Miloska wrote:
I am suffering from dictionary spam attacks causing qmail-scanner with clamav and SA to overload the servers memory and now and then crash it. When the spammer connects and starts firing off all these emails, before qmail can just dump the ones to non-exising addresses, they go through clamav and spamassassin. Quite often these spams will have attachments too with spyware inside, so these are scanned. It would be great to have the qmail-scanner script give the option to check for a mailboxes validity, and if it does not exist, reject it at the smtp level. This could be done by recompiling qmail-smtpd, but I have a plesk system which uses a custom qmail-smtpd so I can't patch.Hi,
I found Jorge Valdes's mail in the list archive, I tied his patch which can reject virus and spam during the smtp session, and I like it.
I think that this function would be realy grate in the main QS tree as well, and it would be good base to devel some new 'scanner' like mfdnscheck (http://js.hu/package/qmail/index.html) or chkuser (check for vpopmail users if they are exist or not).
I use the feature of SpamAssassin SA_REJECT, so it must be possible to reject mail for invalid addresses from within qmail-scanner too. I have exactly how to implement it worked out, I just can't code perl. I took a look at a few tutorials and had a try, but it didn't work, I had errors about variable syntax etc. I program php and find perl quite confusing and chaotic! I have been trying to find somebody kind enough to add this small feature in to the script for me but found nobody yet.
The headers are all there in variables, there is already a subroutine to make the rejection on the smtp level. You can split the email variable around '@' and check the /var/qmail/users/assign file for a name that matches and is on the correct domain.
It would be such an easy thing for a perl developer to manage, and it would probably stop my server crashing with these spam dumps. Anyone willing to give it a shot?
I know this are available in some patches, but usualy this patch are not compatible, so if you want apply more than one usualy you have to do it by 'hand' - and as I know the distributions (I'm sure that at least debain) add some patches to the original source, so if you want some own patch and you want to use your system package managger you have to be quite good in your packages-managger. QS would be (is) much more easier.
I did read the Philosophy behind Quarantining... section, but i think the best would be if the sysadmin could choise what (s)he want.
So, would it be possible to migrate this patch to the main tree?
Somebody interested in to write some other 'sanner', for example this two?
bye, sorry about my english
M ps: i tried to use spamassassin to do mfdnscheck, so i tried give 100 points to mails which from address is not a valid domain, but I did not find a test like this...somebody find this?
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
smime.p7s
Description: S/MIME Cryptographic Signature
