Re: [qmailtoaster] spamdyke spf block - whitelist not working

2023-07-24 Thread Leonardo Porto 

No worry.

I tried the exact senders address instead the domain but apparently did 
not work, I will give a try on @domain and the dnswl.org whitelist.



Em 24/07/2023 10:49, Eric Broch escreveu:


Sorry,

This is what I meant (below). You can use a domain name instead of IP 
to white list. If I remember correctly and entry would be 
@somedomain.com.



Whitelisting Senders and Recipients


  |recipient-whitelist-entry|
  |recipient-whitelist-file|
  |sender-whitelist-entry|
  |sender-whitelist-file|

Sometimes, adding IP addresses and reverse DNS names to whitelist 
files is not enough to satisfy some users. Either they continue to 
receive mail from unexpected places or they just think spamdyke is 
blocking their email. In those cases, a last resort can be to 
whitelist the sender or recipient address.


*NOTE: Using these features is a bad idea!*Sender addresses 
are_very_easy to forge; this is why spam is so hard to block. 
Recipient addresses are obviously already known to the spammers; this 
is why spam is delivered. Whitelisting any addresses this 
way_will_allow spam to get through.


To whitelist a sender or recipient address, 
the|sender-whitelist-entry|or|recipient-whitelist-entry|option should 
be used, respectively. The entries can use the same formats as those 
for|sender-blacklist-entry|and|recipient-blacklist-entry|; 
seeRejecting Recipients 
for 
details.


Whitelist entries can be placed in files and referenced 
with|sender-whitelist-file|or|recipient-whitelist-file|. This is more 
efficient for more than a few entries.




On 7/24/2023 7:39 AM, Leonardo Porto wrote:


Hi Eric,

Here is my spamdyke.conf:

dns-blacklist-entry=b.barracudacentral.org
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=dnsbl.spfbl.net
graylist-dir=/var/spamdyke/graylist
graylist-level=none
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=6
header-blacklist-entry=From:*>,*<*
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
qmail-rcpthosts-file=/var/qmail/control/rcpthosts
log-level=info
max-recipients=50
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
reject-empty-rdns
reject-sender=no-mx
reject-unresolvable-rdns
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp

Despite that configuration I don't use graylists, 
black/white-keywords, black/white-rdns, black/white-recipients or 
black/white-senders files, I only use whitelist_ip file and those 
three blacklists at the top (barracuda, spamcop and spfbl).


I may try this dns-whitelist, do you know and recommend any list?



Em 24/07/2023 10:10, Eric Broch escreveu:


Leonardo,

Did you see the option to block DNS? Or did you try this?


DNS Whitelists


  |dns-whitelist-entry|
  |dns-whitelist-file|
  |rhs-whitelist-entry|
  |rhs-whitelist-file|

spamdyke has the ability to consult DNS whitelists and allow 
connections from hosts or senders who match entries on them. DNS 
whitelists are essentially DNS RBLs and DNS RHSBLs that list allowed 
IP addresses and domain names instead of blocked ones. All of the 
same cautionary statements apply to DNS whitelists as to DNS 
blacklists. SeeDNS RBLs 
andDNS 
RHSBLs 
for 
details.


To use a DNS Realtime Whitelist (the opposite of a DNS RBL), the 
option|dns-whitelist-entry|should be given. To use a DNS 
Righthand-side Whitelist, the option|rhs-whitelist-entry|should be 
given. By default, spamdyke does not use a DNS whitelist. If either 
option is given multiple times, each list will be consulted before 
the connection is blocked.


If more than a few lists are given, 
the|dns-whitelist-file|or|rhs-whitelist-file|options may be used to 
provide the lists in files.


*NOTE: Checking DNS whitelists can impose a serious performance 
penalty. Using more than three DNS whitelists is not recommended.*


*
*

*
*

On 7/24/2023 6:23 AM, Leonardo Porto wrote:


Hello there,

My Toaster is blocking a customer domain because they are sending 
messages from a Google server that is not allowed in their SPF policy:


Jul 21 10:28:45 app1 spamdyke[24853]: DENIED_OTHER from: 
per...@jeduca.org.br to: user@mydomain origin_ip: 209.85.215.172 
origin_rdns: mail-pg1-f172.google.com auth: (unknown) encryption: 
TLS reason:

Re: [qmailtoaster] spamdyke spf block - whitelist not working

2023-07-24 Thread Eric Broch 

Sorry,

This is what I meant (below). You can use a domain name instead of IP to 
white list. If I remember correctly and entry would be @somedomain.com.



   Whitelisting Senders and Recipients


 |recipient-whitelist-entry|
 |recipient-whitelist-file|
 |sender-whitelist-entry|
 |sender-whitelist-file|

Sometimes, adding IP addresses and reverse DNS names to whitelist files 
is not enough to satisfy some users. Either they continue to receive 
mail from unexpected places or they just think spamdyke is blocking 
their email. In those cases, a last resort can be to whitelist the 
sender or recipient address.


*NOTE: Using these features is a bad idea!*Sender addresses 
are_very_easy to forge; this is why spam is so hard to block. Recipient 
addresses are obviously already known to the spammers; this is why spam 
is delivered. Whitelisting any addresses this way_will_allow spam to get 
through.


To whitelist a sender or recipient address, 
the|sender-whitelist-entry|or|recipient-whitelist-entry|option should be 
used, respectively. The entries can use the same formats as those 
for|sender-blacklist-entry|and|recipient-blacklist-entry|; seeRejecting 
Recipients 
for 
details.


Whitelist entries can be placed in files and referenced 
with|sender-whitelist-file|or|recipient-whitelist-file|. This is more 
efficient for more than a few entries.




On 7/24/2023 7:39 AM, Leonardo Porto wrote:


Hi Eric,

Here is my spamdyke.conf:

dns-blacklist-entry=b.barracudacentral.org
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=dnsbl.spfbl.net
graylist-dir=/var/spamdyke/graylist
graylist-level=none
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=6
header-blacklist-entry=From:*>,*<*
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
qmail-rcpthosts-file=/var/qmail/control/rcpthosts
log-level=info
max-recipients=50
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
reject-empty-rdns
reject-sender=no-mx
reject-unresolvable-rdns
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp

Despite that configuration I don't use graylists, 
black/white-keywords, black/white-rdns, black/white-recipients or 
black/white-senders files, I only use whitelist_ip file and those 
three blacklists at the top (barracuda, spamcop and spfbl).


I may try this dns-whitelist, do you know and recommend any list?



Em 24/07/2023 10:10, Eric Broch escreveu:


Leonardo,

Did you see the option to block DNS? Or did you try this?


DNS Whitelists


  |dns-whitelist-entry|
  |dns-whitelist-file|
  |rhs-whitelist-entry|
  |rhs-whitelist-file|

spamdyke has the ability to consult DNS whitelists and allow 
connections from hosts or senders who match entries on them. DNS 
whitelists are essentially DNS RBLs and DNS RHSBLs that list allowed 
IP addresses and domain names instead of blocked ones. All of the 
same cautionary statements apply to DNS whitelists as to DNS 
blacklists. SeeDNS RBLs 
andDNS 
RHSBLs 
for details.


To use a DNS Realtime Whitelist (the opposite of a DNS RBL), the 
option|dns-whitelist-entry|should be given. To use a DNS 
Righthand-side Whitelist, the option|rhs-whitelist-entry|should be 
given. By default, spamdyke does not use a DNS whitelist. If either 
option is given multiple times, each list will be consulted before 
the connection is blocked.


If more than a few lists are given, 
the|dns-whitelist-file|or|rhs-whitelist-file|options may be used to 
provide the lists in files.


*NOTE: Checking DNS whitelists can impose a serious performance 
penalty. Using more than three DNS whitelists is not recommended.*


*
*

*
*

On 7/24/2023 6:23 AM, Leonardo Porto wrote:


Hello there,

My Toaster is blocking a customer domain because they are sending 
messages from a Google server that is not allowed in their SPF policy:


Jul 21 10:28:45 app1 spamdyke[24853]: DENIED_OTHER from: 
per...@jeduca.org.br to: user@mydomain origin_ip: 209.85.215.172 
origin_rdns: mail-pg1-f172.google.com auth: (unknown) encryption: 
TLS reason: 
550_See_http://spf.pobox.com/why.html?sender=person%40jeduca.org.br=209.85.215.172=myserver_(#5.7.1)


As you can see at their SPF checking:

https://www.spf-record.com/spf-lookup/jeduca.org.br?ip=209.85.215.172

Everytime they send a messagem it comes from a diverse IP so I tried 
to

Re: [qmailtoaster] spamdyke spf block - whitelist not working

2023-07-24 Thread Leonardo Porto 

Hi Eric,

Here is my spamdyke.conf:

dns-blacklist-entry=b.barracudacentral.org
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=dnsbl.spfbl.net
graylist-dir=/var/spamdyke/graylist
graylist-level=none
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=6
header-blacklist-entry=From:*>,*<*
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
qmail-rcpthosts-file=/var/qmail/control/rcpthosts
log-level=info
max-recipients=50
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
reject-empty-rdns
reject-sender=no-mx
reject-unresolvable-rdns
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp

Despite that configuration I don't use graylists, black/white-keywords, 
black/white-rdns, black/white-recipients or black/white-senders files, I 
only use whitelist_ip file and those three blacklists at the top 
(barracuda, spamcop and spfbl).


I may try this dns-whitelist, do you know and recommend any list?



Em 24/07/2023 10:10, Eric Broch escreveu:


Leonardo,

Did you see the option to block DNS? Or did you try this?


DNS Whitelists


  |dns-whitelist-entry|
  |dns-whitelist-file|
  |rhs-whitelist-entry|
  |rhs-whitelist-file|

spamdyke has the ability to consult DNS whitelists and allow 
connections from hosts or senders who match entries on them. DNS 
whitelists are essentially DNS RBLs and DNS RHSBLs that list allowed 
IP addresses and domain names instead of blocked ones. All of the same 
cautionary statements apply to DNS whitelists as to DNS blacklists. 
SeeDNS RBLs 
andDNS 
RHSBLs 
for details.


To use a DNS Realtime Whitelist (the opposite of a DNS RBL), the 
option|dns-whitelist-entry|should be given. To use a DNS 
Righthand-side Whitelist, the option|rhs-whitelist-entry|should be 
given. By default, spamdyke does not use a DNS whitelist. If either 
option is given multiple times, each list will be consulted before the 
connection is blocked.


If more than a few lists are given, 
the|dns-whitelist-file|or|rhs-whitelist-file|options may be used to 
provide the lists in files.


*NOTE: Checking DNS whitelists can impose a serious performance 
penalty. Using more than three DNS whitelists is not recommended.*


*
*

*
*

On 7/24/2023 6:23 AM, Leonardo Porto wrote:


Hello there,

My Toaster is blocking a customer domain because they are sending 
messages from a Google server that is not allowed in their SPF policy:


Jul 21 10:28:45 app1 spamdyke[24853]: DENIED_OTHER from: 
per...@jeduca.org.br to: user@mydomain origin_ip: 209.85.215.172 
origin_rdns: mail-pg1-f172.google.com auth: (unknown) encryption: TLS 
reason: 
550_See_http://spf.pobox.com/why.html?sender=person%40jeduca.org.br=209.85.215.172=myserver_(#5.7.1)


As you can see at their SPF checking:

https://www.spf-record.com/spf-lookup/jeduca.org.br?ip=209.85.215.172

Everytime they send a messagem it comes from a diverse IP so I tried 
to whitelist them at /etc/spamdyke/whitelist_senders putting one 
sender per line but it did not work.


Do you guys have any adivise?

qmail-1.03-3.1.qt.el7.x86_64
spamdyke 5.0.1+TLS+CONFIGTEST+DEBUG
Centos 7

Re: [qmailtoaster] spamdyke spf block - whitelist not working

2023-07-24 Thread Eric Broch 

Leonardo,

Did you see the option to block DNS? Or did you try this?


   DNS Whitelists


 |dns-whitelist-entry|
 |dns-whitelist-file|
 |rhs-whitelist-entry|
 |rhs-whitelist-file|

spamdyke has the ability to consult DNS whitelists and allow connections 
from hosts or senders who match entries on them. DNS whitelists are 
essentially DNS RBLs and DNS RHSBLs that list allowed IP addresses and 
domain names instead of blocked ones. All of the same cautionary 
statements apply to DNS whitelists as to DNS blacklists. SeeDNS RBLs 
andDNS RHSBLs 
for details.


To use a DNS Realtime Whitelist (the opposite of a DNS RBL), the 
option|dns-whitelist-entry|should be given. To use a DNS Righthand-side 
Whitelist, the option|rhs-whitelist-entry|should be given. By default, 
spamdyke does not use a DNS whitelist. If either option is given 
multiple times, each list will be consulted before the connection is 
blocked.


If more than a few lists are given, 
the|dns-whitelist-file|or|rhs-whitelist-file|options may be used to 
provide the lists in files.


*NOTE: Checking DNS whitelists can impose a serious performance penalty. 
Using more than three DNS whitelists is not recommended.*


*
*

*
*

On 7/24/2023 6:23 AM, Leonardo Porto wrote:


Hello there,

My Toaster is blocking a customer domain because they are sending 
messages from a Google server that is not allowed in their SPF policy:


Jul 21 10:28:45 app1 spamdyke[24853]: DENIED_OTHER from: 
per...@jeduca.org.br to: user@mydomain origin_ip: 209.85.215.172 
origin_rdns: mail-pg1-f172.google.com auth: (unknown) encryption: TLS 
reason: 
550_See_http://spf.pobox.com/why.html?sender=person%40jeduca.org.br=209.85.215.172=myserver_(#5.7.1)


As you can see at their SPF checking:

https://www.spf-record.com/spf-lookup/jeduca.org.br?ip=209.85.215.172

Everytime they send a messagem it comes from a diverse IP so I tried 
to whitelist them at /etc/spamdyke/whitelist_senders putting one 
sender per line but it did not work.


Do you guys have any adivise?

qmail-1.03-3.1.qt.el7.x86_64
spamdyke 5.0.1+TLS+CONFIGTEST+DEBUG
Centos 7

[qmailtoaster] spamdyke spf block - whitelist not working

2023-07-24 Thread Leonardo Porto 

Hello there,

My Toaster is blocking a customer domain because they are sending 
messages from a Google server that is not allowed in their SPF policy:


Jul 21 10:28:45 app1 spamdyke[24853]: DENIED_OTHER from: 
per...@jeduca.org.br to: user@mydomain origin_ip: 209.85.215.172 
origin_rdns: mail-pg1-f172.google.com auth: (unknown) encryption: TLS 
reason: 
550_See_http://spf.pobox.com/why.html?sender=person%40jeduca.org.br=209.85.215.172=myserver_(#5.7.1)


As you can see at their SPF checking:

https://www.spf-record.com/spf-lookup/jeduca.org.br?ip=209.85.215.172

Everytime they send a messagem it comes from a diverse IP so I tried to 
whitelist them at /etc/spamdyke/whitelist_senders putting one sender per 
line but it did not work.


Do you guys have any adivise?

qmail-1.03-3.1.qt.el7.x86_64
spamdyke 5.0.1+TLS+CONFIGTEST+DEBUG
Centos 7