Skip to main content

Spam Detection

This is a new module introduced in version 2.39.0. it is currently in its alpha state. Currently, the module only collects data about the outbound SMTP traffic on the server where it is enabled. The collected data will be used to improve the module and enable it to block outbound spam traffic. By default, it is currently disabled.

This monitored log files record core system related processes in Exim but it also shows information about mail transactions.

Supported mail transfer agents

  • Exim
    • /var/log/exim_mainlog

The monitored log's path can be modified from the module's config file.

note

The above-mentioned SMTP logs are monitored in real-time. Logs prior to enabling the module will not be checked.

The contents of the messages are NOT visible for us.

Sender script allow listing

In BitNinja version 3.2.0 we added allow list for sender scripts.

There are two options:

  • A path list, which can be used to define absolute paths under which we do not flag files as potential sender scripts.
  • A file list for which the same applies but can only be used to define file names (without path).

Config options:

  [whitelist]

path[] = '/etc/csf'

file[] = '.bash_history'

The config file can be found at /opt/bitninja/modules/SpamDetection/config.ini. However this file will be overwritten by the next BitNinja update. To make permanent changes to the config file copy the directory to the /etc/bitninja/ directory first. cp -R /opt/bitninja/modules/SpamDetection/ /etc/bitninja/