[spamdyke-users] Graylite and whitelist problems
Hi, I'm using spamdyke and I like it a lot. I encountered two problems: 1) Isn't more useful to graylist senders using their ip address rather than only its email address, like this: /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? 2) if I include an ip address in a whitelist, I become a relay for that ip address because that ip address bypass ALL other filters? Thanks in advance, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] strange error at log
Sep 7 06:26:28 server1 spamdyke[9898]: DENIED_OTHER from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 122.99.61.133 origin_rdns: host-133.61-99-122.dynamic.totalbb.net.tw auth: (unknown) What's denied_other? Can anyone explain to me? Thanks Nightduke ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylite and whitelist problems
I think I can field this one. ;) Davide D'AMICO wrote: Hi, I'm using spamdyke and I like it a lot. I encountered two problems: 1) Isn't more useful to graylist senders using their ip address rather than only its email address, like this: /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? Some large (think yahoo, gmail) mailers use server pools. Retries might be sent from a different server, causing a message to be graylisted many times. Personally, I think it'd be ok to use IPs for a type of whitelist after the IP has passed graylisting. After all, once an IP has passed for one domain/sender, wouldn't it pass for all other domain/senders too? However, this adds another level of complexity (a pre- and a passed- gray list, sometimes referred to as a dual key). If this proved to be a good method, a global whitelist service based on the post-key (simply IP address), sort of like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued such a thing or not. Seems feasible to me though. 2) if I include an ip address in a whitelist, I become a relay for that ip address because that ip address bypass ALL other filters? No, because authentication is still required for non-local domains. Spamdyke filters are only bypassed if/when the sender authenticates. Thanks in advance, Davide -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylite and whitelist problems
2008/9/7 Eric Shubert [EMAIL PROTECTED]: I think I can field this one. ;) Davide D'AMICO wrote: Hi, I'm using spamdyke and I like it a lot. I encountered two problems: 1) Isn't more useful to graylist senders using their ip address rather than only its email address, like this: /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? Some large (think yahoo, gmail) mailers use server pools. Retries might be sent from a different server, causing a message to be graylisted many times. Personally, I think it'd be ok to use IPs for a type of whitelist after the IP has passed graylisting. After all, once an IP has passed for one domain/sender, wouldn't it pass for all other domain/senders too? However, this adds another level of complexity (a pre- and a passed- gray list, sometimes referred to as a dual key). If this proved to be a good method, a global whitelist service based on the post-key (simply IP address), sort of like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued such a thing or not. Seems feasible to me though. You are right, but server pools are well known (gmail, yahoo, msn and others) and could be easily discovered and included in a whitelist. A spammer tends to use only an IP address or few ip addresses, so using a graylist method with single ip addresses could improve security. 2) if I include an ip address in a whitelist, I become a relay for that ip address because that ip address bypass ALL other filters? No, because authentication is still required for non-local domains. Spamdyke filters are only bypassed if/when the sender authenticates. You are right, I think I had a problem in my configuration files. Thanks in advance, dave ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylite and whitelist problems
Davide D'AMICO wrote: 2008/9/7 Eric Shubert [EMAIL PROTECTED]: I think I can field this one. ;) Davide D'AMICO wrote: 1) Isn't more useful to graylist senders using their ip address rather than only its email address, like this: /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? Some large (think yahoo, gmail) mailers use server pools. Retries might be sent from a different server, causing a message to be graylisted many times. Personally, I think it'd be ok to use IPs for a type of whitelist after the IP has passed graylisting. After all, once an IP has passed for one domain/sender, wouldn't it pass for all other domain/senders too? However, this adds another level of complexity (a pre- and a passed- gray list, sometimes referred to as a dual key). If this proved to be a good method, a global whitelist service based on the post-key (simply IP address), sort of like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued such a thing or not. Seems feasible to me though. You are right, but server pools are well known (gmail, yahoo, msn and others) and could be easily discovered and included in a whitelist. Yes, but they change, so you'd need some sort of maintenance procedure to keep them up to date. It's a slow moving target, but far from being fixed. Adding a manual maintenance burden is bad. If it were automated though, that'd be ok. A spammer tends to use only an IP address or few ip addresses, so using a graylist method with single ip addresses could improve security. How would it improve security? Needs explanation. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylite and whitelist problems
2008/9/7 Eric Shubert [EMAIL PROTECTED]: Davide D'AMICO wrote: 2008/9/7 Eric Shubert [EMAIL PROTECTED]: I think I can field this one. ;) Davide D'AMICO wrote: 1) Isn't more useful to graylist senders using their ip address rather than only its email address, like this: /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? Some large (think yahoo, gmail) mailers use server pools. Retries might be sent from a different server, causing a message to be graylisted many times. Personally, I think it'd be ok to use IPs for a type of whitelist after the IP has passed graylisting. After all, once an IP has passed for one domain/sender, wouldn't it pass for all other domain/senders too? However, this adds another level of complexity (a pre- and a passed- gray list, sometimes referred to as a dual key). If this proved to be a good method, a global whitelist service based on the post-key (simply IP address), sort of like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued such a thing or not. Seems feasible to me though. You are right, but server pools are well known (gmail, yahoo, msn and others) and could be easily discovered and included in a whitelist. Yes, but they change, so you'd need some sort of maintenance procedure to keep them up to date. It's a slow moving target, but far from being fixed. Adding a manual maintenance burden is bad. If it were automated though, that'd be ok. Graylist uses a timeout (min/max) to reset/delete graylist files, so there is no need to use manual maintenance. Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Plesk + Spamdyke Control Panel
It's possible to translate this control panel to english and to spanish. Nightduke 2008/9/7 Stefan Pausch [EMAIL PROTECTED]: I am not sure, if this has been mentioned in this list before: There is a (in my oppinion superb) spamdyke control panel (for Plesk) available. I am not sure, if this list supports file attachments: I added a screenshot of the panel to this email. The Control Panel and the following URls are in german ( well i am not sure if the spamdyke control panel support multilanguage - but i guess it isn't hard to translate) Download panel from (you need to register) http://www.huschi.net/ Forum thread discussion that panel (german): http://serversupportforum.de/forum/plesk/26655-plesk-spamdyke-control-panel. html Howto installing Spamdyke (and the panel) (german) : http://www.huschi.net/25_330_de-plesk-qmail-greylisting-mit-spamdyke.html If you don't speak english, but want to install that panel / need help translating, just let me know. Maybe this helps somebody :) --Stefan ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Plesk + Spamdyke Control Panel
I mistyped the Download url in my entry post. The correct page for downloading the SCP is: http://www.haggybear.de It's possible to translate this control panel to english and to spanish. Is this a question, or a statement? --Stefan -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:spamdyke-users- [EMAIL PROTECTED] Im Auftrag von nightduke Gesendet: Sonntag, 7. September 2008 18:50 An: spamdyke users Betreff: Re: [spamdyke-users] Plesk + Spamdyke Control Panel It's possible to translate this control panel to english and to spanish. Nightduke 2008/9/7 Stefan Pausch [EMAIL PROTECTED]: I am not sure, if this has been mentioned in this list before: There is a (in my oppinion superb) spamdyke control panel (for Plesk) available. I am not sure, if this list supports file attachments: I added a screenshot of the panel to this email. The Control Panel and the following URls are in german ( well i am not sure if the spamdyke control panel support multilanguage - but i guess it isn't hard to translate) Download panel from (you need to register) http://www.huschi.net/ Forum thread discussion that panel (german): http://serversupportforum.de/forum/plesk/26655-plesk-spamdyke- control-panel. html Howto installing Spamdyke (and the panel) (german) : http://www.huschi.net/25_330_de-plesk-qmail-greylisting-mit- spamdyke.html If you don't speak english, but want to install that panel / need help translating, just let me know. Maybe this helps somebody :) --Stefan ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Plesk + Spamdyke Control Panel
It's possible to translate this control panel to english and to spanish. SCP comes with german (lang/de.inc.php) and englisch (lang/en.inc.php) language files. In config.inc.php the default language (define(LANG, de);) can be switched. The installation.txt is in english. (didn't notice that, until i looked fort he language type ^^) Guess it is no problem at all to translate it to spanish. Maybe you should send haggybear a copy of the language file :) --Stefan ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] strange error at log
DENIED_OTHER means that the message was rejected by something other than spamdyke. For example, when qmail rejects a message with Sorry, that domain isn't in my list of allowed rcpthosts, spamdyke will log it as DENIED_OTHER. FYI, all of spamdyke's log messages are documented in the README file: http://www.spamdyke.org/documentation/README.html#LOG -- Sam Clippinger nightduke wrote: Sep 7 06:26:28 server1 spamdyke[9898]: DENIED_OTHER from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 122.99.61.133 origin_rdns: host-133.61-99-122.dynamic.totalbb.net.tw auth: (unknown) What's denied_other? Can anyone explain to me? Thanks Nightduke ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylite and whitelist problems
Building an IP whitelist based on the graylist filter would be problematic. As you noted, server pools wouldn't be handled correctly. Proxies and NAT firewalls would also be an issue -- imagine one server behind a proxy passes the graylist, so the proxy is added to the whitelist. Then another server behind the proxy starts sending spam. The whitelist would let it all through. Also, an automatic whitelist like this would be easy to defeat if a spammer just sent a message to a known-good address before starting a spam run. Regarding the second question about the IP whitelist allowing all mail from the whitelisted server, Davide is correct. Once an IP has been whitelisted, spamdyke will allow it to send anything -- it bypasses all filters and authentication is not required. That's why whitelisting IP addresses should only be done sparingly, when the remote server can be trusted. Caveat: In version 4.0, the smtp-auth-level and filter-level options are not affected by whitelists. -- Sam Clippinger Eric Shubert wrote: I think I can field this one. ;) Davide D'AMICO wrote: Hi, I'm using spamdyke and I like it a lot. I encountered two problems: 1) Isn't more useful to graylist senders using their ip address rather than only its email address, like this: /var/db/spamdyke/graylist/domain/rcpt/sender/ip_sender ? Some large (think yahoo, gmail) mailers use server pools. Retries might be sent from a different server, causing a message to be graylisted many times. Personally, I think it'd be ok to use IPs for a type of whitelist after the IP has passed graylisting. After all, once an IP has passed for one domain/sender, wouldn't it pass for all other domain/senders too? However, this adds another level of complexity (a pre- and a passed- gray list, sometimes referred to as a dual key). If this proved to be a good method, a global whitelist service based on the post-key (simply IP address), sort of like RBLSs but RWLs, could be implemented. I don't know if anyone's pursued such a thing or not. Seems feasible to me though. 2) if I include an ip address in a whitelist, I become a relay for that ip address because that ip address bypass ALL other filters? No, because authentication is still required for non-local domains. Spamdyke filters are only bypassed if/when the sender authenticates. Thanks in advance, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
