Good point Eric... I didn't think of this, since I'm not yet using the QMT in production yet, and am still using Qmailrocks (Is that a 4 letter word around here? :-) ) w/Spamdyke set to handle TLS directly...So, in my case, only Spamdyke is handling TLS, since my Qmail doesn't support it. (I don't think I ever configured it, or installed the patch, or whatever..I forget now!)
I didn't like the way Spamdyke worked when allowing the TLS connection to bypass it, so I felt it better to have Spamdyke offer TLS, and then still be able to utilize all of it's filters. Although, I think the most of it's filters would still work, those based on the initial SMTP connection (RBL's etc), but graylisting, white/black listed sender/recipients, etc would not, so it could be exploited to some degree. I still think the best way to determine your issue Raphael is to provide the e-mail headers... :-) I've got my users trained...When they have any issues, either with spam getting through, or someone trying to send e-mail to them getting a bounce, they send me headers. Usually makes short work of figuring out the problem. Michael J. Colvin NorCal Internet Services www.norcalisp.com > -----Original Message----- > From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert > Sent: Thursday, November 05, 2009 11:02 AM > To: qmailtoaster-list@qmailtoaster.com > Subject: [qmailtoaster] Re: Spam Help Plz > > Rafael Andrade wrote: > > Hello all, > > > > Im using qmailtoaster two years a go, and i`m very satisfied... > > some days a go my users receiving lots of spams, Tagged in subjects > > (spamassassin) or not. > > > > What could I be making to get better? > > > > Actually im using Qmailtoaster + Spamdyke with greylist. > > > > Excuse for english. > > > > My confs below: > > > > cat /etc/tcprules.d/tcp.smtp > > 127.:allow,RELAYCLIENT="" > > > 192.168.1.:allow,RELAYCLIENT="",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_R > CPTLIMIT="120",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJ > > > > > Kfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/con > trol/domainkeys/%/private",NOP0FCHECK="1" > > > > > xxx.xx.xx.xx:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="120 > ",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJKfh",QMAILQUE > > > > > UE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/control/domainke > ys/%/private",NOP0FCHECK="1" > > > > > :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRO > NGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIG > > > > N="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1" > > > > cat /var/qmail/control/simcontrol > > > :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w > mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p > > > > > l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr > :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. > > > > idw:.ipt > > > > cat /etc/spamdyke/spamdyke.conf > > # rbl > > dns-blacklist-entry=bl.spamcop.net > > dns-blacklist-entry=zen.spamhaus.org > > dns-blacklist-entry=dnsbl.sorbs.net > > dns-blacklist-entry=bogons.cymru.com > > dns-blacklist-entry=ix.dnsbl.manitu.net > > dns-blacklist-entry=cbl.abuseat.org > > dns-blacklist-entry=dnsbl.njabl.org > > > > > > # graylist > > #graylist-dir=/etc/spamdyke/graylist.d > > graylist-dir=/home/vpopmail/graylist.d > > graylist-level=always > > graylist-max-secs=2678400 > > graylist-min-secs=180 > > greeting-delay-secs=5 > > > > > > local-domains-file=/var/qmail/control/rcpthosts > > #log-level=debug > > log-level=info > > log-target=syslog > > #log-target=stderr > > max-recipients=50 > > #policy-url=http://my.policy.explanation.url/ > > reject-empty-rdns > > #reject-ip-in-cc-rdns > > reject-missing-sender-mx > > reject-unresolvable-rdns > > tls-certificate-file=/var/qmail/control/servercert.pem > > # blacklist and whitelist ip > > ip-blacklist-file=/etc/spamdyke/blacklist_ip > > ip-whitelist-file=/etc/spamdyke/whitelist_ip > > > > # blacklist and whitelist keywords > > ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords > > ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords > > > > # blacklist and whitelist senders > > sender-blacklist-file=/etc/spamdyke/blacklist_senders > > sender-whitelist-file=/etc/spamdyke/whitelist_senders > > > > # blacklist and whitelist rdns > > rdns-blacklist-file=/etc/spamdyke/blacklist_rdns > > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > > > > # whitelist dns > > dns-whitelist-file=/etc/spamdyke/whitelist_dns > > > > # blacklist and whitelist recipients > > recipient-blacklist-file=/etc/spamdyke/blacklist_recipients > > recipient-whitelist-file=/etc/spamdyke/whitelist_recipients > > > > Raphael, > > I just came across what I think is a possible hole in spamdyke's > configuration. > > I've been reading through the documentation regarding TLS, and it > appears that with no "tls-level" option specified, if a spammer were to > use TLS (advertised by qmail), spamdyke would be unable to use several > of its filters because the data is encrypted passing through spamdyke to > qmail-smtp. > > If you add "tls-level=smtp" to the spamdyke configuration file, this > will cause spamdyke to handle the encryption (as opposed to qmail-smtp), > and all of spamdyke's filters will be effective. I've just now added > this option to my spamdyke configuration, and will be updating the > qtp-install-spamdyke script with it if I don't see any problem. I highly > doubt there will be one. > > You probably won't see any real gains in spamdyke's effectiveness with > this, as it would be inefficient for a spammer to go through the > overhead of using TLS (encryption). Adding this option should remove any > doubt about such spam getting through though. ;) > > -- > -Eric 'shubes' > > > -------------------------------------------------------------------------- > ------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and > installations. > If you need professional help with your setup, contact them today! > -------------------------------------------------------------------------- > ------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: qmailtoaster-list- > unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list- > h...@qmailtoaster.com > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com