Difference between revisions of "Email Whitelist-Blacklist Control"

From SME Server
Jump to navigationJump to search
 
(24 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 +
{{Languages}}
 +
 
===Maintainer===
 
===Maintainer===
  
  
Originally developed by Darrell May.
+
Originally developed by Darrell May.<br />
 +
 
 +
[mailto:stephdl@de-labrusse.fr stephdl] Stéphane de Labrusse AKA [[User:stephdl|Stephdl]]<br />
  
NOTE: This contrib is no longer maintained.  There is no guarantee that it will work with the current version of  SME server.  This contrib needs a new maintainer ****
+
=== Version ===
 +
{{ #smeversion: smeserver-wbl }}
  
 
===Description===
 
===Description===
Line 17: Line 22:
 
Install of the lastest Email Whitelist-Blacklist package is from the smecontribs repo:
 
Install of the lastest Email Whitelist-Blacklist package is from the smecontribs repo:
  
1. Install package:
+
=====Install package:=====
*'''For SME 8'''
+
<tabs container><tab name="For SME 10">
 +
yum install --enablerepo=smecontribs smeserver-wbl
 +
 
 +
</tab>
 +
<tab name="For SME 9">
 +
yum install --enablerepo=smecontribs smeserver-wbl
 +
Reconfigure machine:
 +
signal-event console-save
 +
or if you prefer to reboot your server
 +
signal-event post-upgrade; signal-event reboot
 +
 
 +
</tab>
 +
<tab name="For SME 8">
 
  yum --enablerepo smecontribs install smeserver-wbl
 
  yum --enablerepo smecontribs install smeserver-wbl
* '''For SME 9'''
+
Reconfigure machine:  
You have to enable the '''[[stephdl]]''' repositories, see '''[[bugzilla:8421]]'''
 
yum install --enablerepo=stephdl smeserver-wbl
 
 
 
2. Reconfigure machine:  
 
 
  signal-event console-save
 
  signal-event console-save
 
or if you prefer to reboot your server  
 
or if you prefer to reboot your server  
 
  signal-event post-upgrade; signal-event reboot
 
  signal-event post-upgrade; signal-event reboot
 +
</tab>
 +
</tabs>
 +
 +
=====Configure:=====
 +
 +
Once you do this a new menu item will be visable in the Server-Manager on the left hand side, called '''E-mail WBL'''. Traffic is scanned and may be blocked due to the various screening methods enabled. Clicking on this will present you with 3 buttons.
 +
 +
You may use this panel to define e-mail white/black lists and RBLs.
 +
 +
RBL's List is used to adjust DNSBL and RHSBL.
 +
'''[RBLs List]'''
  
Once you do this a new menu item will be visable in the Server-Manager on the left hand side, called E-mail WBL. Clicking on this will present you with 3 buttons.
 
'''E-mail WBL'''
 
E-mail traffic is scanned and may be blocked due to the various screening methods enabled.
 
You may use this panel to define e-mail white/black lists.
 
 
  Black lists are used for rejecting e-mail traffic.
 
  Black lists are used for rejecting e-mail traffic.
  '''[REJECT]'''
+
  '''[Black List]'''
 +
 
 
  White lists are used for accepting e-mail traffic.
 
  White lists are used for accepting e-mail traffic.
  '''[ACCEPT]'''  
+
  '''[White List]'''  
When completed entering wbls above you must execute the email-update event to restart
+
 
services and load in your changes.
+
If you press the Black List button you will see the following window.
'''[UPDATE]'''
 
  
If you press the REJECT button you will see the following window.
 
 
[[File:email-Reject.jpg]]
 
[[File:email-Reject.jpg]]
  
If you press the Accept button you will see the following window.
+
If you press the White List button you will see the following window.
[[File:Email-accept.jpg]]
+
 
 +
[[File:Email-accept.jpg|842px]]
 +
 
 +
If you press the RBLs List button you will see the following window.
 +
 
 +
[[File:Wbl rbl.jpg|842px]]
  
And finally If you press the UPDATE button you will simply be presented with one button to;
+
And finally If you press the SAVE button this will apply any of the changes you made, wait for confirmation message.
Execute the email-update event now to restart services and load in your changes.
 
 
This will apply any of the changes you made in the Reject or Accept windows.
 
  
 
===Usage Examples===
 
===Usage Examples===
  
Black Lists: REJECT
+
====Black Lists: REJECT====
 +
 
 +
=====Plugin: Helo=====
 +
 
 +
Format:
 +
  some.host.domain
 +
 
 +
Add domains, hostnames, or perl regexp patterns to the <badhelo> config file; one per line.
 +
 
 +
{{Note box|You cannot block HELO IP addresses with this plugin. It is not designed to do that. Please look at other methods such as direct IP blocking via the firewall, or contribs like Fail2ban, GeoIP, xt_tables}}
 +
 
 +
https://github.com/smtpd/qpsmtpd/blob/master/plugins/helo
 +
 
 +
Matches in the <badhelo> config file, including yahoo.com and aol.com, which neither the real Yahoo or the real AOL use, but which spammers use a lot.
 +
Like qmail with the qregex patch, the <badhelo> file can also contain perl regular expressions. In addition to normal regexp processing, a pattern can start with a ! character, and get a negated (!~) match.
 +
 
 +
=====Plugin: Badmailfrom=====
 +
 
 +
Format:
 +
  @host or user@host
 +
 
 +
This plugin also supports regular expression matches. This allows special patterns to be denied (e.g. FQDN-VERP, percent hack, bangs, double ats).
 +
Patterns are stored in the format pattern'''(\s+)'''response, where pattern is a Perl pattern expression. Don't forget to anchor the pattern (front ^ and back $) if you want to restrict it from matching anywhere in the string.
 +
 
 +
https://github.com/smtpd/qpsmtpd/blob/master/plugins/badmailfrom
  
The '''qpsmtpd badhelo''' is effective in examining the SMTP HELO string and then block mail based on this string.  Entries follow the following format.
 
something.a.somehost.com
 
To find the proper string to enter on the qpsmtp badhelo line. 1. Open an offending email. 2. Open the header of the email. 3. Look for a line that says,
 
(HELO something.a.somehost.com)
 
Partial strings will not work, E.G. in the previous example somehost.com will not work. It must be the complete HELO string.
 
{{Note box|Using qpsmtpd badhelo will stop all mail at a domain that uses that specific HELO string. It's not looking at a specific email. This strategy isn't always effective as spammers generally change this field to stop this kind of detection. Also companies have several SMTP gateways so you may see mail from mail1.domain.com and mail2.domain.com . You will then need to add both of these. The advantage  however is if you do want to stop all mail from one source, it can be effective. }} Alternatively you may use the ip address. Again look in the header for the Helo line. It may look something like this,
 
Received: from smtprelay0207.c.somehost.com (HELO smtprelay.c.somehost.com) '''(123.111.123.321''')
 
Now simply add the IP address you found in the HELO line.
 
123.111.123.321
 
  
White Lists: ACCEPT
+
====White Lists: ACCEPT====
 
   
 
   
Whitelisthosts - see this post http://forums.contribs.org/index.php/topic,51429.0.html
+
=====Whitelisthosts=====
 +
 
 +
see this post http://forums.contribs.org/index.php/topic,51429.0.html
  
 
Single IP
 
Single IP
Line 77: Line 115:
 
  192.168
 
  192.168
  
WhitelistHELO
+
=====WhitelistHELO=====
 
  host.domain.com
 
  host.domain.com
  
Whitelistsenders
+
=====Whitelistsenders=====
 
  joe@foo.com
 
  joe@foo.com
  @foo.com
+
  foo.com
  
 +
=== Known Issues ===
  
=== Known Issues ===
+
See bugs below.
qpsmptd dnsbl rejects mail despite sender being listed in whitelistsenders and whitelisthelo
 
http://bugs.contribs.org/show_bug.cgi?id=8327
 
http://bugs.contribs.org/show_bug.cgi?id=8747
 
  
 
=== Bugs ===
 
=== Bugs ===
 
Please raise bugs under the SME Contribs section in {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-wbl|title=bugzilla}}.
 
Please raise bugs under the SME Contribs section in {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-wbl|title=bugzilla}}.
 +
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-wbl |noresultsmessage="No open bugs found."}}
 +
 +
===Changelog===
 +
Only released version in smecontrib are listed here.
  
 +
{{#smechangelog: smeserver-wbl}}
 
----
 
----
 
[[Category: Contrib]]
 
[[Category: Contrib]]
 
[[Category: Mail]]
 
[[Category: Mail]]
 
[[Category: Administration:Content Spam Virus Blocking]]
 
[[Category: Administration:Content Spam Virus Blocking]]

Latest revision as of 16:15, 27 August 2023


Maintainer

Originally developed by Darrell May.

stephdl Stéphane de Labrusse AKA Stephdl

Version

Contrib 10:
Contrib 9:
smeserver-wbl
The latest version of smeserver-wbl is available in the SME repository, click on the version number(s) for more information.


Description

This contrib provides a server-manager panel to designate user defined email whitelists and blacklists.

An email whitelist is a list of hosts, domains, or email addresses which will be accepted by SME Server regardless of possible spam content or origin. Administrators should use caution when using whitelists as email coming from whitelisted addresses will bypass many of the mechanisms that SME provides for identifying unsafe email messages.

An email blacklist is a list of hosts, domains, or email addresses that will be blocked all of the time.

Installation

Install of the lastest Email Whitelist-Blacklist package is from the smecontribs repo:

Install package:
yum install --enablerepo=smecontribs smeserver-wbl
yum install --enablerepo=smecontribs smeserver-wbl

Reconfigure machine:

signal-event console-save

or if you prefer to reboot your server

signal-event post-upgrade; signal-event reboot
yum --enablerepo smecontribs install smeserver-wbl

Reconfigure machine:

signal-event console-save

or if you prefer to reboot your server

signal-event post-upgrade; signal-event reboot
Configure:

Once you do this a new menu item will be visable in the Server-Manager on the left hand side, called E-mail WBL. Traffic is scanned and may be blocked due to the various screening methods enabled. Clicking on this will present you with 3 buttons.

You may use this panel to define e-mail white/black lists and RBLs.

RBL's List is used to adjust DNSBL and RHSBL.
[RBLs List]
Black lists are used for rejecting e-mail traffic.
[Black List]
White lists are used for accepting e-mail traffic.
[White List] 

If you press the Black List button you will see the following window.

Email-Reject.jpg

If you press the White List button you will see the following window.

Email-accept.jpg

If you press the RBLs List button you will see the following window.

Wbl rbl.jpg

And finally If you press the SAVE button this will apply any of the changes you made, wait for confirmation message.

Usage Examples

Black Lists: REJECT

Plugin: Helo
Format:
 some.host.domain

Add domains, hostnames, or perl regexp patterns to the <badhelo> config file; one per line.


Important.png Note:
You cannot block HELO IP addresses with this plugin. It is not designed to do that. Please look at other methods such as direct IP blocking via the firewall, or contribs like Fail2ban, GeoIP, xt_tables


https://github.com/smtpd/qpsmtpd/blob/master/plugins/helo

Matches in the <badhelo> config file, including yahoo.com and aol.com, which neither the real Yahoo or the real AOL use, but which spammers use a lot.
Like qmail with the qregex patch, the <badhelo> file can also contain perl regular expressions. In addition to normal regexp processing, a pattern can start with a ! character, and get a negated (!~) match.
Plugin: Badmailfrom
Format:
 @host or user@host
This plugin also supports regular expression matches. This allows special patterns to be denied (e.g. FQDN-VERP, percent hack, bangs, double ats).
Patterns are stored in the format pattern(\s+)response, where pattern is a Perl pattern expression. Don't forget to anchor the pattern (front ^ and back $) if you want to restrict it from matching anywhere in the string.

https://github.com/smtpd/qpsmtpd/blob/master/plugins/badmailfrom


White Lists: ACCEPT

Whitelisthosts

see this post http://forums.contribs.org/index.php/topic,51429.0.html

Single IP

192.168.10.1

Subnets

192.168.10. (be careful - with no trailing . you match 192.168.100 - 192.168.109. )
192.168
WhitelistHELO
host.domain.com
Whitelistsenders
joe@foo.com
foo.com

Known Issues

See bugs below.

Bugs

Please raise bugs under the SME Contribs section in bugzilla .

IDProductVersionStatusSummary (6 tasks)
12649SME Contribs11.0CONFIRMEDSME11 remove /etc/e-smith/templates/var/service/qpsmtpd/config/badmailfrom
10472SME ContribsFuturCONFIRMEDNFR Add subnet checking to whitelist hosts
10117SME ContribsFuturCONFIRMEDadd support for URIBL
9276SME Contribs8.2CONFIRMEDdesign and documentation of qpsmtpd wbl vs spamassassin white or black lists
9275SME Contribs8.2CONFIRMEDwbl whitelist status switch does nothing in server manager
4664SME Contribs7.3CONFIRMEDRedesign wbl dbase to improve efficiency

Changelog

Only released version in smecontrib are listed here.

smeserver-wbl Changelog: SME 10 (smecontribs)
2024/03/01 Brian Read 0.5.0-9.sme
- Edit Menu entry to conform to new arrangements [SME: 12493]

2024/02/25 Jean-Philippe Pialasse 0.5.0-8.sme
- reload qpsmtpd config on panel update [SME: 12490]

- apply smeserver-wbl-0.5.0-locale-2024-02-25

2022/04/17 Jean-Philippe Pialasse 0.5.0-7.sme
- fix multiple rpm owned files [SME: 11678]

- fix long update time [SME: 11955]
2022/01/05 Brian Read 0.5.0-6.sme
- Add in class def in overall div in ep file [SME: 11828]
2021/09/08 Terry Fage 0.5.0-5.sme
- fix reference update in server manager [SME: 11687]