Tek Support wrote: > Thanks Eric, I realize I don't need 587 at all with spamdyke, I was > trying to ask if I needed 587 if spamdyke was using spamhaus. Since > spamhaus used by itself was causing rejections to my at home dynamic > users it seemed strange that spamhaus was blocking my dynamic users > but it was not blocking them when run with spamdyke. Since I don't > fully understand the internals, I was asking about that specifically > so I don't screw up my at home users.
Let me see if I can explain this. You don't need port 587 with spamdyke because spamdyke turns off all of its filtering if the connection (sender) authenticates successfully. On the other hand, rblsmtpd is oblivious to authentication, so it rejects connections which might otherwise be able to authenticate. It's simply a weakness in the rblsmtpd program. > And I believe it is true, that if I have dynamic IP users, and I'm > using spamhaus by itself, then I do require port 587. Isn't that > true? Not exactly. It's the combination of rblsmtpd and spamhaus which requires you to use port 587. spamhaus with spamdyke is ok on port 25. So it's more the case of the use of rblsmtpd (with certain blocklists which block dynamic addresses) which requires the use of port 587. > And again if I have dynamic IP users, and I'm using spamdyke > which includes spamhaus, then I don't need to use 587. Is that right? Yes, for the most part. I hate to split hairs, but in this case it might be appropriate. Regarding "for the most part", spamdyke doesn't necessarily (or really) "include" spamhaus. If you'd have said "I'm using spamdyke *with* spamhaus", that would be (slightly) clearer. You can use spamdyke with or without spamhaus (or any other RBL). Using spamhaus (and a few others) is highly recommended though. > Thanks again, I'm just trying to be clear. No problem. I hope I can help you understand how it works. > John > > > > > On Fri, Aug 8, 2008 at 1:33 PM, Eric Shubert <[EMAIL PROTECTED]> wrote: >> Tek Support wrote: >>> So if I understand correctly, spamdyke can use spamhaus, and I do see >>> it in my /etc/spamdyke/spamdyke.conf file (uncommented). Which means >>> I don't need the "BLACKLIST=" in my run file, is this correct? >> Yes. Spamdyke does everything that rblsmtpd used to do (and a lot more). >> >>> And if I might ask a followup question, it was said in another post >>> that spamdyke allows authenticated users in past spamhaus. Ok, but if >>> spamdyke allows authenticated users in, while using spamhaus, then why >>> do I need port 587? >> You don't need port 587 if you're using spamdyke. >> You do need port 587 if you're not using spamdyke. >> >>> And just out of curiosity, if spamdyke is a more versitile product, >>> allowing my dynamic users to authenticate and send mail on port 25 >>> while also using spamhaus dynamic blocking, why isn't spamdyke >>> installed by default? >> spamdyke is fairly new to the toaster. I expect that it will become part of >> the stock toaster at some point, but that's up to Erik Espinoza, who is the >> toaster maintainer. >> >>> Thanks >>> John >>> >>> >>> >>> >>> On Fri, Aug 8, 2008 at 10:02 AM, Eric Shubert <[EMAIL PROTECTED]> wrote: >>>> Sam Clippinger wrote: >>>>> To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The >>>>> default configuration of spamdyke (as installed by QTP) does not include >>>>> Spamhaus, however. >>>> I beg your pardon. ;) Here are the default RBLs as installed by QTP: >>>> check-dnsrbl=zen.spamhaus.org >>>> check-dnsrbl=bl.spamcop.net >>>> check-dnsrbl=list.dsbl.org >>>> >>>>> If you are using spamdyke version 3.1.x, edit the configuration file >>>>> /etc/spamdyke/spamdyke.conf and add the following line: >>>>> check-dnsrbl=zen.spamhaus.org >>>>> >>>>> If you are using spamdyke version 4.x, edit the configuration file >>>>> /etc/spamdyke/spamdyke.conf and add the following line: >>>>> dns-blacklist-entry=zen.spamhaus.org >>>>> >>>>> To add multiple DNS RBLs, simply repeat the line with different values. >>>>> >>>>> -- Sam Clippinger >>>> QTP only installs/upgrades spamdyke 3.1.x at this time. I hope to add 4.x >>>> capability soon. It'll likely be a couple weeks before I get to it though. >>>> >>>>> Anil Aliyan wrote: >>>>>> pretty smart question John, I also would like to hear the answer for >>>>>> it from the experts. >>>>>> >>>>>> >>>>>> ----- Original Message ----- From: "Tek Support" <[EMAIL PROTECTED]> >>>>>> To: <qmailtoaster-list@qmailtoaster.com> >>>>>> Sent: Friday, August 08, 2008 8:37 AM >>>>>> Subject: Re: [qmailtoaster] Authentication to bypass spam checks >>>>>> >>>>>> >>>>>>> Hi all, I have a few question. Before I learned of this port 587, my >>>>>>> only option was to disable spamhaus. And all I did to disable it was >>>>>>> to remove it from my "/var/qmail/control/blacklists file. >>>>>>> >>>>>>> So, the other day I needed some addition reporting and I remembered >>>>>>> the "toaster plus", so I downloaded the Repo and ran the yum install >>>>>>> for it. I then also decided to run the spamdyke filter. >>>>>>> >>>>>>> So, now that I've realized that port 587 is available for my users to >>>>>>> send on, I went back to add the spamhaus. However, it's no longer in >>>>>>> the /var/qmail/supervise/smtp/run file. It would appear that spamdyke >>>>>>> has removed it. >>>>>>> >>>>>>> So I have 2 questions: >>>>>>> 1) Are spamdyke and spamhaus compatible? Why would or why does >>>>>>> spamdyke remove "blacklist" from the run file. Here are the before >>>>>>> and after. >>>>>>> ---Begin--- >>>>>>> >>>>>>> ---End--- >>>>>>> >>>>>>> 2) Since I've just found out that port 587 is available, and 587 does >>>>>>> not run spamhaus the dynamic ip checker, then what is keeping a >>>>>>> spammer from trying to use this 587? I mean I'm a little confused. >>>>>>> If my port 25 won't allow any non-authenticated users to send smtp >>>>>>> (presuming it's not an open relay), then why would I even need port >>>>>>> 587? I understand the need to have 587 if I'm using spamhaus on port >>>>>>> 25, and 25 is now blocked to my dynamic users (workers from home). So >>>>>>> it seems a bit unnecessary to have both ports. And why couldn't a >>>>>>> spammer start sending spam to my users on 587 - if it even works that >>>>>>> way, which I'm not sure yet if it can? Qmailtoaster is a pretty >>>>>>> popular thing, so someone, somewhere would certainly try port 587 in >>>>>>> order to get around spamhaus wouldn't they? >>>>>>> >>>>>>> Thanks for your time on this, I'm not trying to be difficult, only >>>>>>> trying to understand how and why. >>>>>>> >>>>>>> Thanks >>>>>>> John >>>>>>> >>>> -- >>>> -Eric 'shubes' >>>> >>>> --------------------------------------------------------------------- >>>> QmailToaster hosted by: VR Hosted <http://www.vr.org> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>>> >>> --------------------------------------------------------------------- >>> QmailToaster hosted by: VR Hosted <http://www.vr.org> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >> >> -- >> -Eric 'shubes' >> -- -Eric 'shubes' --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
