The Doctor <doctor [at] doctor> wrote:
> > Nope!
> >
> > I am using mbox.
> >
> > The bigger sticker is this:
> >
> > someone poisons an account with a spamming script.
> >
> > The only way to detect this is the set up outbound spam
> > detection  to protect your reputation.
>
>
> What I meant is have a look at the various links to get an idea or, as
> Todd has already mentioned, look at your Data ACL where you might have
> something that negates checking your local hosts/users for spam.
>
> If you are using SpamAssassin you might have something like this in
> your Data ACL:
>
> deny
> !hosts = +relay_from_hosts
> message = This message was considered to be spam
> spam = <spamuser>:true
> condition = ${if >{$spam_score_int}{<some_score>}{true}{false}}
>
> The !hosts line above doesn't check that specific hostlist for spam.
> So you could remove that line to have the check applied to that
> hostlist.
> Have a look at 41.3 in the spec for more information on calling
> SpamAssassin from an ACL and the various variables you can use.
>

That might work.

>
> --
> .warren
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

--
Member - Liberal International This is doctor [at] nl2k Ici doctor [at] nl2k
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
https://www.fullyfollow.me/rootnl2k
Merry Christmas 2011 and Happy New Year 2012 !

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


doctor at doctor

Jan 3, 2012, 7:08 AM

Post #10 of 13 (569 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On Tue, Jan 03, 2012 at 09:42:41AM +0000, Graeme Fowler wrote:
> On Mon, 2012-01-02 at 12:49 -0700, The Doctor wrote:
> > The only way to detect this is the set up outbound spam
> > detection to protect your reputation.
>
> No it isn't. Think laterally.
>
> Regardless of whether you think mail is inbound or outbound, you need to
> think like an MTA.
>
> You do spam detection when the MTA *receives* the email, that is
> _inbound_ to the MTA.
>
> Right now you will have an exclusion on spam checking for submitted,
> authenticated or locally-injected messages. It is this restriction which
> needs to be lifted.
>
> That said, *how* you lift it depends upon your configuration, and how
> the messages are submitted to your MTA.
>


Google Outbound Spam Detection and then get back to me.

> Graeme
>
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/

--
Member - Liberal International This is doctor [at] nl2k Ici doctor [at] nl2k
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
https://www.fullyfollow.me/rootnl2k
Merry Christmas 2011 and Happy New Year 2012 !

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


graeme at graemef

Jan 3, 2012, 7:19 AM

Post #11 of 13 (568 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On Tue, 2012-01-03 at 08:08 -0700, The Doctor wrote:
> Google Outbound Spam Detection and then get back to me.

How *extraordinarily* patronising and rude of you. If you think I have
no understanding of what is essentially a marketing term meaning "how to
ensure your users don't damage your organisation" then I would strongly
encourage you to think again.

If you're not willing to help us help you, so be it.

*plonk*

Graeme


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


blists at nobaloney

Jan 12, 2012, 10:20 AM

Post #12 of 13 (530 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On Monday, January 02, 2012 11:49:07 AM The Doctor wrote:

> The bigger sticker is this:
>
> someone poisons an account with a spamming script.
>
> The only way to detect this is the set up outbound spam
> detection to protect your reputation.

There are other ways to detect this which haven't been discussed yet in this
thread. We do the following:

1. We limit the quantity of email recipients a username can send daily without
us being notified. We use 200 as a default, and adjust as necessary. As a
hosting company, we limit per hosting account, not per individual email
address, but you can do it either way. This early notification allows us to
look outgoing emails manually; even with thousands of outgoing accounts the
human energy load is surprisingly lite.

2. We've created a feedback loop with AOL. Generally all spammers have a
number of AOL addresses in their email address lists, and AOL will arrange to
send back to us copies of all emails from our servers which their users report
as spam. While there are some false positives, again the human energy load is
surprisingly light.

We don't want to run SpamAssassin on all messages because SpamAssassin uses a
lot of machine resources, and because many spammers carefully test their
messages against SpamAssassin before sending them.

Jeff
--
Jeff Lassman, Nobaloney Internet Services
Post Office Box 52200, Riverside, CA 92517
Our blists address used on lists is for list email only
Phone +1 951 643-5345, or see: http://www.nobaloney.net/contactus.html
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/


marc at perkel

Jan 13, 2012, 9:24 AM

Post #13 of 13 (523 views)
Permalink
Re: Outbound Spam Protection [In reply to]

On 1/12/2012 10:20 AM, Jeff Lassman wrote:
> On Monday, January 02, 2012 11:49:07 AM The Doctor wrote:
>
>> The bigger sticker is this:
>>
>> someone poisons an account with a spamming script.
>>
>> The only way to detect this is the set up outbound spam
>> detection to protect your reputation.
> There are other ways to detect this which haven't been discussed yet in this
> thread. We do the following:
>
> 1. We limit the quantity of email recipients a username can send daily without
> us being notified. We use 200 as a default, and adjust as necessary. As a
> hosting company, we limit per hosting account, not per individual email
> address, but you can do it either way. This early notification allows us to
> look outgoing emails manually; even with thousands of outgoing accounts the
> human energy load is surprisingly lite.
>
> 2. We've created a feedback loop with AOL. Generally all spammers have a
> number of AOL addresses in their email address lists, and AOL will arrange to
> send back to us copies of all emails from our servers which their users report
> as spam. While there are some false positives, again the human energy load is
> surprisingly light.
>
> We don't want to run SpamAssassin on all messages because SpamAssassin uses a
> lot of machine resources, and because many spammers carefully test their
> messages against SpamAssassin before sending them.
>
> Jeff

I've done a few tricks for outbound filtering. Spammer always send a lot
of email fast. So if someone is sending email slowly, say less that 2
per minute, then they aren't spamming and those email can be bypassed
without filtering. Once the stream is determined to be fast you can look
at things like AOL feedback and number of bad recipients. That's the
basis of the outbound filtering I do.


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.