[spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Hi, I am running latest spamdyke on couple of boxes with just plain config like: log-level=2 reject-empty-rdns reject-unresolvable-rdns reject-ip-in-cc-rdns greeting-delay-secs=5 but when I check the logs i see that DENIED_IP_IN_CC_RDNS does not work as expected. At the same time I see entries like: Apr 22 00:53:12 b1 spamdyke[24736]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 85.107.109.226 origin_rdns: dsl85-107-28130.ttnet.net.tr auth: (unknown) Apr 22 00:53:12 b1 spamdyke[24732]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 87.248.169.195 origin_rdns: 87-248-169-195.starnet.md auth: (unknown) Apr 22 00:53:27 b1 spamdyke[24738]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 190.55.105.219 origin_rdns: cpe-190-55-105-219.telecentro.com.ar auth: (unknown) Apr 22 00:53:29 b1 spamdyke[24740]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 190.173.222.12 origin_rdns: 190-173-222-12.speedy.com.ar auth: (unknown) Apr 22 00:53:52 b1 spamdyke[24743]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 190.55.105.219 origin_rdns: cpe-190-55-105-219.telecentro.com.ar auth: (unknown) but also these: Apr 22 00:51:30 b1 spamdyke[23611]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 68.38.167.167 origin_rdns: c-68-38-167-167.hsd1.nj.comcast.net auth: (unknown) Apr 22 00:51:31 b1 spamdyke[23612]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 65.83.199.240 origin_rdns: adsl-83-199-240.asm.bellsouth.net auth: (unknown) Apr 22 00:51:39 b1 spamdyke[23742]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 64.237.158.67 origin_rdns: adsl-64-237-158-67.prtc.net auth: (unknown) Apr 22 00:51:42 b1 spamdyke[23744]: ALLOWED from: (unknown) to: XX origin_ip: 146.82.152.68 origin_rdns: mman.smacek.com auth: (unknown) Apr 22 00:52:21 b1 spamdyke[23999]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 72.82.207.15 origin_rdns: pool-72-82-207-15.cmdnnj.east.verizon.net auth: (unknown) whose, to my underdstanding should be already trapped in DENIED_IP_IN_CC_RDNS but passed. It looks as spamdyke gets fooled sometimes when, perhaps, there is a letter prefix with dash prior the ip in rdns? Bug or feature? Thanks, Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: > Other connections are not being blocked because their rDNS names don't > end in country codes. Instead, they use three-character TLDs like > ".com" and ".net". If you want to block those connections as well, use > the "ip-in-rdns-keyword-file" option and put ".com" and ".net" in the > keyword file. Thanks! That seem to work fine. Would it be possible to also match IPs in "glued" form? i.e: 11.22.33.44 => 11223344.domain not just 11.22.33.44.domain? PS: I'd love to have just one config file for spamdyke for siplicity and instead of ip-in-rdns-keyword-file put just a bunch of ip-in-rdns-keyword=.com ip-in-rdns-keyword=.net type of entires in main config file. Doable? Thanks for nice tool. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: > This behavior is correct. The "reject-ip-in-cc-rdns" option will only I just found out that leading zero fools this filter: 111.222.111.33 => 111-222-11-033.domain pass while it should not Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: > spamdyke looks for the IP address in many different formats. If the IP > address is 11.22.33.44, it looks for: > 11.22.33.44 > 011.022.033.044 [...] > As for putting filter entries in the main configuration file instead of > separate files, I'm a step ahead of you. :) Version 4.0.0 already > contains this feature. What about option to allow matching i.e. 3 (or maybe even 2) parts of IP address? Pretty often seen, i.e. 11.22.33.44 => 44.33.22.foo.bar or (just seen in logs) 11.22.33.44 => host44-33-dynamic.22-11-x.foo ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Greylisting wishes
Hi, For graylisting to work in current version "the domain folders must be created before graylisting will work. This is the most common mistake when setting up spamdyke to perform graylisting". May I opt for a feature to just make spamdyke graylist all the connections *without* the need of the folder existence? If it is needed -> just mkdir() it and go ahead. It'd simplify the whole thing a lot as many people (inluding yours truly) just want all the traffic to be always graylisted (with optional exceptions). The need of manually created domain folder is sort-of pain in the a** for me. -- Regards, Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting wishes
dnk wrote: > I just added a line to create that directory. > Works like a charm and enables my gray listing from the get go. If you want all traffic graylisted this is simply unnecesary. If spamdyke can create user dir it could domain too. One item less to manage and keep eye on. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting wishes
Sam Clippinger wrote: > I've already made this change in version 4.0.0 -- it has a new flag to > allow spamdyke to create domain folders itself. It can't be automatic > because some sites need the ability to activate/deactivate graylisting > for specific domains without affecting others. what about option to call external app to check that out? One could easily craft small tool to look into SQL database to decide if we shall or shall not greylist. Generally, I'd love to see the way to feed spamdyke with stuff from external apps for any lists or even configuration file. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting wishes
Sam Clippinger wrote: > I'm planning to add that in a future version but not in 4.0.0. The list > of changes for that version is already incredibly long and I've been > trying to finish testing it for the last month or two. I have no idea > how long the documentation updates are going to take. > > Look for this in 4.1.0 or so. Small suggestion for 4.0 -> to add ALLOWED_GRAYLISTED log entry not just ALLOWED for any message that passes. Having ALLOWED_GRAYLISTED woul help finding out how many graylisted posts were spam. With just ALLOWED I'd need to parse logs myself... ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting wishes
Sam Clippinger wrote: > I could do that if it would be useful. Now is the time for changes like > this, since version 4.0 won't be backwards compatible anyway. What > about changing the log message for other reasons too? For example, > ALLOWED_WHITELISTED_IP, ALLOWED_WHITELISTED_SENDER, etc. That'd be perfect. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting wishes
Sam Clippinger wrote: > "ALLOWED_GRAYLISTED" could be useful if graylisting isn't active for all > domains. I'd be useful if graylisting all domains too, to find out how many senders did not retry (due to, most probably, being spammers). Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: > I can always use help writing documentation. Let me finish making the > updates for the version 4.0 changes, then I'll send them to you to see > if you think they need polishing. Thanks! BTW: documentation lacks information of default values, for options like graylist-max-secs, graylist-min-secs, etc. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting wishes
Michael Colvin wrote: > Doesn't it already log "DENIED GREYLISTED" when it greylists an address, > then when it is sent again, and passes the greylist test, it logs > "ALLOWED"... Doesn't that already identify greylisted e-mails? No. One means message is graylisted, the other, message has passed. It does not mean "message was posted again due to graylist" as ALLOWED may be there i.e. due to whitelists for example. To find out which ALLOWED was formerly DENIED_GREYLISTED you need to play with logs yourself and try to match records. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting wishes
> Yes, but, by definition, any e-mail that is "ALLOWED" on a domain that has > greylisting enabled, is an "ALLOWED GREYLIST", since all e-mails would be > greylisted prior to being allowed. :-) Unless it's graylist-whitelisted. Then it's, from statistical point of view I am having mostly in mind, just ALLOWED. And that's the difference. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] feature request: Test mode
Hi, I'd love to see sort of test mode. So I could i.e. enable log-ip-in-cc-rdns which would work the same way known reject-ip-in-cc-rdns works but without really denying matching connection. It shall just log it (i.e. as TEST_IP_IN_CC_RDNS) and that's it. That would be extremely useful to run on production environment for some time to find out how it would act "for real". I'd analyse logs then to decide if I'd benefit or not, or how to configure whitelists to have this option work as best for my users as it possibly could. Test mode could be available for most options it'd make sense for. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] --help goes to stderr insead of stdout
Hi, is there any reason output of --help goes to stderr stream instead of stdout? Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: > The defaults are described in the text of each section in the README > file but not in the table that shows all of the configuration options... > I didn't realize that. The defaults are printed in the help screen when > you run "spamdyke -h". --max-recipients NUM Allow a maximum of NUM recipients per connection for non-local senders. Default: unlimited recipients per connection. NUM must be between (or equal to) 0 and 2147483647. Well, I still have to *guess* if 0 means "unlimited recipients" here ;) BTW: There's no anchor for "Extra Utilities" on http://spamdyke.org/documentation/README.html Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] --help goes to stderr insead of stdout
Sam Clippinger wrote: > Yes. spamdyke's error messages go to stderr, because configuration > errors should be logged instead of being sent to the remote server > (stdout goes to the network). Because the error text is sent to stderr, > it made sense to send the version banner and the help text to stderr > also, for consistency. May I ask for --config-test-??? that could be invoked just in shell so I do not need to put spamdyke in the qmail "chain", so I could just craft new shiny .conf file and then do: # spamdyke --config-test-??? -f shiny.conf to see if my shiny.conf is fine and valid, all the external files, dirs etc. are accessible etc. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] feature request spamdyke user interface
Jake Briggs wrote: > But seriously, getting simple rough stats from the logs really is a > simple grep and a quick calculation in the head. or use of 'wc' > It would be good to know how much spam got through, but that would > require some sort of crystal ball Or a spam reporting mechanism and > total user compliance in reporting all spam, all which is far far > outside of the scope of spamdyke just grep your logs for spam filter entires. If it's SpamAssasin, just look for "spamd: result: Y" and you get some figures how many of ALLOWED was *probably* a spam. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] feature request spamdyke user interface
Jake Briggs wrote: > Since when could wc do addition, subtraction and division ;) well... since bc. sort of :) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DENIED_GREYLISTED never gets ACCEPTED
Stefan Pausch wrote: > In my logs several DENIED_GRAYLISTED from the same ip, from the same email > address, tot he same email adress appear which never gets ACCEPTED. Ensure your graylist directory is writable to spamdyke user (or just make it chmod a+w to quickly see if that's the cause). Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] DENIED_IP_IN_(CC)_RDNS
Hi, Anyone by any chance did sort of research if DENIED_IP_IN_*_RDNS helps his users or causes more problems? I formerly thought that this is more helpful, as IP in RDNS is most likely appear for home dsls, dialups and other stuff not supposed to run smtp server i shall trust, and if it's my users mail netline, then they shall authenticate while talkign to me anyway. But now I see that some telecoms offer dsls with static IPs (contrary to dyniamic one, rotated 24hs, that is addressed to home users) which is primarily used by companies, and therefore it's less likely for them to be spam source (due to botnes, zombies etc). I even saw a data center which named their rack hosts that way. I therefore think that it might be extremely useful to try to build a kind of database of providers who one may consider whitelisting even, they would otherwise fall into IP_IN_RDNS or IP_IN_CC_RDNS trap. Any thoughts? Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DENIED_IP_IN_(CC)_RDNS
Sam Clippinger wrote: > I can't speak for anyone else, but those two filters have been very good > for my users. On a typical day, 30-60% of all connections to my server > are blocked with DENIED_IP_IN_CC_RDNS. Another 5-20% are blocked by > DENIED_IP_IN_RDNS. I've had to whitelist a few IP addresses with bad > rDNS names but that's been very rare so far (less than 5 total). > > However, servers with larger user populations and more international > correspondence might have different experiences. Let me request a feature to bypass DENIED_IN_(CC)_RDNS if "to:" matches given pattern. I'd then be able to bypass all the crap to potentially complaining customers and let them filter it by themselves, w/o the risk of flooding others with this. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DENIED_IP_IN_(CC)_RDNS
Sam Clippinger wrote: > I know...I know... This morning as I was leaving the house, I realized > I'd completely missed my April deadline. It seemed so realistic, way > back in March. Unfortunately, Real Life has not been cooperating > lately. That's why you should allow donations, so you could collect some more "motivators" for yourself or had them over to developer who could work on spamdyke under your supervision, so April deadline will never be met in December ;) Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Why Maillist (and not a Forum?)
Stefan Pausch wrote: > I wonder why a maillist - instead of a board - is used. Personally i would > love a board better. Just curious. Forum? spamdyke is not kid toy. Never seen any serious admin preferring any forum over regular, rock solid mailing list. ;) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke stats
nightduke wrote: > Hi i would like to know if it's possible to make stats with mrtg or > something else of spam denied at the maillog? sure it is. Just parse your logs and provide deltas to mrtg and you're done ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DNSRBL question
Eric Shubert wrote: > However, assuming that rblsmtpd and spamdyke are equally efficient at > processing RBLs (which is not necessarily a good assumption), letting > spamdyke do the rbl processing would be (slightly) more efficient, as there > would be one less process and pipe to pass the data through. Not to mention logging/stats. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Graylisting - how effective it really is?
Hi, I wonder if anyone tried to analyze his logs to find out how effective gray listing is. I'd probably prefer to allow all incoming mails (maybe with exceptions) and even disable DENIED_IP_IN_CC_RDNS blockers as it yet causes too much collateral damages I can accept, even 99% of the mails DENIED_IP_IN_CC_RDNS deny is spam, then I got still 1% remaining - and this ususally causes some problems, but I yet like to deny mass-flood-senders. Something which graylisting still shall fight with. So -> graylisting - how effective it really is for you? Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] log rbl name
Lucas Bremgartner wrote: > May 10 10:33:44 D08X0403 spamdyke[16993]: DENIED_RBL_MATCH > (zen.spamhaus.org) from: [E-MAIL] to: [E-MAIL] origin_ip: [IP] > origin_rdns: [RDNS] auth: (unknown) > > I'm not an C programming specialist, so any feedback would be appreciated. Your patch breaks the "syntax" on log entry by adding item. I'd rather add "other: " at after the "auth:" and put rbl name there and "(none)" for other entries. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] log rbl name
Lucas Bremgartner wrote: > I just used the format suggested by sam in his mail on 14 Apr 2008. > http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg00892.html No, you did not. It's significiant difference between "DENIED_RBL_MATCH(rbl.example.com)" and "DENIED_RBL_MATCH (rbl.example.com)", especially when you take log parsing into account. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] error while loading shared libraries: libc.so.6: failed to map segment from shared object: Cannot allocate memory
Michael Swat wrote: > @4000482bfaca285270ec /usr/local/bin/spamdyke: error while loading > shared libraries: libc.so.6: failed to map segment from shared object: Cannot > allocate memory > I don't know how to fix this. Is here anybody who can help me ? Well, you might have some serious problems out there. Doubt it's relevant to spamdyke to be asked here for a solution though. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] yet another wishlist... :-)
Sam Clippinger wrote: > I'd love to be able to do spam and virus scanning within spamdyke, But what for? There's couple of tools you can use to scan (for whatever you want) incoming mails before they go to the user mailbox and drop mails when needed. Absolutely pointless feature to be added to spamdyke. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] yet another wishlist... :-)
Olivier Mueller wrote: >>> I'd love to be able to do spam and virus scanning within spamdyke, >> But what for? There's couple of tools you can use to scan (for whatever >> you want) incoming mails before they go to the user mailbox and drop >> mails when needed. Absolutely pointless feature to be added to spamdyke > > Yes, but not always on SMTP-level, and IMHO it's better there since the > sender (if he's in the 3-4% of non-spams) will get an error message from > his smtp server in case of problems. Otherwise it will be "silently > dropped", and it's unpractical to debug issues... What SMTP-level you talk about? You need to get all the data prior checks we talk about. And this makes *huge* difference. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] yet another wishlist... :-)
Olivier Mueller wrote: > I used q-s in the past, but had to drop it because of memory/cpu-use > issues... As far as I remember it was an huge perl script started on > every incoming mail: is it still the case? (better would be something > like spamd + spamc). You can always substitute qmail-local by your own code (even bash script works like w/o no harm) which would scan the mail (i.e. by calling any external tool you wish), drop or bounce it if needed needed (virus?) or just hand over to original qmail-local to continue delivery. Works like a harm for years here and keeps perl away. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] SMTP auth and spamhaus issues with "The Bat"
nightduke wrote: > http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg00978.html > Try this at your smtp_psa > > Can you paste a more detailed log? Could you please stop sending HTML to the list as well as start removing unnecessary citations, so eventually your 3 line post wouldn't take whole 55KB anymore? Thanks. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Invalid IP?
Chong Ken wrote: > However I see that some entries with invalid IPs (ending with .0 or > .255) pass all tests (graylisted of course). Can Spamdyke block these > directly, or .0/.255 IPs are valid actually? This depends on IP class size this address belongs to. If it's /24 then it's invalid, but it can be larger class and then it's perfectly ok. You cannot tell that from the IP only. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] skip RNDS check for a few IPs
K. Shantanu wrote: > Can anyone recommend how can I ask spamdyke to skip rdns check for a few > IPs? There are a few clients of mine, whose ISP naive enough not to give > rdns to their IPs. Till we can convince them, I don't want to lose any > mails. All you need, incl. IP whitelisting is documented here: http://spamdyke.org/documentation/README.html ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] no IN A but there's IN MX scenario
Sam Clippinger wrote: > If you could send me the real name of the sender's domain, I'd be happy > to test this myself to see if there is a bug in spamdyke. Thanks for this explanation. I re-did the checks and it seems the spamdyke was right, as it was other end issue with rdns M. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spammers spoofing internal FROM addresses
Sam Clippinger wrote: > In the short term, could you stop this kind of spam by configuring > spamdyke to require authentication for all of your local domains? That shall work. Beside forwards I am afraid. I believe SPF is the less invasive solution here M. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] how to reslove it..................
Raj Kumar wrote: > if i send mail to some user [to, cc, bcc, and ] mentioning multiple time > the same user. > my server sends and user recieves the mail specified times in to, cc, bcc, Which is what you tell MTA to do. This is normal and expected behaviour. > so can anybody suggest me how can i filter with spamdyke or any other > tools on qmail on rhel5 For what reason? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] how to reslove it..................
Raj Kumar wrote: > like on google, if i mention same email account multiple time in to, cc, > bcc, it sends message to that email only once, but in my case, if i use > the same, my server or my user gets mails multiple times. You misunderstand the way MTA works. Google most likely removes duplicate receipients *prior* sending the mail. To conclude: 1) do not do that on MTA level. 2) spamdyke won't help you with this idea though. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke daily stats
nightduke wrote: > Anyone know a way to take statitics daily? > spam,graylisting,etc by parsing logs (which is easy). Also check list archive - some ppl posted their stats scripts already Regards, -- "Daddy, what does 'Formatting drive C:' mean?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] graylisting timeout problems
Hi, I use spamdyke 3 and got graylisting enabled. My expiration time of graylisting "token" is set to one week. However, despite continous mail exchange between two email addresses I still see graylisting to take place. What I used to believe was that once user A sent mail to B, then A's server retried once graylisted the "token" spamdyke created for that pair is valid for one week. But I also believed that on each new delivery from A to B this token is touch'ed, so my cron invoked clean up script would remove all tokens older than one week while "older than one week" means that there was no mails from A to B for a week, not "one week since graylisted". Anyone could please confirm my findings? If I am right, does spamdyke 4 fixes that issue? Regards, -- "Daddy, what does 'Formatting drive C:' mean?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] corrupt pdf/jpg files
Zekeria Oezdemir wrote on 2009-08-20 07:38: > some times when users send pdf/jpg files as attachment the pdf and jpg’s > are corrupt (with spamdyke 4.0.10) > at the moment only for users sending out emails, not incoming. I'd suspect recepients' machine to mess with the message. AFAIK spamdyke does not modify message body. Regards, -- "Daddy, what does 'Formatting drive C:' mean?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] corrupt pdf/jpg files
Zekeria Oezdemir wrote on 2009-08-20 07:38: > some times when users send pdf/jpg files as attachment the pdf and jpg’s > are corrupt (with spamdyke 4.0.10) > at the moment only for users sending out emails, not incoming. I'd suspect recepients' machine to mess with the message (their antivirus scanner etc). AFAIK spamdyke does not modify message body so it's hardly possible it could corrupt your data. Regards, -- "Daddy, what does 'Formatting drive C:' mean?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Configurable messages
Hi, I'd love to see a way to configure messages spamdyke emits, i.e.: 421 Refused. Your reverse DNS entry does not resolve. See: The reason is many of wannabe admins on other side got not clue about english (WTF?) and it even happened they quote such message asking for help even they got there in they native language. So I'd like to be able to tune these messages a bit file which in result would give me bi-lingual error messages w/o playing with sources as I do now. Regards, ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Configurable messages
David Mitchell wrote: > Pretty sure these options are what you're looking for: > > http://www.spamdyke.org/documentation/README.html#SMTP_ERROR Nice. I'm still use v3 here, but now I'm gonna upgrade my hosts. PS: sorry for not doing RTFM in the first place. PPS: SPF please, please, please :) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] make use of already positively graylisted senders
mrxxxmryyy wrote: Hi, > However if some...@someserver.com sends a message 2 hours later to > another user on my server, let's say us...@domain1myserver.com and > us...@domain2myserver.com, it is graylisted again and delivery is delayed. You missed the concept of GL I am afraid. The idea of graylist is to deny spam servers which usually do not retry graylisted message and message shall be from-to matched otherwise it would not make much sense. You are on the way to welcome mass spammers to your server faster than you expect by doing what you intend. > Is there an > config option in spamdyke to allow this? Just disable graylisting. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] make use of already positively graylisted senders
Hi, > As I understand the idea of graylisting: it is to deny FIRST attempt > of delivery. Then accept second attempt. What is important as far as > my idea is concerned: if the second attempt was successful and the > message was accepted, every next message from the address and the IP > to the recipient is accepted during the FIRST attempt unless validity > period for acceptance expired. > So, my idea was to accept emails not just for only one recipient but > to everyone IF there was succesful delivery in the past to one of > recipients on my server and the validity period hasn't expired. > This way we would avoid unnecessary and time wasting denials. You must be either hosting couple of user accounts only or you had never spent a second reading your servers' logs. Exampke below, just randomly-picked machine I have, todays log (and I see thousands of this shit daily; replaced target, legitimate domain with @x, but it does not really matter): Nov 14 08:48:01 from: t...@eudict.com to: carverwwymtjwb...@x origin_ip: 87.238.155.82 origin_rdns: (unknown) auth: (unknown) Nov 14 08:48:01 from: t...@eudict.com to: cichoc...@x origin_ip: 87.238.155.82 origin_rdns: (unknown) auth: (unknown) Nov 14 08:48:01 from: t...@eudict.com to: s...@x origin_ip: 87.238.155.82 origin_rdns: (unknown) auth: (unknown) Nov 14 08:48:01 from: t...@eudict.com to: account...@x origin_ip: 87.238.155.82 origin_rdns: (unknown) auth: (unknown) Nov 14 08:48:01 from: t...@eudict.com to: g...@x origin_ip: 87.238.155.82 origin_rdns: (unknown) auth: (unknown) Nov 14 08:48:09 from: catio...@flibus.com to: cichock...@x origin_ip: 87.238.155.82 origin_rdns: (unknown) auth: (unknown) Nov 14 08:48:09 from: catio...@flibus.com to: b6da4...@x origin_ip: 87.238.155.82 origin_rdns: (unknown) auth: (unknown) Nov 14 08:48:10 from: catio...@flibus.com to: df68a...@x origin_ip: 87.238.155.82 origin_rdns: (unknown) auth: (unknown) Nov 14 08:48:10 from: catio...@flibus.com to: j...@x origin_ip: 87.238.155.82 origin_rdns: (unknown) auth: (unknown) Nov 14 08:48:10 from: catio...@flibus.com to: rc...@x origin_ip: 87.238.155.82 origin_rdns: (unknown) auth: (unknown) Thanks to graylisting they are kicked away at doors. Now apply your graylisting to the above logs and see how it "works" :) Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] make use of already positively graylisted senders
> Nov 14 08:48:01 from: t...@eudict.com to: carverwwymtjwb...@x origin_ip: > 87.238.155.82 origin_rdns: (unknown) auth: (unknown) [...] > Thanks to graylisting they are kicked away at doors. Now apply > your graylisting to the above logs and see how it "works" :) Seems I chopped too much from quoted logs as each "entry" is listed once, so in fact it does not demonstrate much. Sorry. Anyway, while I still see no much benefit from what you want, you can always allow graylisting to be valid for longer time, even a week - shall suffice for business users and still could keep "doors" not opened to widely. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Fighting BCC spam
Hi, Apologies for partially off-topic thread, however not spamdyke but qmail/spam related. I recently noticed increased number of what I call "BCC Spam". It looks like From: is external, To: is local user (so mail is accepted) but there're also external BCC: recepipients. To my understanding (which aparently seems incorrect?) qmail should only bother BCC is From is local. But it does not and happily spends this spam out to BCC: targets. I did not investigate deeply yet, but as a quick solution I could probably play with qmail-inject.c to tweak qmail a bit but I do not like this approach right now, so I wonder if anyone else faced this issue already and manage to solve it? Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Fighting BCC spam
> This sounds me like like it's coming from a host that's infected with > malware. The From: address may be external, but what's the IP address of > the sender? > Also, is it coming from an authenticated user's account? By "From: is external" I meant sender's email address found in envelope, and I was refering to email address which is not hosted on our machines i.e. f...@bar.cx (and we do not host bar.cx). It also was not authenticated but as To: is our user then qmail accepted it (which is ok). The BCC handling however does not sound OK to me, hence my question. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Can we have him removed? -> Re: New version: spamdyke 4.1.0
On 5 Jul 2010 14:15:06 +0200, david.stil...@blackbit.de wrote: Could we have this guy removed until he learns how to properly configure his autoresponder? He will flood us to death before his Urlaub ends on 16th :) Thanks > Sehr geehrte Kundin! Sehr geehrter Kunde! > > Ich bin vom 05. Juli 2010 bis 16. Juli 2010 einschließlich im Urlaub. > > Bitte senden Sie Fehlermeldungen und Störungen an hi...@blackbit.de, dort > wird Ihre Anfrage einem Mitarbeiter zugewiesen. > > Mit freundlichen Grüßen, > > David Stiller > Technischer Support > > Neues von Blackbit: aktuelle Projekte und Wissenswertes aus > unserer Werbeagentur unter http://www.blackbit.de/tagebuch > > Blackbit neue Medien GmbH > Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen > > Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 > E-Mail: david.stil...@blackbit.de – Hotline: hi...@blackbit.de > > Amtsgericht Göttingen: HRB 3222 > USt-IdNr.: DE 813114917 > Geschäftsführer: Herr Stefano Viani > > > ___ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] UPGRADING_version_3_to_version _4.txt
Hi, In documentation/UPGRADING_version_3_to_version_4.txt file we read: If the "always-graylist-rdns-file" option is given, it should be changed to "graylist-exception-rdns-file". The value should remain the same. I believe this is incorrect recommendation as blindly followed puts these keywords on graylisting exception list, which is opposite to the what I intentended. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Some IP in RDNS not caught
Hi, I block IP in rdns connections but still can see: DENIED_GRAYLISTED [...] 66.215.215.234 origin_rdns: 66-215-215-234.dhcp.rvsd.ca.charter.com auth: (unknown) or DENIED_GRAYLISTED [...] origin_ip: 82.236.248.129 origin_rdns: hau59-2-82-236-248-129.fbx.proxad.net auth: (unknown) Anything I could do to make these being trapped? Spamdyke 4.1. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Filtering order when reject-identical-sender-recipient in use
Hi, I use reject-empty-rdns reject-unresolvable-rdns therefore I often see this in logs: DENIED_RDNS_MISSING from: fw...@foo.pl to: fw...@foo.pl but since I also use reject-identical-sender-recipient I'd rather expect DENIED_IDENTICAL_SENDER_RECIPIENT to appear in logs, as such filter definitely "costs" less than DNS queries. I tried to find filter chain described in the manual, but seems there's no such information. Sam, wouldn't be much better to have order reversed here? Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Some IP in RDNS not caught
On Mon, 20 Sep 2010 11:31:24 -0700, "Michael Colvin" wrote: > I would think putting an IP address in a "RDNS" list would be... Wrong, > since IP's are not in DNS..Well... I guess there are for PTR records, but > that's not what this file is looking for. It seems like it's my fault. I do block IP in rdns with certain TLDs only (via blacklist file) and .com was not on the list in that file, so that's why it passed. Sorry for false alert Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Filtering order when reject-identical-sender-recipient in use
On Mon, 20 Sep 2010 21:01:39 +0200, Marcin Orlowski wrote: > I'd rather expect DENIED_IDENTICAL_SENDER_RECIPIENT to appear > in logs, as such filter definitely "costs" less than > DNS queries. I tried to find filter chain described in the > manual, but seems there's no such information. Sam, wouldn't > be much better to have order reversed here? I now also spotted that when you enablie any BLs, these are also queried before reject-identical-sender-recipient is checked - so I second myself :) reject-identical-sender-recipient shall be evaluated prior performing any other blocking filters simply for faster processing Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Filtering order when reject-identica l-sender-recipient in use
On Mon, 20 Sep 2010 15:53:22 -0500, Sam Clippinger wrote: > The reject-identical-sender-recipient filter can't run until both the > sender and recipient have been given, which happens pretty late in the > SMTP conversation. Right, I somehow managed to forgot SMTP talk here :) > if they are triggered, which saves server resources (far more than > skipping a DNS query or a file search). If we talk about saving resources - any chance for sender/recipient regexp matching? I'd love to filter some crap I can catch with patterns before qmail and my machinery starts Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Filtering order when reject-identica l-sender-recipient in use
On Mon, 20 Sep 2010 15:53:22 -0500, Sam Clippinger wrote: > Pretty much, yes. > > The reject-identical-sender-recipient filter can't run until both the > sender and recipient have been given, which happens pretty late in the > SMTP conversation. RBLs and RDNS entries can be checked as soon as the > connection begins. Although the RBL and RDNS filters generate some > additional network traffic, spamdyke won't even start the qmail process > if they are triggered, which saves server resources (far more than > skipping a DNS query or a file search). After a thought -> this filter logs sender/receipient: spamdyke[31613]: DENIED_RBL_MATCH from: monu11021...@gmail.com to: monu11021...@gmail.com and it did not come out of nowhere. If it's here already for logging it can be used for reject-identical-sender-recipient first. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 4.2.0
On Mon, 07 Feb 2011 13:42:03 -0600 Sam Clippinger wrote: >> spamdyke version 4.2.0 is now available: >> http://www.spamdyke.org/ Thanks for you work Sam. PS: I could contribute Debian scripts to make .deb package out of the sources, if anyone interested Regards, -- "Daddy, what does 'Formatting drive C:' mean?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] No MX: bug, misunderstanding or DNS failure?
On Thu, 12 May 2011 14:22:21 +0100 Faris Raouf wrote: > really good reason why the actual domain in the From line in the envelope > would not have an MX record. MX is optional for the domain. If no IN MX is delegated mails are delivered to whatever is set in IN A for that domain (that also means that you may not delegate IN A if you got IN MX and no plans to use anything that mails for that domain). > Basically an email from some...@sending-domain.com to > u...@local-domain.com was DENIED_SENDER_NO_MX (sending IP's rDNS was > mail.sending-domain.com) > sending-domain.com DOES have an MX record but mail.sending-domain.com > does not. To me this may be a bug as from what you said, mail.sending-domain.com is just a messenger and it does need to even accept incoming mails, therefore lack of MX of mail.sending-domain.com is perfectly fine. Also, for the same reson, it would be wrong assumption that mail.sending-domain.com shall match one of MXes for sending-domain.com. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Whitelists...
On Mon, 13 Jun 2011 08:07:03 -0400 ron wrote: > Whats the consensus, good or bad idea to whitelist all email addresses > within your company in spamdykes whitelist_recipients? depends. But it will be bad idea if your server does not require smtp auth and got not reject-identical-sender-recipient set Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Filtering based on From/Mail From - how early I can do that?
Hi, I need to filter connection based on From (or MAIL FROM) content as early as I can, especially before any dns query is executed. Can I do that? I see logged DENIED_IP_IN_RDNS from: 0-on80256e85.003f9...@jeronimo-martins.pt to: xx origin_ip: 201.37.200.58 origin_rdns: c925c83a.virtua.com.br auth: (unknown) encryption: (none) so it seems I could? PS: online documentation is broken here: http://spamdyke.org/documentation/README.html#REJECTING_ADDRESSES Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] spamdyke sources
Hi, Sam, could you please consider making spamdyke sources more human readable :) by adding comments here and there? Recently it's like reading qmail sources - quite PITA if you ask me (luckily with less number of variables like i, k, f :). I needed to add new filter yesterday and I was swearing quite a lot at you :) It'd would help to have at some doc describing main logic blocks and data flow, or at least spamdyke.c smtp_filter() commented a bit (digging thru this big if/else/if/else block hurts). It'd also help to have some filter.c and related structs commented so I'd be more certain if my filter is not going to nuke something not obvious. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Long delay on connection (before SMTP prompt appear)
hi,
I got odd issue with one of my smtp box and I got some problems
finding the culprit out. The problem is that it takes
ages for smptd prompt to appear:
# telnet localhost 25
Trying 127.0.0.1...
[... wait, wait, wait ...]
Connected to localhost.
Escape character is '^]'.
220 Welcome to mail delivery server ESMTP
The wait time vary but is often 60+ secs, so MUA with default 60 secs
timeout complain.
All is started that way:
${TCPSERVER} -v -l ${HOSTNAME} -H -R -c 500 -u 1004 -g 1003 0 smtp
${SPAMDYKE} ${SMTPD} ${MYNAME} ${CHECKPASSSMTP} /bin/true 2>&1 | cat
/dev/null &
(Variables are fine), my name is `hostname` output and resolves both
ways. Sometimes (frequently enough to not ignore it) I also see
max number of instances of app invoked by tcpserver (usually
503) but at the same time the log does not indicate such
increase of traffic (usually there are 30-40). At the same time there's
said delay, launching ./qmail-smtp by hand shows no delay, so I suspect
tcpserver or spamdyke steps (or something they relay on). My first guess
was dns, but there's caching dns running locally plus I disabled
whatever I could to make tcpserver staying away from resolving anything.
Spamdyke config holds dns-level=none for the same purpose. Any ideas?
Regards,
--
"Daddy, what "Formatting drive C:" means?"...
Marcin http://wfmh.org.pl/carlos/
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Long delay on connection (before SMTP prompt appear)
On Fri, 02 Sep 2011 12:00:19 -0700, Eric Shubert wrote: > I'd suspect DNS as well. Did you double check your /etc/resolv.conf > file, and be sure that dns requests are handled locally? resolv.conf is just "nameserver 127.0.0.1" and pdns does its job. The trick is that I recall I installed pdns on that box locally after I started noticing this problem. But it also started to appear with new spam big spam wave. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Long delay on connection (before SMTP prompt appear)
On Fri, 2 Sep 2011 12:08:07 -0700, "Michael J. Colvin" wrote: > If it is *ALWAYS* the same amount of time, I'd look at the Greeting Delay > (OR whatever it's called) in SpamDyke, or something similar. No it varies. I can be even instant from time to time but in general there is a delay > If it varies, and increases during peak times, I'd suspect a resource > issue...Concurrent connections maxed out, SMTP connections maxed, etc... > If > you look at the MRTG graphs that are part of the QMT package, you can > usually easily see when you've got a connection limitation. The graph will > peak up and flatline, then drop down again. I do not use QMT, but I suspect that problem occurs before qmail and either tcpserver or spamdyke does something that triggers the issue. But I at the moment got empty head where to peek next. I even started checking all these /proc/sys/fs and /proc/sys/net values looking for something that may be too low. If anyone got idea or suggestion where to peek or what type of test I should execute to push this forward I am all ears and willing. Thanks for all the feedback guys. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Long delay on connection (before SMTP prompt appear)
On Fri, 2 Sep 2011 12:08:07 -0700, "Michael J. Colvin" wrote: > If it is *ALWAYS* the same amount of time, I'd look at the Greeting Delay > (OR whatever it's called) in SpamDyke, or something similar. No it varies. I can be even instant from time to time but in general there is a delay > If it varies, and increases during peak times, I'd suspect a resource > issue...Concurrent connections maxed out, SMTP connections maxed, etc... > If > you look at the MRTG graphs that are part of the QMT package, you can > usually easily see when you've got a connection limitation. The graph will > peak up and flatline, then drop down again. I do not use QMT, but I suspect that problem occurs before qmail and either tcpserver or spamdyke does something that triggers the issue. But I at the moment got empty head where to peek next. I even started checking all these /proc/sys/fs and /proc/sys/net values looking for something that may be too low. If anyone got idea or suggestion where to peek or what type of test I should execute to push this forward I am all ears and willing. Thanks for all the feedback guys. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Filtering based on From/Mail From - how early I can do that?
no, no. i mean i want to filter based on the content that shows up in quoted log entry as 'from' as quickly as it become available. i already got one running but i modified sender blacklist filter for this. from what i see dnsbl are queried earlier which would make sense as all you need is sender's ip, but i do not fully understand what is rbl logged entry 'from' content from (or whst data spamdyke got before it llaunch 1st filter it can)? and as it is there my question is - is it safe to put my filter as 1st, before rbl? in 97% spam i fight now can be blocked safely with my filter only, but i'd like to keep rbls. now i got them off. another question - there are 3 blocks of filter calls in spamdyke.c - why (it's simplier to as instead of reading thid big if/else serpent that leads to it :)? Sam Clippinger wrote: >At this time, the only way to change the order of the filters is to edit >spamdyke.c and move the function calls around. Look for calls to >filter_sender_blacklist() in smtp_filter(). Those lines will be clustered >near other calls to filter* functions and reordering them will change the >order the filters are run. > >-- Sam Clippinger > >On Sep 1, 2011, at 3:46 PM, Marcin Orlowski wrote: > >> Hi, >> >> I need to filter connection based on From (or MAIL FROM) content as >> early as I can, especially before any dns query is executed. Can I do >> that? I see logged >> >> DENIED_IP_IN_RDNS from: 0-on80256e85.003f9...@jeronimo-martins.pt to: >> xx origin_ip: 201.37.200.58 origin_rdns: c925c83a.virtua.com.br >> auth: (unknown) encryption: (none) >> >> so it seems I could? >> >> >> PS: online documentation is broken here: >> http://spamdyke.org/documentation/README.html#REJECTING_ADDRESSES >> >> Regards, >> -- >> "Daddy, what "Formatting drive C:" means?"... >> >> Marcin http://wfmh.org.pl/carlos/ >> ___ >> spamdyke-users mailing list >> spamdyke-users@spamdyke.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >___ >spamdyke-users mailing list >spamdyke-users@spamdyke.org >http://www.spamdyke.org/mailman/listinfo/spamdyke-users > ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke sources
Sam Clippinger wrote on 2011-09-03 01:08:
> I'll get right on that. :) Personally I find the code to be quite
> readable, except in a few places where the technical needs outweigh
> the human needs (e.g. configuration.c and dns.c) -- in those places
> you'll find comments. :) In general all my code is pretty bare of
> comments, because they increase the maintenance work (update the
> code, then update the comments)
Not really, because I do not mean
/* so long and detailed comments each
** line, that you get them out and
** publish in 20 volumes as they are
** that damn big, so anyone would be
** able to write code just based on
** that 'recipe' */
I rather mean one-liners in important parts like
// can we do this with that
if( )
{
[code]
// now we done so we set tell the callee what to do next
set_rejection()
}
else
{
// no, we cant. this usually means that..
..
}
also it helps to have commonly function documented a bit more
like, so we know what each argument means and why to use it properly.
Like said set_rejection()
This does not increase mainteace of the code nor eats more time
to produce the code.
Regards,
--
"Daddy, what "Formatting drive C:" means?"...
Marcin http://wfmh.org.pl/carlos/
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke sources
Dossy Shiobara wrote on 2011-09-03 15:42: > On one hand, I agree with Sam, for the most part, comments are a waste > of time and effort. Given a choice between NO comments vs. outdated > (now inaccurate) comments, I'd always, without hesitation, choose no > comments. There's no outdated comments when you add onliners around the code. moslty because you comment the logic not the code itself. If you remove portion of code, comments shall be removed too. if you change one line > I'd rather the code be written cleaner. I suspect there are at least 2 > distinct bugs in spamdyke.c:middleman(), but it's so difficult to read, So you want comments or not? :) This is code, not a poem. It may not be clear at first glance and this is sometimes the right thing (i.e. optimalisations etc). That's why you shall have comment that tells what it meant there which significantly helps because once you know what the outcome is you can follow author way of writting (which usually differs from yours). If you got no development experience even perfect code with comments will be of no help. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Filtering based on From/Mail From - how early I can do that?
Sam Clippinger wrote on 2011-09-07 02:14: > If you want spamdyke (version 4.2.0) to check the sender blacklist > before it does anything else, you can make that change thus: In > spamdyke.c, move the filter_sender_blacklist() command on line 1626 > above the filter_rdns_missing() command on line 1604. NOTE: this > will make an entry in your sender blacklist override all whitelists, > even IP and rDNS whitelists. That's fine for me. Pattern is so specific that I want 100% of these to be blocked by my filter with no exception. > Add the "config-dir" option to your configuration file, pointing to > an empty folder (explanation below). > If the "config-dir" option *is* given, spamdyke can't load its final > configuration until it knows the remote IP address, the rDNS name, > the sender address *and* the recipient address. After all, there's > no point in doing any filter work early because a file in a > configuration folder may turn off filters, which means the time will > have been wasted. In that case, no filter_* commands are called > until the block starting on line 1601, after the "RCPT TO" command is > given. Thanks. Figuring that out would take me some time I guess. What about adding this to the spamdyke.c or even README-DEV.txt? > I hope that helps. :) Yes, thanks! Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New install Blocking all outside email
Well, RTFL(ogs) is the right approach usually at first. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ Original Message From: Kevin Sent: Sun Dec 18 04:15:57 CET 2011 To: spamdyke-users@spamdyke.org Subject: [spamdyke-users] New install Blocking all outside email Hello SpamDyke Users, Ive just installed SpamDyke on a Plesk server. I an send email internally just find. All outside email is being blocked. Any suggestions? Thanks, Kevin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New install Blocking all outside email
Peter Palmreuther wrote on 2011-12-18 13:35: > This is kind of nonsense ... I'd also drop rblsmtpd and use spamdyke RBL features. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Detailed control on graylisting per receipient's email/domain
Hi, I think I'd like to have option to let my users disable graylisting. But since I'd like it to be per user therefore I'd like to be able to define graylist-exception-ip-file and graylist-exception-rdns-file (or -dir as that would be faster) per *receipient's email or domain*. Here's how I'd think it might be implemented. Say I host j...@domain.com. I'd like to be able to define that if mail comes from remote server (with IP A.B.C.D and rdns mail.reverse.com) and receipient is j...@domain.com, spamdyke would check if there's /domain.com/j...@domain.com/graylist-exception-ip-dir/A.B.C.D and if so, skip graylisting. If not such file it'd check /domain.com/j...@domain.com/graylist-exception-rdns-dir/ mail.reverse.com if exists - graylist is skipped. if not it now (depending on the settings as I believe some may not want such detailed configurability) would check /domain.com/graylist-exception-ip-dir/A.B.C.D and /domain.com/graylist-exception-rdns-dir/ if no match, global settings apply. It needs some thoughts on how fallback (email->account@domain->domain) should work assuming both white and black lists are used but that's quite obvious. Any thoughts? Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] normal to reject mail from facebook?
turgut kalfaoğlu wrote on 2012-01-04 22:03: > Hi.. I seem to have a loop with facebook, the header containing hundreds > of emails..Anyway, I spotted that they are being rejected when I > installed the new version.. is this normal?? > Jan 4 23:01:00 panel spamdyke[3047]: DENIED_RDNS_RESOLVE from: > rdar...@facebook.com to: cem.du...@totallojistik.com.tr origin_ip: > 69.171.244.64 origin_rdns: smtpout001.ash3.facebook.com auth: (unknown) > encryption: (none) reason: (empty) > > Isn't it odd to have facebook rejected? What about reading your logs again? DENIED_RDNS_RESOLVE $ host smtpout001.ash3.facebook.com Host smtpout001.ash3.facebook.com not found: 3(NXDOMAIN) what's so surprising then? Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] ip-blacklist not matching
Angus McIntyre wrote on 2012-01-12 14:25: > I may end up blocking an entire /24, simply because it seems that they > have most of the IPs in it, and no legitimate traffic that I can see ever > comes from there. If so, cut it off on your firewall instead. Why bother spamdyke with it. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Is there a way to control the sender DOMAIN against the Auth DOMAIN ?
Sam Clippinger wrote on 2012-07-09 16:37: > At this point, spamdyke will not check the authenticated username > against the MAIL FROM address. This was one of the suggestions Mark > Frater made in the recent "Spamdyke and Postfix" thread -- it's an > interesting idea that I'm looking into. Please note it may be quite valid to auth with @domain1 and send from @domain2 (i.e. when you got many domains attached to web server), so it would really be useful to be able to call own script/app to do the test. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DNS resolver and cache
BC wrote on 2012-07-16 20:34: Hi, > Any good reason to NOT use djbdns, then? I'm not opposed to switching > if there is a GOOD reason to switch. > I run a tiny mail server with essentially one customer - me. I use pdns myself, but that's because it came from upstream, nicely packaged and it took literaly a few minutes to setup and fire. If you got that djbdns' bug patched: http://article.gmane.org/gmane.network.djbdns/13864 then probably sticking to what you got won't make any harm. It's so called "don't fix it untill it's broken" rule :) Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] mx = 0 or mx = 127.0.0.1
Bruce Schreiber wrote on 2012-08-21 16:37: > Is there a way to block domains that have mx records of either 0 or > 127.0.0.1. Both entries can be found in DNS and give us a headache. > Look at yahool.com yaho.com version.net as problem domains. Heh, that's clever :) I do not see any option for that, yet adding to the code should be quite easy. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DDOS Help
J.R. Lillard wrote on 2012-09-02 00:30: > Iptables was my first thought but half a million ips seemed like too > much for it. How many rules have you had with your script? IPs are part of classes. If you i.e. got no legit users from certain class, nor your logs do not show any legit mails comming from certain class, ban whole class C and even B and further when needed. Let users know you are fighting DDOS, so they will be aware of some sacrifices. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Sender domain matching recipient domain
Lutz Petersen wrote on 2012-09-06 19:28: > >> There is already a way to block identical sender and recipients with >> spamdyke. I think it would also be fine to have this for the domain part: >> Deny if from: x...@domain.tld to: a...@domain.tld > > Be careful with all these. We ran into trouble because customer mails > became blocked. Those where mails from external employees that send out > their mail elsewhere (with ..@customer.tld). And there where a lot of > similar cases so that we had to disable those rules. Well, it shouldn't be a problem, because if they should not mails from @customer.tld via 3rd party server in the 1st place. And if they send via your server then they have to do SMTP AUTH first. If they do not auth, then kick them anyway. AUTH should be mandatory in their own interest. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Sender domain matching recipient domain
Lutz Petersen wrote on 2012-09-06 21:16: > >>> Be careful with all these. We ran into trouble because customer mails >>> became blocked. Those where mails from external employees that send out >>> their mail elsewhere (with ..@customer.tld). And there where a lot of >>> similar cases so that we had to disable those rules. >> >> Well, it shouldn't be a problem, because if they should not mails from >> @customer.tld >> via 3rd party server in the 1st place. > > One has to realize reality: Customer Employee one day sits in Japan, > a lot of ISPs there seems to block connections to external servers > (good at the one hand, bad sometimes in the other). Then he goes > anywhere to china or whatever, and so on. It's definitely not so > easy. So you are trying to say it's ok if your customers use random **SMTP servers outside** as relays and you allow such mails in? Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Sender domain matching recipient domain
Lutz Petersen wrote on 2012-09-06 21:45: > >> So you are trying to say it's ok if your customers use random **SMTP servers >> outside** as relays and you allow such mails in? > > What I first noticed was a simple warning if using this feature > there can be circumstances that gives trouble. Not more, not less. > Anyone decide for himself which option makes sense for him or not. I still not get what you are talking here. If you set spamdyke to reject mail with same sender and receipient domain and your users do auth prior sending then they will bypass this filter while forged mails would be dropped. No problems at all. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Sender domain matching recipient domain
Lutz Petersen wrote on 2012-09-06 22:11: >> I still not get what you are talking here. If you set spamdyke to reject >> mail with same sender and receipient domain and your users do auth >> prior sending then they will bypass this filter while forged mails >> would be dropped. No problems at all. > > Such only would work if you have a single mailserver (both for receiving > external and for serving customers with auth). Beware that there are > installations with a little bit more mailtraffic, those have different > servers for receiving smtp from external, for serving clients, for > outsending to external destinations and so on. We don't have all > customers on our own mail-servers, in a lot of cases these are only > the mx servers for customer-smtp-servers, or secondary mx servers. Still, both machines are in if not the same subnet then at least in known subnet. Excluding them from this test is still less problematic than allowing anyone to relay in name of your customers. But, well, "your circus, your monkeys", so do as you want :) Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Header filter does not seem to work
Hi, I got such entries in spamdyke.conf (spamdyke 4.3.1): header-blacklist-file=/etc/spamdyke4/header-blacklist-file.conf the content of that file is: Return-Path:*@yahoo.nl* Still, this message slipped by (I stripped From/To/Delivered-To/Received headers): Return-Path: Date: Thu, 22 Nov 2012 14:36:25 +1000 X-Mailer: The Bat! (v3.5.25) Home X-Priority: 3 (Normal) Message-ID: <2724819959.ge0jqmhc028...@pmzcmvybwzrnvv.lzkcaluzbfqlslh.ru> Subject: Brakuje Ci pieniedzy? Proponujemy proste rozwiazanie - dodatkowa praca. MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Flag: YES X-Spam-Level: ** X-Spam-Status: Yes, score=6.7 required=5.0 tests=BAYES_50,HTML_30_40, HTML_MESSAGE,HTML_TITLE_EMPTY,MIME_HTML_ONLY,NEO_PRACA004,NO_REAL_NAME Ideas? Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Blocking mails with headers containing multiple addresses in From:
Hi, I'd like to block any message which headers contain more than one entry in From: Is it doable in spamdyke and if so how the rule should look like? The trick is that I cannot simply match "," or I will kill innocents like From: "Foo, Joe" Any ideas? Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Blocking mails with headers containing multiple addresses in From:
Lutz Petersen wrote on 2012-12-08 19:23: >> From: "Foo, Joe" > There seems nothing illegal with this. Why should one block those standard > EMail Header ? , another one... My question was (and still is) "how", not "should I" type of. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Blocking mails with headers containing multiple addresses in From:
Sam Clippinger wrote on 2012-12-08 22:47: > Can you give an example of what you're trying to block? I've never seen a > From line with more than one address, so I'm not sure how they're formatted. > Or do these messages > have multiple From lines? Received: from [196.152.65.182] (account brinejmc...@yahoo.nl HELO sgjuwegcsswcgbc.kbwfi.ru) by 83-238-167-218.ip.netia.com.pl (CommuniGate Pro SMTP 5.2.3) with ESMTPA id 875849094 for x...@x.com; Thu, 6 Dec 2012 11:48:19 +0100 Date: Thu, 6 Dec 2012 11:48:19 +0100 From: , , X-Mailer: The Bat! (v2.00) Educational X-Priority: 3 (Normal) Message-ID: <1200859955.hhplq7fz558...@czsbaujfm.bucugyq.ua> To: , , Subject: Zapraszamy do podjecia w wolnym czasie dodatkowej pracy z wynagrodzeniem 95 EUR za 1 godzine. MIME-Version: 1.0 Content-Type: text/html; charset=iso-8859-1 I replaced real domain with x. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Header filter does not seem to work
Sam Clippinger wrote on 2012-11-24 23:28: > You can't use spamdyke's header filter to check Return-Path because that > header isn't in incoming messages; it gets added by qmail-local as the > message is written to disk. In > other words, spamdyke never sees Return-Path, so it's filter will never > trigger. Yep, you're right. Please correct me, but is it build based on MAIL FROM? If so, can I somehow ban certain MAIL FROM's? Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Blocking mails with headers containing multiple addresses in From:
Angus McIntyre wrote on 2012-12-09 02:54: > In the example given, the addresses in the 'From' line matched the > addresses in the 'To' line. In this case it matches, but in others it do not, so it's rather coincidence not a pattern Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Blocking mails with headers containing multiple addresses in From:
Peter Palmreuther wrote on 2012-12-09 17:18: > If the MUA is working correctly it should behave like this (or similar), > because as stated it's perfectly legal to have multiple addresses in "From:" > (albeit you're only allowed > to have one "From:" header). I guess as always, this is a case of balancing > anti-spam mechanism vs. not killing perfectly legal messages; Only having > multiple addresses in > "From:" in the end is not a clear sign of "this is a spam message" :-/ Quoting RFC is pointless. I do know it's valid, but I want to ban such mails w/o exception. Never seen a single mail using it, beside spam, so I do not care RFC in this case. Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] header filter not working
Hi, I got header filter with entries: Subject: Czy dysponujesz dwoma wolnymi godzinami w tygodniu? Oto jak zarobc 185 EUR w tym czasie.* From:*>,*<* but despite of two potentially matching rules this spam passed by. Any ideas why? Return-Path: X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on n01. X-Spam-Report: * 0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * [213.195.165.242 listed in zen.spamhaus.org] * 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT * [213.195.165.242 listed in bb.barracudacentral.org] * 1.7 URIBL_DBL_SPAM Contains an URL listed in the DBL blocklist * [URIs: infopraca-pl.com] * 0.0 FSL_HELO_NON_FQDN_1 FSL_HELO_NON_FQDN_1 * 0.7 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags * 0.0 HTML_MESSAGE BODY: HTML included in message * 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 1.8 URIBL_BLACK Contains an URL listed in the URIBL blacklist * [URIs: infopraca-pl.com] * 0.1 MISSING_MID Missing Message-Id: header * 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS * 1.0 HELO_NO_DOMAIN Relay reports its domain incorrectly Received: (qmail 14001 invoked from network); 28 Dec 2012 06:38:07 - Received: from unknown (HELO netiaspot) (213.195.165.242) by n01 with SMTP; 28 Dec 2012 06:38:07 - Date: Fri, 28 Dec 2012 07:49:04 +0100 From: , To: , Subject: Czy dysponujesz dwoma wolnymi godzinami w tygodniu? Oto jak zarobc 185 EUR w tym czasie. X-Mailer: ldnijbebax MIME-Version: 1.0 Content-Type: text/html; charset=unicode Content-Transfer-Encoding: 7bit Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] header-blacklist-file does not work
Hi, I got: header-blacklist-file=/etc/spamdyke4/header-blacklist-file.conf which looks like this: Subject: Zapraszamy do podjecia w wolnym czasie dodatkowej* Subject: *Proponujemy proste rozwiazanie*dodatkowa praca* Subject: Poszukujemy w Twoim regionie pomocnikow do dobrze oplacanej pracy.* Subject: Poszukujemy zdalnych pracownikow do pracy na akord z wynagrodzeniem 95 EUR za 1 godzine.* Subject: Zapraszamy do podjecia w wolnym czasie dodatkowej pracy z wynagrodzeniem 95 EUR za 1 godzine.* Subject: Czy dysponujesz dwoma wolnymi godzinami w tygodniu? Oto jak zarobc 185 EUR w tym czasie.* Subject: Zarob 200-400 EUR za dwie godziny pracy juz w nastepnym tygodniu* Subject: Międzynarodową konferencja, Ukraina, Lwów,* Subject: Kod Zawiadomienie Error * From:*>,*<* and still, crap like this sneaks in even it should be caught by two entries: Return-Path: Received: (qmail 5550 invoked from network); 2 Feb 2013 15:23:53 - Received: from unknown (HELO netiaspot) (213.195.157.96) by n01 with SMTP; 2 Feb 2013 15:23:53 - Received: from [166.23.23.186] (helo=udhuit.qcoqnktc.com) by netiaspot with esmtpa (Exim 4.69) (envelope-from ) id 1MM8IB-9358id-VM for ad...@d2m.pl; Sat, 2 Feb 2013 16:23:52 +0100 Date: Sat, 2 Feb 2013 16:23:52 +0100 From: , , , X-Mailer: The Bat! (v2.00.3) Educational X-Priority: 3 (Normal) Message-ID: <3182570264.3l7096ir068...@ujwih.fhabbbryh.su> To: , , , Subject: Zapraszamy do podjecia w wolnym czasie dodatkowej pracy z wynagrodzeniem 95 EUR za 1 godzine. MIME-Version: 1.0 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Any ideas? Regards, -- "Daddy, what "Formatting drive C:" means?"... Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Blocking sending if FROM: != SMTP AUTH userId
Hi, Is there a way to reject mails if authenticated user id (which is email address in my case) mismatch what is set in From: of the mail user tries to send? If not, would it be possible to add such feature? Regards, -- "Warning: Dates in Calendar are closer than they appear." Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Blocking sending if FROM: != SMTP AUTH userId
Marcin Orlowski via spamdyke-users wrote on 19.01.2017 21:32: > Hi, > > Is there a way to reject mails if authenticated user id (which is email > address in my case) mismatch what is set in From: of the mail user tries > to send? If not, would it be possible to add such feature? Forget it. I did RTFM again and found reject-sender = authentication-mismatch :) Regards, -- "Warning: Dates in Calendar are closer than they appear." Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Block senders based on username
mohaa via spamdyke-users wrote on 15.10.2017 22:02: > ist is possible to block senders based on the unsername in their sender > address? > Like block all sales@ RTFM? :) https://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS + https://www.spamdyke.org/documentation/README.html#HEADERS Regards, -- "Warning: Dates in Calendar are closer than they appear." Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Block senders based on username
Marcin Orlowski wrote on 15.10.2017 22:13: > ist is possible to block senders based on the unsername in their sender > address? > > Like block all sales@ Sure. look for "sender-blacklist" here: https://www.spamdyke.org/documentation/README.html Regards, -- "Warning: Dates in Calendar are closer than they appear." Marcin http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org https://spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Blocking variations on a "From: " field
Philip Rhoades via spamdyke-users wrote on 28.09.2020 06:34: > People, > > I have tried a few different options but mails like these are still getting > through: > > From: "Mark Milton" > > I want to block all email addresses that start with "mmilton01" - I presume > it is possible but I haven't had any success so far . . You need to block by header contents as it offers more wildcards: https://www.spamdyke.org/documentation/README.html#HEADERS From:*http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org https://spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Blocking variations on a "From: " field
Philip Rhoades via spamdyke-users wrote on 28.09.2020 17:41: > or probably: > From:.*http://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org https://spamdyke.org/mailman/listinfo/spamdyke-users
