As I just reported a few minutes ago, the ozzie.notes.net server is blacklisted by spamhaus. If you are using spamhaus's "SBL" list in your server's SMTP Inbound Controls configuration (as shown to the left), you won't be receiving LNOTES-L messages. There is a way around this, but it requires a hack. If you're not up for using a total hack, you can change your server's configuration to log and tag messages instead of rejecting them on a blacklist hit, but then you'll have to run an agent to quarantine the messages after delivery to mail files. I actually do run with the log and tag configuration, but the hack removes the need for an agent -- and it would work even if I were rejecting the messages. The remainder of this post describes how you can do the same thing.

WARNING: None of what follows is supported by anyone. Modifying the design of the Domino Directory is something that you should only do with your eyes wide open to the consequences, so let me spell them out right here and now: creating rules using the hack that I am about to tell you about runs the risk that those rules will be invalid on Domino 7 or greater. It runs some risk of crashing the admin client or the server in Domino 7. If you do this, be absolutely sure to remove all rules that you have created before doing a server upgrade. Back them up, look for an updated version of the hacked code or re-do the hack yourself, and then restore or re-create the rules. Whether you can restore or you will need to re-create the rules will depend on what, if any, changes IBM has made in the rules functionality that might conflict with the way the hack was programmed.

Now that we've got that all out of the way, here's what you need to know:

The hack to the server rules is based on work done by Daniel Koffler to integrate Spam Assassin with Domino. You don't have to use Spam Assassin to take advantage of the technique, however, because Chris Linfoot took Daniel's technique and extended it in some very interesting ways. Please start by reading Daniel's article, however, because Chris doesn't explain the code, and you need to understand how it works in order to be fully aware of what you are doing to your server.

Now, read this article that Chris published in his blog, in which he explains how Daniel's article inspired him to develop his own hacked rule to detect bogus HELO messages in the SMTP conversation. The result of that post was that rules hacks for checking the HELO message, for checking the $DNSBLSite tag, and for checking some of the other headers for indicators that are often found in spam messages. Next, go here to download a template and read the instructions for modifying the design of your Domino Direcftory. Follow the instructions to take the design elements from the downloaded template and use them to replace the versions that are in your server's names.nsf design.

Now, what you need to do is change your Domino server's configuration to use the log and tag option for DNS Blacklists (as shown above), and then create a rule that looks like this:

(You can skip the bit about exempting yahoo.com or yahoogroups.com. That's in my current configuration to exempt a specific set of messages from a mailing list -- but it will only be there until I find a better way for those particular messages.)

What you are doing is checking the $DNSBLSite field to see if it is not blank. Just select DNS Blacklist in the first control, "Is Not" in the second, leave the third one blank, and click "Add". It looks funny, but it works. Then click on the "Exception" radio button, select "SourceIP" in the first control, "Is" in the second control, enter "206.67.5.170" in the third field, and click "Add" again. Down in the Actions portion of the rule dialog, I specify "Move to database" and I have the rule put all the blacklisted messages into a database that is based on a slightly modified version of the MAIL.BOX template, where I have modified the view to allow me to easily inspect many of the header suspect fields. You can specify "Don't accept message" if you want. I'm collecting the messages not so much out of a fear of false positives as out of an interest in easily measuring the results of blacklist checking -- but obviously this morning's discovery of LNOTES-L messages in the quarantine database makes me glad that I'm not rejecting the messages, as it probably would have taken a day or two for me to notice what I was missing.

After you've implemeted the hacked (or "enhanced" as Chris likes to say) rules, you will need to issue a "set rules" command on the server console to put them into effect.

Finally, you may want to consider checking out the article where Chris lists the rules that he uses himself in his highly successful anti-spam campaign. As long as you're hacking rules, you might as well learn from his experience and implement some very effecfive anti-spam controls. I've been using all of Chris' techiques for a while now. I'll be writing a report in my own blog in a few weeks, after I've had them running long enough to have some meaningful statistics to analyze.

No documents found