local mail delivery failing
Can anyone help me find out why that is?
Here is what has been done:
Go into WHM-->Exim Configuration Editor-->Switch to Advanced Mode
At the end of the first box add the following:
acl_not_smtp = acl_check_pipe
Then scroll down to the box that contains check_recipient:
(This box should be the middle of three consecutive boxes)
Above check_recipient: add the following:
Then go into your server through SSH and tail -f /var/log/exim_mainlog
You will now see all BCC and CC spam in there as triggering acl_not_smtp Spam
You can also test that this is working by going to any formmail script and typing:
bcc: whatever@spam.com in any of the response boxes (message body). The message will seem like it went through, but you will notice that it has been blocked and logged in exim_mainlog
Hope this helps us all wth the growing spam problem on the internet......
---------------------------------------------------------
UPDATED
I would also recommend using this along with Mod_security rules. I currently use the following rules which block bcc: or cc: if they use more than two addresses.
Add the following to /usr/local/apache/conf/modsec.conf below SecFilterEngine On:
SecFilterScanPOST On
Then add this to your /usr/local/apache/conf/modsec.user.conf file:
At the end of the first box add the following:
acl_not_smtp = acl_check_pipe
Then scroll down to the box that contains check_recipient:
(This box should be the middle of three consecutive boxes)
Above check_recipient: add the following:
Code:
##Added Sendmail Bcc and Cc Spam Removal##
acl_check_pipe:
#drop condition = ${if match {$message_body}\
#{\N.*\
#MIME-Version:.*\N}{true}}
#log_message = "Spam MIME-Version:$header_subject: "
#drop condition = ${if match {$message_body}\
#{\N.*\
#Reply-To:.*\N}{true}}
#log_message = "Spam Reply-To:$header_subject: "
# This will also block attachments
# drop condition = ${if match {$message_body}\
# {\N.*\
# Content-Type:.*\N}{true}}
# log_message = "Spam: Content-Type: $header_subject: "
# This will also block attachments
# drop condition = ${if match {$message_body}\
# {\N.*\
# Content-Transfer-Encoding:.*\N}{true}}
# log_message = "Spam: Content-Transfer-Encoding: $header_subject: "
drop condition = ${if match {$message_body}\
{\N.*\
[Bb][Cc][Cc]:.*\N}{true}}
log_message = "Spam: BCC: $header_subject: "
drop condition = ${if match {$message_body}\
{\N.*\
[Cc][Cc]:.*\N}{true}}
log_message = "Spam: CC: $header_subject: "
accept
accept
##End of Additions ##
Then go into your server through SSH and tail -f /var/log/exim_mainlog
You will now see all BCC and CC spam in there as triggering acl_not_smtp Spam
You can also test that this is working by going to any formmail script and typing:
bcc: whatever@spam.com in any of the response boxes (message body). The message will seem like it went through, but you will notice that it has been blocked and logged in exim_mainlog
Hope this helps us all wth the growing spam problem on the internet......
---------------------------------------------------------
UPDATED
I would also recommend using this along with Mod_security rules. I currently use the following rules which block bcc: or cc: if they use more than two addresses.
Add the following to /usr/local/apache/conf/modsec.conf below SecFilterEngine On:
SecFilterScanPOST On
Then add this to your /usr/local/apache/conf/modsec.user.conf file:
Code:
SecFilter "[Bb][Cc][Cc]:|[Cc][Cc]:|[Bb][Cc][Cc]%3A|[Cc][Cc]%3A" chain
SecFilter "[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}\,\x20[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}"
SecFilter "[Bb][Cc][Cc]:|[Cc][Cc]:|[Bb][Cc][Cc]%3A|[Cc][Cc]%3A" chain
SecFilter "[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}\,[A-Z0-9._%-]+@[A-Z0-9._%-]+\.[A-Z]{2,4}"
SecFilter "[Bb][Cc][Cc]:|[Cc][Cc]:|[Bb][Cc][Cc]%3A|[Cc][Cc]%3A" chain
SecFilter "[A-Z0-9._%-]+%10[A-Z0-9._%-]+\.[A-Z]{2,4}\,\x20[A-Z0-9._%-]+%10[A-Z0-9._%-]+\.[A-Z]{2,4}"
SecFilter "[Bb][Cc][Cc]:|[Cc][Cc]:|[Bb][Cc][Cc]%3A|[Cc][Cc]%3A" chain
SecFilter "[A-Z0-9._%-]+%10[A-Z0-9._%-]+\.[A-Z]{2,4}\,[A-Z0-9._%-]+%10[A-Z0-9._%-]+\.[A-Z]{2,4}"
Here's what shows up in WHM when attempting delivery of one of the messages:
Message 1EnKLy-0004In-7c is not frozen
delivering 1EnKLy-0004In-7c
LOG: MAIN
<user@localdomain.com>: virtual_sa_userdelivery transport output: An error was detected while processing a file of BSMTP input.
LOG: MAIN
== user@localdomain.com R=virtual_sa_user T=virtual_sa_userdelivery defer (0): Child process of virtual_sa_userdelivery transport returned 2 from command: /usr/sbin/sendmail
LOG: MAIN
** user@localdomain.com: retry timeout exceeded
LOG: MAIN REJECT
F=<> rejected by non-SMTP ACL: "Spam: CC: Mail delivery failed: returning message to sender "
LOG: MAIN
Error while reading message with no usable sender address (R=1EnKLy-0004In-7c): rejected by non-SMTP ACL: local configuration problem
LOG: MAIN
Process failed (1) when writing error message to user@localdomain.com
delivering 1EnKLy-0004In-7c
LOG: MAIN
<user@localdomain.com>: virtual_sa_userdelivery transport output: An error was detected while processing a file of BSMTP input.
LOG: MAIN
== user@localdomain.com R=virtual_sa_user T=virtual_sa_userdelivery defer (0): Child process of virtual_sa_userdelivery transport returned 2 from command: /usr/sbin/sendmail
LOG: MAIN
** user@localdomain.com: retry timeout exceeded
LOG: MAIN REJECT
F=<> rejected by non-SMTP ACL: "Spam: CC: Mail delivery failed: returning message to sender "
LOG: MAIN
Error while reading message with no usable sender address (R=1EnKLy-0004In-7c): rejected by non-SMTP ACL: local configuration problem
LOG: MAIN
Process failed (1) when writing error message to user@localdomain.com
