Re: [spamdyke-users] DNSRBL question
Check maillog and see if spamdyke it's working. Here's an example, i hope it helps you. May 4 14:44:16 v1ps spamdyke[19462]: INFO: querying 212.84.112.59.in-addr.arpa with DNS server 206.212.246.2:53 (attempt 1) May 4 14:44:16 vps spamdyke[19463]: INFO: querying 212.84.112.59.in-addr.arpa with DNS server 206.212.246.2:53 (attempt 1) May 4 14:44:16 v1ps spamdyke[19462]: INFO: received DNS packet: 131 bytes May 4 14:44:16 v1ps spamdyke[19462]: INFO: received DNS response: PTR May 4 14:44:16 v1ps spamdyke[19462]: INFO: found PTR record for 212.84.112.59.in-addr.arpa: 59-112-84-212.dynamic.hinet.net May 4 14:44:16 v1ps spamdyke[19463]: INFO: received DNS packet: 131 bytes May 4 14:44:16 v1ps spamdyke[19463]: INFO: received DNS response: PTR May 4 14:44:16 v1ps spamdyke[19463]: INFO: found PTR record for 212.84.112.59.in-addr.arpa: 59-112-84-212.dynamic.hinet.net May 4 14:44:17 v1ps spamdyke[19462]: INFO: querying 212.84.112.59.zen.spamhaus.org with DNS server 206.212.246.2:53 (attempt 1) May 4 14:44:17 v1ps spamdyke[19463]: INFO: querying 212.84.112.59.zen.spamhaus.org with DNS server 206.212.246.2:53 (attempt 1) May 4 14:44:17 v1ps spamdyke[19462]: INFO: received DNS packet: 403 bytes May 4 14:44:17 v1ps spamdyke[19462]: INFO: received DNS response: A May 4 14:44:17 v1ps spamdyke[19463]: INFO: received DNS packet: 403 bytes May 4 14:44:17 v1ps spamdyke[19462]: INFO: found A record for 212.84.112.59.zen.spamhaus.org: 127.0.0.11 May 4 14:44:17 v1ps spamdyke[19463]: INFO: received DNS response: A May 4 14:44:17 v1ps spamdyke[19463]: INFO: found A record for 212.84.112.59.zen.spamhaus.org: 127.0.0.11 May 4 14:44:26 v1ps spamdyke[19462]: DENIED_RBL_MATCH from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 59.112.84.212origin_rdns: 59-112-84-212.dynamic.hinet.net auth: (unknown) May 4 14:44:26 v1ps spamdyke[19463]: DENIED_RBL_MATCH from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 59.112.84.212origin_rdns: 59-112-84-212.dynamic.hinet.net auth: (unknown) 2008/5/3 Eric Shubert [EMAIL PROTECTED]: The old RBLSMTPD is doing the lookup before passing it on to spamdyke, so spamdyke is never receiving it. You need to remove $RBLSMTPD $BLACLISTS to disable the toaster's stock blacklist processing. You didn't use qtp-install-spamdyke, did you? It would have modified your run file to look like this: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE=/usr/local/bin/spamdyke SPAMDYKE_CONF=/etc/spamdyke/spamdyke.conf SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 2000 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 21 I think that's a little cleaner than burying spamdyke in $SMTPD as you have done. If you use the above run script, be sure to change /etc/spamdyke to /etc/mail, or move your spamdyke.conf file appropriately. slamp slamp wrote: I have a question. I have the line below in my config. check-dnsrbl=zen.spamhaus.org So spamdyke should check if the sender is listed correct? and it should never need to pass the traffic to qmail? My observation so far seems that spamdyke is not doing this and my qmail install (qmailtoaster) is still doing the dns rbl checking. My qmail smtp log says this: 2008-05-03 10:27:50.146011500 rblsmtpd: 201.12.53.18 pid 27047: 451 http://www.spamhaus.org/query/bl?ip=201.12.53.18 And nothing in the corresponding spamdyke maillog. log-level=2 smtp run file. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/usr/bin/spamdyke -f /etc/mail/spamdyke.conf /var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 2000 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 21 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DNSRBL question
Eric Shubert wrote: However, assuming that rblsmtpd and spamdyke are equally efficient at processing RBLs (which is not necessarily a good assumption), letting spamdyke do the rbl processing would be (slightly) more efficient, as there would be one less process and pipe to pass the data through. Not to mention logging/stats. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DNSRBL question
On Sun, May 04, 2008 at 10:01:45AM -0700, Eric Shubert wrote: I suppose you could continue to use rblsmtpd/blacklists, and simply not specify any check-dnsrbl parameters in spamdyke. I haven't tried it, but in theory it should work. The end result would be the same either way. It does work. I'm running this way for two reasons: 1) with rblsmtpd, rejections are temporary by default, giving me a chance to whitelist an IP before the message bounces (I'm doing this on a low-traffic server). 2) rblsmtpd honours the RBLSMTPD environment variable, which allows me to send meaningful permanent rejection messages to selected clients. It's also possible to place rblsmtpd first in the delivery chain (before spamdyke), but not specify any DNSRBLs on its command line; in this case, you get 2) without 1) and can use spamdyke for RBL lookups. Andras Ps. let's save electrons and refrain from quoting at least the list footer. :) -- Andras Korn korn at chardonnay.math.bme.hu http://chardonnay.math.bme.hu/~korn/ QOTD: Michael! Are you sure you want a Turbo Boost? (Y/N) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DNSRBL question
rblsmtpd isn't any more (or less) efficient at checking DNS RBLs than spamdyke but there are several reasons not to use both. First, in terms of efficiency, spamdyke will check other (faster) filters before it performs the DNS RBL checks. If the connection is going to be rejected for some other reason (e.g. missing rDNS), spamdyke will skip the DNS RBL checks entirely. This can save some processing time on your server (which can be significant for high-traffic servers). Second and more importantly, rblsmtpd doesn't understand SMTP AUTH -- it will reject any connection, whether it is authenticated or not. spamdyke allows authenticated connections to bypass all of its filters. -- Sam Clippinger slamp slamp wrote: no i didnt qtp. i wanted to make the manual changes so i know what files are getting changed instead of qtp doing it. thanks for shedding the light this. now is there a downside to using the old rblsmtpd compare to spamdyke? wouldn't it lessen the work for spamdyke since the soul purpose of rblsmtpd is to do just that, check for dns rbls. On Sat, May 3, 2008 at 10:49 AM, Eric Shubert [EMAIL PROTECTED] wrote: The old RBLSMTPD is doing the lookup before passing it on to spamdyke, so spamdyke is never receiving it. You need to remove $RBLSMTPD $BLACLISTS to disable the toaster's stock blacklist processing. You didn't use qtp-install-spamdyke, did you? It would have modified your run file to look like this: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE=/usr/local/bin/spamdyke SPAMDYKE_CONF=/etc/spamdyke/spamdyke.conf SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 2000 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 21 I think that's a little cleaner than burying spamdyke in $SMTPD as you have done. If you use the above run script, be sure to change /etc/spamdyke to /etc/mail, or move your spamdyke.conf file appropriately. slamp slamp wrote: I have a question. I have the line below in my config. check-dnsrbl=zen.spamhaus.org So spamdyke should check if the sender is listed correct? and it should never need to pass the traffic to qmail? My observation so far seems that spamdyke is not doing this and my qmail install (qmailtoaster) is still doing the dns rbl checking. My qmail smtp log says this: 2008-05-03 10:27:50.146011500 rblsmtpd: 201.12.53.18 pid 27047: 451 http://www.spamhaus.org/query/bl?ip=201.12.53.18 And nothing in the corresponding spamdyke maillog. log-level=2 smtp run file. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/usr/bin/spamdyke -f /etc/mail/spamdyke.conf /var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 2000 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 21 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] DNSRBL question
I have a question. I have the line below in my config. check-dnsrbl=zen.spamhaus.org So spamdyke should check if the sender is listed correct? and it should never need to pass the traffic to qmail? My observation so far seems that spamdyke is not doing this and my qmail install (qmailtoaster) is still doing the dns rbl checking. My qmail smtp log says this: 2008-05-03 10:27:50.146011500 rblsmtpd: 201.12.53.18 pid 27047: 451 http://www.spamhaus.org/query/bl?ip=201.12.53.18 And nothing in the corresponding spamdyke maillog. log-level=2 smtp run file. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/usr/bin/spamdyke -f /etc/mail/spamdyke.conf /var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 2000 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 21 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DNSRBL question
The old RBLSMTPD is doing the lookup before passing it on to spamdyke, so spamdyke is never receiving it. You need to remove $RBLSMTPD $BLACLISTS to disable the toaster's stock blacklist processing. You didn't use qtp-install-spamdyke, did you? It would have modified your run file to look like this: #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE=/usr/local/bin/spamdyke SPAMDYKE_CONF=/etc/spamdyke/spamdyke.conf SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 2000 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 21 I think that's a little cleaner than burying spamdyke in $SMTPD as you have done. If you use the above run script, be sure to change /etc/spamdyke to /etc/mail, or move your spamdyke.conf file appropriately. slamp slamp wrote: I have a question. I have the line below in my config. check-dnsrbl=zen.spamhaus.org So spamdyke should check if the sender is listed correct? and it should never need to pass the traffic to qmail? My observation so far seems that spamdyke is not doing this and my qmail install (qmailtoaster) is still doing the dns rbl checking. My qmail smtp log says this: 2008-05-03 10:27:50.146011500 rblsmtpd: 201.12.53.18 pid 27047: 451 http://www.spamhaus.org/query/bl?ip=201.12.53.18 And nothing in the corresponding spamdyke maillog. log-level=2 smtp run file. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/usr/bin/spamdyke -f /etc/mail/spamdyke.conf /var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 2000 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 21 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users