Got it Finn Here’s what I have but apparently unuseful due to the systems network position.
dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net graylist-dir=/var/spamdyke/graylist graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=6 idle-timeout-secs=60 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip local-domains-file=/var/qmail/control/rcpthosts log-level=info log-target=stderr max-recipients=50 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns reject-missing-sender-mx reject-unresolvable-rdns sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp On Mar 12, 2014, at 5:55 AM, Finn Buhelt <f...@kirstineslund.dk> wrote: > Hi Scot. > > Nope You're not alone ! > > Remember to check /etc/spamdyke/spamdyke.conf to en/disable dns-blacklists, > greylists ,time etc.., (advice will be to make use of a couple of these > dns-blacklists) > > Regards, > > Finn > > Den 12-03-2014 10:41, Scot Needy skrev: >> Thanks for the feedback Eric, Are we the only two on this list ! “nudge” >> qmailtoaster-list >> Working on moving the qmt to a public address space. I just need to eat a >> little crow first. >> >> When I did my research and asked those questions it lead me to believe that >> the “last hop” of the TCP packet had little to do with the spam rules as >> they used mail headers. >> I still have a hard time swallowing that one. >> >> So I installed spamdyke using /usr/sbin/qtp-install-spamdyke thinking that >> would replace my spam engine but from the logs and your comment I’m >> guessing I need to uninstall spamassasin as I still see simscan in the logs >> from tcprules. >> >> [bash]# cat /etc/tcprules.d/tcp.smtp >> 127.:allow,RELAYCLIENT="",DKSIGN="/var/qmail/control/domainkeys/%/private" >> :allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIGN="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1" >> Need to look at that one but spamdyke is properly installed and working. >> >> >> [bash]# ls -al /var/qmail/supervise/smtp/ >> total 24 >> drwx-----T 4 qmaill qmail 4096 Mar 7 14:40 . >> drwxr-xr-x 12 qmaill qmail 4096 Jan 26 20:32 .. >> drwx------ 3 qmaill qmail 4096 Jan 26 20:32 log >> lrwxrwxrwx 1 root root 12 Mar 7 14:40 run -> run.spamdyke >> -rwxr-x--x 1 qmaill qmail 555 Jan 26 20:11 run.dist >> -rwxr-x--x 1 qmaill qmail 584 Mar 7 14:40 run.spamdyke >> drwx------ 2 qmaill qmail 4096 Mar 11 21:39 supervise >> >> [bash]# cat /var/qmail/supervise/smtp/run.spamdyke >> #!/bin/sh >> QMAILDUID=`id -u vpopmail` >> NOFILESGID=`id -g vpopmail` >> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` >> SPAMDYKE="/usr/local/bin/spamdyke" >> SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf" >> SMTPD="/var/qmail/bin/qmail-smtpd" >> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" >> HOSTNAME=`hostname` >> VCHKPW="/home/vpopmail/bin/vchkpw" >> REQUIRE_AUTH=0 >> >> exec /usr/bin/softlimit -m 64000000 \ >> /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \ >> -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ >> $SPAMDYKE --config-file $SPAMDYKE_CONF \ >> $SMTPD $VCHKPW /bin/true 2>&1 >> >> >> >> On Mar 12, 2014, at 1:50 AM, Eric Shubert <e...@shubes.net> wrote: >> >>> Scot, >>> >>> You really need to get QMT on the perimeter so spamdyke can do its thing. >>> This will give you the biggest bang for your buck. Plus, there's nothing >>> else nearly as effective. I've said for quite some time that if I had to >>> pick just one anti-spam software, it'd be spamdyke hands down. There's just >>> nothing else that compares (even spamassassin). >>> >>> -- >>> -Eric 'shubes' >>> >>> On 03/11/2014 08:56 PM, Scot Needy wrote: >>>> New dilemma in my fight against SPAM. >>>> >>>> I updated the simcontrol file to include additional attachments and >>>> shortly all mail was blocked but I’m not sure why >>>> >>>> What exactly is the function of spam_hits ? Block ALL mail after 12 hits ? >>>> Per hour per … ? >>>> Is simcontrol even in play anymore ? >>>> >>>> 03-11 18:05:44 policy_check: policy allows transmission >>>> 03-11 18:05:45 >>>> simscan:[2167]:ATTACH:0.5788s:msg.1394575545.33060.2168:10.189.254.17:…. >>>> 03-11 18:05:45 qmail-smtpd: qq hard reject (Your email was rejected >>>> because it contains a bad attachment: msg.1394575545.33060.2168): MAILFROM: >>>> 03-11 18:05:45 spamdyke[2166]: DENIED_OTHER from:…………………………...: >>>> 554_Your_email_was_rejected_because_it_contains_a_bad_attachment:_msg.1394575545.33060.2168 >>>> 03-11 18:05:45 tcpserver: end 2166 status 0 >>>> >>>> >>>> >>>> qq hard reject (Your email was rejected because it contains a bad >>>> attachment: addr.1394576063.667266.2282) >>>> qq hard reject (Your email was rejected because it contains a bad >>>> attachment: addr.1394583394.337275.4588) >>>> qq hard reject (Your email was rejected because it contains a bad >>>> attachment: addr.1394583630.231858.4647) >>>> qq hard reject (Your email was rejected because it contains a bad >>>> attachment: msg.1394575545.33060.2168) >>>> qq hard reject (Your email was rejected because it contains a bad >>>> attachment: msg.1394581657.995523.4160) >>>> qq hard reject (Your email was rejected because it contains a bad >>>> attachment: msg.1394583827.844655.4665) >>>> qq hard reject (Your email was rejected because it contains a bad >>>> attachment: textfile0) >>>> qq hard reject (Your email was rejected because it contains a bad >>>> attachment: textfile2) >>>> qq hard reject (Your email was rejected because it contains a bad >>>> attachment: textfile4) >>>> >>>> >>>> >>>> :clam=yes,spam=yes,spam_hits=5,attach=.ade:.adp:.app:.asd:.asf:.asp:.asx:.avi:.bas:.bat:.bin:.chm:.cil:.cla:.class:.cmd:.com:.cpl:.crt:.csh:.css:.dll:.dot:.email:.eml:.exe:.fxp:.hlp:.hta:.htm:.html:.inf:.ins:.isp:.js:.jse:.ksh:.lnk:.mda:.mdb:.mde:.mdt:.mdw:.mdz:.mov:.mp3:.mpe:.mpeg:.mpg:.msc:.msi:.msp:.mst:.nws:.ocx:.ops:.pcd:.pif:.pl:.pm:.pot:.pps:.prf:.prg:.ps:.rar:.reg:.scf:.scr:.sct:.shb:.shm:.shs:.url:.vb:.vbe:.vbs:.vxd:.wav:.wmd:.wmf:.wms:.wmz:.wsc:.wsf:.wsh:.wsz:.xsl:.xlt:.xlw: >>>> >>>> Back to original and restarted >>>> >>>> :clam=yes,spam=yes,spam_hits=12,attach=.exe:.pif:.src >>>> >>>> >>>> >>>> >>>> On Mar 11, 2014, at 3:09 PM, Eric Shubert <e...@shubes.net> wrote: >>>> >>>>> On 03/11/2014 12:04 PM, Eric Shubert wrote: >>>>>> Yes, blacklists will still help, but not this way. Specify them in the >>>>>> spamdyke.conf file. When spamdyke is installed, the control/blacklists >>>>>> file is not used (it's used by rblsmtpd, which is disabled when spamdyke >>>>>> is installed). >>>>> Wrong. Sorry, I wasn't thinking. These rely on the sending server's IP >>>>> address too. >>>>> >>>>> The only thing it appears that might help you in this configuration is >>>>> graylisting. I wouldn't go there though. Get QMT on the perimeter. >>>>> >>>>> -- >>>>> -Eric 'shubes' >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >>>> >>>> >>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com