Re: [spamdyke-users] Plesk Whitelist and Spamdyke
Spamdyke is spamdyke and plesk is a manager for dedicated servers. Spamdyke has many options but dosen't use any information of plesk. You can check in which files plesk stores whitelist and blacklist and try to use them with spamdyke. Good luck Nightduke 2008/4/26, Sam Clippinger [EMAIL PROTECTED]: spamdyke doesn't check Plesk's whitelists, so it will not honor them. In fact, I don't know how Plesk's whitelists work. If they're stored in files (doubtful), spamdyke may be able to read those files and use them. -- Sam Clippinger Markus Thüer wrote: Hi, just a simple question for the experts. I don't know the mail processing order of plesk. So I am wondering will mails from Senders who are whitelisted in Plesk (global or personal) be checked by spamdyke? Markus Thüer ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Contributing script: geoip lookups for log analysis
Hi,
I recently wrote a small script that can add geoip info to qmail log lines
of several formats.
Maybe someone else finds it useful as well. I hereby release it under the
GPL, version 3 or later.
It works as a filter; you pipe the original log in, and out comes the
extended log. It's not terribly fast, because it's written in zsh and uses
while read; do ...; done, but at least it avoids using external sed and
grep.
I use it as part of a system that alerts me to unusual log entries; this
script allows me to ignore RBL matches of clients from countries I know we
don't really correspond with.
Watch out, some of the lines in the script are long.
#!/bin/zsh
#
# Add geoip country to every relevant line, if possible
#
[[ -r /var/lib/geoip/GeoIP.dat.gz ]] || exec cat
[[ -x /usr/bin/geoiplookup ]] || exec cat
function countrylookup() {
country=$(geoiplookup -d /var/lib/geoip $1) \
echo -n ${country/*: /} || echo -n --, unknown
}
while read line; do
case $line in
# This first clause catches log lines generated by my patched
qmail
*: S:*)
case $line in
*C:*)
echo $line # Already have country info
;;
*)
IP=${${line/*S:/}/:*/}
echo $line C:$(countrylookup $IP)
;;
esac
;;
# spamdyke lines
*origin_ip:*)
IP=${${line/*origin_ip: /}/ */}
country=$(countrylookup $IP)
line1=${line/ origin_rdns:*/}
line2=${line/*origin_rdns:/origin_rdns:}
echo $line1 ($country) $line2
;;
# rblsmtpd lines
*rblsmtpd:*)
IP=${${line/*rblsmtpd: /}/ */}
country=$(countrylookup $IP)
line1=${line/ pid */}
line2=${line/* pid/pid}
echo $line1 ($country) $line2
;;
*)
echo $line
;;
esac
done
The output can be customised in various obvious ways.
Sample before:
@40004814c1980b8eafd4 DENIED_RBL_MATCH from: [EMAIL PROTECTED] to: [EMAIL
PROTECTED] origin_ip: 91.76.144.183 origin_rdns:
ppp91-76-144-183.pppoe.mtu-net.ru auth: (unknown)
After:
@40004814c1980b8eafd4 DENIED_RBL_MATCH from: [EMAIL PROTECTED] to: [EMAIL
PROTECTED] origin_ip: 91.76.144.183 (RU, Russian Federation) origin_rdns:
ppp91-76-144-183.pppoe.mtu-net.ru auth: (unknown)
Andras
--
Andras Korn korn at chardonnay.math.bme.hu
http://chardonnay.math.bme.hu/~korn/ QOTD:
Can you tell the age of an onion by counting its rings?
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] feature request spamdyke user interface
nightduke wrote:
It's possible to create an user interface for to configure
spamdyke.conf file.
Can be added blacklist domains, whitelist domains or ips.
Add or remove rbl,etc...
There already is one, its called vi. Most of the configuration is just
simple lists of things, and a UI would make it harder - not easier.
Also there's a way to take statistics from the log? spammers stopped?
rbl listed? graylisting?
There is one for this also, its called grep.
But seriously, getting simple rough stats from the logs really is a
simple grep and a quick calculation in the head. Just looking now, 70%
of spam is caught by a RBL and 30% caught by greylist. I would be
interested to know if anyone has written any scripts that glean some
good statistics from the log files though!
It would be good to know how much spam got through, but that would
require some sort of crystal ball Or a spam reporting mechanism and
total user compliance in reporting all spam, all which is far far
outside of the scope of spamdyke
--
Jacob Briggs
Systems Engineer
Core Technology Limited
Level 1, NZX Centre
11 Cable Street
Wellington
Phone +64 4 801 2252
--
Private Object doAnythingConceivable(String whatToDo, Object whatToDoItWith) {
.
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] feature request spamdyke user interface
There's alread been something similar contributed... I've been using it for
a few weeks, and it's great...
Here's the thread. Read through it though, the initial post had a couple
typos, so you'll need to read through it to find the working version of the
script.
http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg00771.html
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jake Briggs
Sent: Sunday, April 27, 2008 4:43 PM
To: spamdyke users
Subject: Re: [spamdyke-users] feature request spamdyke user interface
nightduke wrote:
It's possible to create an user interface for to configure
spamdyke.conf file.
Can be added blacklist domains, whitelist domains or ips.
Add or remove rbl,etc...
There already is one, its called vi. Most of the
configuration is just simple lists of things, and a UI would
make it harder - not easier.
Also there's a way to take statistics from the log?
spammers stopped?
rbl listed? graylisting?
There is one for this also, its called grep.
But seriously, getting simple rough stats from the logs
really is a simple grep and a quick calculation in the head.
Just looking now, 70% of spam is caught by a RBL and 30%
caught by greylist. I would be interested to know if anyone
has written any scripts that glean some good statistics from
the log files though!
It would be good to know how much spam got through, but that
would require some sort of crystal ball Or a spam
reporting mechanism and total user compliance in reporting
all spam, all which is far far outside of the scope of spamdyke
--
Jacob Briggs
Systems Engineer
Core Technology Limited
Level 1, NZX Centre
11 Cable Street
Wellington
Phone +64 4 801 2252
--
Private Object doAnythingConceivable(String whatToDo, Object
whatToDoItWith) { .
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] feature request spamdyke user interface
Jake Briggs wrote: But seriously, getting simple rough stats from the logs really is a simple grep and a quick calculation in the head. or use of 'wc' It would be good to know how much spam got through, but that would require some sort of crystal ball Or a spam reporting mechanism and total user compliance in reporting all spam, all which is far far outside of the scope of spamdyke just grep your logs for spam filter entires. If it's SpamAssasin, just look for spamd: result: Y and you get some figures how many of ALLOWED was *probably* a spam. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] feature request spamdyke user interface
Marcin Orlowski wrote:
Jake Briggs wrote:
But seriously, getting simple rough stats from the logs really is a
simple grep and a quick calculation in the head.
or use of 'wc'
Since when could wc do addition, subtraction and division ;)
--
Jacob Briggs
Systems Engineer
Core Technology Limited
Level 1, NZX Centre
11 Cable Street
Wellington
Phone +64 4 801 2252
--
Private Object doAnythingConceivable(String whatToDo, Object whatToDoItWith) {
.
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] feature request spamdyke user interface
Jake Briggs wrote: Since when could wc do addition, subtraction and division ;) well... since bc. sort of :) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Timeout problem
I had a problem like this and decided putting the timeout from qmail less than the timeout from spamdyke, see: cat /var/qmail/control/timeoutsmtpd 240 grep idle-timeout-secs /var/qmail/control/spamdyke/spamdyke.conf idle-timeout-secs = 300 After that never had problem with the repetition of messages. 2008/4/22 Eric Shubert [EMAIL PROTECTED]: I had a problem receiving a particular email message. It would always send the same amount of data, then timeout. The same amount of data was sent/received with timeouts of 60 and 180 seconds. I logged the message (great little feature of spamdyke btw), and the end part of the message log always shows: HR align=left SIZE=1 color=black div align=leftfont face=arial size=114072172/font/div/td/tr/TBODY/TABLE /BODY/HTML FF 04/22/2008 17:11:13 . QUIT FF 04/22/2008 17:11:13 421 Timeout. Talk faster next time. XX 04/22/2008 17:11:33 250 ok 1208909493 qp 11949 221 doris.shubes.net - Welcome to Qmail Toaster Ver. 1.3 SMTP Server 04/22/2008 17:11:33 CLOSED Here's the smtp log for the successful receipt (with no spamdyke): 04-22 17:21:13 tcpserver: pid 12162 from 208.46.47.130 04-22 17:21:13 tcpserver: ok 12162 doris:192.168.71.11:25 :208.46.47.130: :51303 04-22 17:21:13 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote rapport.mysurvey.com:unknown:208.46.47.130 rcpt : sender accepted 04-22 17:21:13 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote rapport.mysurvey.com:unknown:208.46.47.130 rcpt [EMAIL PROTECTED] : found existing recipient 04-22 17:21:34 simscan:[12162]:CLEAN (-6.20/99.00):20.2626s:April Edition of MySurvey.com Opinion Matters:208.46.47.130:[EMAIL PROTECTED]:a [EMAIL PROTECTED]: 04-22 17:21:34 tcpserver: end 12162 status 0 After receiving the entire message, I see this portion that was received after the part logged by spamdyke: IMG SRC= https://www.mysurvey.com/gems/gems_open_tracking.cfm?indid=14072172cmpid=1105r=1720290rundate=22-APR-2008+11%3a52%3a55z=67129618CF0844A786F0E0A6C20C49CD border=0 width=1 height=1 --=_Layout_Part_DC7E1BB5_1105_4DB3_BAE3_2A6208EB099A-- Any idea why this would timeout (consistently, like clockwork) with spamdyke, but not without it? This message timed out all day long with spamdyke, but was received successfully on the first attempt without spamdyke. Did spamdyke somehow choke on the last bit? FWIW, it appears that the entire email was a bit hosed, as the html did not render properly in the client view (mac mail) once the entire message was received. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Paulo Henrique Fonseca [EMAIL PROTECTED] ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Timeout problem
That's interesting, Paulo. I have timeoutsmtpd at 600, and nothing specified for idle-timeout-secs. Sam's having a look at a couple of my logs. I'll be glad to try this out if Sam gives me the word (I don't want to mess up his debugging efforts). I wonder if idle-timeout-secs is somehow not being initialized/defaulted properly. Thanks for the input Paulo. Paulo Henrique wrote: I had a problem like this and decided putting the timeout from qmail less than the timeout from spamdyke, see: cat /var/qmail/control/timeoutsmtpd 240 grep idle-timeout-secs /var/qmail/control/spamdyke/spamdyke.conf idle-timeout-secs = 300 After that never had problem with the repetition of messages. 2008/4/22 Eric Shubert [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: I had a problem receiving a particular email message. It would always send the same amount of data, then timeout. The same amount of data was sent/received with timeouts of 60 and 180 seconds. I logged the message (great little feature of spamdyke btw), and the end part of the message log always shows: HR align=left SIZE=1 color=black div align=leftfont face=arial size=114072172/font/div/td/tr/TBODY/TABLE /BODY/HTML FF 04/22/2008 17:11:13 . QUIT FF 04/22/2008 17:11:13 421 Timeout. Talk faster next time. XX 04/22/2008 17:11:33 250 ok 1208909493 qp 11949 221 doris.shubes.net http://doris.shubes.net - Welcome to Qmail Toaster Ver. 1.3 SMTP Server 04/22/2008 17:11:33 CLOSED Here's the smtp log for the successful receipt (with no spamdyke): 04-22 17:21:13 tcpserver: pid 12162 from 208.46.47.130 http://208.46.47.130 04-22 17:21:13 tcpserver: ok 12162 doris:192.168.71.11:25 http://192.168.71.11:25 :208.46.47.130::51303 04-22 17:21:13 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote rapport.mysurvey.com:unknown:208.46.47.130 http://208.46.47.130 rcpt : sender accepted 04-22 17:21:13 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote rapport.mysurvey.com:unknown:208.46.47.130 http://208.46.47.130 rcpt [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] : found existing recipient 04-22 17:21:34 simscan:[12162]:CLEAN (-6.20/99.00):20.2626s:April Edition of MySurvey.com Opinion Matters:208.46.47.130:[EMAIL PROTECTED]:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: 04-22 17:21:34 tcpserver: end 12162 status 0 After receiving the entire message, I see this portion that was received after the part logged by spamdyke: IMG SRC=https://www.mysurvey.com/gems/gems_open_tracking.cfm?indid=14072172cmpid=1105r=1720290rundate=22-APR-2008+11%3a52%3a55z=67129618CF0844A786F0E0A6C20C49CD https://www.mysurvey.com/gems/gems_open_tracking.cfm?indid=14072172cmpid=1105r=1720290rundate=22-APR-2008+11%3a52%3a55z=67129618CF0844A786F0E0A6C20C49CDborder=0 width=1 height=1 --=_Layout_Part_DC7E1BB5_1105_4DB3_BAE3_2A6208EB099A-- Any idea why this would timeout (consistently, like clockwork) with spamdyke, but not without it? This message timed out all day long with spamdyke, but was received successfully on the first attempt without spamdyke. Did spamdyke somehow choke on the last bit? FWIW, it appears that the entire email was a bit hosed, as the html did not render properly in the client view (mac mail) once the entire message was received. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Paulo Henrique Fonseca [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
