Re: [spamdyke-users] ip-in-rdns-keyword-blacklist-file
Close... but you need a leading dot if you want it to match a domain name instead of looking for the keyword in the middle of the name. So change your file to contain this: .rr.com That should do it! -- Sam Clippinger On Oct 2, 2013, at 3:36 PM, BC wrote: > > > This spam got through today (after being graylisted 8 minutes): > > Oct 2 13:53:25 C2Q_Q9400 spamdyke[66462]: ALLOWED from: (unknown) to: > b...@purgatoire.org origin_ip: 24.227.125.250 > origin_rdns: rrcs-24-227-125-250.se.biz.rr.com auth: (unknown) > encryption: (none) reason: 250_ok_1380743605_qp_66464 > > My ip-in-rdns-keyword-blacklist-file contains an entry (out of many > others) on one line like this: > > rr.com > > > Am I misunderstanding how this should work? The filter should have > found the 'rr.com' in the rdns name that also contained the IP > address, right? > > Thanks in advance. > ___ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] ip-in-rdns-keyword-blacklist-file
This spam got through today (after being graylisted 8 minutes): Oct 2 13:53:25 C2Q_Q9400 spamdyke[66462]: ALLOWED from: (unknown) to: b...@purgatoire.org origin_ip: 24.227.125.250 origin_rdns: rrcs-24-227-125-250.se.biz.rr.com auth: (unknown) encryption: (none) reason: 250_ok_1380743605_qp_66464 My ip-in-rdns-keyword-blacklist-file contains an entry (out of many others) on one line like this: rr.com Am I misunderstanding how this should work? The filter should have found the 'rr.com' in the rdns name that also contained the IP address, right? Thanks in advance. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Blacklist Delemma
From what you've described, the "ip-blacklist-entry" option in the configuration directory won't have any effect. That's because if the IP address is being blacklisted by a line in a file (and referenced using "ip-blacklist-file"), you can't remove it using "ip-blacklist-entry". In other words, when you use a line like this: ip-blacklist-entry=!66.96. spamdyke looks back through its configuration for a line that exactly matches this: ip-blacklist-entry=66.96. If it finds a matching line, it removes it from the current configuration. If it doesn't, nothing happens. Since you're using "ip-blacklist-file", nothing is happening. However, the "sender-whitelist-entry" option should do the trick. In your configuration directory, the last part of the path ("mindy") is a file, not a folder, correct? In other words, the full path to the file is not "/etc/spamdyke/config.d/_recipient_/biz/choicewireless/_at_/mindy/mindy", correct? Also make sure you put this in your main spamdyke configuration file: config-dir=/etc/spamdyke/config.d Be sure to check is the log entry that says "DENIED_BLACKLIST_IP" -- make sure the recipient address is _exactly_ "mi...@choicewireless.biz" and the sender address is under the jtwowireless.com domain. The last thing is to check your logs to make sure spamdyke isn't generating errors. If everything still looks right, you may have found a bug! In that case, first try recompiling spamdyke with "excessive" output like this: ./configure --with-excessive-output make Replace the spamdyke binary with the new one, then use the "full-log-dir" option to capture incoming sessions into files. If you can capture one of these failed connections, the log file should show everything spamdyke is doing (or not doing) when it decides to reject it. You can send it to me privately if you don't want to post it on the list. Good luck! -- Sam Clippinger On Oct 2, 2013, at 9:48 AM, Denny Jones wrote: > Sam, > > Thanks for all of your help on this. I'm having issues though. > > Here's my setup: > Email I'm trying to allow access for a specific IP range and a specific > domain: mi...@choicewireless.biz > IP Range: 66.96 > Domain mail is coming from: jtwowireless.com > > My Config.d Dir structure: > /etc/spamdyke/config.d/_recipient_/biz/choicewireless/_at_/mindy > > The contents of "mindy": > sender-whitelist-entry=@jtwowireless.com > ip-blacklist-entry=!66.96. > > I have 66.96. in the blacklist_ip file > > I have added the following to my spamdyke.conf file: > config-dir=/etc/spamdyke/config.d > > Emails from jtwowireless.com still get denied as DENIED_BLACKLIST_IP. > > I'm scratching my head here. What am I doing wrong? > > Denny > > > > > -Original Message- > From: Sam Clippinger > To: spamdyke users > Sent: Tue, Sep 24, 2013 11:20 am > Subject: Re: [spamdyke-users] Blacklist Delemma > > That's correct. The configuration directory feature allows you to specify > different configurations based on the recipient address, the sender address, > the remote IP address, the remote rDNS name or any combination of those > items. In the example I gave, it will override the ip-blacklist-entry > setting for that one recipient address (or add a sender whitelist entry for > that one recipient address, if you use that option). > > -- Sam Clippinger > > > > > On Sep 24, 2013, at 11:08 AM, Denny Jones wrote: > >> Sam, >> >> Thanks for the reply. I want to understand what is happening here... >> >> I think setting it up as you described tells spamdyke to behave like this: >> when it see's the user myu...@mydomain.com either don't block the 66.96. IP >> structure or always allow mail from @eigbox.net - depending upon the way i >> set it up. Thereby making the rule for blocking 66.96 NOT apply to that user. >> >> Am I getting this correct? >> >> Sorry to be do dense - I just want to be clear in my understanding, >> Denny >> >> >> >> >> >> -Original Message- >> From: Sam Clippinger >> To: spamdyke users >> Sent: Mon, Sep 23, 2013 4:29 pm >> Subject: Re: [spamdyke-users] Blacklist Delemma >> >> Sounds like you need to create a configuration directory so you can turn off >> the blacklist entry for that one user and leave it turned on for everyone >> else. >> >> If your user's email address is myu...@mydomain.com, create a folder >> structure like this: >> /var/qmail/spamdyke/config.d/_recipient_/com/mydomain/_at_ >> At the bottom of that folder structure, create a text file named for the >> username portion of the email address: >> /var/qmail/spamdyke/config.d/_recipient_/com/mydomain/_at_/myuser >> Inside that text file, put the spamdyke configuration commands to turn off >> the blacklist filter (assuming you added the IP range using >> "ip-blacklist-entry"): >> ip-blacklist-entry=!66.96. >> Or better yet, just whitelist the sender domain (it'll only affect this one >> reci
Re: [spamdyke-users] Blacklist Delemma
Sam, Thanks for all of your help on this. I'm having issues though. Here's my setup: Email I'm trying to allow access for a specific IP range and a specific domain: mi...@choicewireless.biz IP Range: 66.96 Domain mail is coming from: jtwowireless.com My Config.d Dir structure: /etc/spamdyke/config.d/_recipient_/biz/choicewireless/_at_/mindy The contents of "mindy": sender-whitelist-entry=@jtwowireless.com ip-blacklist-entry=!66.96. I have 66.96. in the blacklist_ip file I have added the following to my spamdyke.conf file: config-dir=/etc/spamdyke/config.d Emails from jtwowireless.com still get denied as DENIED_BLACKLIST_IP. I'm scratching my head here. What am I doing wrong? Denny -Original Message- From: Sam Clippinger To: spamdyke users Sent: Tue, Sep 24, 2013 11:20 am Subject: Re: [spamdyke-users] Blacklist Delemma That's correct. The configuration directory feature allows you to specify different configurations based on the recipient address, the sender address, the remote IP address, the remote rDNS name or any combination of those items. In the example I gave, it will override the ip-blacklist-entry setting for that one recipient address (or add a sender whitelist entry for that one recipient address, if you use that option). -- Sam Clippinger On Sep 24, 2013, at 11:08 AM, Denny Jones wrote: Sam, Thanks for the reply. I want to understand what is happening here... I think setting it up as you described tells spamdyke to behave like this: when it see's the user myu...@mydomain.com either don't block the 66.96. IP structure or always allow mail from @eigbox.net - depending upon the way i set it up. Thereby making the rule for blocking 66.96 NOT apply to that user. Am I getting this correct? Sorry to be do dense - I just want to be clear in my understanding, Denny -Original Message- From: Sam Clippinger To: spamdyke users Sent: Mon, Sep 23, 2013 4:29 pm Subject: Re: [spamdyke-users] Blacklist Delemma Sounds like you need to create a configuration directory so you can turn off the blacklist entry for that one user and leave it turned on for everyone else. If your user's email address is myu...@mydomain.com, create a folder structure like this: /var/qmail/spamdyke/config.d/_recipient_/com/mydomain/_at_ At the bottom of that folder structure, create a text file named for the username portion of the email address: /var/qmail/spamdyke/config.d/_recipient_/com/mydomain/_at_/myuser Inside that text file, put the spamdyke configuration commands to turn off the blacklist filter (assuming you added the IP range using "ip-blacklist-entry"): ip-blacklist-entry=!66.96. Or better yet, just whitelist the sender domain (it'll only affect this one recipient): sender-whitelist-entry=@eigbox.net Last, add the configuration directory option to your main spamdyke configuration file: config-dir=/var/qmail/spamdyke/config.d That should do it. -- Sam Clippinger On Sep 23, 2013, at 4:00 PM, Denny Jones wrote: Hello, I've got one account (on QmailToaster w/SpamDyke) who gets mail from a legitimate sender via the mail servers at eigbox.net. That domain has a range of IP's: 66.96.xxx.xxx. The problem is I also get a ton of spam from this same server (not from that sender). When I block "66.96.", It blocks everything. Things I've tried: 1. white listing the legitimate sender which I don't like (the sender can be spoofed). 2. white listing the whole IP (66.96.186.10) that the legitimate sender sent from (this works temporarily but will change when the IP rotates). How can I let mail come trough for this one sender from a "known" spam sender but block all the other junk? Ideas? Thanks, Denny ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users