Juan Miscaro <[EMAIL PROTECTED]> writes:
> { This is a resend. No replies after 24 hours }
That could have been due to too little information.
> Running OBSD 4.0 here.
>
> I was under the impression that spamd only did greylisting and dynamic
> whitelisting. Static blacklisting available via spamd-setup (and
> pseudo-whitelisting; of some of those blacklisted hosts).
I had to go back and check, but 4.0 has greytrapping. Are you perhaps
using that in your setup?
> I occasionally get log messages like:
>
> spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> ->
> <[EMAIL PROTECTED]>
Well, one obvious deficiency here is that you cut out the timestamp.
If you're using either greytrapping or one of the more frequently
updated downloadable blaclists (such as Beck's from UoA), it's quite
possible that the address was in the blacklist at the time but its
entry expired.
Also, at least if you're running with spamd -v, you should be able to
find out which blacklist it mathched by grepping your spamd log for
the IP address. For example, a moment's tail -f /var/log/spamd at one
of my gateways turned up
Sep 18 17:43:36 skapet spamd[20795]: (BLACK) 212.8.32.8: <> -> <[EMAIL
PROTECTED]>
Then grep 212.8.32.8 /var/log/spamd yields several screenfuls, with
one useful excerpt
Sep 18 15:06:52 skapet spamd[20795]: 212.8.32.8: connected (8/8), lists:
spamd-greytrap
Sep 18 15:10:37 skapet spamd[20795]: (BLACK) 212.8.32.8: <> -> <[EMAIL
PROTECTED]>
Sep 18 15:12:20 skapet spamd[20795]: 212.8.32.8: From: Mail Delivery Subsystem
<[EMAIL PROTECTED]>
Sep 18 15:12:20 skapet spamd[20795]: 212.8.32.8: To: <[EMAIL PROTECTED]>
Sep 18 15:12:20 skapet spamd[20795]: 212.8.32.8: Subject: Returned mail: User
unknown
Sep 18 15:13:21 skapet spamd[20795]: 212.8.32.8: disconnected after 389
seconds. lists: spamd-greytrap
which shows in both connection and disconnection that it's one of the
poor sods caught in my local greytrapping. And it's trying to deliver
something or other to a largish subset of the addresses on my spamtrap
list.
Cheers,
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
