Using the new SMTP feature |
Post Reply 
|
| Author | ||
jdrolet 
Newbie 
Joined: 01 August 2006 Location: United States Status: Offline Points: 4 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Using the new SMTP featurePosted: 15 August 2006 at 11:25am |
|
|
Does anyone have a sample of the settings for using LogSat as the outgoing SMTP server? (New in 3.1.3.597) Also, does anyone know if I can continue to have LogSat SF listen on port 26 and have its outgoing SMTP server listen on port 25? Thank you |
||
|
Joe Dr.
|
||
 |
||
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2006 at 8:29am |
|
|
Joe,
Prior to v3.1, the only way to allow users to use SpamFilter as their "outgoing smtp server" is to add the IP ranges of the users in an IP whitelist. This was practical for companies where the users were within their internal network, so the IP range to whitelist was well defined. In an ISP scenario, where users are often connecting to the mail server from the internet, this could create difficulties in managing the IP ranges. Starting with SpamFilter 3.1, we added support for SMTP auth (including SSL encryption). Active Directory, LDAP, and Unix-style password files can be used to authenticate senders. If a sender is authenticated successfully, they will be whitelisted and allowed to relay. The autnetication can be configured under the "Settings - User Authentication" tab in SpamFilter. In regards to the last question, SpamFilter can only listen on one port for SMTP traffic, and on a different port for SSL traffic. If you enable the SSL port (the default is port 465), you could have the users who you wish to authenticate for outgoing SMTP traffic use the SSL port. SpamFilter comes with a default generic SSL certificate. Most email clients will display a warning to users as the certificate name won't match the name of your server. If you wish to use your own certificate, in the help file readme.html you will find details on how to export your SSL certificate into SpamFilter. |
||
|
||
|
kspare
Senior Member 
Joined: 26 January 2005 Location: Canada Status: Offline Points: 334 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2006 at 3:32pm |
|
|
How about this scenario. I have 3 mail gateways for accepting mail that routes to either customers servers or our server. Is there anyway to use these servers as smtp server for customers sending outgoing mail? |
||
|
||
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2006 at 4:03pm |
|
|
...well, the same answer above would apply to you.
In SpamFilter, you can either add an IP whitelist for the customers, if the IP ranges they use are known. If not, you could use SMTP Authentication, which is a configuration-setting available in most email clients. To authenticate users, SpamFilter can use Active Directory, an LDAP server, or Unix-style password files (like the ones sendmail would use for example). |
||
|
||
|
StevenJohns
Senior Member
Joined: 03 August 2006 Status: Offline Points: 119 |
Post Options
Thanks(0)
Quote Reply
Posted: 31 August 2006 at 5:23am |
|
|
Roberto, I have a client who I filter mail for, then send the ham to his email server. - working fine. However, one of their laptop users came into their office last week, and sent 30,000 emails !!!! Obviously, after a short time their IP was blacklisted and it took us ages to find which laptop it was to isolate (they have over 1200 users). What I want to do is make their server send all of their outgoing mail through me. BUT.... as I see it, the majority of the spam tests will be useless (i.e. as their IP will be in my IP Whitelist). Also, if any spam were to get through, would this end up blacklisting my IP, not theirs ???? How can I get them to send mail through me and bock any spam that may come from their site unintentially ?
Cheers |
||
|
||
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 31 August 2006 at 8:18am |
|
|
Unfortunately there isn't a nice answer here...
If you whitelist your customer, then they will indeed be able to send any kind of emails (except viruses, those are always blocked if you have the A/V plugin). If they send spam, and it's ultimately sent and relayed by your server, yes, you do risk being blocked. If you do not whitelist the customer, you do risk blocking legitimate emails, and could anger them. To alleviate this risk, there is an option in the SpamFilter.ini file: ;Add any IPs (separated by commas - no wildcards) that you do not wish to be automatically added to the Honeypot IP blacklist or the IP Blacklist Cache DoNotAddIPToHoneypot= Adding your customer's IP to that key will prevent them from being permanently blocked by SpamFilter. The blocks will be made on individual emails. That *may* limit the amount of spam they send. Furthermore, as the SFDB filter only reports spammers that are in the local IP Blacklist Cache, you do not risk uploading their IP to the SFDB. |
||
|
||
|
StevenJohns
Senior Member
Joined: 03 August 2006 Status: Offline Points: 119 |
Post Options
Thanks(0)
Quote Reply
Posted: 31 August 2006 at 10:05am |
|
|
OK, just to clarify.... I presume that most of the spam detection relates to where the email origionates from, rather than the content of the email. Therefore what would be the best way to detect spam comming from an internal source?? (my client would effectively be an internal source if he relayed through me).?
cheers
|
||
|
||
|
Marco
Senior Member
Joined: 07 June 2005 Location: Netherlands Status: Offline Points: 137 |
Post Options
Thanks(0)
Quote Reply
Posted: 31 August 2006 at 11:02am |
|
|
maybe you should run a second instance of SF, on a port other than 25, and make thise second instace treat your 'incoming' mail (from this customer) as usual for incoming mails from internet.... when the mails from this source is found O.K. relay it to your primary SF and use its SMTP feature. any internal spammers should be picked up by this second instance (uses all the regular sf features, except some IP based ones) before they are sent to the outside world. If you set it up correctly you should be able to identify the offending internal ip from the 2nd instance's logs/QDB/FROM mail addy.
Setup your firewall so that no outside IP can send mails directly to this second instance ofcourse. If i got this right in my head i think you should be able to filter all your 'internal' customers by making them use this internal spamfilter. Just a suggestion, maybe i got it all wrong here and am talking rubbish (that wouldn't be a first)
|
||
|
Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams
|
||
|
||
|
StevenJohns
Senior Member
Joined: 03 August 2006 Status: Offline Points: 119 |
Post Options
Thanks(0)
Quote Reply
Posted: 31 August 2006 at 11:08am |
|
|
Marco,
Are you suggesting that I could run a second instance os SF on the same box?? How would I install the service?? It would need to ahve a different name to the first one, and presumably be installed in a different folder as it will need a slightly different config. Am I getting this right, or have I completely lost the plot????? |
||
|
||
|
Marco
Senior Member
Joined: 07 June 2005 Location: Netherlands Status: Offline Points: 137 |
Post Options
Thanks(0)
Quote Reply
Posted: 31 August 2006 at 11:14am |
|
|
that is exactly what i'm suggesting.. and Roberto won't mind at all since the license is 'per server', I even 'heard' him say so himself in here some time ago :) You will need (if you think you need it) a different database, and setup SF2 so that it listens on a different IP/port, and install it in a directory with a different name, as far as i know that is all it takes. There have been discussions about running SF twice on the same box in this forum, better look them up for more details, i never had a need for dual sf, but i know it is doable, and fairly easy for that matter also.
|
||
|
Anyone who is capable of getting himself made president, should on no account be allowed to do the job. D.Adams
|
||
|
||
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 31 August 2006 at 4:00pm |
|
|
It's as simple as
1. copying/installing SpamFilter in a new different directory. 2. Rename the first SpamFilter NT service, so it won't be overwritten by the new service. 3. Start the new SpamFilter in stand-alone mode (using SpamFilter.exe), and configure it to use a different IP or port 4. Click on the "Create Service" button. You can run a few dozen instances if you want  |
||
|
||
|
StevenJohns
Senior Member
Joined: 03 August 2006 Status: Offline Points: 119 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 September 2006 at 5:32am |
|
|
cool.....
how do I rename the existing service ??
|
||
|
||
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 September 2006 at 11:06am |
|
|
I believe the DameWare Utilities allow you to rename services.
Alternatively, you can use the INSTSRV.exe utility from the Microsoft resourcekit to install the second service with a different name: C:\Program Files\SpamFilter2>instsrv SpamFilter2 "c:\program files\spamfilter2\spamfiltersvc.exe" When you do this, ensure you change the service properties after it's created to "Allow service to interact with desktop" The sc.exe utility from MIcrosoft allows you to create services as well. |
||
|
||
|
kspare
Senior Member
Joined: 26 January 2005 Location: Canada Status: Offline Points: 334 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 September 2006 at 11:27am |
|
|
Roberto, I'm trying to get this working. I'm testing it on a server with a completly base spamfilter config. I have ldap sucessfully working, however when I try to send an email it doesn't even attempt to authenticate. How do you turn off anonymous email?
|
||
|
||
|
kspare
Senior Member
Joined: 26 January 2005 Location: Canada Status: Offline Points: 334 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 September 2006 at 11:34am |
|
|
I also found that if you use active directory authentication the client has to put the domainname infront of their username. Whats the point of telling spamfilter the domain as well? Why can't you just use the username for ad auth like you can for ldap auth?
|
||
|
||
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 September 2006 at 4:44pm |
|
You can't turn off anonymous emails, otherwise SpamFilter will not be able to receive emails from the internet, as mail servers "talk" regular anonymous SMTP. If a client supports SMTP authentication, and it's enabled, the client will make a EHLO request to the server (SpamFilter). The server will respond with a welcome banner, indicating in it that it supports AUTH LOGIN (smtp authentication). The client should see that, and thus attempt to use authentication: <<EHLO test.logsat.com >>250-AUTH LOGIN >>250-8BITMIME >>250-SIZE 1024 >>250 HELP It is up to the client to send the auth commands. You could try to use SpamFilter's debug tab to capture the traffic to/from the client to see what is going on.
SpamFilter needs to know the domain name for Active Directory so it can locate your Domain Controllers to authenticate. As with Active Directory you could have child domains, and trusts with other domains, a fully qualified username (domain\user or user@domain) is required to uniquely identify the user. |
||
|
||
Topic Options
kspare wrote:|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.234 seconds.