Home > ipcop, linux, networking > Copfilter Spam Filter Problem Resolved

Copfilter Spam Filter Problem Resolved

Apparently the ix blacklist provider used by Copfilter, which is used if you choose the Razor, DCC, DNSBL option on the antipam settings, had a DDOS attack this year and as a result closed their service to non-registered users. The effect this had on my copfilter installations was the antispam scan times went from 3-6 sec to 50+ seconds. On a busy system all those scan jobs would effectively be a DDOS attack on your inbound mail. Disabling Razor, DCC and DNSBL would enable mail, but also allow through a large % of previously identified (in our case deleted) spam.

The resolution is to modify one text file manually:

/var/log/copfilter/default/opt/mail-spamassassin/etc/mail/spamassassin/local.cf

What I did was copy it locally so I could cut and paste (plus make a backup of it). Then I copied it back to the firewall. You need to comment out and move the two sections about ix in the file to below the line # COPFILTER END – SPAM_SCAN_SPEEDUP

# http://www.heise.de/ix/nixspam/
# http://www.heise.de/ix/foren/go.shtml?read=1&msg_id=6404906&forum_id=48292
#header NIX_SPAM eval:check_rbl('nix-spam', 'ix.dnsbl.manitu.net')
#describe NIX_SPAM Listed in NIX_SPAM DNSBL (thanks to heise.de)
#tflags NIX_SPAM net
#score NIX_SPAM 2.0

# ftp://ftp.ix.de/pub/ix/ix_listings/2004/05/ixhash.pm
#loadplugin iXhash ixhash.pm
#body IXHASH eval:ixhashtest(‘ix.dnsbl.manitu.net’)
#describe IXHASH This mail has been classified as spam @ iX Magazine, Germany
#tflags IXHASH net
#score IXHASH 1.5

Then add in this known good blacklist provider:

#SPAMHAUS blacklist
header RCVD_IN_XBL_SPAMHAUS_ORG rbleval:check_rbl('relay', 'xbl.spamhaus.org.')
describe RCVD_IN_XBL_SPAMHAUS_ORG Received via a relay in xbl.spamhaus.org
tflags RCVD_IN_XBL_SPAMHAUS_ORG net
score RCVD_IN_XBL_SPAMHAUS_ORG 4.00

If you add that in above the END – SPAM_SCAN_SPEEDUP line, it will be enabled/disabled with the others via the GUI. Then just restart the copfilter services and all is well again.

official copfilter support-forum :: Thema anzeigen – ix DNSBL requires registration of IP address

Advertisements
Categories: ipcop, linux, networking
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: