Eric, thank you that helps and I understand the process better - at least for my implementation. I also appreciate you and others here which have helped with my questions. I know you and Eric Espinoza work hard to help everyone and keep the qmailtoaster upgraded - thank you. And with that job comes answering questions, and so I just wanted to make sure I said "Thank you".
John On Sat, Aug 9, 2008 at 8:57 AM, Eric Shubert <[EMAIL PROTECTED]> wrote: > Tek Support wrote: >> Thanks Eric, I realize I don't need 587 at all with spamdyke, I was >> trying to ask if I needed 587 if spamdyke was using spamhaus. Since >> spamhaus used by itself was causing rejections to my at home dynamic >> users it seemed strange that spamhaus was blocking my dynamic users >> but it was not blocking them when run with spamdyke. Since I don't >> fully understand the internals, I was asking about that specifically >> so I don't screw up my at home users. > > Let me see if I can explain this. You don't need port 587 with spamdyke > because spamdyke turns off all of its filtering if the connection (sender) > authenticates successfully. On the other hand, rblsmtpd is oblivious to > authentication, so it rejects connections which might otherwise be able to > authenticate. It's simply a weakness in the rblsmtpd program. > >> And I believe it is true, that if I have dynamic IP users, and I'm >> using spamhaus by itself, then I do require port 587. Isn't that >> true? > > Not exactly. It's the combination of rblsmtpd and spamhaus which requires > you to use port 587. spamhaus with spamdyke is ok on port 25. So it's more > the case of the use of rblsmtpd (with certain blocklists which block dynamic > addresses) which requires the use of port 587. > >> And again if I have dynamic IP users, and I'm using spamdyke >> which includes spamhaus, then I don't need to use 587. Is that right? > > Yes, for the most part. > I hate to split hairs, but in this case it might be appropriate. Regarding > "for the most part", spamdyke doesn't necessarily (or really) "include" > spamhaus. If you'd have said "I'm using spamdyke *with* spamhaus", that > would be (slightly) clearer. You can use spamdyke with or without spamhaus > (or any other RBL). Using spamhaus (and a few others) is highly recommended > though. > >> Thanks again, I'm just trying to be clear. > > No problem. I hope I can help you understand how it works. > >> John >> >> >> >> >> On Fri, Aug 8, 2008 at 1:33 PM, Eric Shubert <[EMAIL PROTECTED]> wrote: >>> Tek Support wrote: >>>> So if I understand correctly, spamdyke can use spamhaus, and I do see >>>> it in my /etc/spamdyke/spamdyke.conf file (uncommented). Which means >>>> I don't need the "BLACKLIST=" in my run file, is this correct? >>> Yes. Spamdyke does everything that rblsmtpd used to do (and a lot more). >>> >>>> And if I might ask a followup question, it was said in another post >>>> that spamdyke allows authenticated users in past spamhaus. Ok, but if >>>> spamdyke allows authenticated users in, while using spamhaus, then why >>>> do I need port 587? >>> You don't need port 587 if you're using spamdyke. >>> You do need port 587 if you're not using spamdyke. >>> >>>> And just out of curiosity, if spamdyke is a more versitile product, >>>> allowing my dynamic users to authenticate and send mail on port 25 >>>> while also using spamhaus dynamic blocking, why isn't spamdyke >>>> installed by default? >>> spamdyke is fairly new to the toaster. I expect that it will become part of >>> the stock toaster at some point, but that's up to Erik Espinoza, who is the >>> toaster maintainer. >>> >>>> Thanks >>>> John >>>> >>>> >>>> >>>> >>>> On Fri, Aug 8, 2008 at 10:02 AM, Eric Shubert <[EMAIL PROTECTED]> wrote: >>>>> Sam Clippinger wrote: >>>>>> To answer #1, spamdyke will definitely use Spamhaus' DNS RBLs. The >>>>>> default configuration of spamdyke (as installed by QTP) does not include >>>>>> Spamhaus, however. >>>>> I beg your pardon. ;) Here are the default RBLs as installed by QTP: >>>>> check-dnsrbl=zen.spamhaus.org >>>>> check-dnsrbl=bl.spamcop.net >>>>> check-dnsrbl=list.dsbl.org >>>>> >>>>>> If you are using spamdyke version 3.1.x, edit the configuration file >>>>>> /etc/spamdyke/spamdyke.conf and add the following line: >>>>>> check-dnsrbl=zen.spamhaus.org >>>>>> >>>>>> If you are using spamdyke version 4.x, edit the configuration file >>>>>> /etc/spamdyke/spamdyke.conf and add the following line: >>>>>> dns-blacklist-entry=zen.spamhaus.org >>>>>> >>>>>> To add multiple DNS RBLs, simply repeat the line with different values. >>>>>> >>>>>> -- Sam Clippinger >>>>> QTP only installs/upgrades spamdyke 3.1.x at this time. I hope to add 4.x >>>>> capability soon. It'll likely be a couple weeks before I get to it though. >>>>> >>>>>> Anil Aliyan wrote: >>>>>>> pretty smart question John, I also would like to hear the answer for >>>>>>> it from the experts. >>>>>>> >>>>>>> >>>>>>> ----- Original Message ----- From: "Tek Support" <[EMAIL PROTECTED]> >>>>>>> To: <qmailtoaster-list@qmailtoaster.com> >>>>>>> Sent: Friday, August 08, 2008 8:37 AM >>>>>>> Subject: Re: [qmailtoaster] Authentication to bypass spam checks >>>>>>> >>>>>>> >>>>>>>> Hi all, I have a few question. Before I learned of this port 587, my >>>>>>>> only option was to disable spamhaus. And all I did to disable it was >>>>>>>> to remove it from my "/var/qmail/control/blacklists file. >>>>>>>> >>>>>>>> So, the other day I needed some addition reporting and I remembered >>>>>>>> the "toaster plus", so I downloaded the Repo and ran the yum install >>>>>>>> for it. I then also decided to run the spamdyke filter. >>>>>>>> >>>>>>>> So, now that I've realized that port 587 is available for my users to >>>>>>>> send on, I went back to add the spamhaus. However, it's no longer in >>>>>>>> the /var/qmail/supervise/smtp/run file. It would appear that spamdyke >>>>>>>> has removed it. >>>>>>>> >>>>>>>> So I have 2 questions: >>>>>>>> 1) Are spamdyke and spamhaus compatible? Why would or why does >>>>>>>> spamdyke remove "blacklist" from the run file. Here are the before >>>>>>>> and after. >>>>>>>> ---Begin--- >>>>>>>> >>>>>>>> ---End--- >>>>>>>> >>>>>>>> 2) Since I've just found out that port 587 is available, and 587 does >>>>>>>> not run spamhaus the dynamic ip checker, then what is keeping a >>>>>>>> spammer from trying to use this 587? I mean I'm a little confused. >>>>>>>> If my port 25 won't allow any non-authenticated users to send smtp >>>>>>>> (presuming it's not an open relay), then why would I even need port >>>>>>>> 587? I understand the need to have 587 if I'm using spamhaus on port >>>>>>>> 25, and 25 is now blocked to my dynamic users (workers from home). So >>>>>>>> it seems a bit unnecessary to have both ports. And why couldn't a >>>>>>>> spammer start sending spam to my users on 587 - if it even works that >>>>>>>> way, which I'm not sure yet if it can? Qmailtoaster is a pretty >>>>>>>> popular thing, so someone, somewhere would certainly try port 587 in >>>>>>>> order to get around spamhaus wouldn't they? >>>>>>>> >>>>>>>> Thanks for your time on this, I'm not trying to be difficult, only >>>>>>>> trying to understand how and why. >>>>>>>> >>>>>>>> Thanks >>>>>>>> John >>>>>>>> >>>>> -- >>>>> -Eric 'shubes' >>>>> >>>>> --------------------------------------------------------------------- >>>>> QmailToaster hosted by: VR Hosted <http://www.vr.org> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>>> >>>>> >>>> --------------------------------------------------------------------- >>>> QmailToaster hosted by: VR Hosted <http://www.vr.org> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> For additional commands, e-mail: [EMAIL PROTECTED] >>>> >>> >>> -- >>> -Eric 'shubes' >>> > > > -- > -Eric 'shubes' > > --------------------------------------------------------------------- > QmailToaster hosted by: VR Hosted <http://www.vr.org> > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- QmailToaster hosted by: VR Hosted <http://www.vr.org> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]