help cara ngeblock email spam


Status
Not open for further replies.
IIXPLANET

IIXPLANET

Expert 2.0
ini saya ada config bagi yg stress dapat spamming tiap hari , config ini saya paste dari real config cpanel exim filter saya :

langkah pertama :

1 . login ssh as root
2. pico /etc/cpanel_exim_system_filter
( untuk path filter files bisa dilihat di exim configurator di whm )

3. add kan line dibawah ini untuk memfilter dan discard segala text / header yg
dikategorikan sebagai spam list


# MULAI
# Filter semua email masuk dan keluar


logfile /var/log/filter.log 0644
## Spam Pertama
if

# Bagian Header Spam
$header_subject: contains "porn discount"
or $header_subject: contains "promo besar produk"
or $header_subject: contains "Replica watches 25% price off"
or $header_subject: contains "Cialis"
or $header_subject: is "The Ultimate Online Pharmaceutical"
or $header_subject: contains "***SPAM***"
or $header_subject: contains "[SPAM]"
or $header_subject: contains "ROLEX at unbelievable prices"
or $header_subject: contains "save 90%%% on watches"
or $header_subject: contains "A friend has sent you a Hallmark Ecard"
or $header_subject: contains "Luxury watches should be available to anyone!"
or $header_subject: contains "[SPAM]"


# Body Spam
or $message_body: contains "Cialis"
or $message_body: contains "Click here to view as a webpage"
or $message_body: contains "Cialis"
or $message_body: contains "Viagra"
or $message_body: contains "Leavitra"
or $message_body: contains "St0ck"
or $message_body: contains "8dvs9.jpg"
or $message_body: contains "porn"
or $message_body: contains "Cia1iis"
or $message_body: contains "URGENT BUSINESS PROPOSAL"
or $message_body matches "angka[^s]+[net|com|org|biz|info|us|name]+?"
or $message_body matches "v(i|1)agra|vag(i|1)n(a|4)|pen( i|1)s|asu|seks|l(o|0)l(i|1)ta|spam"

then

# triggered our central filter."
logwrite "$tod_log $message_id from $sender_address contained spam keywords"

seen finish
endif


## FINANCIAL FAKE SENDERS

logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@citibank.com" or
$header_from contains "@bankofamerica.com" or
$header_from contains "@wamu.com" or
$header_from contains "@ebay.com" or
$header_from contains "@chase.com" or
$header_from contains "@paypal.com" or
$header_from contains "@wellsfargo.com" or
$header_from contains "@bankunited.com" or
$header_from contains "@bankerstrust.com" or
$header_from contains "@bankfirst.com" or
$header_from contains "@capitalone.com" or
$header_from contains "@citizensbank.com" or
$header_from contains "@jpmorgan.com" or
$header_from contains "@wachovia.com" or
$header_from contains "@bankone.com" or
$header_from contains "@suntrust.com" or
$header_from contains "@amazon.com" or
$header_from contains "@banksecurity.com" or
$header_from contains "@visa.com" or
$header_from contains "@mastercard.com" or
$header_from contains "@mbna.com"
)
then
logwrite "$tod_log $message_id from $sender_address is fraud"
seen finish
endif

## FAKE SENDERS SPAM

logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
$header_from contains "@hotmail.com" or
$header_from contains "@yahoo.com" or
$header_from contains "@aol.com"


)
then
logwrite "$tod_log $message_id from $sender_address is forged fake"
seen finish
endif



## FAKE PHISHING
### Log all outgoing mail from server that matches rules
logfile /var/log/filter.log 0644
if (
$received_protocol is "local" or
$received_protocol is "esmtpa"
) and (
#Paypal
$message_body: contains "Dear Paypal" or
$message_body: contains "The PayPal Team" or
$message_body: contains "Dear Paypal Customer" or
$message_body: contains "Paypal Account Review Department" or


#Ebay
$message_body: contains "Dear eBay member" or
$message_body: contains "Dear eBay User" or
$message_body: contains "The eBay team" or
$message_body: contains "Dear eBay Community Member" or


#Banks
$message_body: contains "Dear Charter One Customer" or
$message_body: contains "Dear wamu.com customer" or
$message_body: contains "Dear valued Citizens Bank member" or
$message_body: contains "Dear Visa" or
$message_body: contains "Dear Citibank" or
$message_body: contains "Citibank Email" or
$message_body: contains "Dear customer of Chase Bank" or
$message_body: contains "Dear Bank of America customer" or




#ISPs
$message_body: contains "Dear AOL Member" or
$message_body: contains "Dear AOL Customer"


)
then
logwrite "$tod_log $message_id from $sender_address is phishing"
seen finish
endif

# Selesai


4. untuk cek email yg sudah berhasil ke filter system , ketik cmd dibawah :
tail -f /var/log/filter.log

dan untuk melihat messages nya :
grep idmessages /var/log/exim_mainlog
 
IIXPLANET

IIXPLANET

Expert 2.0
tertinggal :

jangan lupa untuk restart exim

service exim restart

kalo saya spamd tidak saya gunakan , karena selain buat load cpu high untuk handle spam kurang yahud , semua terserah anda yg mana yg baik nya . :)
 
S

susan

Apprentice 2.0
djawir said:
Code: 
Updating "Default Mail Delivery Action" from "localuser" to "fail".

udah di set ke fail tapi belum mudeng maksudnya, boleh minta penjelasan bos? trus efek nya apa?
Click to expand...

Ini saya kutipkan perbandingan antara blackhole dengan fail dari http://www.configserver.com/free/fail.html :
* Using :blackhole: email is accepted and received into the server in its entirety. It is then processed through exim and only on delivery is it written to the null device (/dev/null) and silently ignored.

o This wastes server bandwidth as the email data, or body, of the email is accepted into the server
o This wastes server resources (CPU, memory and disk I/O) as the email is fully processed by exim before being finally written to /dev/null
o Because the blackholed email is still processed through the whole of exim before it is finally deleted, if any of the usual checks and routing that any email goes through fails, such email can be placed in the exim mail queue for later reprocessing. This can lead to tens of thousands of blackholed emails accumulating in the exim mail queue which in turn can cause a range of serious server performance and resource problems and will affect the normal and timely delivery of email
o This actually breaks the SMTP RFC's because you're not notifying the sending SMTP server that the email is undelivered, which is a requirement
o Causes emails that will never be delivered onto the exim mail queue because checks such as sender verification are still carried out when processing such emails and if they cannot complete they will stay on the exim mail queue and repeatedly reprocess the email until it is finally discarded (usually 4+ days). This can cause very large mail queues full of spam which is repeatedly processed causing severe performance degradation

* Using :fail: the email is never accepted into the server. During the initial SMTP negotiation when the senders SMTP server connects to your SMTP server, the sending SMTP server issues a RCPT command notifying your server which email address the email to follow is intended for. Your server then checks whether the recipient email actually exists on your server (a POP3 account, an alias or a catchall alias) and if it does not, it issues an SMTP DENY which terminates the attempt to deliver the email.

o This saves bandwidth as the email data is never received into your server
o This saves server resources as the email never has to be processed
o This complies with the SMTP RFC's because the sending SMTP server receives the DENY command
o Your server does not send a bounce message (just the DENY command)
o Your server does not send anything to the sender of the email (i.e. the address in the From: line)
o The sending SMTP server is responsible for notifying the original sender
Click to expand...

Susan,
________________________________
Whplus - IIX dan USA Hosting Since 2003
Hosting 1GB hanya 199rb/tahun.
http://www.whplus.com
 
Last edited:
bedebah

bedebah

Apprentice 2.0
pemula_web said:
sekalian tanya nih saya..

kalau di email gratisan kan ada fasilitas "mark as spam" jadi email tsb ga bakal dtg lg..

nah misal saya pakai tunderbird utk bbuka email domain sendiri gmana caranya ngebloknya yah biar ga datang lg...
Click to expand...

Thunderbird itu cuman imel klien kayak outlook express.
spam masih lolos masuk ke inbox server cuman ndak akan ditarik ke pc klien. jadi akan menuhin inbox.

Cara paling jitu dengan email filtering di Webmail Cpanel.
Anda dapat memilih blacklist email mana saja.
Memang capek kalau 1-1, kalo spamnya byk.

Cara pamungkas:
Hapus aja imelnya 2 bulan... (Dengan pertimbangan, mungkin ada yg nyepamnya cuman 1 bulan sekali)
Biasanya spambot akan berhenti kirimken imel ke account yg gak aktif.
 
am3n

am3n

Apprentice 1.0
vishualhost said:
ini saya ada config bagi yg stress dapat spamming tiap hari , config ini saya paste dari real config cpanel exim filter saya :

......
grep idmessages /var/log/exim_mainlog
Click to expand...

glek panjang sekali how-to nya.. nanti saya coba deh klo dah dapet persetujuan boss. takutnya salah konfiguremalah eximnya ngga jalan :p
 
am3n

am3n

Apprentice 1.0
nicosoftmedia said:
server gw pake ini bos, ASSP -> http://www.grscripts.com, lebih enteng banget dari Spamassassin, hemat memory, low cpu load :D. hasil kerjanya sama garangnya kayak spamassasin. untuk control panel ASSPnya di WHM bisa dunlud scriptnya ASSPX (pengganti ASSP Deluxe = Bayar :( ) disini http://www.sultanserver.com.
Click to expand...

ngga mudeng, jadi om install apa di whmnya? ASSPX untuk engine dan gui nya atau enginenya pake assp dari asspsmtp.org dan gui nya ambil dari sultan server?

btw klo mau install assp spamassassin harus di uninstall dulu ya ?? klo ada 2-2 nya gpp khan (iya sih bikin load cpu tinggi)
 
pemula_web

pemula_web

Apprentice 1.0
maksih infonya para senior...
berguna banget nih :)

ada masukan laen gak yg seting configure-nya lebih mudah, melalui cpanel

thanks
 
Status
Not open for further replies.

Top