Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Reject mail at SMTP level, address blocklist

    Feature Requests
    3
    11
    237
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X
      xarp last edited by

      I use email tagging (myemail+xyzfuturehackedwebsite@mydomain.com) and would like to be able to use the address blocklist feature to completely reject (all emails) to designated addresses at SMTP level, as opposed to having Cloudron flag them as spam and put them in the respective folder.

      Years ago I used Mail-in-a-Box and this feature was built in and configurable via the command line. Used to make abandoning tagged addresses a breeze. They would be permanently banished from my mind.

      I can't help but be honest that it triggers me when spam constantly shows up in my spam folder without my ability to nuke their attempts at even hitting my email server.

      What do ya'll say? Can this be implemented easily in a future update please?

      The only reference I found to the same was in this thread.

      P d19dotca 2 Replies Last reply Reply Quote 0
      • P
        privsec @xarp last edited by

        @xarp

        I believe this already exists

        https://docs.cloudron.io/email/#address-blocklist
        https://docs.cloudron.io/email/#custom-spam-filtering-rules

        https://cwiki.apache.org/confluence/display/SPAMASSASSIN/WritingRules

        X 1 Reply Last reply Reply Quote 2
        • X
          xarp @privsec last edited by

          @privsec Is SpamAssassin able to issue SMTP reject?

          P 1 Reply Last reply Reply Quote 0
          • P
            privsec @xarp last edited by

            @xarp Maybe I am misinterpreting what you are asking, so I will become a follower to this thread.

            1 Reply Last reply Reply Quote 0
            • d19dotca
              d19dotca @xarp last edited by

              @xarp SpamAssassin doesn't reject email, it simply tags it with a weighting on how confident it is that it's spam instead of ham. So I don't believe SpamAssassin will do what you're wanting to achieve.

              To reject email at the SMTP level, you need to use a DNSBL which is documented here (it essentially runs before SpamAssassin even sees the message but doesn't allow you to control which addresses are involved, only if it's a "true" then reject and if it's "false" then continue processing): https://docs.cloudron.io/email/#dnsbl

              --
              Dustin Dauncey
              www.d19.ca

              X 1 Reply Last reply Reply Quote 0
              • X
                xarp @d19dotca last edited by

                @d19dotca said in Reject mail at SMTP level, address blocklist:

                To reject email at the SMTP level, you need to use a DNSBL which is documented here (it essentially runs before SpamAssassin even sees the message but doesn't allow you to control which addresses are involved, only if it's a "true" then reject and if it's "false" then continue processing): https://docs.cloudron.io/email/#dnsbl

                Thanks for the reminder. I've added two extra blacklists to the default.
                The primary feature request still stands though.

                Surely it can't be difficult to implement SMTP reject when the devs are able to get around to it.

                d19dotca 1 Reply Last reply Reply Quote 0
                • d19dotca
                  d19dotca @xarp last edited by

                  @xarp What is the feature request you're needing though?

                  I interpreted it as you wanting to say "hey, deliver no spam to only this email address but allow some spam to other addresses (i.e. don't be so aggressive for some addresses but be more aggressive for others)", is that accurate though? The DNSBL rejects mail but system-wide, not at an address-specific level.

                  May need to clarify specifically what you want to achieve or how you expect your use-case to be implemented so it can be better addressed though.

                  --
                  Dustin Dauncey
                  www.d19.ca

                  X 1 Reply Last reply Reply Quote 0
                  • X
                    xarp @d19dotca last edited by

                    @d19dotca To make it really simple:

                    I blacklist me+website@myemail.com
                    All email arriving that matches receiver address me+website@myemail.com is SMTP rejected.

                    This is great for when websites or mailing lists get compromised and there is just an endless spam campaign on that address. I can ban the address at server level and now that address is forever blackholed.

                    I can go to the website in question, if I choose, and simply update my email address with a new tag, thus effectively generating a new non-spammed contact for which they hopefully won't get compromised again. If so, rinse repeat.

                    On Mail-in-a-Box, you'd just run a command on console with the block address parameter and address to block. Very easy. Forever SMTP rejected until removed again.

                    d19dotca 1 Reply Last reply Reply Quote 1
                    • d19dotca
                      d19dotca @xarp last edited by d19dotca

                      @xarp Ah okay, I see. Makes sense.

                      FYI - That's technically possible as a workaround currently but just not technically at the SMTP level itself, it will still need to make it in to the user's mailbox but you can essentially setup a rule to delete the message immediately so from a users perspective it's never seen / dropped. Here's an example filter/rule set I created for you as an example in case you wanted it:

                      # rule:[Drop email sent to plus address]
                      if allof (header :contains "to" "user+plusaddress@example.com")
                      {
                      	discard;
                      }
                      

                      But yes, that could be a nice-to-have to control that inside of the Cloudron UI so that it can be controlled more from an admin perspective. 🙂

                      --
                      Dustin Dauncey
                      www.d19.ca

                      X 1 Reply Last reply Reply Quote 2
                      • X
                        xarp @d19dotca last edited by xarp

                        @d19dotca Since this hasn't received any traction, would you mind assisting with your SpamAssassin discard rule in context that would be acceptable via Cloudron? It seems the syntax isn't allowed.

                        Is there any way discard can be achieved using the single line approach that cloudron docs/examples illustrate? Thank you!

                        Screenshot from 2023-01-23 13-48-32.png

                        The workable examples given are:

                        header SUBJECT_HAS_DISCOUNT  Subject =~ /\bdiscount\b/i
                        score SUBJECT_HAS_DISCOUNT   100
                        describe SUBJECT_HAS_DISCOUNT    I hate email discounts
                        

                        If not, I can try going in and editing the config file directly, if it even exists. Thought I'd try here first given editing stuff directly isn't always the best idea with Cloudron. If it even manages to persist.

                        d19dotca 1 Reply Last reply Reply Quote 1
                        • d19dotca
                          d19dotca @xarp last edited by d19dotca

                          @xarp ah so what I provided earlier was to be added in a filter in Roundcube for example. The interface for server-side rules with regards to filters is done via webmail. What you did was try the code in the SpamAssassin rules but that isn’t the right spot.

                          You can do this in SpamAssassin too but it doesn’t reject it, it simply guarantees that it is thrown into the junk folder. The filter method from earlier would be the way to do it in a way that it doesn’t even get to junk mail folder either.

                          With SpamAssassin method though to always throw a message from someone into the junk folder in a way that is essentially guaranteed would look like this:

                          blacklist_from userIDontWantEmailFrom@example.com

                          --
                          Dustin Dauncey
                          www.d19.ca

                          1 Reply Last reply Reply Quote 2
                          • First post
                            Last post
                          Powered by NodeBB