Re: [spamdyke-users] DENIED_IP_IN_(CC)_RDNS

2008-04-30 Thread Sam Clippinger 
You must have missed it -- it's in the FAQ. :)
http://www.spamdyke.org/documentation/FAQ.html#FEATURE1

-- Sam Clippinger

Eric Shubert wrote:
> I've seen very high hits with these filters too. Let's be careful to
> realize, though, that this doesn't mean that the mail they're rejecting
> would have gotten through. What this means is that they're the first filter
> that caught the message. That's not to say that another (admittedly more
> costly, such as RBLs) filter would not have caught it.
>
> When the earliest filters catch the most, that's good a good thing, given
> that they're the 'cheapest' filters to apply. It can tend to distort the
> effectiveness of other filters though that aren't hit.
>
> It'd be interesting to do some statistical analysis, but I'm not sure how
> valuable the data would be. As in so many things, one size does not fit all.
>
> Sam, I don't remember seeing any documentation on the order that in which
> filters are processed. Did I miss it somewhere? It'd be nice to see the
> sequence of everything in one place for reference (the big picture, sort of).
>
> Sam Clippinger wrote:
>   
>> I can't speak for anyone else, but those two filters have been very good 
>> for my users.  On a typical day, 30-60% of all connections to my server 
>> are blocked with DENIED_IP_IN_CC_RDNS.  Another 5-20% are blocked by 
>> DENIED_IP_IN_RDNS.  I've had to whitelist a few IP addresses with bad 
>> rDNS names but that's been very rare so far (less than 5 total).
>>
>> However, servers with larger user populations and more international 
>> correspondence might have different experiences.
>>
>> -- Sam Clippinger
>>
>> Marcin Orlowski wrote:
>> 
>>> Hi,
>>>
>>> Anyone by any chance did sort of research if DENIED_IP_IN_*_RDNS helps
>>> his users or causes more problems? I formerly thought that this is
>>> more helpful, as IP in RDNS is most likely appear for home dsls, dialups
>>> and other stuff not supposed to run smtp server i shall trust, and if
>>> it's my users mail netline, then they shall authenticate while talkign 
>>> to me anyway. But now I see that some telecoms offer dsls with static 
>>> IPs (contrary to dyniamic one, rotated 24hs, that is addressed to home 
>>> users) which is primarily used by companies, and therefore it's less 
>>> likely for them to be spam source (due to botnes, zombies etc). I even 
>>> saw a data center which named their rack hosts that way. I therefore 
>>> think that it might be extremely useful to try to build a kind of 
>>> database of providers who one may consider whitelisting even, they would 
>>> otherwise fall into IP_IN_RDNS or IP_IN_CC_RDNS trap. Any thoughts?
>>>
>>> Marcin
>>>   
>
>
>   
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] DENIED_IP_IN_(CC)_RDNS

2008-04-30 Thread Eric Shubert 
I've seen very high hits with these filters too. Let's be careful to
realize, though, that this doesn't mean that the mail they're rejecting
would have gotten through. What this means is that they're the first filter
that caught the message. That's not to say that another (admittedly more
costly, such as RBLs) filter would not have caught it.

When the earliest filters catch the most, that's good a good thing, given
that they're the 'cheapest' filters to apply. It can tend to distort the
effectiveness of other filters though that aren't hit.

It'd be interesting to do some statistical analysis, but I'm not sure how
valuable the data would be. As in so many things, one size does not fit all.

Sam, I don't remember seeing any documentation on the order that in which
filters are processed. Did I miss it somewhere? It'd be nice to see the
sequence of everything in one place for reference (the big picture, sort of).

Sam Clippinger wrote:
> I can't speak for anyone else, but those two filters have been very good 
> for my users.  On a typical day, 30-60% of all connections to my server 
> are blocked with DENIED_IP_IN_CC_RDNS.  Another 5-20% are blocked by 
> DENIED_IP_IN_RDNS.  I've had to whitelist a few IP addresses with bad 
> rDNS names but that's been very rare so far (less than 5 total).
> 
> However, servers with larger user populations and more international 
> correspondence might have different experiences.
> 
> -- Sam Clippinger
> 
> Marcin Orlowski wrote:
>> Hi,
>>
>> Anyone by any chance did sort of research if DENIED_IP_IN_*_RDNS helps
>> his users or causes more problems? I formerly thought that this is
>> more helpful, as IP in RDNS is most likely appear for home dsls, dialups
>> and other stuff not supposed to run smtp server i shall trust, and if
>> it's my users mail netline, then they shall authenticate while talkign 
>> to me anyway. But now I see that some telecoms offer dsls with static 
>> IPs (contrary to dyniamic one, rotated 24hs, that is addressed to home 
>> users) which is primarily used by companies, and therefore it's less 
>> likely for them to be spam source (due to botnes, zombies etc). I even 
>> saw a data center which named their rack hosts that way. I therefore 
>> think that it might be extremely useful to try to build a kind of 
>> database of providers who one may consider whitelisting even, they would 
>> otherwise fall into IP_IN_RDNS or IP_IN_CC_RDNS trap. Any thoughts?
>>
>> Marcin


-- 
-Eric 'shubes'
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] DENIED_IP_IN_(CC)_RDNS

2008-04-30 Thread Sam Clippinger 
I can't speak for anyone else, but those two filters have been very good 
for my users.  On a typical day, 30-60% of all connections to my server 
are blocked with DENIED_IP_IN_CC_RDNS.  Another 5-20% are blocked by 
DENIED_IP_IN_RDNS.  I've had to whitelist a few IP addresses with bad 
rDNS names but that's been very rare so far (less than 5 total).

However, servers with larger user populations and more international 
correspondence might have different experiences.

-- Sam Clippinger

Marcin Orlowski wrote:
> Hi,
>
> Anyone by any chance did sort of research if DENIED_IP_IN_*_RDNS helps
> his users or causes more problems? I formerly thought that this is
> more helpful, as IP in RDNS is most likely appear for home dsls, dialups
> and other stuff not supposed to run smtp server i shall trust, and if
> it's my users mail netline, then they shall authenticate while talkign 
> to me anyway. But now I see that some telecoms offer dsls with static 
> IPs (contrary to dyniamic one, rotated 24hs, that is addressed to home 
> users) which is primarily used by companies, and therefore it's less 
> likely for them to be spam source (due to botnes, zombies etc). I even 
> saw a data center which named their rack hosts that way. I therefore 
> think that it might be extremely useful to try to build a kind of 
> database of providers who one may consider whitelisting even, they would 
> otherwise fall into IP_IN_RDNS or IP_IN_CC_RDNS trap. Any thoughts?
>
> Marcin
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>   
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] feature request spamdyke user interface

2008-04-30 Thread Stefan Pausch 
> >>>> spamdyke-users mailing list
> >>>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
> >>>>
> >> <mailto:spamdyke-users@spamdyke.org <mailto:spamdyke-
> [EMAIL PROTECTED]>>
> >>
> >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> >>>>
> >>>>
> >>> --
> >>> Technischer Support
> >>>
> >>> BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH
> >>> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
> >>>
> >>> Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20
> >>> E-Mail: [EMAIL PROTECTED]
> >>>
> >> <mailto:[EMAIL PROTECTED]>
> >>
> >>> <mailto:[EMAIL PROTECTED]
> >>>
> >> <mailto:[EMAIL PROTECTED]>>
> >>
> >>> Klassische Werbung und Online-Marketing: http://www.blackbit.de
> >>> Software für Online-Marketing: http://www.go-community.de
> >>>
> >>> ___
> >>> spamdyke-users mailing list
> >>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
> >>>
> >> <mailto:spamdyke-users@spamdyke.org <mailto:spamdyke-
> [EMAIL PROTECTED]>>
> >>
> >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> >>>
> >>>
> >>> ---
> -
> >>>
> >>> ___
> >>> spamdyke-users mailing list
> >>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
> >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> >>>
> >>>
> >> --
> >> Technischer Support
> >>
> >> BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH
> >> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
> >>
> >> Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20
> >> E-Mail: [EMAIL PROTECTED]
> >> <mailto:[EMAIL PROTECTED]>
> >>
> >> Klassische Werbung und Online-Marketing: http://www.blackbit.de
> >> Software für Online-Marketing: http://www.go-community.de
> >>
> >> ___
> >> spamdyke-users mailing list
> >> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
> >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> >>
> >> 
> 
> >>
> >> ___
> >> spamdyke-users mailing list
> >> spamdyke-users@spamdyke.org
> >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> >>
> >>
> >
> >
> >
> 
> 
> --
> Technischer Support
> 
> BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH
> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
> 
> Tel +49 [551] 506 75-0  Fax +49 [551] 506 75-20
> E-Mail: [EMAIL PROTECTED]
> 
> Klassische Werbung und Online-Marketing: http://www.blackbit.de
> Software für Online-Marketing: http://www.go-community.de
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> 
> __ Information from ESET NOD32 Antivirus, version of virus
> signature database 3067 (20080430) __
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com


___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] feature request spamdyke user interface

2008-04-30 Thread Stefan Pausch 
gt;>>
> >>> SpamAssasin, just
> >>>
> >>>> look for "spamd: result: Y" and you get some figures how many
> >>>> of ALLOWED was *probably* a spam.
> >>>>
> >>>> Marcin
> >>>> ___
> >>>> spamdyke-users mailing list
> >>>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
> >>>>
> >> <mailto:spamdyke-users@spamdyke.org <mailto:spamdyke-
> [EMAIL PROTECTED]>>
> >>
> >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> >>>>
> >>>>
> >>> --
> >>> Technischer Support
> >>>
> >>> BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH
> >>> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
> >>>
> >>> Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20
> >>> E-Mail: [EMAIL PROTECTED]
> >>>
> >> <mailto:[EMAIL PROTECTED]>
> >>
> >>> <mailto:[EMAIL PROTECTED]
> >>>
> >> <mailto:[EMAIL PROTECTED]>>
> >>
> >>> Klassische Werbung und Online-Marketing: http://www.blackbit.de
> >>> Software für Online-Marketing: http://www.go-community.de
> >>>
> >>> ___
> >>> spamdyke-users mailing list
> >>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
> >>>
> >> <mailto:spamdyke-users@spamdyke.org <mailto:spamdyke-
> [EMAIL PROTECTED]>>
> >>
> >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> >>>
> >>>
> >>> ---
> -
> >>>
> >>> ___
> >>> spamdyke-users mailing list
> >>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
> >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> >>>
> >>>
> >> --
> >> Technischer Support
> >>
> >> BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH
> >> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
> >>
> >> Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20
> >> E-Mail: [EMAIL PROTECTED]
> >> <mailto:[EMAIL PROTECTED]>
> >>
> >> Klassische Werbung und Online-Marketing: http://www.blackbit.de
> >> Software für Online-Marketing: http://www.go-community.de
> >>
> >> ___
> >> spamdyke-users mailing list
> >> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
> >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> >>
> >> 
> 
> >>
> >> ___
> >> spamdyke-users mailing list
> >> spamdyke-users@spamdyke.org
> >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> >>
> >>
> >
> >
> >
> 
> 
> --
> Technischer Support
> 
> BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH
> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
> 
> Tel +49 [551] 506 75-0  Fax +49 [551] 506 75-20
> E-Mail: [EMAIL PROTECTED]
> 
> Klassische Werbung und Online-Marketing: http://www.blackbit.de
> Software für Online-Marketing: http://www.go-community.de
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> 
> __ Information from ESET NOD32 Antivirus, version of virus
> signature database 3067 (20080430) __
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com


___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Backscatter Spam Question

2008-04-30 Thread Sam Clippinger 
After thinking this through more carefully, I think rejecting bounce 
messages would break mailing list software (actually, anything that 
rejected bounce messages would break mailing list software).  Most 
mailing list packages rely on processing bounced messages to kick 
subscribers off of the lists when messages bounce.

Also keep in mind that any solution to block bounce messages doesn't 
really solve the backscatter problem, it just moves it around.  If a 
remote server can't deliver a bounce message to your server, it will 
typically deliver the message to its own postmaster rather than simply 
discarding it.  That just means someone else's mailbox gets flooded 
instead of yours.

I think a better solution is probably something like SpamAssassin, which 
can identify (most) bounce messages and (correctly) scan them for spam.

-- Sam Clippinger

Michael Colvin wrote:
> Maybe doing it in a kind of "Greylist" fasion might work...  Where, instead
> of denying the first one, you allow the first one, then block subsequent
> NDR's from the same IP?  That would allow legit bounces through, as well as
> the bogus backscatter, but it will limit the backscatter to 1 copy.  Maybe
> have a shorter TTL on the backscatter greylist files...(or, of course, make
> it configurable  :-)  )
>  
>
> Michael J. Colvin
> NorCal Internet Services
> www.norcalisp.com
>
>  
>
>
>
>  
>
>   
>> -Original Message-
>> From: [EMAIL PROTECTED] 
>> [mailto:[EMAIL PROTECTED] On Behalf Of Sam 
>> Clippinger
>> Sent: Tuesday, April 29, 2008 9:04 PM
>> To: spamdyke users
>> Subject: Re: [spamdyke-users] Backscatter Spam Question
>>
>> Identifying incoming backscatter is difficult at best.  There 
>> is no standard way bounce messages are formatted -- it 
>> depends on the mail server software and version (and 
>> language).  Most are delivered from an empty sender address 
>> (spamdyke logs it as "(unknown)") but some aren't (I've seen 
>> bounces from "postmaster@", "MAILER-DAEMON@" and more).
>>
>> spamdyke doesn't currently have a way to block messages from 
>> null senders but it wouldn't be hard to add.  It would just 
>> be a very small extension to the sender blacklist feature.  
>> Whether you _should_ block those messages is up to you.
>>
>> -- Sam Clippinger
>>
>> Venks Izod wrote:
>> 
>>> I think this question is about outgoing backscatter.  Is 
>>>   
>> there a way 
>> 
>>> to deny/drop all incoming backscatter?  I guess the questions are:
>>>
>>> 1. Do MTAs consistently indicate in the headers that this 
>>>   
>> is a bounce
>> 
>>> 2. does spamdyke have a rule to decide based on this?
>>>
>>> Often a random user in my company will get upwards of 2000 mailer 
>>> daemon messages in one day.
>>>
>>> I understand that this would mean 2 things, one is that I will lose 
>>> out on real bounces.  The other (if I deny it) is that I am 
>>>   
>> possibly 
>> 
>>> just pushing the backscatter problem upstream and making it 
>>>   
>> worse for 
>> 
>>> somebody else.
>>>
>>> I don't mind having to change the spamdyke source.
>>>
>>> Bruce - you could completely disable bounces from qmail (another 
>>> sledgehammer approach).
>>>
>>> - Venkat
>>>
>>> -Original Message-
>>> From: Sam Clippinger <[EMAIL PROTECTED]>
>>> Sent: Friday, April 18, 2008 15:51:38
>>> Subject: Re: [spamdyke-users] Backscatter Spam Question
>>>
>>> You're not alone in wanting this feature -- recipient 
>>>   
>> validation is at 
>> 
>>> the top of my TODO list for spamdyke's version-after-next.  
>>>   
>> I'm trying 
>> 
>>> my best to get the next version (4.0.0) tested and 
>>>   
>> documented so I can 
>> 
>>> release it, hopefully this month.  Once that's done, I'll 
>>>   
>> be tackling 
>> 
>>> recipient validation.  Checking an LDAP directory is probably not 
>>> going to be possible in my first attempt, however.
>>>
>>> -- Sam Clippinger
>>>
>>> Bruce Schreiber wrote:
>>>   
>>>   
 I am receiving complaints about backscatter spam from my 
 
>> mail service.
>> 
 I would like to add a filter to block mail addressed to users that 
 are not in my LDAP directory and drop them before Qmail starts its 
 process.  I do not seem to see any filters in the 
 
>> configuration that 
>> 
 fit what I want.

 Does anyone have any suggestions?

 Thank you,

 Bruce

 
 
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>   
>>>   
>> ___
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
>> 
>
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/m

Re: [spamdyke-users] feature request spamdyke user interface

2008-04-30 Thread David Stiller 
Another thing - did you figure out, how to implement an own programm
into Plesk using the right
template and check for logins? I think the way i did it, it may be a
little insecure as it could be
opened without any login by the direct url...

David Stiller schrieb:
> That's close to what i've made. ;)
>
> Stefan Pausch schrieb:
>   
>> I would love to get my hands on that package as well. I am working on
>> a log analyzing script, too and would love to see how the scripts were
>> built.
>>
>> My script uses bash+php for dumping to a database and a plesk frontend
>> for filtering / analyzing.
>>
>> A editor for configuration files is planned … but i am busy with
>> projects right now and won’t be able to work on those scripts for a
>> few days.
>>
>> --Stefan
>>
>> *Von:* [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] *Im Auftrag von *nightduke
>> *Gesendet:* Dienstag, 29. April 2008 17:35
>> *An:* spamdyke users
>> *Betreff:* Re: [spamdyke-users] feature request spamdyke user interface
>>
>> Well i prefer analyzing logs...
>>
>> Plesk is plesk, i mean some people use it and some don't use that.
>>
>> Thanks a lot.
>>
>> Nightduke
>>
>>
>>
>> 2008/4/29, David Stiller <[EMAIL PROTECTED]
>> >:
>>
>> Hi Nightduke,
>>
>> sure, just give me an hour (or two) to make a package from that, as it's
>> not very general atm.
>> I'll publish that on my private site later on and give you a link to
>> check it out. Do you also
>> want the stuff for plesk, or just analyzing the logs?
>>
>> David
>>
>>
>> nightduke schrieb:
>> 
>>> David i think it will be a great idea to have a php client and also
>>> cron analyzing logs.
>>>
>>> Thanks a lot for your sugguestion, can you do that?
>>>
>>> Nightduke
>>>
>>>
>>>
>>> 2008/4/28, David Stiller <[EMAIL PROTECTED]
>>>   
>> 
>> 
>>> >>:
>>>
>>>
>>> Hi,
>>>
>>> i made a full Programm for that incl. an overview for Plesk. If you're
>>> interested i would like
>>> to give it to you. I'm using PHP-CLI and a cron analyzing the logs.
>>>
>>> Regards,
>>> David
>>>
>>> Marcin Orlowski schrieb:
>>>   
 Jake Briggs wrote:


 
> But seriously, getting simple rough stats from the logs really is a
> simple grep and a quick calculation in the head.
>
>   
 or use of 'wc'


 
> It would be good to know how much spam got through, but that would
> require some sort of crystal ball Or a spam reporting
>   
>>> mechanism and
>>>   
> total user compliance in reporting all spam, all which is far far
> outside of the scope of spamdyke
>
>   
 just grep your logs for spam filter entires. If it's
 
>>> SpamAssasin, just
>>>   
 look for "spamd: result: Y" and you get some figures how many
 of ALLOWED was *probably* a spam.

 Marcin
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org 
 
>> >
>> 
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

 
>>> --
>>> Technischer Support
>>>
>>> BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH
>>> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
>>>
>>> Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20
>>> E-Mail: [EMAIL PROTECTED]
>>>   
>> 
>> 
>>> >>   
>> >
>> 
>>> Klassische Werbung und Online-Marketing: http://www.blackbit.de
>>> Software für Online-Marketing: http://www.go-community.de
>>>
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org 
>>>   
>> >
>> 
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>>
>>> 
>>>
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org 
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>>   
>> --
>> Technischer Support
>>
>> BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH
>> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
>>
>> Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20
>> E-Mail: [EMAIL PROTECTED]
>> 
>>
>> Klassische Werbung und Online-Marketing: http://www.blackbit.de
>> Software für Online-Marketing: http://www.go-community.de
>>
>> ___
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org 
>> http://www.spamdyke.org/mailman/listinfo/sp

Re: [spamdyke-users] feature request spamdyke user interface

2008-04-30 Thread David Stiller 
So here you can see my first steps:
http://www.php-schnippsel.de/archives/8

David Stiller schrieb:
> That's close to what i've made. ;)
>
> Stefan Pausch schrieb:
>   
>> I would love to get my hands on that package as well. I am working on
>> a log analyzing script, too and would love to see how the scripts were
>> built.
>>
>> My script uses bash+php for dumping to a database and a plesk frontend
>> for filtering / analyzing.
>>
>> A editor for configuration files is planned … but i am busy with
>> projects right now and won’t be able to work on those scripts for a
>> few days.
>>
>> --Stefan
>>
>> *Von:* [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] *Im Auftrag von *nightduke
>> *Gesendet:* Dienstag, 29. April 2008 17:35
>> *An:* spamdyke users
>> *Betreff:* Re: [spamdyke-users] feature request spamdyke user interface
>>
>> Well i prefer analyzing logs...
>>
>> Plesk is plesk, i mean some people use it and some don't use that.
>>
>> Thanks a lot.
>>
>> Nightduke
>>
>>
>>
>> 2008/4/29, David Stiller <[EMAIL PROTECTED]
>> >:
>>
>> Hi Nightduke,
>>
>> sure, just give me an hour (or two) to make a package from that, as it's
>> not very general atm.
>> I'll publish that on my private site later on and give you a link to
>> check it out. Do you also
>> want the stuff for plesk, or just analyzing the logs?
>>
>> David
>>
>>
>> nightduke schrieb:
>> 
>>> David i think it will be a great idea to have a php client and also
>>> cron analyzing logs.
>>>
>>> Thanks a lot for your sugguestion, can you do that?
>>>
>>> Nightduke
>>>
>>>
>>>
>>> 2008/4/28, David Stiller <[EMAIL PROTECTED]
>>>   
>> 
>> 
>>> >>:
>>>
>>>
>>> Hi,
>>>
>>> i made a full Programm for that incl. an overview for Plesk. If you're
>>> interested i would like
>>> to give it to you. I'm using PHP-CLI and a cron analyzing the logs.
>>>
>>> Regards,
>>> David
>>>
>>> Marcin Orlowski schrieb:
>>>   
 Jake Briggs wrote:


 
> But seriously, getting simple rough stats from the logs really is a
> simple grep and a quick calculation in the head.
>
>   
 or use of 'wc'


 
> It would be good to know how much spam got through, but that would
> require some sort of crystal ball Or a spam reporting
>   
>>> mechanism and
>>>   
> total user compliance in reporting all spam, all which is far far
> outside of the scope of spamdyke
>
>   
 just grep your logs for spam filter entires. If it's
 
>>> SpamAssasin, just
>>>   
 look for "spamd: result: Y" and you get some figures how many
 of ALLOWED was *probably* a spam.

 Marcin
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org 
 
>> >
>> 
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

 
>>> --
>>> Technischer Support
>>>
>>> BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH
>>> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
>>>
>>> Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20
>>> E-Mail: [EMAIL PROTECTED]
>>>   
>> 
>> 
>>> >>   
>> >
>> 
>>> Klassische Werbung und Online-Marketing: http://www.blackbit.de
>>> Software für Online-Marketing: http://www.go-community.de
>>>
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org 
>>>   
>> >
>> 
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>>
>>> 
>>>
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org 
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>>   
>> --
>> Technischer Support
>>
>> BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH
>> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
>>
>> Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20
>> E-Mail: [EMAIL PROTECTED]
>> 
>>
>> Klassische Werbung und Online-Marketing: http://www.blackbit.de
>> Software für Online-Marketing: http://www.go-community.de
>>
>> ___
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org 
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
>> 
>>
>> ___
>> spamdyke-users ma

[spamdyke-users] DENIED_IP_IN_(CC)_RDNS

2008-04-30 Thread Marcin Orlowski 
Hi,

Anyone by any chance did sort of research if DENIED_IP_IN_*_RDNS helps
his users or causes more problems? I formerly thought that this is
more helpful, as IP in RDNS is most likely appear for home dsls, dialups
and other stuff not supposed to run smtp server i shall trust, and if
it's my users mail netline, then they shall authenticate while talkign 
to me anyway. But now I see that some telecoms offer dsls with static 
IPs (contrary to dyniamic one, rotated 24hs, that is addressed to home 
users) which is primarily used by companies, and therefore it's less 
likely for them to be spam source (due to botnes, zombies etc). I even 
saw a data center which named their rack hosts that way. I therefore 
think that it might be extremely useful to try to build a kind of 
database of providers who one may consider whitelisting even, they would 
otherwise fall into IP_IN_RDNS or IP_IN_CC_RDNS trap. Any thoughts?

Marcin
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users