Page 1 of 1

Update rules for multiple servers

Posted: 31 May 2020, 12:02
by Linuc
We run MailScanner and MFE on around 30 servers and always have an issue if we need to make a change, particularly to the following 2 files:

spam.whitelist.rules
spam.blacklist.rules

We get the same SPAM on all servers so I am thinking about a way to populate the rules to all servers.

So far I am thinking that if we keep a central URL where we can edit both files and store them, eg. mydomain/spamrules/spam.blacklist.rule

Next, perhaps a bash script on each server that will:

wget both files from mydomain/spamrules/
then get the bash script to run /bin/systemctl reload MailScanner.service

This sounds like a plan in theory, but the issue I am facing is that some clients add custom entries to the above to 2 files and my bash cron will override those changes. Appending to the end of the file might also be an issue as many duplicates will then be added with each cron run.

Just wondering if anyone else has a similar issue and/or if they have a solution.

Re: Update rules for multiple servers

Posted: 02 Jun 2020, 19:40
by Sergio
I had the same issue on my servers and I resurrected the old /usr/mailscanner/etc/mcp for my use.

It works really well and you can copy and paste all the info from server to server.

I even created an script that can feed the MCP blacklist with emails that are sent from specific email addresses.
The script dissects the email and adds the offending domain or email address to MCP and sends an email that tells what was sent and added to MCP.

This what I receive from my script when an spam is reported:
Users that reports SPAM:
============================
user1@domain.com
user2@domain.com
user3@domain.com

Emails Blocked in MCP:
============================
To: *@* and From: *@familysh.com.cn yes
To: *@* and From: *@wp.pl yes
To: *@* and From: luqmankaram@hotmail.com yes

Emails Reported as SPAM:
============================
IP: 40.92.16.44 (mail-am7eur06olkn2044.outbound.protection.outlook.com) Date: 2020-6-01 08:00:08 From: luqmankaram@hotmail.com To: user1@domain.com Subject: Screenwriter | Scripts
IP: 112.109.81.190 (lpwm-001.platform.net.nz) Date: 2020-6-01 08:03:28 From: zyj@familysh.com.cn To: user2@domain.com Subject: Mail-Box Suspension 6/1/2020 12:57:41 p.m.
IP: 212.77.101.11 (mx4.wp.pl) Date: 2020-6-01 08:00:39 From: coper.maaject1981@wp.pl To: user3@domain.com Subject: =?UTF-8?Q?7954951_contract_invoice_assumed?=

============================
AntiSpam System, created by
Sergio Cabrera
All Rights Reserved
If you see the emails reported, 2 of them are gonna be blocked for any email coming from those domains, but with hotmail, the script takes in account that hotmail cannot be blocked and only blocks the complete offending email address.

So, take a look at the old MCP in MailScanner, it could help for what you want.

Sergio