Thx.

Can I ask how greylisting works?  I am getting some emails greylisted, but then later in the day I see the same(?) email get put into greylisting again?  I know my wife wants these – she likes pickupstix!  J  does the greylist ‘time out’ after a short period and the listing gets removed and then the process starts over with a subsequent email?  One of these also tried to come in on the 16^th as well with the same Greylisting results.

First one at 9:05:

2016-04-18 09:05:52 1asBgO-0008n5-DS DKIM: d=private-eclub.com s=mandrill c=relaxed/relaxed a=rsa-sha

1 i=pickupstix@private-eclub.com [verification succeeded]

2016-04-18 09:05:52 1asBgO-0008n5-DS DKIM: d=mandrillapp.com s=mandrill c=relaxed/relaxed a=rsa-sha25

6 i=@mandrillapp.com t=1460995555 [verification succeeded]

2016-04-18 09:05:55 1asBgO-0008n5-DS H=mail.private-eclub.com [198.2.133.190] Warning: spam-score-int

: 8 (/). spamreject: 100.

2016-04-18 09:05:55 1asBgO-0008n5-DS [52.35.107.200] SSL verify error: certificate name mismatch: "/C

=US/ST=Georgia/L=Atlanta/O=The Rocket Science Group, LLC/OU=Product Dev/CN=mandrillapp.com"

2016-04-18 09:05:56 1asBgO-0008n5-DS H=mail.private-eclub.com [198.2.133.190] X=TLSv1.2:ECDHE-RSA-AES

256-GCM-SHA384:256 CV=no F=<bounce-md_30309491.571505e3.v1-c52681dae0f448cf8eb38c54b51cc664@mandrilla

pp.com> temporarily rejected after DATA: Greylisted <<30309491.20160418160555.571505e316d8a7.30472963

@mail.private-eclub.com>> from <bounce-md_30309491.571505e3.v1-c52681dae0f448cf8eb38c54b51cc664@mandr

illapp.com> for offences: Message has 8 integer spamscore points,

second one at 14:17:

2016-04-18 14:17:21 1asGXp-0009aq-6x DKIM: d=private-eclub.com s=mandrill c=relaxed/relaxed a=rsa-sha

1 i=pickupstix@private-eclub.com [verification succeeded]

2016-04-18 14:17:21 1asGXp-0009aq-6x DKIM: d=mandrillapp.com s=mandrill c=relaxed/relaxed a=rsa-sha25

6 i=@mandrillapp.com t=1461014243 [verification succeeded]

2016-04-18 14:17:23 1asGXp-0009aq-6x H=mail.private-eclub.com [198.2.133.190] Warning: spam-score-int

: 8 (/). spamreject: 100.

2016-04-18 14:17:24 1asGXp-0009aq-6x [52.36.64.127] SSL verify error: certificate name mismatch: "/C=

US/ST=Georgia/L=Atlanta/O=The Rocket Science Group, LLC/OU=Product Dev/CN=mandrillapp.com"

2016-04-18 14:17:24 1asGXp-0009aq-6x H=mail.private-eclub.com [198.2.133.190] X=TLSv1.2:ECDHE-RSA-AES

256-GCM-SHA384:256 CV=no F=<bounce-md_30309491.57154ee3.v1-efd95e1202bd45ab8e34dd3049e13ea9@mandrilla

pp.com> temporarily rejected after DATA: Greylisted <<30309491.20160418211723.57154ee3b7d461.61908974

@mail.private-eclub.com>> from <bounce-md_30309491.57154ee3.v1-efd95e1202bd45ab8e34dd3049e13ea9@mandr

illapp.com> for offences: Message has 8 integer spamscore points,

Thx Gordon.

 

I was hoping for each user to be able to do their own spam white and black listing and training, even as far as a per user spam quarantine (ala Barracuda).  I do currently, on my old mail server, set up the white and blacklist myself manually in the config file as you mentioned. 

 

So far it looks like I have only had two false positives due to spamcop, so I did remove them from the check.  All the other rejects have been legit.

 

Does the system rotate through the listed dnsbl’s?  or does ti check each of them for every message?

 

Are there others that are free and have a good reputation (especially no false potitives)?

 

Helmut

 

From: users [mailto:users-bounces@exim4u.org] On Behalf Of Gordon Dickens
Sent: Sunday, April 17, 2016 2:37 AM
To: Exim4U General Discussion
Subject: Re: [Exim4U] pleased so far

 

Hi Helmut,

Yes, just modify that section of exim.conf and comment out all dnsbl's except spamhaus so that you are only using spamhaus.org.  Recently, over the past  couple of years or so, spamcop has started including some direct marketing domains that are not classic spammers with the theory that, if their bulk mail ends up in their spam traps then they should be blocked no matter who they are.

You can train spamassassin globally or for each local domain but not for exim virtual domains.  Nevertheless, you can probably get where you want to be with whitelisting/blacklisting in /usr/local/etc/mail/spamassassin/local.cf for FreeBSD.  See:

https://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html

For example, to whitelist senders, use either whitelist_from_rcvd or whitelist_from.

You can also adjust the Spamassassin Tag Score for each virtual user in the Exim4U web interface.

FYI,

Gordon



On 04/16/2016 11:39 PM, Helmut Fritz wrote:

I believe I have found the proper way to massage the dnsbl’s; seems it is in the exim.conf, these lines (I am not using just the line with spamhaus)::

 

  # exim4u: increment ratelimit rate with RBL detection and rejection.

                drop

#               dnslists        = zen.spamhaus.org:bl.spamcop.net:psbl.surriel.com

#               dnslists        = zen.spamhaus.org:bl.spamcop.net

               dnslists        = zen.spamhaus.org

                log_message     = Spammer rejected. DNSBL listed at $dnslist_domain at $dnslist_text.

Ratelimit incremented.

                ratelimit       = 0 / 2h / strict / per_conn

                message         = Spammer rejected. DNSBL listed at $dnslist_domain at $dnslist_text.

 

Please correct me if I am wrong.

 

Also, as originally asked, is there any facility for per user whitelist/blacklist and ham/spam training?

 

Thx.

 

Helmut

 

From: users [mailto:users-bounces@exim4u.org] On Behalf Of Helmut Fritz
Sent: Saturday, April 16, 2016 7:13 PM
To: 'Exim4U General Discussion'
Subject: Re: [Exim4U] pleased so far

 

It looks like spamcop is the offending BL for both of those emails.  Any way to just disable a particular BL?

 

I am digging through config files now, but I am nto clear if I should use this in local.cf for spamassassin:

 

dns_query_restriction deny bl.spamcop.net

 

or do something else?

 

 

 

From: users [mailto:users-bounces@exim4u.org] On Behalf Of Helmut Fritz
Sent: Saturday, April 16, 2016 6:32 PM
To: 'Exim4U General Discussion'
Subject: [Exim4U] pleased so far

 

Gordon,

So far I am REALLY liking the exim4u setup.  SPAM has become non-existent on the domain I have moved over to the exim4u server.

 

This work is very much appreciated, and a big thanks to the vexim people too as well and anyone else that has contributed

 

Anyone (if you get to this before Gordon!),

A couple emails have come in (I see them in the logs) that my wife wants ( ugh ) that the rest fo the world, including myself, would consider spam.  How to ensure these come through?  Can she add to whitelist herself through her account management?  I logged in as her but only saw a block filter customization?  Is this something only to be done through webmail?

 

2016-04-15 23:21:18 H=outbound-191-242.usw2.aws.post.pinterest.com [54.149.191.242] X=TLSv1.2:ECDHE-RS

A-AES256-GCM-SHA384:256 CV=no F=<bounces-457326674569107362@explore.pinterest.com> rejected RCPT <mywife@fritz.us.com>: Spammer rejected. DNSBL listed at bl.spamcop.net at Blocked - see http://www.spamcop.net/bl.shtml?54.149.191.242. Ratelimit incremented.

 

 

Also, is there a spam/ham training facility either for the server as a whole, per domain, or per user?  i.e. ham@ and spam@ to which emails can be sent to for training?

 

Am I missing a portion of documentation to read?  I am fine with someone stating to RTFM, please tell me where the M is.  J

 

 

Thx.

 

Helmut

_______________________________________________

users mailing list

users@exim4u.org

https://exim4u.org/mailman/listinfo/users

 

_______________________________________________

users mailing list

users@exim4u.org

https://exim4u.org/mailman/listinfo/users