Qmail is a modern, secure and powerful SMTP email system. We used QmailRocks as a qmail installation resource.
I would like to introduce few step for “Block Spam Mails with Qmail“.
1. Qmail block mail from spammers based on the envelope sender
Qmail has the ability to unconditionally block mail from spammers based on the envelope sender (which may not be the same as the “From:” field in the header, don’t be surprised if this approach misses some emails that you think it should catch). In other words, if the spammers don’t lie about their sending domain, qmail may be able to block them before the mail message is even transmitted. This cuts down on things like bounces, and hopefully spam!
cd /var/qmail/control
Download the sa-blacklist.current.at-domains file
mv sa-blacklist.current.at-domains badmailfrom
OR append it to badmailfrom
/var/qmail/control/badmailfrom
is the file you should look at to block all mail
from a particular domain.
Restart qmail (e.g. qmailctl stop; qmailctl start)
Let’s test it
[root@planetmy]# telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 planetmy.com ESMTP
MAIL FROM: testing@zzzsoft.com
250 ok
RCPT TO: user@planetmy.com
553 sorry, your envelope sender is in my badmailfrom list (#5.7.1)
In this case, we tried to send mail from an account at a known spammer; zzzsoft.com. We then told the mail server where the mail needs to go. The mail server then told us that it can’t accept mail from zzzsoft.com because we’d correctly installed the qmail block list.
Gongratulation! You’re done!
Possibly Related Posts:
How to Install Webmin on OpenFiler
lppasswd: Unable to open passwd file: Permission denied
Missing /var/log/lastlog
Telnet service_limit error
How To Capture PUTTY Session Log
How to disable spammer domain in QMAIL mail server with badmailto variable
I’ve recently noticed one of the qmail SMTP servers I adminster had plenty of logged spammer emails originating from yahoo.com.tw destined to reache some random looking like emails (probably unexisting) again to *@yahoo.com.tw
The spam that is tried by the spammer is probably a bounce spam, since it seems there is no web-form or anything wrong with the qmail server that might be causing the spam troubles.
As a result some of the emails from the well configured qmail (holding SPF checks), having a correct existing MX, PTR record and even having configured Domain Keys (DKIM) started being marked, whether emails are sent to *@yahoo.com legit emails.
To deal with the shits, since we don’t have any Taiwanese (tw) clients, I dediced to completely prohibit any emails destined to be sent via the mail server to *@yahoo.com.tw. This is done via /var/qmail/control/badmailto qmail control variable;
Here is content of /var/qmail/control/badmailto after banning outgoing emails to yahoo.com.tw;;;
qmail:~# cat /var/qmail/control/badmailto
[!%#:*^]
[()]
[{}]
@.*@
*@yahoo.com.tw
The first 4 lines are default rules, which are solving a lot of badmailto common sent emails. Thanks God after a qmail restart:
qmail:~# qmailct restart
….
Checking in /var/log/qmail-sent/current, there are no more outgoing *@yahoo.com.tw destined emails. Problem solved …
Recent Comments