How to fight the incredible amount of spam?

Exactly! That is the file. When I tried to do port forwarding for a machine I just put back on line is when it first popped up the error message, and although it appeared to let me add the machine, it wasn’t handing out an IP address to it specifically via the hardware address (i.e. 20:10:75:6e:32:4b = 192.168.0.2) Instead the machine would just be assigned an arbitrary address in the DHCP range (192.168.0.243) Anyway, as soon as I get some free time, I’ll look into it further.

In regards to the spam attack, yes we always get a lot of spam on this domain, but SpamAssassin seems to work much better on SME for some reason, since it cut the junk mail down to less than 1/4 of what it was before. I don’t know what the differences are between how it’s configured in NethServer vs. SME server, that would cause that much of a difference.

Dave L.

NethServer antispam relies heavily on user training, it will behave much better over time.
As I said, I’m experimenting with black lists, I’ll let you know.

Hello,

How blacklist module looks in Endian - SMTP proxy (linking with the comparison between NS and Endian):

SMTP proxy - Accepted.PNG793×543 27.1 KB

SMTP proxy - RBL.PNG984×691 42.3 KB

SMTP proxy - Spam.PNG792×538 23.7 KB

How about Dnsbl database, there are lot of them and it reduse spam wery well

NethServer would need a “full” dns server to properly use URIBL (they block queries coming from popular dns).
I have unbound dns running since a couple of weeks, I’ll post results when I have enough stats about spam.

@xmechanic provided me 38 unrecognized spam samples.
Some of them didn’t have spamassassin tags, so I suspect they were not received by NethServer. You can spot them below because of the missing X-Spam-Score line.
However, only one mail was not marked as spam by my setup (and it got 4.8 points).
Legend: msg number, optional original score, my score.

1
Content analysis details:   (21.0 points, 5.0 required)
2
Content analysis details:   (16.7 points, 5.0 required)
3
X-Spam-Score: 3.787
Content analysis details:   (18.3 points, 5.0 required)
4
Content analysis details:   (19.2 points, 5.0 required)
5
Content analysis details:   (22.7 points, 5.0 required)
6
Content analysis details:   (4.8 points, 5.0 required)
7
Content analysis details:   (8.7 points, 5.0 required)
8
X-Spam-Score: 2.232
Content analysis details:   (19.6 points, 5.0 required)
9
X-Spam-Score: 2.676
Content analysis details:   (8.7 points, 5.0 required)
10
Content analysis details:   (21.0 points, 5.0 required)
11
X-Spam-Score: 3.927
Content analysis details:   (9.7 points, 5.0 required)
12
Content analysis details:   (18.3 points, 5.0 required)
13
Content analysis details:   (7.0 points, 5.0 required)
14
Content analysis details:   (15.7 points, 5.0 required)
15
Content analysis details:   (15.7 points, 5.0 required)
16
X-Spam-Score: 3.294
Content analysis details:   (15.4 points, 5.0 required)
17
X-Spam-Score: 4.939
Content analysis details:   (12.4 points, 5.0 required)
18
X-Spam-Score: 3.54
Content analysis details:   (13.7 points, 5.0 required)
19
Content analysis details:   (15.7 points, 5.0 required)
20
X-Spam-Score: 2.784
Content analysis details:   (20.9 points, 5.0 required)
21
X-Spam-Score: 2.95
Content analysis details:   (32.4 points, 5.0 required)
22
Content analysis details:   (13.5 points, 5.0 required)
23
X-Spam-Score: 4.672
Content analysis details:   (11.4 points, 5.0 required)
24
X-Spam-Score: 4.51
Content analysis details:   (23.6 points, 5.0 required)
25
Content analysis details:   (15.7 points, 5.0 required)
26
Content analysis details:   (17.6 points, 5.0 required)
27
X-Spam-Score: 2.228
Content analysis details:   (10.2 points, 5.0 required)
28
X-Spam-Score: 2.812
Content analysis details:   (18.3 points, 5.0 required)
29
Content analysis details:   (8.0 points, 5.0 required)
30
Content analysis details:   (18.3 points, 5.0 required)
31
Content analysis details:   (10.2 points, 5.0 required)
32
Content analysis details:   (8.7 points, 5.0 required)
33
Content analysis details:   (24.7 points, 5.0 required)
34
Content analysis details:   (15.7 points, 5.0 required)
35
X-Spam-Score: 3.74
Content analysis details:   (15.7 points, 5.0 required)
36
Content analysis details:   (9.3 points, 5.0 required)
37
Content analysis details:   (8.7 points, 5.0 required)
38
X-Spam-Score: 2.676
Content analysis details:   (13.2 points, 5.0 required)

I like the looks of the blacklist module in Endian. Very configurable, and straightforward control of blacklists and whitelists. Thanks GG_jr for the pictures of the interface. I wonder how much trouble it would be to incorporate that into NethServer? I’m going to try to get my machine back up tonight (MST), in a sandbox of sorts, and maybe give filippo_carletti access, so he can look directly at what is going on (if you’re interested) I’ll e-mail you and give you the login info at that time…

Dave L.

That’s great! Please, could you keep us in touch opening a new topic? I’m curious about your results!

I need a clarification…

IIUC, NS doesn’t use (ATM) any kind of DNSBL/RHSBL to fight spam…

does it mean that every mail is received and filtered and, if spammy, discarded?

if so, the [DNS|RHS]BL is a must

moreover, remember that using (by design or as default value) Google’s DNS will break use of URIBL (see other related topic)

Hi all so workaround is :

mkdir -p /etc/e-smith/templates-custom/etc/postfix/main.cf

cp /etc/e-smith/templates/etc/postfix/main.cf/01filter_strict_checks  /etc/e-smith/templates-custom/etc/postfix/main.cf/01filter_strict_checks 

edit those section

vi /etc/e-smith/templates-custom/etc/postfix/main.cf/01filter_strict_checks 

# insert reject_non_fqdn_recipient before address verification
@smtpd_recipient_restrictions = map { $_ eq 'reject_unverified_recipient' ? ('reject_non_fqdn_recipient', $_) : $_ } @smtpd_recipient_restrictions,
'reject_rbl_client ips.backscatterer.org',
'reject_rbl_client dnsbl.proxybl.org',
'reject_rbl_client b.barracudacentral.org',
'reject_rbl_client zen.spamhaus.org';

signal-event nethserver-mail-common-update

I’m not sure I’m understanding the question. We have two levels for spam:

1. mark (tag)
2. discard

2 has to be higher than 1. Suggested value for mark is 5, discard is optional (I usually set it to 10 or 12).

URIBL could be made to work using a cache dns (I’m using unbound, I plan to find time to finish implementation next week).

@Nas, I think we could enable some RBL following the manual (http://docs.nethserver.org/projects/nethserver-devel/en/latest/email.html#rbl-server-list), no need for a template-custom, do you agree?

db configuration setprop postfix RblStatus enabled RblServers zen.spamhaus.org,b.barracudacentral.org,dnsbl.proxybl.org,ips.backscatterer.org

i think it should be field in WebUI where we could input RBL servers

I try to explain better myself

using DNSBL/RHSBL spam email are blocked at the first stage of email transaction… it means that, de facto, a blocked email will never be received at all, there’s no data session
withous this kind of filtering, using only spamassassing or similar approach, the whole smtp transaction has place, and the whole mail is analyzed and eventually filetered/tagged/discarded…

there’s a big difference in terms of traffic and bandwidth

just be aware that barracuda is quite aggressive and the guys are not so reactive in maintaining their list…

Rbls are great, but aware they’ll produce lots of false positives, at least
here in uruguay based mostly on adsl ips.

My work on spam fighting of the last months had an outcome in an update nethserver-mail-filter which is now awaiting to be tested. See:
http://dev.nethserver.org/issues/3302

Good news! Just added to the list:

It’s closed and released yet
http://dev.nethserver.org/issues/3302