Automatic reporting with mdaemon

[Jordi]

Hi,

New on this ... I'm trying to figure out how to configure my mdaemon mail server to automatically submit all the spam.

Any ideas ?

Thanks !

Jordi

[SpamCopAdmin]

This is what is necessary...

SpamCop is looking for the full headers in one contiguous block of text, followed by a blank line, which signals the end of the headers, and then followed by the body text of the spam.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

[Jordi]

Yes, I understood that. I've been submitting spam for a few days already, now in the "quick" mode ...

I was trying to do something fully automatic in my mail server, like sending to SpamCop every email archived in the Public spam Folder (where both, SpamAssasin and my users drop spam) or something alike, but my fear is to submit something which is not spam and create troubles to anyone, including myself.

So I think for the time being, I will prefer to take a look myself, a few times per day, to this Public spam folder, get all the new emals, attached them to a single email and send it to my "quick" SpamCop adrress.

The only issue is the maximum number of spam emails SpamCop accepts attached in a single email and the maximum Kb those attachments may take ...

How other folks are doing ?

This is what is necessary...

SpamCop is looking for the full headers in one contiguous block of text, followed by a blank line, which signals the end of the headers, and then followed by the body text of the spam.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

[Farelf]

Hi Jordi,

Maybe you can pick up some tips from the Wiki - go to the page index and under "H" you will find a series of articles "How I use SpamCop".

Not sure about the current batch size limit on submissions - it doesn't seem to be causing reporters problems in recent times but that might be because the average reporter can't submit by e-mail these days (due to ESP filering of outgoing messages), or because later changes to the reporting system have affected it, or because there is a difference between "full" and (maybe more common lately) quick reporting submissions. I just don't know. And the reporting system is down (for me at least) at the moment.

Steve

[edit] My mistake - reporting seems to be fine, it must be just the reporting server status graphic

[ACza]

I have written a bash scri_pt for my Zimbra mail server which is Postfix based. As long as the logs have the same format, it should work the same.

If anyone is interested in trying it, please let me know.

The scri_pt looks for all emails that postfix automatically marks as spam and also looks for emails that users mark as spam.

The return email address and IP address are compared to a Whitelist file and if not found in the whitelist, postifix grabs the spam email and sends it to SPAMcop automatically. To complete the final steps you need to manually approve the final process.

Which will remove any false positives. Which I haven't seen since I started to use the scri_pt.

The scri_pt also captures the Header info so it can be manually incorporated into the Postfix Custom_Header_Checks file.

The scipt also writes to a log file which is monitored by OSSEC which puts a block into iptables for 1 hour.

The scri_pt also automatically SCP's the Blocked IP address to my pfSense Firewall which has a pfBlocker program that blocks the ip address forever. It also converts the ip to /24 CIDR.

If the user re-marks the email as HAM, it will reverse the process completely.

Finally it searches the logs for SMTP Authlogin attempts which follows a similar blocking mechanism.