I have noticed that spam sites are trying to relay messages through gatekeeper, mostly sites from russia. For example. msk.msi.ru
I am trying to figure out how to block those sites from connecting to the server. Wingate is still trying to deliver messages from them and some are in the 300 try already.
How do I prevent them from even getting in? I have allow open relay detection enabled and added several sites to check the IP against but it seems some are not working like sbl.spamhaus.org.
I need a quick answer or our client's IP will be blacklisted if it hasn't already.
thank you.
Also, how do I clear the Mail Queue list because it's filled with spam mail waiting to get out. I know I can delete them one by one but it would take a very long time because there are over 100.
spam filters
Moderator: Qbik Staff
10 posts
• Page 1 of 1
spam filters
by bench » Jun 16 05 4:18 am
- bench
- Posts: 77
- Joined: Nov 10 04 4:46 am
- Location: El Paso, Texas
tweaking with options
by bench » Jun 16 05 6:26 am
OK, I have been reading on what exactly the options under mail>receiving do and don't do and I was able to get rid of all the spam in mail queue. For the exception of one IP that keeps sending and wingate receives it but does not send to all the recipients it just keeps in in mail queue.
OK, so it's just one, mtu.net.ru, instead of hundreds but it's still annoying to see it there trying to get out. I figured out why, I think, I could not get rid of all spam mails in queue after I would click abort on them. Under Mail>Delivery I had enabled the feature of using a gateway to send undeliverable mail, the gateway to use was the clients IP using the master account so e-mails that could not be sent direct could be sent this way. For example send to AOL.
Once I disable this feature all the spam in queue began to dissappear so I guess wingate was checking the IP's against the ORDB servers listed and would not let it out so the spam wanted to use the listed gateway.
OK so that took care of that for now. Now my concern was blocking the one spammer IP because gatekeeper keeps accepting e-mail from it. It doesn't deliver them but they stay in queue. I noticed that whenever the IP delivered mail it was to be sent to 10 recipients so I lowered the number of recipients in Mail>Receiving>Trusted Sender>max number of recipients to 9. Now you can see the IP connecting to the server but it does not deliver any messages it just reads SMTP IN: 0 messages received from mtu.net.ru so in turn there's nothing in queue.
One thing I still can't figure out is why it won't block it? I selected that IP in history and right-clicked to blackhole IP and it doesn't do anything. What exactly does blackhole IP do? How can I see what IP's are in the blackhole and how to remove IP's in case I send one by mistake?
I am good for now but spammers are always looking for a way to infiltrate. I have added about 6 ORDB lists so far.
I look forward to some helpful tips or maybe spam filter upgrades in the future.
Thank you.
OK, so it's just one, mtu.net.ru, instead of hundreds but it's still annoying to see it there trying to get out. I figured out why, I think, I could not get rid of all spam mails in queue after I would click abort on them. Under Mail>Delivery I had enabled the feature of using a gateway to send undeliverable mail, the gateway to use was the clients IP using the master account so e-mails that could not be sent direct could be sent this way. For example send to AOL.
Once I disable this feature all the spam in queue began to dissappear so I guess wingate was checking the IP's against the ORDB servers listed and would not let it out so the spam wanted to use the listed gateway.
OK so that took care of that for now. Now my concern was blocking the one spammer IP because gatekeeper keeps accepting e-mail from it. It doesn't deliver them but they stay in queue. I noticed that whenever the IP delivered mail it was to be sent to 10 recipients so I lowered the number of recipients in Mail>Receiving>Trusted Sender>max number of recipients to 9. Now you can see the IP connecting to the server but it does not deliver any messages it just reads SMTP IN: 0 messages received from mtu.net.ru so in turn there's nothing in queue.
One thing I still can't figure out is why it won't block it? I selected that IP in history and right-clicked to blackhole IP and it doesn't do anything. What exactly does blackhole IP do? How can I see what IP's are in the blackhole and how to remove IP's in case I send one by mistake?
I am good for now but spammers are always looking for a way to infiltrate. I have added about 6 ORDB lists so far.
I look forward to some helpful tips or maybe spam filter upgrades in the future.
Thank you.
- bench
- Posts: 77
- Joined: Nov 10 04 4:46 am
- Location: El Paso, Texas
Network cards
by bench » Jun 17 05 9:14 am
Yes, we have two network cards, one is the internal and the other the external. External card is assigned as connected to an external untrusted source since DBZ is only available in the enterprise edition. Although the external in reality is connected to the a protected firewall port or optional.
- bench
- Posts: 77
- Joined: Nov 10 04 4:46 am
- Location: El Paso, Texas
Spam Filters
by colmed01 » Jul 05 05 9:32 am
Bench
Try installing SpamPal on the server with Wingate.
I have this installed on my setup and it catches pretty well most of the spam that comes through. It has a host of blacklist sites to compare source addresses against for blocking.
It uses transparent port filtering so you don't need to change any of the ports for the Wingate mail server.
The beta of SpamPal 2 is pretty stable
Best of all it's free, so won't cost anything (other than a bit of time) to try.
If I remember correctly you should be able to set the maximum number of send tries and a mailbox to send to on delivery failure. Set up a dummy account under wingate as the default mailbox and use an email client to check this account on a regular basis to clear out the junk.
Try installing SpamPal on the server with Wingate.
I have this installed on my setup and it catches pretty well most of the spam that comes through. It has a host of blacklist sites to compare source addresses against for blocking.
It uses transparent port filtering so you don't need to change any of the ports for the Wingate mail server.
The beta of SpamPal 2 is pretty stable
Best of all it's free, so won't cost anything (other than a bit of time) to try.
If I remember correctly you should be able to set the maximum number of send tries and a mailbox to send to on delivery failure. Set up a dummy account under wingate as the default mailbox and use an email client to check this account on a regular basis to clear out the junk.
- colmed01
- Posts: 3
- Joined: Jul 05 05 9:08 am
spam filtering
by bench » Jul 06 05 11:31 am
OK, I have used spampal before but on the client PC's and it works very well. How would you configure it to work with wingate? Would you point wingate pop3 to spampal's IP, 127.0.0.1?
For now we have disabled the mail server utility in the proxy and we are running argosoft but would like to eventually learn how to make wingate work well. Although there are many free plugins that are coming out for argosoft that makes it very attractive. One of them is the 5th efilter which works very well with AVG and has very good spamfilter capabilities.
For now we have disabled the mail server utility in the proxy and we are running argosoft but would like to eventually learn how to make wingate work well. Although there are many free plugins that are coming out for argosoft that makes it very attractive. One of them is the 5th efilter which works very well with AVG and has very good spamfilter capabilities.
- bench
- Posts: 77
- Joined: Nov 10 04 4:46 am
- Location: El Paso, Texas
Spampal
by colmed01 » Jul 12 05 4:10 am
Version 1.72g (latest beta for Version 2) has transparent detection so it will automatically detect POP collections.
You don't have to redirect the Wingate POP server to the local server IP.
I'm pretty sure that you can also set Spampal to block mail from specific IP addresses, but you should read the documentation or check the support forums for more info.
You don't have to redirect the Wingate POP server to the local server IP.
I'm pretty sure that you can also set Spampal to block mail from specific IP addresses, but you should read the documentation or check the support forums for more info.
- colmed01
- Posts: 3
- Joined: Jul 05 05 9:08 am
Re: spam filtering
by jamesc » Jul 18 06 9:16 pm
bench wrote:OK, I have used spampal before but on the client PC's and it works very well. How would you configure it to work with wingate? Would you point wingate pop3 to spampal's IP, 127.0.0.1?
I just did a support ticket for WinGates POP3 Proxy and SpamPal, thought I would add in the procedure here too:
1. SpamPal Only.
To setup Outlook Express to talk to SpamPal, we need to use the format:
Username@Servername. So if the user is Administrator, and the server address is mail.servername.com, then our login name for outlook express would be:
Administrator@mail.servername.com
*Outlook Expresses POP3 Port set to 1110; SpamPal’s POP3 Proxy port number.
2. WinGate’s POP3 Proxy Server Only (No SpamPal connectivity).
To setup outlook express to talk with WinGate’s POP3 Proxy, we need to use the format:
Username#servername. So if the user is Administrator, and the server address is mail.servername.com, then our login name for outlook express would be:
Administrator#mail.servername.com
*Outlook Expresses POP3 Port set to 8110; WinGate’s POP3 Proxy port number.
3. To use WinGate’s POP3 Proxy, and then use SpamPal’s POP3 Proxy, then outlook express needs to be setup with the following username:
Administrator@mail.servername.com#spampals_ipaddress:1110
Example:
Outlook --> (8110) POP3 Proxy --> (1110) SpamPal --> (110)ISP POP3
So if the user login name for POP3 Email was Administrator
The ISP mail server is at mail.servername.com
SpamPal is on same computer as WinGate server listening on port 1110 and is listening on the localhost address (127.0.0.1)
WinGate POP3 Proxy is listening on 8110 on ip address 192.168.50.1
Then the user account name in Outlook Express should be:
Administrator@mail.server.name#127.0.0.1:1110
*Or if you need to use your full email address for your username:
Administrator@server.name@mail.server.name#127.0.0.1:1110
- jamesc
- Qbik Staff
- Posts: 928
- Joined: Apr 04 05 2:04 pm
- Location: Auckland, New Zealand
10 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 12 guests