How to remove outdated RBL lists bl.csma.biz & sbl.csma.biz?

This forum is for all copfilter version 2 support related questions in English. (IPCop version 2)

How to remove outdated RBL lists bl.csma.biz & sbl.csma.biz?

Postby Matthias030 » 22 Mar 2016 18:36

Since yesterday I got a lot of false-detected spam emails. E-Mails that are no Spam are incorrectly detected as Spam. All these mails got their reputation by 2 RBL hosts:

Code: Select all
   *  3.0 RCVD_IN_BLCSMA RBL: Received via a blocked site in bl.csma.biz
   *      [185.22.69.174 listed in bl.csma.biz]
   *  3.0 RCVD_IN_SBLCSMA RBL: Received via a blocked site in sbl.csma.biz
   *      [62.209.51.42 listed in bl.csma.biz]


I found this on the net. Csma is dead and should not be used in the future. http://www.dnsbl.com/2013/02/status-of-blcsmabiz-dead.html
What I don't understand is that csma has not shown any false alarms in the past. Why are there false alarms right now?

Now I try to remove the servers bl.csma.biz and sbl.csma.biz from SpamAssassin. I found some entries in the file "\var\log\copfilter\default\opt\mail-spamassassin\etc\mail\spamassassin\local.cf". But this file is generated automatically at every restart. So where is the file where I can deactivate these servers? I think it's better to remove these servers than deactivating the RBL checks in the Webgui. If I do that, then Spamhouse is also no longer working.

Who can help. :-)

Thanks,
Matthias
Matthias030
 
Posts: 19
Joined: 01 Mar 2015 18:28

Re: How to remove outdated RBL lists bl.csma.biz & sbl.csma.

Postby benscha » 24 Mar 2016 10:55

Hi Matthias030

change the following file /var/log/copfilter/default/opt/mail-spamassassin/etc/mail/spamassassin/local.cf

from:
Code: Select all
# bl.csma.biz
header RCVD_IN_BLCSMA rbleval:check_rbl('blcsma', 'bl.csma.biz.')
describe RCVD_IN_BLCSMA Received via a blocked site in bl.csma.biz
tflags RCVD_IN_BLCSMA net
score RCVD_IN_BLCSMA 3.0


to

Code: Select all
# bl.csma.biz
# header RCVD_IN_BLCSMA rbleval:check_rbl('blcsma', 'bl.csma.biz.')
# describe RCVD_IN_BLCSMA Received via a blocked site in bl.csma.biz
# tflags RCVD_IN_BLCSMA net
# score RCVD_IN_BLCSMA 3.0
benscha
 
Posts: 29
Joined: 21 Jan 2014 11:52

Re: How to remove outdated RBL lists bl.csma.biz & sbl.csma.

Postby cjmatsel » 24 Mar 2016 11:35

Hi,

in the Webinterface "AntiSpam" by clicking the Button "save & restart" the CSMA-Rules are active again... :-(
Do you have an idea to solve the problem?

cu,
cjmatsel
cjmatsel
 
Posts: 46
Joined: 05 Jan 2010 18:16

Re: How to remove outdated RBL lists bl.csma.biz & sbl.csma.

Postby Matthias030 » 24 Mar 2016 11:46

That's the problem. The local.cf file is genrerated by the Webgui and at every computer restart. One solution could be to make this file write protected. But that's a bad solution.

Some tool is generating this file. So where's the initial config for it?
Matthias030
 
Posts: 19
Joined: 01 Mar 2015 18:28

Re: How to remove outdated RBL lists bl.csma.biz & sbl.csma.

Postby cjmatsel » 24 Mar 2016 12:31

the local.cf ist also generating by "/usr/local/bin/copfilter_restartspamd", but it's a binary file....

The restartspamd is also linked in the WebGui...
cjmatsel
 
Posts: 46
Joined: 05 Jan 2010 18:16

Re: How to remove outdated RBL lists bl.csma.biz & sbl.csma.

Postby cjmatsel » 24 Mar 2016 13:38

would DNS-Redirection an idea?
cjmatsel
 
Posts: 46
Joined: 05 Jan 2010 18:16

Re: How to remove outdated RBL lists bl.csma.biz & sbl.csma.

Postby cjmatsel » 24 Mar 2016 16:05

Hi,
i have edited the score for these server and restarted spamassassin and the settings are not resettet:
Code: Select all
# bl.csma.biz
header RCVD_IN_BLCSMA rbleval:check_rbl('blcsma', 'bl.csma.biz.')
describe RCVD_IN_BLCSMA Received via a blocked site in bl.csma.biz
tflags RCVD_IN_BLCSMA net
score RCVD_IN_BLCSMA 0.0

# sbl.csma.biz
header RCVD_IN_SBLCSMA rbleval:check_rbl('sblcsma', 'sbl.csma.biz.')
describe RCVD_IN_SBLCSMA Received via a blocked site in sbl.csma.biz
tflags RCVD_IN_SBLCSMA net
score RCVD_IN_SBLCSMA 0.0
cjmatsel
 
Posts: 46
Joined: 05 Jan 2010 18:16

Re: How to remove outdated RBL lists bl.csma.biz & sbl.csma.

Postby Matthias030 » 24 Mar 2016 16:28

Thanks for that! It's a good workaround. Unfortunately these servers are still contacted and this results in a slowdown of the spam detection process. But anyway, it works!

Hope that some of the "creators of Copfiler" have an idea how to deactivate these servers completely. :-)

Just for interest, did you had the same problem with lots of false detected spams during the last days?
Matthias030
 
Posts: 19
Joined: 01 Mar 2015 18:28

Re: How to remove outdated RBL lists bl.csma.biz & sbl.csma.

Postby cjmatsel » 24 Mar 2016 18:27

Just for interest, did you had the same problem with lots of false detected spams during the last days?

No, only a few Mails...

edit your "reject all messages with a value greater than"-Score so that they are catch in the Spamlist; then look at the Mailheader for spamfilter-Details...
cjmatsel
 
Posts: 46
Joined: 05 Jan 2010 18:16

Re: How to remove outdated RBL lists bl.csma.biz & sbl.csma.

Postby ShelbyGT500 » 24 Mar 2016 21:30

Hi,

if you want to remove the 2 rules, delete these lines in /var/log/copfilter/default/opt/mail-spamassassin/etc/mail/spamassassin/local.cf
Code: Select all
# bl.csma.biz
header RCVD_IN_BLCSMA rbleval:check_rbl('blcsma', 'bl.csma.biz.')
describe RCVD_IN_BLCSMA Received via a blocked site in bl.csma.biz
tflags RCVD_IN_BLCSMA net
score RCVD_IN_BLCSMA 3.0

# sbl.csma.biz
header RCVD_IN_SBLCSMA rbleval:check_rbl('sblcsma', 'sbl.csma.biz.')
describe RCVD_IN_SBLCSMA Received via a blocked site in sbl.csma.biz
tflags RCVD_IN_SBLCSMA net
score RCVD_IN_SBLCSMA 3.0

Regards.

ShelbyGT500
ShelbyGT500
 
Posts: 844
Joined: 13 May 2010 22:37
Location: FRANCE

Next

Return to English Copfilter v2 Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron