Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Using the new SMTP feature
  FAQ FAQ  Forum Search   Register Register  Login Login

Using the new SMTP feature

 Post Reply Post Reply
Author
jdrolet View Drop Down
Newbie
Newbie
Avatar

Joined: 01 August 2006
Location: United States
Status: Offline
Points: 4
Post Options Post Options   Thanks (0) Thanks(0)   Quote jdrolet Quote  Post ReplyReply Direct Link To This Post Topic: Using the new SMTP feature
    Posted: 15 August 2006 at 11:25am

Does anyone have a sample of the settings for using LogSat as the outgoing SMTP server? (New in 3.1.3.597)

Also, does anyone know if I can continue to have LogSat SF listen on port 26 and have its outgoing SMTP server listen on port 25?

Thank you

Joe Dr.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2006 at 8:29am
Joe,

Prior to v3.1, the only way to allow users to use SpamFilter as their "outgoing smtp server" is to add the IP ranges of the users in an IP whitelist. This was practical for companies where the users were within their internal network, so the IP range to whitelist was well defined. In an ISP scenario, where users are often connecting to the mail server from the internet, this could create difficulties in managing the IP ranges.

Starting with SpamFilter 3.1, we added support for SMTP auth (including SSL encryption). Active Directory, LDAP, and Unix-style password files can be used to authenticate senders. If a sender is authenticated successfully, they will be whitelisted and allowed to relay. The autnetication can be configured under the "Settings - User Authentication" tab in SpamFilter.

In regards to the last question, SpamFilter can only listen on one port for SMTP traffic, and on a different port for SSL traffic. If you enable the SSL port (the default is port 465), you could have the users who you wish to authenticate for outgoing SMTP traffic use the SSL port. SpamFilter comes with a default generic SSL certificate. Most email clients will display a warning to users as the certificate name won't match the name of your server. If you wish to use your own certificate, in the help file readme.html you will find details on how to export your SSL certificate into SpamFilter.


Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334
Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2006 at 3:32pm

How about this scenario.

I have 3 mail gateways for accepting mail that routes to either customers servers or our server.

Is there anyway to use these servers as smtp server for customers sending outgoing mail?

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2006 at 4:03pm
...well, the same answer above would apply to you.
In SpamFilter, you can either add an IP whitelist for the customers, if the IP ranges they use are known.

If not, you could use SMTP Authentication, which is a configuration-setting available in most email clients. To authenticate users, SpamFilter can use Active Directory, an LDAP server, or Unix-style password files (like the ones sendmail would use for example).
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
StevenJohns View Drop Down
Senior Member
Senior Member


Joined: 03 August 2006
Status: Offline
Points: 119
Post Options Post Options   Thanks (0) Thanks(0)   Quote StevenJohns Quote  Post ReplyReply Direct Link To This Post Posted: 31 August 2006 at 5:23am

Roberto,

I have a client who I filter mail for, then send the ham to his email server. - working fine.

However, one of their laptop users came into their office last week, and sent 30,000 emails !!!!  Obviously, after a short time their IP was blacklisted and it took us ages to find which laptop it was to isolate (they have over 1200 users).

What I want to do is make their server send all of their outgoing mail through me.

BUT.... as I see it, the majority of the spam tests will be useless (i.e.  as their IP will be in my IP Whitelist). Also, if any spam were to get through, would this end up blacklisting my IP, not theirs ????

How can I get them to send mail through me and bock any spam that may come from their site unintentially ?

 

Cheers

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 31 August 2006 at 8:18am
Unfortunately there isn't a nice answer here...

If you whitelist your customer, then they will indeed be able to send any kind of emails (except viruses, those are always blocked if you have the A/V plugin). If they send spam, and it's ultimately sent and relayed by your server, yes, you do risk being blocked.

If you do not whitelist the customer, you do risk blocking legitimate emails, and could anger them. To alleviate this risk, there is an option in the SpamFilter.ini file:

;Add any IPs (separated by commas - no wildcards) that you do not wish to be automatically added to the Honeypot IP blacklist or the IP Blacklist Cache
DoNotAddIPToHoneypot=


Adding your customer's IP to that key will prevent them from being permanently blocked by SpamFilter. The blocks will be made on individual emails. That *may* limit the amount of spam they send. Furthermore, as the SFDB filter only reports spammers that are in the local IP Blacklist Cache, you do not risk uploading their IP to the SFDB.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
StevenJohns View Drop Down
Senior Member
Senior Member


Joined: 03 August 2006
Status: Offline
Points: 119
Post Options Post Options   Thanks (0) Thanks(0)   Quote StevenJohns Quote  Post ReplyReply Direct Link To This Post Posted: 31 August 2006 at 10:05am

OK, just to clarify....

I presume that most of the spam detection relates to where the email origionates from, rather than the content of the email. Therefore what would be the best way to detect spam comming from an internal source?? (my client would effectively be an internal source if he relayed through me).?

 

cheers

 

 

Back to Top
Marco View Drop Down
Senior Member
Senior Member
Avatar

Joined: 07 June 2005
Location: Netherlands
Status: Offline
Points: 137
Post Options Post Options   Thanks (0) Thanks(0)   Quote Marco Quote  Post ReplyReply Direct Link To This Post Posted: 31 August 2006 at 11:02am

maybe you should run a second instance of SF, on a port other than 25, and make thise second instace treat your 'incoming' mail (from this customer) as usual for incoming mails from internet....  when the mails from this source is found O.K. relay it to your primary SF and use its SMTP feature.

any internal spammers should be picked up by this second instance (uses all the regular sf features, except some IP based ones) before they are sent to the outside world. If you set it up correctly you should be able to identify the  offending internal ip from the 2nd instance's logs/QDB/FROM mail addy.

 

Setup your firewall so that no outside IP can send mails directly to this second instance ofcourse.

If i got this right in my head i think you should be able to filter all your 'internal' customers by making them use  this internal spamfilter.

Just a suggestion, maybe i got it all wrong here and am talking rubbish (that wouldn't be a first)

 

Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams
Back to Top
StevenJohns View Drop Down
Senior Member
Senior Member


Joined: 03 August 2006
Status: Offline
Points: 119
Post Options Post Options   Thanks (0) Thanks(0)   Quote StevenJohns Quote  Post ReplyReply Direct Link To This Post Posted: 31 August 2006 at 11:08am

Marco,

 

Are you suggesting that I could run a second instance os SF on the same box??

How would I install the service?? It would need to ahve a different name to the first one, and presumably be installed in a different folder as it will need a slightly different config.

Am I getting this right, or have I completely lost the plot?????

Back to Top
Marco View Drop Down
Senior Member
Senior Member
Avatar

Joined: 07 June 2005
Location: Netherlands
Status: Offline
Points: 137
Post Options Post Options   Thanks (0) Thanks(0)   Quote Marco Quote  Post ReplyReply Direct Link To This Post Posted: 31 August 2006 at 11:14am

that is exactly what i'm suggesting.. and Roberto won't mind at all since the license is 'per server', I even 'heard' him say so himself in here some time ago :)

You will need (if you think you need it) a different database, and setup SF2 so that it listens on a different IP/port, and install it in a directory with a different name, as far as i know that is all it takes.

There have been discussions about running SF twice on the same box in this forum, better look them up for more details, i never had a need for dual sf, but i know it is doable, and fairly easy for that matter also.

 

Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 31 August 2006 at 4:00pm
It's as simple as
1. copying/installing SpamFilter in a new different directory.
2. Rename the first SpamFilter NT service, so it won't be overwritten by the new service.
3. Start the new SpamFilter in stand-alone mode (using SpamFilter.exe), and configure it to use a different IP or port
4. Click on the "Create Service" button.

You can run a few dozen instances if you want
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
StevenJohns View Drop Down
Senior Member
Senior Member


Joined: 03 August 2006
Status: Offline
Points: 119
Post Options Post Options   Thanks (0) Thanks(0)   Quote StevenJohns Quote  Post ReplyReply Direct Link To This Post Posted: 01 September 2006 at 5:32am

cool.....

 

how do I rename the existing service ??

 

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 01 September 2006 at 11:06am
I believe the DameWare Utilities allow you to rename services.

Alternatively, you can use the INSTSRV.exe utility from the Microsoft resourcekit to install the second service with a different name:

C:\Program Files\SpamFilter2>instsrv SpamFilter2 "c:\program files\spamfilter2\spamfiltersvc.exe"

When you do this, ensure you change the service properties after it's created to "Allow service to interact with desktop"

The sc.exe utility from MIcrosoft allows you to create services as well.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334
Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Posted: 01 September 2006 at 11:27am
Roberto, I'm trying to get this working. I'm testing it on a server with a completly base spamfilter config. I have ldap sucessfully working, however when I try to send an email it doesn't even attempt to authenticate. How do you turn off anonymous email?
Back to Top
kspare View Drop Down
Senior Member
Senior Member


Joined: 26 January 2005
Location: Canada
Status: Offline
Points: 334
Post Options Post Options   Thanks (0) Thanks(0)   Quote kspare Quote  Post ReplyReply Direct Link To This Post Posted: 01 September 2006 at 11:34am
I also found that if you use active directory authentication the client has to put the domainname infront of their username. Whats the point of telling spamfilter the domain as well? Why can't you just use the username for ad auth like you can for ldap auth?
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 01 September 2006 at 4:44pm
Originally posted by kspare kspare wrote:

Roberto, I'm trying to get this working. I'm testing it on a server with a completly base spamfilter config. I have ldap sucessfully working, however when I try to send an email it doesn't even attempt to authenticate. How do you turn off anonymous email?

You can't turn off anonymous emails, otherwise SpamFilter will not be able to receive emails from the internet, as mail servers "talk" regular anonymous SMTP.
If a client supports SMTP authentication, and it's enabled, the client will make a EHLO request to the server (SpamFilter). The server will respond with a welcome banner, indicating in it that it supports AUTH LOGIN (smtp authentication). The client should see that, and thus attempt to use authentication:

  <<EHLO test.logsat.com
  >>250-AUTH LOGIN
  >>250-8BITMIME
  >>250-SIZE 1024
  >>250 HELP

It is up to the client to send the auth commands. You could try to use SpamFilter's debug tab to capture the traffic to/from the client to see what is going on.



Originally posted by kspare kspare wrote:

I also found that if you use active directory authentication the client has to put the domainname infront of their username. Whats the point of telling spamfilter the domain as well? Why can't you just use the username for ad auth like you can for ldap auth?


SpamFilter needs to know the domain name for Active Directory so it can locate your Domain Controllers to authenticate. As with Active Directory you could have child domains, and trusts with other domains, a fully qualified username (domain\user or user@domain) is required to uniquely identify the user.

Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.078 seconds.