Below is my spamdyke.conf file.
Thanks for your help.
[r...@mail spamdyke]# more /etc/spamdyke.conf
# Available values: allow-all, normal, require-auth, reject-all
# Default: normal
#filter-level=VALUE
# Delays the SMTP greeting banner for SECS seconds. A value of 0
disables this
# feature.
# Default: 0
greeting-delay-secs=10
# Limit incoming messages to NUM recipients. A value of 0 disables this
# feature.
# Default: 0
max-recipients=50
# Drop superuser privileges and run as USER instead.
# Default: none
#run-as-user=USER[:GROUP]
################################################################################
# DNS TESTS
################################################################################
# Reject connections from remote servers without rDNS names.
# Default: no
reject-empty-rdns
# Reject connections from servers with rDNS names that contain their
IP address
# and end in a two-character country code.
# Default: no
#reject-ip-in-cc-rdns
# Reject messages from sender whose domain names have no MX records.
# Default: no
reject-missing-sender-mx
# Reject connections from servers with rDNS names that do not resolve
to IP
# addresses.
# Default:no
reject-unresolvable-rdns
################################################################################
# LOGGING
################################################################################
# Controls the amount (and detail) of the log messages spamdyke
produces.
# Available values: none, error, info, verbose, debug, excessive
# Default: error
log-level=verbose
# Controls where spamdyke's log messages are sent.
# Available values: syslog, stderr
# Default: syslog
#log-target=VALUE
# Outputs all SMTP data into files in DIR.
# Default: none
#full-log-dir=DIR
################################################################################
# CONFIGURATION FILES
################################################################################
# Configuration files can include other configuration files.
# Default: none
#config-file=FILE
# Configuration directories are very powerful but can also be very
complicated;
# don't use them if you don't need to.
# Default: none
#config-dir=DIR
# Controls how configuration directories are searched.
# Available values: first, all-ip, all-rdns, all-sender, all-recipient
# Default: first
#config-dir-search=VALUE
################################################################################
# TIMEOUTS
################################################################################
# Close the connection after SECS seconds, regardless of activity. A
value of
# 0 disables this feature.
# Default: 0
#connection-timeout-secs=SECS
# Close the connection after SECS seconds of inactivity. A value of
0 disables
# this feature.
# Default: 0
idle-timeout-secs=660
################################################################################
# LOCAL BLACKLISTS
################################################################################
# Reject connections from IP addresses that match IPADDRESS.
# Default: none
#ip-blacklist-entry=IPADDRESS
# Reject connections from IP addresses that match entries in FILE.
# Default: none
#ip-blacklist-file=FILE
# Reject connections from rDNS names that match NAME.
# Default: none
#rdns-blacklist-entry=NAME
# Reject connections from rDNS names that match entries in FILE.
# Default: none
#rdns-blacklist-file=FILE
# Reject connections from rDNS names that match files in DIR.
# Default: none
#rdns-blacklist-dir=DIR
# Reject all messages sent to recipient ADDRESS.
# Default: none
#recipient-blacklist-entry=ADDRESS
# Reject all messages sent to any recipient address listed in FILE.
# Default: none
#recipient-blacklist-file=FILE
# Reject all messages sent from sender ADDRESS.
# Default: none
#sender-blacklist-entry=ADDRESS
# Reject all messages sent from any sender address listed in FILE.
# Default: none
#sender-blacklist-file=FILE
# Reject connections from rDNS names that contain their IP address
and KEYWORD.
# Default: none
#ip-in-rdns-keyword-blacklist-entry=KEYWORD
# Reject connections from rDNS names that contain their IP address
and a keyword
# in FILE.
# Default: none
#ip-in-rdns-keyword-blacklist-file=FILE
################################################################################
# LOCAL WHITELISTS
################################################################################
# Whitelist connections from IP addresses that match IPADDRESS.
# Default: none
#ip-whitelist-entry=IPADDRESS
ip-whitelist-entry=72.29.91.163
ip-whitelist-entry=72.29.91.166
ip-whitelist-entry=72.29.91.100
ip-whitelist-entry=72.29.91.74
# Whitelist connections from IP addresses that match entries in FILE.
# Default: none
#ip-whitelist-file=FILE
# Whitelist connections from rDNS names that match NAME.
# Default: none
#rdns-whitelist-entry=NAME
# Whitelist connections from rDNS names that match entries in FILE.
# Default: none
#rdns-whitelist-file=FILE
# Whitelist connections from rDNS names that match files in DIR.
# Default: none
#rdns-whitelist-dir=DIR
# Whitelist all messages sent to recipient ADDRESS.
# Default: none
#recipient-whitelist-entry=ADDRESS
# Whitelist all messages sent to any recipient address listed in FILE.
# Default: none
#recipient-whitelist-file=FILE
# Whitelist all messages sent from sender ADDRESS.
# Default: none
#sender-whitelist-entry=ADDRESS
# Whitelist all messages sent from any sender address listed in FILE.
# Default: none
#sender-whitelist-file=FILE
# Whitelist connections from rDNS names that contain their IP address
and
# KEYWORD.
# Default: none
#ip-in-rdns-keyword-whitelist-entry=KEYWORD
# Whitelist connections from rDNS names that contain their IP address
and a
# keyword in FILE.
# Default: none
#ip-in-rdns-keyword-whitelist-file=FILE
################################################################################
# DNS-BASED BLACKLISTS
################################################################################
# Check a DNS RBL.
# Default: none
#dns-blacklist-entry=DNSRBL
# Check all DNS RBLs listed in FILE.
# Default: none
#dns-blacklist-file=FILE
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=zombie.dnsbl.sorbs.net
dns-blacklist-entry=xbl.spamhaus.org
# Check an RHSBL.
# Default: none
#rhs-blacklist-entry=RHSBL
rhs-blacklist-entry=rhsbl.ahbl.org
# Check all RHSBLs listed in FILE.
# Default: none
#rhs-blacklist-file=FILE
################################################################################
# DNS-BASED WHITELISTS
################################################################################
# Check a DNS whitelist.
# Default: none
#dns-whitelist-entry=WHITELIST
# Check all DNS whitelist listed in a file.
# Default: none
#dns-whitelist-file=FILE
# Check an RHS whitelist.
# Default: none
#rhs-whitelist-entry=RHSBL
# Check all RHS whitelists listed in FILE.
# Default: none
#rhs-whitelist-file=FILE
################################################################################
# GRAYLISTING
################################################################################
# Controls the behavior of spamdyke's graylist filter.
# Available values: none, always, always-create-dir, only,
only-create-dir
# Default: none
#graylist-level=VALUE
# Create the graylist files in DIR.
# Default: none
#graylist-dir=DIR
# Invalidate graylist entries after SECS seconds. A value of 0
deactivates this
# feature.
# Default: 0
#graylist-max-secs=SECS
# Graylist entries are not valid until they are SECS seconds old. A
value of 0
# deactivates this feature.
# Default: 0
#graylist-min-secs=SECS
# Reverse the current graylist behavior for incoming connections
whose IP
# addresses match IPADDRESS.
# Default: none
#graylist-exception-ip-entry=IPADDRESS
# Read a list of IP addresses from a file and reverse the current
graylist
# behavior for any connections from matching IP addresses.
# Default: none
#graylist-exception-ip-file=FILE
# Reverse the current graylist behavior for incoming connections
whose rDNS
# names match NAME.
# Default: none.
#graylist-exception-rdns-entry=NAME
# Read a list of rDNS names from a file and reverse the current graylist
# behavior for any connections from matching rDNS names.
# Default: none
#graylist-exception-rdns-file=FILE
# Search an rDNS directory and reverse the current graylist behavior
for any
# connections from matching rDNS names.
# Default: none
#graylist-exception-rdns-dir=DIR
################################################################################
# SMTP AUTHENTICATION
################################################################################
# Controls the way spamdyke offers, supports and processes SMTP
authentication.
# Available values: none, observe, ondemand, ondemand-encrypted, always,
# always-encrypted
# Default: observe
#smtp-auth-level=VALUE
# Process authentication by running COMMAND, if necessary.
# Default: none
#smtp-auth-command=COMMAND
# Use NAME as the local server's name during CRAM-MD5 authentication.
# Default: unknown.server.unknown.domain
#hostname=NAME
# Read the local server's name from the first line of FILE for use
during
# CRAM-MD5 authentication.
# Default: none
#hostname-file=FILE
# Run COMMAND and read the local server's name from the first line of
output
# for use during CRAM-MD5 authentication.
#hostname-command=COMMAND
################################################################################
# TLS / SSL
################################################################################
# Controls the way spamdyke offers and supports TLS or SMTPS.
# Available values: none, smtp, smtps
# Default: none
#tls-level=VALUE
# Read SSL certificate from FILE.
# Default: none
tls-certificate-file=/var/qmail/control/servercert.pem
# Read SSL certificate private key from FILE.
# Default: none
#tls-privatekey-file=FILE
# Decrypt SSL certificate private key using PASSWORD.
# Default: none
#tls-privatekey-password=PASSWORD
# Read the password for the SSL certificate private key from the
first line of
# FILE.
# Default: none
#tls-privatekey-password-file=FILE
################################################################################
# RELAYING OPTIONS
################################################################################
# Sets spamdyke's relay protection level.
# Available values: block-all, no-check, normal, allow-all
# Default: normal
#relay-level=VALUE
# spamdyke's relay protection requires reading qmail's access file.
# This file is usually: /etc/tcp.smtp
# Default: none
#access-file=FILE
# Several features require access to the list of locally hosted domains.
# This file is usually: /var/qmail/control/rcpthosts
# Default: none
local-domains-file=/var/qmail/control/rcpthosts
# Adds a single domain to spamdyke's list of locally hosted domains.
# Default: none
#local-domains-entry=DOMAIN
################################################################################
# DNS OPTIONS
################################################################################
# These options should only be used if spamdyke's default behavior is
causing
# problems.
# Sets the aggressiveness of spamdyke's DNS resolver.
# Available values: none, normal, aggressive
# Default: aggressive
#dns-level=VALUE
# Adds a nameserver to spamdyke's list of primary nameservers.
# Default: none (reads nameservers from /etc/resolv.conf)
#dns-server-ip-primary=IP[:PORT]
# Adds a nameserver to spamdyke's list of secondary nameservers.
# Default: none (reads nameservers from /etc/resolv.conf)
#dns-server-ip=IP[:PORT]
# Sets the number of times spamdyke queries its primary nameservers.
# Default: 1
dns-max-retries-primary=5
# Sets the total number of times spamdyke queries nameservers.
# Default: 3
#dns-max-retries-total=NUM
# Sets the total number of seconds spamdyke will spend on any DNS query.
# Default: 30
#dns-timeout-secs=SECS
################################################################################
# REJECTION MESSAGES
################################################################################
# Append URL to the end of every rejection message sent to the remote
server.
# Default: none
#policy-url=URL
# Use TEXT as the rejection message when a connection is blocked
because the
# remote server matches a line in an access file that denies access.
# Default: "Refused. Access is denied."
#rejection-text-access-denied=TEXT
# Use TEXT as the rejection message when authentication fails for any
reason.
# Default: "Refused. Authentication failed."
#rejection-text-auth-failure=TEXT
# Use TEXT as the rejection message when SMTP AUTH is rejected
because the
# remote server tries to use an unsupported authentication method.
This should
# never happen.
# Default: "Refused. Unknown authentication method."
#rejection-text-auth-unknown=TEXT
# Use TEXT as the rejection message when a connection is blocked
because the
# remote server's IP address is listed on a DNS blacklist. This text
will only
# be used if the DNS blacklist does not provide a text message and
the name of
# the DNS blacklist will be appended.
# Default: "Refused. Your IP address is listed in the RBL at "
#rejection-text-dns-blacklist=TEXT
# Use TEXT as the rejection message when a connection is blocked
because the
# remote server sent data before the SMTP greeting banner was sent.
# Default: "Refused. You are not following the SMTP protocol."
#rejection-text-earlytalker=TEXT
# Use TEXT as the rejection message when a connection is blocked
because the
# remote server has no rDNS name.
# Default: "Refused. You have no reverse DNS entry."
#rejection-text-empty-rdns=TEXT
# Use TEXT as the rejection message when a recipient is blocked by
the graylist
# filter.
# Default: "Your address has been graylisted. Try again later."
#rejection-text-graylist=TEXT
# Use TEXT as the rejection message when a connection is blocked
because the
# remote server's IP address is listed in a blacklist file or directory.
# Default: "Refused. Your IP address is blacklisted."
#rejection-text-ip-blacklist=TEXT
# Use TEXT as the rejection message when a connection is blocked
because the
# remote server's rDNS name contains its IP address and ends in a
country code.
# Default: "Refused. Your reverse DNS entry contains your IP address
and a
# country code."
#rejection-text-ip-in-cc-rdns=TEXT
# Use TEXT as the rejection message when a connection is blocked
because the
# sender's rDNS name contains its IP address and a blacklisted keyword.
# Default: "Refused. Your reverse DNS entry contains your IP address
and a
# banned keyword."
#rejection-text-ip-in-rdns-keyword-blacklist=TEXT
# Use TEXT as the rejection message when a recipient is blocked
because the
# recipient address was given with no domain name.
# Default: "Improper recipient address. Try supplying a domain name."
#rejection-text-local-recipient=TEXT
# Use TEXT as the rejection message when a recipient is blocked
because the
# maximum number of recipients has been reached.
# Default: "Too many recipients. Try the remaining addresses again
later."
#rejection-text-max-recipients=TEXT
# Use TEXT as the rejection message when a recipient is blocked
because the
# sender's email domain has no mail exchanger.
# Default: "Refused. The domain of your sender address has no mail
exchanger
# (MX)."
#rejection-text-missing-sender-mx=TEXT
# Use TEXT as the rejection message when a connection is blocked
because the
# remote server's rDNS name is listed in a blacklist file or directory.
# Default: "Refused. Your domain name is blacklisted."
#rejection-text-rdns-blacklist=TEXT
# Use TEXT as the rejection message when a recipient is blocked
because the
# recipient's address is listed in a blacklist file.
# Default: "Refused. Mail is not being accepted at this address."
#rejection-text-recipient-blacklist=TEXT
# Use TEXT as the rejection message when a connection is blocked
because all
# connections are being rejected.
# Default: "Refused. Mail is not being accepted."
#rejection-text-reject-all=TEXT
# Use TEXT as the rejection message when a recipient is blocked
because the
# remote server does not have permission to relay.
# Default: "Refused. Sending to remote addresses (relaying) is not
allowed."
#rejection-text-relaying-denied=TEXT
# Use TEXT as the rejection message when a connection is blocked
because the
# remote server's rDNS name or the sender's email domain name is
listed on a RHS
# blacklist. This text will only be used if the RHS blacklist does
not provide a
# text message and the name of the RHS blacklist will be appended.
# Default: "Refused. Your domain name is listed in the RHSBL at "
#rejection-text-rhs-blacklist=TEXT
# Use TEXT as the rejection message when a connection is blocked
because the
# sender's address is listed in a blacklist file.
# Default: "Refused. Your sender address has been blacklisted."
#rejection-text-sender-blacklist=TEXT
# Use TEXT as the rejection message when a connection is blocked
because the
# remote server has not authenticated.
# Default: "Refused. Authentication is required to send mail."
#rejection-text-smtp-auth-required=TEXT
# Use TEXT as the rejection message when a connection times out.
# Default: "Timeout. Talk faster next time."
#rejection-text-timeout=TEXT
# Use TEXT as the rejection message when a SSL/TLS connection cannot be
# negotiated with the remote client.
# Default: "Failed to negotiate TLS connection."
#rejection-text-tls-failure=TEXT
# Use TEXT as the rejection message when a connection is blocked
because the
# remote server's rDNS name does not resolve.
# Default: "Refused. Your reverse DNS entry does not resolve."
#rejection-text-unresolvable-rdns=TEXT
# Use TEXT as the rejection message when a connection is blocked
because no valid
# recipients have been given.
# Default: "Refused. You must specify at least one valid recipient."
#rejection-text-zero-recipients=TEXT
----- Original Message ----- From: "Eric Shubert" <e...@shubes.net>
To: <qmailtoaster-list@qmailtoaster.com>
Sent: Monday, August 24, 2009 2:47 PM
Subject: Re: [qmailtoaster] Issues with SpamAssassin
I seem to recall that spamdyke's FILTER_* messages correlate to
DENIED_* messages, where DENIED_* is a real rejectionand FILTER_*
indicates that the rule fired but was not active, sort of a
test/evaluation mode. Check into the spamdyke documentation on that.
What's in your spamdyke.conf file?
Ronnie Tartar wrote:
Below is my smtp run file, I am running Spamdyke. Doesn't seem to be
functioning properly. It's rejecting mail in my /var/log/maillog
file.
Aug 24 14:16:48 mail spamdyke[26064]: FILTER_RDNS_RESOLVE ip:
41.221.76.40
rdns: ip-41-221-76-40.teledata.mz
Aug 24 14:16:50 mail spamdyke[26079]: FILTER_RBL_MATCH ip:
84.10.35.5 rbl:
bl.spamcop.net
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/local/bin/spamdyke -f /etc/spamdyke.conf"
BLACKLIST=`cat /var/qmail/control/blacklists`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
RBLSMTPD="/usr/bin/rblsmtpd"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0
exec /usr/bin/softlimit -m 100000000 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
$SPAMDYKE \
$RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 2>&1
-----Original Message-----
From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert
Sent: Monday, August 24, 2009 1:21 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Issues with SpamAssassin
I see that you're not running spamdyke. FH_RELAY_NODNS scores only
1.5? When that condition exists, spamdyke flat out rejects it (in
the default configuration - you can tailor that if you really need
to).
I would install spamdyke, and watch your server breath a sigh of
relief afterwards. ;) There will be a lot less scanning being done,
because spamdyke rejects spam up front before it's even received.
I'll bet that your users will notice the difference too.
Ronnie Tartar wrote:
I have users that are now getting hundreds of spam messages
through the the filter. Seems strange...
Any help?
Below is a header
Received: (qmail 10274 invoked by uid 89); 23 Aug 2009 21:33:53 -0000
Received: by simscan 1.3.1 ppid: 10264, pid: 10266, t: 0.4152s
scanners: attach: 1.3.1 clamav: 0.94.2/m: spam: 3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
mail.host2max.com
X-Spam-Level: **
X-Spam-Status: No, hits=2.2 required=5.0 tests=DK_SIGNED,DK_VERIFIED,
FH_RELAY_NODNS,RDNS_NONE,SARE_MONEYTERMS autolearn=noversion=3.2.5
X-Spam-REPORT:
* 1.5 FH_RELAY_NODNS We could not determine your Reverse DNS
* 0.0 DK_SIGNED Domain Keys: message has a signature
* -0.0 DK_VERIFIED Domain Keys: signature passes verification
* 0.7 SARE_MONEYTERMS BODY: Talks about money in some way.
* 0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
Received: from unknown (HELO mail.ityetnodit.com) (209.124.84.94)
by mail.host2max.com with SMTP; 23 Aug 2009 21:33:52 -0000
Received-SPF: pass (mail.host2max.com: SPF record at
mail.ityetnodit.com designates 209.124.84.94 as permitted sender)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=main; d=mail.ityetnodit.com;
b=GfuKusaE/IPPb9kGy6Loor9EVZk9Q29LgKvrGrh+ncckvXhSxBPpPY+WNyC3aXGk6hHMaj2ugT
SMtOgAYn5eBA==;
h=Received:Message-ID:Date:From:To:Subject:List-Unsubscribe:MIME-Version:Con
tent-Type:Content-Transfer-Encoding;Received:
by 209.124.84.94 with SMTP id j66ou745dzpl5x3 for <user
email replaced>; Sun, 23 Aug 2009 16:32:39 -0500Message-ID:
<ygl4rfezot-4...@mail.ityetnodit.com>Date: Sun, 23 Aug 2009
16:32:39 -0500From: "BankruptcyRights"
<bankruptcyrights....@mail.ityetnodit.com>
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com