Spam blocking with port 587

I'm trying to get a handle on SPAM problems I'm having. I think I have it
mostly solved. The last little bit is proving to be difficult. I'm
getting spam that is addressed as if it came from me. SpamAssassin won't
block it because it's whitelisted (it's from me). The real sender is not
listed on spamhaus or spamcop.

I've been told I can use SPF to block it, but that doesn't work because
my SMTP server doesn't publish SPF records. My SMTP is at my ISP, AT&T.
I've tried to use my own SMTP server but that doesn't work because AT&T
blocks port 25. I've told to use port 587 instead, but then I can't send
any email. Can someone here give me a quick howto on port 587, or suggest
some other way to get past this spam?

Thanks,
Rick

Re: Spam blocking with port 587

> blocks port 25. I've told to use port 587 instead, but then I can't send
> any email. Can someone here give me a quick howto on port 587, or suggest
> some other way to get past this spam?

Enable & use SMTP AUTH in the MSA (submit.cf rather than sendmail.cf),
then you can savely use the submission port (587) like the
transmission port (25). Also, check out your SPAM checking software,
how it handles mail from localhost.

ska

Re: Spam blocking with port 587

On Fri, 16 Nov 2007 00:22:53 -0800, ska wrote:

>> blocks port 25. I've told to use port 587 instead, but then I can't
>> send any email. Can someone here give me a quick howto on port 587, or
>> suggest some other way to get past this spam?
>
> Enable & use SMTP AUTH in the MSA (submit.cf rather than sendmail.cf),
> then you can savely use the submission port (587) like the transmission
> port (25).

> ska

Ska, I'm not sure exactly how to do this and I'm having a hard time
finding an example on the web. Can you point me to some clear and fairly
simple docs on this? Mainly, the structure of the config items for the mc
file. I can build sendmail OK and I've made a lot of changes to the
sendmail.mc, but I have never touched submit.cf. Just kept with the
default.

Thanks for your reply,
Rick

Re: Spam blocking with port 587

Rick Knight wrote:
> I'm trying to get a handle on SPAM problems I'm having. I think I have it
> mostly solved. The last little bit is proving to be difficult. I'm
> getting spam that is addressed as if it came from me. SpamAssassin won't
> block it because it's whitelisted (it's from me). The real sender is not
> listed on spamhaus or spamcop.

You can always use mimedefang, let it check if the mail is from an external
source or not, it it's not, then don't make any scanning and if it's from
external source, then let spamassassin to scan the mail.
This will allow you the option to set a blacklist for your whole domain, as
spam assassin won't be scanning your mails.

--

//Aho

Re: Spam blocking with port 587

On 11/15/07 18:49, Rick Knight wrote:
> I'm trying to get a handle on SPAM problems I'm having. I think I
> have it mostly solved. The last little bit is proving to be
> difficult. I'm getting spam that is addressed as if it came from me.
> SpamAssassin won't block it because it's whitelisted (it's from me).
> The real sender is not listed on spamhaus or spamcop.

Side note, don't white list traffic from your self. Make sure that
email you send to your self is not spammy in nature thus will pass
SpamAssassin. This will help when others spoof to be you.

> I've been told I can use SPF to block it, but that doesn't work
> because my SMTP server doesn't publish SPF records. My SMTP is at my
> ISP, AT&T. I've tried to use my own SMTP server but that doesn't
> work because AT&T blocks port 25. I've told to use port 587 instead,
> but then I can't send any email. Can someone here give me a quick
> howto on port 587, or suggest some other way to get past this spam?

This is the same old discussion on the difference between the mail
transfer and mail submission process. "Transfer" is intended to be
server to server and legacy client to initial server. "Submission" is
intended to be from client to initial server. I think per RFC you are
required to authenticate with the submission process / port to send
email period. As such you can not reliably use the submission port to
send email to remote servers unless you have an account on said servers.

Email in the wild between servers is on the transmission port (TCP port
25). So what more providers are doing is blocking out going traffic
that is destined to TCP port 25 from any thing but select few systems,
mainly their email servers. However these same ISPs are usually not
blocking out going traffic that is destined to TCP port 587. Thus if
you want to use an email server out side of the ISPs network you need to
use port 587 to communicate with it and then have it send email to the
world on your behalf.

Hope that helps.



Grant. . . .

Re: Spam blocking with port 587

On 11/16/07 11:47, J.O. Aho wrote:
> You can always use mimedefang, let it check if the mail is from an
> external source or not, it it's not, then don't make any scanning and
> if it's from external source, then let spamassassin to scan the mail.
> This will allow you the option to set a blacklist for your whole
> domain, as spam assassin won't be scanning your mails.

You can do similar things with Sendmail's Access DB. I.e. white list
connections from 127.0.0.1 and / or protected networks.



Grant. . . .

Re: Spam blocking with port 587

On Fri, 16 Nov 2007 18:47:35 +0100, J.O. Aho wrote:

>
> You can always use mimedefang, let it check if the mail is from an
> external source or not, it it's not, then don't make any scanning and if
> it's from external source, then let spamassassin to scan the mail. This
> will allow you the option to set a blacklist for your whole domain, as
> spam assassin won't be scanning your mails.

I've tried that route. I've just removed MIMEDefang from my server
because it prevents SpamAssassin from using it's more advanced filters.
It also created a lot of overhead. I'm now using clamav with clmilter and
spamassassin with spamass-milter along with DNSBL (spamhaus & spamcop).
This is working really well except for the spoofed messages that claim to
be from the recipient.

Thanks,
Rick

Re: Spam blocking with port 587

On Fri, 16 Nov 2007 11:54:09 -0600, Grant Taylor wrote:

>
> Side note, don't white list traffic from your self. Make sure that
> email you send to your self is not spammy in nature thus will pass
> SpamAssassin. This will help when others spoof to be you.
>
Good point. I whitelisted my self and other local users because mail we
sent to each other was being tagged as SPAM by mimedefang and
spamassassin, but it's been years since I did that. Since I've removed
mimedefang and updated just about everything else, maybe it's time to
remove those entries too.

> Email in the wild between servers is on the transmission port (TCP port
> 25). So what more providers are doing is blocking out going traffic
> that is destined to TCP port 25 from any thing but select few systems,
> mainly their email servers. However these same ISPs are usually not
> blocking out going traffic that is destined to TCP port 587. Thus if
> you want to use an email server out side of the ISPs network you need to
> use port 587 to communicate with it and then have it send email to the
> world on your behalf.
>
> Hope that helps.
>
This does help. That is exactly what I'm trying to do. I just need a
little more help in the form of how to configure it. My sendmail.cf
contains

O DaemonPortOptions=Name=MTA
O DaemonPortOptions=Port587, Name=MSA, M=E

All of the SMTP AUTH options are commented out.

When I changed my mail client (Thunderbird) to use port 587, I was unable
to send mail to my office email address (separate system) nor to a couple
of mailling lists. When I sent a message to my email account on my ISP it
bounced back immediately with error 553.5.3.0. I must be missing
something. What else do I need to configure?

Thanks,
Rick

Re: Spam blocking with port 587

Rick Knight wrote:

> I've just removed MIMEDefang from my server because it prevents
> SpamAssassin from using it's more advanced filters.

??? Eh? Could you explain that? MIMEDefang doesn't "prevent" anything.
It's up to you to code your policy.

Regards,

David.

SpamAssassin and MIMEDefang milter [Was: Spam blocking with port 587]

"David F. Skoll" writes:

> Rick Knight wrote:
>
>> I've just removed MIMEDefang from my server because it prevents
>> SpamAssassin from using it's more advanced filters.
>
> ??? Eh? Could you explain that? MIMEDefang doesn't "prevent" anything.
> It's up to you to code your policy.

For my curiosity (and to save me searching time):
Does MIMEDefang deploy SpamAssassin in "per user" configuration in case
of single recipient messages?

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Open-Sendmail: http://open-sendmail.sourceforge.net/

Re: Spam blocking with port 587

On Sat, 17 Nov 2007 10:36:36 -0500, David F. Skoll wrote:

> Rick Knight wrote:
>
>> I've just removed MIMEDefang from my server because it prevents
>> SpamAssassin from using it's more advanced filters.
>
> ??? Eh? Could you explain that? MIMEDefang doesn't "prevent" anything.
> It's up to you to code your policy.
>
> Regards,
>
> David.

David,

Thanks for this reply.

MIMEDefang is a great tool and I've been using it for years. My spam
problem has gotten so bad lately though that MD/SA was no longer doing
enough. I decided to add the SARE rules to SA but could not get them to
work. After doing a lot of research I determined the reason I couldn't get
the SARE rules working was that MD runs SpamAssassin. The SARE rules need
to be run by Spamc and Spamd. MD Does not run Spamc/Spamd. I found some
howtos to get MD to support spamc/spamd, but could not get them working.
As I recall, one of the howtos referred to a comment by you, that support
for spamc/spamd was not working in MD or was week at best. Has that
changed? Is it possible to get MD to call Spamc/Spamd and thereby support
all SpamAssassin features? If so, please point me to some documentation or
a howto.

Thanks again,
Rick

Re: Spam blocking with port 587

Post removed (X-No-Archive: yes)

Re: Spam blocking with port 587

Rick Knight wrote:

> I decided to add the SARE rules to SA but could not get them to
> work. After doing a lot of research I determined the reason I couldn't get
> the SARE rules working was that MD runs SpamAssassin. The SARE rules need
> to be run by Spamc and Spamd.

Not true at all. Post on the MIMEDefang list if you want help/info.

> MD Does not run Spamc/Spamd. I found some
> howtos to get MD to support spamc/spamd, but could not get them working.
> As I recall, one of the howtos referred to a comment by you, that support
> for spamc/spamd was not working in MD or was week at best. Has that
> changed? Is it possible to get MD to call Spamc/Spamd and thereby support
> all SpamAssassin features?

I know people using spamd from MIMEDefang, but I have no experience with
it myself. I assume there's a Perl module somewhere that wraps spamc or
speaks the spamc/spamd protocol directly...

Regards,

David.

Re: SpamAssassin and MIMEDefang milter [Was: Spam blocking with port 587]

Andrzej Adam Filip wrote:

> Does MIMEDefang deploy SpamAssassin in "per user" configuration in case
> of single recipient messages?

By default: No. But it can be done with some extra work.

It can also be done for multi-recipient messages, though less efficiently,
by "streaming" them (queueing and scanning one new copy for each recipient
while discarding the original.)

--
David.

Re: Spam blocking with port 587

Rick Knight wrote:
> On Fri, 16 Nov 2007 00:22:53 -0800, ska wrote:
>
> >> blocks port 25. I've told to use port 587 instead, but then I can't
> >> send any email. Can someone here give me a quick howto on port 587, or
> >> suggest some other way to get past this spam?
> >
> > Enable & use SMTP AUTH in the MSA (submit.cf rather than sendmail.cf),
> > then you can savely use the submission port (587) like the transmission
> > port (25).
>
> > ska
>
> Ska, I'm not sure exactly how to do this and I'm having a hard time
> finding an example on the web. Can you point me to some clear and fairly
> simple docs on this? Mainly, the structure of the config items for the mc

cf/README, some distros might use /usr/share/doc/sendmail*/
cf.README* ... or look into the source code package or sendmail.org.

> file. I can build sendmail OK and I've made a lot of changes to the
> sendmail.mc, but I have never touched submit.cf. Just kept with the
> default.

The syntax and handling of submit.mc and sendmail.mc are totally
equally.
Hence, copy&paste the SMTP AUTH & TLS settings from sendmail.mc to
submit.mc.
sendmail.mc is used for the base/general part and port 25, submit.mc
is for port 587 (message _submit_ port) - this is my memory hook.

In order to enforce SMTP AUTH, add the 'a' flag to the MSA demon
options - see op.* documentation: "always require authentification".
There was a thread about this topic in this list, but I cannot find it
right now.

Re: Spam blocking with port 587

Rick Knight wrote:
> On Sat, 17 Nov 2007 10:36:36 -0500, David F. Skoll wrote:
>
> > Rick Knight wrote:
> >
> >> I've just removed MIMEDefang from my server because it prevents
> >> SpamAssassin from using it's more advanced filters.

> MIMEDefang is a great tool and I've been using it for years. My spam
> problem has gotten so bad lately though that MD/SA was no longer doing
> enough. I decided to add the SARE rules to SA but could not get them to
> work. After doing a lot of research I determined the reason I couldn't get

I'm using this combo, too; could you elaborate how you determined the
problem on the MD-List, please?

> the SARE rules working was that MD runs SpamAssassin. The SARE rules need
> to be run by Spamc and Spamd. MD Does not run Spamc/Spamd. I found some
> howtos to get MD to support spamc/spamd, but could not get them working.
> As I recall, one of the howtos referred to a comment by you, that support
> for spamc/spamd was not working in MD or was week at best. Has that

Some days ago I posted my config for MIMEDefang -> spamd to the
MIMEDefang list.

ska

Re: Spam blocking with port 587

In article
<8b6044b7-304e-49b1-9393-c7100a0bf180@b36g2000hsa.googlegroups.com> ska
writes:
>Rick Knight wrote:
>> On Fri, 16 Nov 2007 00:22:53 -0800, ska wrote:
>>
>> >> blocks port 25. I've told to use port 587 instead, but then I can't
>> >> send any email. Can someone here give me a quick howto on port 587, or
>> >> suggest some other way to get past this spam?
>> >
>> > Enable & use SMTP AUTH in the MSA (submit.cf rather than sendmail.cf),
>> > then you can savely use the submission port (587) like the transmission
>> > port (25).
>>
>> > ska
>>
>> Ska, I'm not sure exactly how to do this and I'm having a hard time
>> finding an example on the web. Can you point me to some clear and fairly
>> simple docs on this? Mainly, the structure of the config items for the mc
>
>cf/README, some distros might use /usr/share/doc/sendmail*/
>cf.README* ... or look into the source code package or sendmail.org.
>
>> file. I can build sendmail OK and I've made a lot of changes to the
>> sendmail.mc, but I have never touched submit.cf. Just kept with the
>> default.
>
>The syntax and handling of submit.mc and sendmail.mc are totally
>equally.
>Hence, copy&paste the SMTP AUTH & TLS settings from sendmail.mc to
>submit.mc.
>sendmail.mc is used for the base/general part and port 25, submit.mc
>is for port 587 (message _submit_ port) - this is my memory hook.

No, the MSA runs off sendmail.cf just like the MTA (it's the
DAEMON_OPTIONS() config that differs), it's just another socket opened
by the same process. Only the MSP uses submit.cf - i.e. what you get
when you invoke sendmail directly rather than talking SMTP to it.

--Per Hedeland
per@hedeland.org

Re: SpamAssassin and MIMEDefang milter [Was: Spam blocking with port 587]

David F. Skoll (dfs@roaringpenguin.com) wrote:
: Andrzej Adam Filip wrote:

: > Does MIMEDefang deploy SpamAssassin in "per user" configuration in case
: > of single recipient messages?

: By default: No. But it can be done with some extra work.

: It can also be done for multi-recipient messages, though less efficiently,
: by "streaming" them (queueing and scanning one new copy for each recipient
: while discarding the original.)

Search archives of comp.mail.sendmail and the mimedefang mailing
list. I've posted about doing this several times.