subject:"Re\: \[spamdyke\-users\] spamdyke configuration finetuneing"

Re: [spamdyke-users] spamdyke configuration finetuneing

2010-02-16 Thread Ulrich C. Manns

We are working on a comercial solution.

I will post it here if there are any available downloads.

Regards,

Ulrich

msp informations
technologie UG (haftungsbeschränkt)
--.--..-.-.-..-.--.--.-..-.-.--..--.--.-
Adresse  Im Hofacker 21
 D-79194 Gundelfingen
Telefon  0761 / 456 26 23 –0
Telefax  0761 / 456 26 23 –99
Mobil0151 / 174 33 239
ICQ  21358399
E-Mail   ulrich.ma...@msp-it.de
Internet http://www.msp-it.de/
Geschäftsführer  Ulrich C. Manns
Eingetragen beim Amtsgericht Freiburg
 HRB 704165
USt-ID-Nr.   DE266213113

Am 16.02.2010 um 08:55 schrieb nightduke:

> Ok thanks, but i don't have plesk.
> Can i use scp in other way?
> 
> Thanks
> 
> 2010/2/16 Ulrich C. Manns 
> This is SCP (Spamdyke Control Panel) made by Haggybear (www.haggybear.de) for 
> Plesk and MySQL.
> 
> Regards,
> 
> Ulrich
> 
> msp informations
> technologie UG (haftungsbeschränkt)
> --.--..-.-.-..-.--.--.-..-.-.--..--.--.-
> Adresse  Im Hofacker 21
>  D-79194 Gundelfingen
> Telefon  0761 / 456 26 23 –0
> Telefax  0761 / 456 26 23 –99
> Mobil0151 / 174 33 239
> ICQ  21358399
> E-Mail   ulrich.ma...@msp-it.de
> Internet http://www.msp-it.de/
> Geschäftsführer  Ulrich C. Manns
> Eingetragen beim Amtsgericht Freiburg
>  HRB 704165
> USt-ID-Nr.   DE266213113
> 
> Am 15.02.2010 um 22:15 schrieb nightduke:
> 
>> Hi i would like to know how can i have statistics of graylisting of 
>> spamdyke?which software you use for the stats?
>> 
>> Thanks
>> 
>> Nightduke
>> 
>> 2009/12/14 Ulrich C. Manns 
>> With .net in the ip-in-rdns-keyword-blacklist-file the .net hosts will 
>> _also_ checked if an ip address is in its rdns name. All other domains will 
>> be tested if you enter reject-ip-in-cc-rdns in you spamdyke.conf.
>> 
>> I used both and these tests will reject about 42%.
>> 
>> Regards,
>> Ulrich
>> 
>> 
>> 
>> msp informations
>> technologie UG (haftungsbeschränkt)
>> --.--..-.-.-..-.--.--.-..-.-.--..--.--.-
>> Adresse  Im Hofacker 21
>>  D-79194 Gundelfingen
>> Telefon  0761 / 456 26 23 –0
>> Telefax  0761 / 456 26 23 –99
>> Mobil0151 / 174 33 239
>> ICQ  21358399
>> E-Mail   ulrich.ma...@msp-it.de
>> Internet http://www.msp-it.de/
>> Geschäftsführer  Ulrich C. Manns
>> Eingetragen beim Amtsgericht Freiburg
>>  HRB 704165
>> USt-ID-Nr.   DE266213113
>> 
>> Am 14.12.2009 um 09:55 schrieb nicole thomson:
>> 
>>> thanks Eduard Švarc
>>> 
>>> Same query as david stiller raised, .com, .net are valid domain right?
>>> 
>>> also  
>>> 
>>> 
>>> @40004b25fa572bd181a4 CHKUSER accepted rcpt: from  
>>> remote  rcpt 
>>>  : found existing recipient
>>> @40004b25fa572bd2316c spamdyke[27021]: ALLOWED from: fx...@bmelaw.com 
>>> to: validdomainu...@mydomain.com origin_ip: 94.179.29.242 origin_rdns: 
>>> 242-29-179-94.pool.ukrtel.net auth: (unknown)
>>> 
>>> 
>>> 
>>> the above ip is listed in rbl , 
>>> 
>>> IP Address Lookup
>>> 
>>> 94.179.29.242 is not listed in the SBL
>>> 94.179.29.242 is listed in the PBL, in the following records:
>>> PBL239543
>>> 94.179.29.242 is not listed in the XBL
>>> 
>>> 
>>> 
>>> 
>>> 
>>> this doesnt look like false positive
>>> 
>>> From: Eduard Svarc 
>>> To: spamdyke users 
>>> Sent: Mon, December 14, 2009 12:48:07 PM
>>> Subject: Re: [spamdyke-users] spamdyke configuration finetuneing
>>> 
>>> 
>>> Hello, 
>>> 
>>> I see you have two things out. 1st you using RBLS, that could give you a 
>>> lot positive false spam. 2nd you completely have commented out best thing 
>>> in SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots and spams comming 
>>> from Internet zombies. Here are my advices: 
>>> 
>>> 1 - comment out dns-blacklist-entry=zen.spamhaus.org 
>>> 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, 
>>> reject-missing-sender-mx and reject-unresolvable-rdns 
>>> 3- into /etc/spamdyke/bla

Re: [spamdyke-users] spamdyke configuration finetuneing

2010-02-16 Thread nightduke

Ok thanks, but i don't have plesk.
Can i use scp in other way?

Thanks

2010/2/16 Ulrich C. Manns 

> This is SCP (Spamdyke Control Panel) made by Haggybear (www.haggybear.de)
> for Plesk and MySQL.
>
> Regards,
>
> Ulrich
>
> msp informations
> technologie UG (haftungsbeschränkt)
> --.--..-.-.-..-.--.--.-..-.-.--..--.--.-
> Adresse  Im Hofacker 21
>  D-79194 Gundelfingen
> Telefon  0761 / 456 26 23 –0
> Telefax  0761 / 456 26 23 –99
> Mobil0151 / 174 33 239
> ICQ  21358399
> E-Mail   ulrich.ma...@msp-it.de
> Internet http://www.msp-it.de/
> Geschäftsführer  Ulrich C. Manns
> Eingetragen beim Amtsgericht Freiburg
>  HRB 704165
> USt-ID-Nr.   DE266213113
>
> Am 15.02.2010 um 22:15 schrieb nightduke:
>
> Hi i would like to know how can i have statistics of graylisting of
> spamdyke?which software you use for the stats?
>
> Thanks
>
> Nightduke
>
> 2009/12/14 Ulrich C. Manns 
>
>> With *.net* in the *ip-in-rdns-keyword-blacklist-file* the .net hosts
>> will _also_ checked if an ip address is in its rdns name. All other domains
>> will be tested if you enter *reject-ip-in-cc-rdns* in you *spamdyke.conf*
>> .
>>
>> I used both and these tests will reject about 42%.
>>
>> Regards,
>> Ulrich
>>
>> 
>>
>>  msp informations
>> technologie UG (haftungsbeschränkt)
>> --.--..-.-.-..-.--.--.-..-.-.--..--.--.-
>> Adresse  Im Hofacker 21
>>  D-79194 Gundelfingen
>> Telefon  0761 / 456 26 23 –0
>> Telefax  0761 / 456 26 23 –99
>> Mobil0151 / 174 33 239
>> ICQ  21358399
>> E-Mail   ulrich.ma...@msp-it.de
>> Internet http://www.msp-it.de/
>> Geschäftsführer  Ulrich C. Manns
>> Eingetragen beim Amtsgericht Freiburg
>>  HRB 704165
>> USt-ID-Nr.   DE266213113
>>
>> Am 14.12.2009 um 09:55 schrieb nicole thomson:
>>
>> thanks Eduard Švarc
>>
>> Same query as david stiller raised, .com, .net are valid domain right?
>>
>> also
>>
>>
>> @40004b25fa572bd181a4 CHKUSER accepted rcpt: from 
>> remote  rcpt <
>> validdomainu...@mydomain.com> : found existing recipient
>> @40004b25fa572bd2316c spamdyke[27021]: ALLOWED from: fx...@bmelaw.com
>>  to: validdomainu...@mydomain.com origin_ip: 94.179.29.242 origin_rdns:
>> 242-29-179-94.pool.ukrtel.net auth: (unknown)
>>
>>
>>
>> the above ip is listed in rbl ,
>>
>> IP Address Lookup
>>
>> *94.179.29.242 is not listed in the SBL*
>> *94.179.29.242 is listed in the PBL*, in the following records:
>>
>>- PBL239543 <http://www.spamhaus.org/pbl/query/PBL239543>
>>
>> *94.179.29.242 is not listed in the XBL*
>> *
>> *
>> *
>> *
>>
>> this doesnt look like false positive
>>
>> --
>> *From:* Eduard Svarc 
>> *To:* spamdyke users 
>> *Sent:* Mon, December 14, 2009 12:48:07 PM
>> *Subject:* Re: [spamdyke-users] spamdyke configuration finetuneing
>>
>>
>> Hello,
>>
>> I see you have two things out. 1st you using RBLS, that could give you a
>> lot positive false spam. 2nd you completely have commented out best thing in
>> SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots and spams comming
>> from Internet zombies. Here are my advices:
>>
>> 1 - comment out dns-blacklist-entry=zen.spamhaus.org
>> 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns,
>> reject-missing-sender-mx and reject-unresolvable-rdns
>> 3- into /etc/spamdyke/blacklist_recipients add your domain in format
>> @your-domain (it will block all mails like to: n...@your-domain from:
>> n...@your-domain)
>> 4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these words :
>>
>>
>> dsl
>> .com
>> .net
>> broadband
>> dynamic
>>
>> I could guarantee you will fall bellow 1% of SPAM with nearly zero false
>> positives. Of course someone who can't follow certain guidelines for theirs
>> servers will not be able to send you e-mails at all. But you can easily
>> handle it by adding IP's in /etc/spamdyke/whitelist_ip or adding senders
>> into /etc/spamdyke/whitelist_senders
>>
>> I stop using any RBLS services ages ago, they are way unreli

Re: [spamdyke-users] spamdyke configuration finetuneing

2010-02-15 Thread Ulrich C. Manns

This is SCP (Spamdyke Control Panel) made by Haggybear (www.haggybear.de) for 
Plesk and MySQL.

Regards,

Ulrich

msp informations
technologie UG (haftungsbeschränkt)
--.--..-.-.-..-.--.--.-..-.-.--..--.--.-
Adresse  Im Hofacker 21
 D-79194 Gundelfingen
Telefon  0761 / 456 26 23 –0
Telefax  0761 / 456 26 23 –99
Mobil0151 / 174 33 239
ICQ  21358399
E-Mail   ulrich.ma...@msp-it.de
Internet http://www.msp-it.de/
Geschäftsführer  Ulrich C. Manns
Eingetragen beim Amtsgericht Freiburg
 HRB 704165
USt-ID-Nr.   DE266213113

Am 15.02.2010 um 22:15 schrieb nightduke:

> Hi i would like to know how can i have statistics of graylisting of 
> spamdyke?which software you use for the stats?
> 
> Thanks
> 
> Nightduke
> 
> 2009/12/14 Ulrich C. Manns 
> With .net in the ip-in-rdns-keyword-blacklist-file the .net hosts will _also_ 
> checked if an ip address is in its rdns name. All other domains will be 
> tested if you enter reject-ip-in-cc-rdns in you spamdyke.conf.
> 
> I used both and these tests will reject about 42%.
> 
> Regards,
> Ulrich
> 
> 
> msp informations
> technologie UG (haftungsbeschränkt)
> --.--..-.-.-..-.--.--.-..-.-.--..--.--.-
> Adresse  Im Hofacker 21
>  D-79194 Gundelfingen
> Telefon  0761 / 456 26 23 –0
> Telefax  0761 / 456 26 23 –99
> Mobil0151 / 174 33 239
> ICQ  21358399
> E-Mail   ulrich.ma...@msp-it.de
> Internet http://www.msp-it.de/
> Geschäftsführer  Ulrich C. Manns
> Eingetragen beim Amtsgericht Freiburg
>  HRB 704165
> USt-ID-Nr.   DE266213113
> 
> Am 14.12.2009 um 09:55 schrieb nicole thomson:
> 
>> thanks Eduard Švarc
>> 
>> Same query as david stiller raised, .com, .net are valid domain right?
>> 
>> also  
>> 
>> 
>> @40004b25fa572bd181a4 CHKUSER accepted rcpt: from  
>> remote  rcpt 
>>  : found existing recipient
>> @40004b25fa572bd2316c spamdyke[27021]: ALLOWED from: fx...@bmelaw.com 
>> to: validdomainu...@mydomain.com origin_ip: 94.179.29.242 origin_rdns: 
>> 242-29-179-94.pool.ukrtel.net auth: (unknown)
>> 
>> 
>> 
>> the above ip is listed in rbl , 
>> 
>> IP Address Lookup
>> 
>>  94.179.29.242 is not listed in the SBL
>> 94.179.29.242 is listed in the PBL, in the following records:
>> PBL239543
>> 94.179.29.242 is not listed in the XBL
>> 
>> 
>> 
>> 
>> 
>> this doesnt look like false positive
>> 
>> From: Eduard Svarc 
>> To: spamdyke users 
>> Sent: Mon, December 14, 2009 12:48:07 PM
>> Subject: Re: [spamdyke-users] spamdyke configuration finetuneing
>> 
>> 
>> Hello, 
>> 
>> I see you have two things out. 1st you using RBLS, that could give you a lot 
>> positive false spam. 2nd you completely have commented out best thing in 
>> SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots and spams comming 
>> from Internet zombies. Here are my advices: 
>> 
>> 1 - comment out dns-blacklist-entry=zen.spamhaus.org 
>> 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, 
>> reject-missing-sender-mx and reject-unresolvable-rdns 
>> 3- into /etc/spamdyke/blacklist_recipients add your domain in format 
>> @your-domain (it will block all mails like to: n...@your-domain from: 
>> n...@your-domain) 
>> 4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these words : 
>> 
>> dsl 
>> .com 
>> .net 
>> broadband 
>> dynamic 
>> 
>> I could guarantee you will fall bellow 1% of SPAM with nearly zero false 
>> positives. Of course someone who can't follow certain guidelines for theirs 
>> servers will not be able to send you e-mails at all. But you can easily 
>> handle it by adding IP's in /etc/spamdyke/whitelist_ip or adding senders 
>> into /etc/spamdyke/whitelist_senders 
>> 
>> I stop using any RBLS services ages ago, they are way unreliable. 
>> 
>> Good luck, 
>> Eduard Švarc
>> 
>> DATA Intertech s.r.o.
>> Kladenská 46
>> 160 00 Praha 6
>> Czech Republic
>> tel. +420-235365267, fax +420-235361446 
>> 
>> spamdyke-users-boun...@spamdyke.org wrote on 14.12.2009 07:24:03:
>> 
>> New Windows 7: Find the right PC for you. Learn more. 
>> ___
>> 
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.or

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-16 Thread Michael Colvin

Are you using the reverse DNS check in SpamDyke?  If a sending mail server does 
not have an MX record, you should reject it outright.

That would have stopped this e-mail.

If a mail server admin is too incompetent to know that they need to have an MX 
record for their mail server, they are likely going to be a source for spam 
anyway, so reject their mail.

reject-missing-sender-mx

The IP may not have been on a blacklist when you got the mail, but was when 
Arne checked, so that's not necessarily an indication that your blacklists 
aren't working...But, it's something to watch.

Your relay test isn't valid:

<<< 554 Refused. Your sender address has been blacklisted. See: 
http://www.your-domain-here.com/spam_policy#DENIED_SENDER_BLACKLISTED

Shows Spamdyke denied you sending because your IP was blacklisted, not because 
you couldn't relay.  These are different beasts.

This does indicate that SpamDyke is working, and is denying you from sending 
from your IP because it is on a blacklist...This is quite common when testing 
from home via DSL, Cable or dialup.

I would double/triple check your Spamdyke config file for typos.  Make sure you 
haven't fat-fingered anything in /etc/spamdyke.conf or in the 
sender-blacklist-file location (/var/qmail/antispam/blacklist_senders on my 
box).  Make sure everything is entered correctly.

I use to also get e-mails from my domain to my domain, and adding them to the 
blacklist_senders file stopped it cold.
 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



> -Original Message-
> From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users-
> boun...@spamdyke.org] On Behalf Of Magnus Ringdahl
> Sent: Wednesday, December 16, 2009 6:08 AM
> To: spamdyke users
> Subject: Re: [spamdyke-users] spamdyke configuration finetuneing
> 
> Hi.
> I just recieved a viagra spam again. From my own email address.
> 
> Dec 16 14:11:12 web01 /var/qmail/bin/relaylock[28512]:
> /var/qmail/bin/relaylock: mail from 125.178.185.144:3512 (not defined)
> Dec 16 14:11:13 web01 spamdyke[28509]: TLS_ENCRYPTED from: (unknown) to:
> (unknown) origin_ip: 125.178.185.144 origin_rdns: (unknown) auth:
> (unknown)
> Dec 16 14:11:15 web01 qmail-queue-handlers[28532]: Handlers Filter
> before-queue for qmail started ...
> Dec 16 14:11:15 web01 qmail-queue-handlers[28532]:
> from=kundtja...@domain.tld
> Dec 16 14:11:15 web01 qmail-queue-handlers[28532]:
> to=kundtja...@domain.tld
> Dec 16 14:11:15 web01 spf filter[28538]: Starting spf filter...
> Dec 16 14:11:15 web01 spf filter[28538]: Error code: (2) Could not find
> a valid SPF record
> Dec 16 14:11:15 web01 spf filter[28538]: Failed to query MAIL-FROM: No
> DNS data for 'domain.tld'.
> Dec 16 14:11:15 web01 spf filter[28538]: SPF result: none
> Dec 16 14:11:15 web01 spf filter[28538]: SPF status: PASS
> Dec 16 14:11:15 web01 qmail-queue[28539]: scan: the
> message(drweb.tmp.MdrGAT) sent by kundtja...@domain.tld to
> kundtja...@domain.tld is passed
> Dec 16 14:11:15 web01 qmail: 1260969075.825046 new msg 4254303
> Dec 16 14:11:15 web01 qmail: 1260969075.825046 info msg 4254303: bytes
> 2349 from  qp 28540 uid 2020
> Dec 16 14:11:15 web01 qmail-local-handlers[28541]: Handlers Filter
> before-local for qmail started ...
> Dec 16 14:11:15 web01 qmail-local-handlers[28541]:
> from=kundtja...@domain.tld
> Dec 16 14:11:15 web01 qmail-local-handlers[28541]:
> to=kundtja...@domain.tld
> Dec 16 14:11:15 web01 qmail-local-handlers[28541]: mailbox:
> /var/qmail/mailnames/domain.tld/kundtjanst
> Dec 16 14:11:15 web01 qmail: 1260969075.845046 starting delivery 3717:
> msg 4254303 to local 98-kundtja...@domain.tld
> Dec 16 14:11:15 web01 qmail: 1260969075.845046 status: local 1/10 remote
> 0/20
> Dec 16 14:11:15 web01 qmail: 1260969075.853046 delivery 3717: success:
> did_0+0+2/
> Dec 16 14:11:15 web01 qmail: 1260969075.853046 status: local 0/10 remote
> 0/20
> Dec 16 14:11:15 web01 qmail: 1260969075.853046 end msg 4254303
> 
> This is the header of the mail:
> 
> Received: (qmail 28540 invoked from network); 16 Dec 2009 14:11:15 +0100
> Received-SPF: none (no valid SPF record)
> Received: from unknown (HELO ?125.178.185.144?) (125.178.185.144)
>   by 1.2.3.4 with (RC4-MD5 encrypted) SMTP; 16 Dec 2009 14:11:15 +0100
> From: Pfizer ® Customer Service 
> To: kundtja...@domain.tld
> Subject: Special offer kundtja...@e-s.se receive 70% OFF on Pfizer.
> 
> Where 1.2.3.4 is the ip of my pleskserver. Don't know what it means, but
> the server is not open for relay.
> 
> Kind Regards.
> M
> 
> And i have @domain.tld in blacklisted_senders file. So why the hell does
> these keep coming?
> 
> Ulrich C. Manns skrev:
> > If your users will use authentification there is no

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-16 Thread Magnus Ringdahl

gt;>>>>>>> <mailto:from=vioirecyf8...@012.net.il>
>>>>>>>> Dec 15 17:52:56 web01 qmail-local-handlers[24949]:
>>>>>>>> to=i...@domain.tld<mailto:to=i...@domain.tld>
>>>>>>>> <mailto:to=i...@domain.tld>
>>>>>>>> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: mailbox:
>>>>>>>> /var/qmail/mailnames/domain.tld/info
>>>>>>>> Dec 15 17:52:56 web01 qmail: 1260895976.515935 starting delivery
>>>>>>>> 2744:
>>>>>>>> msg 4252544 to local 9-i...@domain.tld<mailto:9-i...@domain.tld>
>>>>>>>> <mailto:9-i...@domain.tld>
>>>>>>>> Dec 15 17:52:56 web01 qmail: 1260895976.515935 status: local 1/10
>>>>>>>> remote
>>>>>>>> 0/20
>>>>>>>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 delivery 2744:
>>>>>>>> success:
>>>>>>>> did_0+0+2/
>>>>>>>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 status: local 0/10
>>>>>>>> remote
>>>>>>>> 0/20
>>>>>>>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 end msg 4252544
>>>>>>>>
>>>>>>>> Dec 15 21:22:57 web01 /var/qmail/bin/relaylock[6350]:
>>>>>>>> /var/qmail/bin/relaylock: mail from 125.25.15.31:52521
>>>>>>>> (125.25.15.31.adsl.dynamic.totbb.net)
>>>>>>>> Dec 15 21:22:59 web01 spamdyke[6349]: TLS_ENCRYPTED from:
>>>>>>>> (unknown) to:
>>>>>>>> (unknown) origin_ip: 125.25.15.31 origin_rdns:
>>>>>>>> 125.25.15.31.adsl.dynamic.totbb.net auth: (unknown)
>>>>>>>> Dec 15 21:23:01 web01 qmail-queue-handlers[6354]: Handlers Filter
>>>>>>>> before-queue for qmail started ...
>>>>>>>> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]:
>>>>>>>> from=kundtja...@domain.tld<mailto:from=kundtja...@domain.tld>
>>>>>>>> <mailto:from=kundtja...@domain.tld>
>>>>>>>> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]:
>>>>>>>> to=kundtja...@domain.tld<mailto:to=kundtja...@domain.tld>
>>>>>>>> <mailto:to=kundtja...@domain.tld>
>>>>>>>> Dec 15 21:23:02 web01 spf filter[6355]: Starting spf filter...
>>>>>>>> Dec 15 21:23:02 web01 spf filter[6355]: Error code: (2) Could not
>>>>>>>> find a
>>>>>>>> valid SPF record
>>>>>>>> Dec 15 21:23:02 web01 spf filter[6355]: Failed to query MAIL-FROM: No
>>>>>>>> DNS data for 'domain.tld'.
>>>>>>>> Dec 15 21:23:02 web01 spf filter[6355]: SPF result: none
>>>>>>>> Dec 15 21:23:02 web01 spf filter[6355]: SPF status: PASS
>>>>>>>> Dec 15 21:23:02 web01 qmail-queue[6356]: scan: the
>>>>>>>> message(drweb.tmp.Wu6OR3) sent by kundtja...@domain.tld
>>>>>>>> <mailto:kundtja...@domain.tld>
>>>>>>>> <mailto:kundtja...@domain.tld>  to
>>>>>>>> kundtja...@domain.tld<mailto:kundtja...@domain.tld>
>>>>>>>> <mailto:kundtja...@domain.tld>  is passed
>>>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 new msg 4253887
>>>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 info msg 4253887:
>>>>>>>> bytes
>>>>>>>> 2469 frommailto:kundtja...@domain.tld>
>>>>>>>> <mailto:kundtja...@domain.tld>>  qp
>>>>>>>> 6357 uid 2020
>>>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: Handlers Filter
>>>>>>>> before-local for qmail started ...
>>>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]:
>>>>>>>> from=kundtja...@domain.tld<mailto:from=kundtja...@domain.tld>
>>>>>>>> <mailto:from=kundtja...@domain.tld>
>>>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]:
>>>>>>>> to=kundtja...@domain.tld<mailto:to=kundtja...@domain.tld>
>>>>>>>> <mailto:to=kundtja...@domain.tld>
>>>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]:

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-16 Thread Arne Metzger

gt;>> Dec 15 21:22:59 web01 spamdyke[6349]: TLS_ENCRYPTED from:
>>>>>>> (unknown) to:
>>>>>>> (unknown) origin_ip: 125.25.15.31 origin_rdns:
>>>>>>> 125.25.15.31.adsl.dynamic.totbb.net auth: (unknown)
>>>>>>> Dec 15 21:23:01 web01 qmail-queue-handlers[6354]: Handlers Filter
>>>>>>> before-queue for qmail started ...
>>>>>>> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]:
>>>>>>> from=kundtja...@domain.tld<mailto:from=kundtja...@domain.tld>
>>>>>>> <mailto:from=kundtja...@domain.tld>
>>>>>>> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]:
>>>>>>> to=kundtja...@domain.tld<mailto:to=kundtja...@domain.tld>
>>>>>>> <mailto:to=kundtja...@domain.tld>
>>>>>>> Dec 15 21:23:02 web01 spf filter[6355]: Starting spf filter...
>>>>>>> Dec 15 21:23:02 web01 spf filter[6355]: Error code: (2) Could not
>>>>>>> find a
>>>>>>> valid SPF record
>>>>>>> Dec 15 21:23:02 web01 spf filter[6355]: Failed to query MAIL-FROM: No
>>>>>>> DNS data for 'domain.tld'.
>>>>>>> Dec 15 21:23:02 web01 spf filter[6355]: SPF result: none
>>>>>>> Dec 15 21:23:02 web01 spf filter[6355]: SPF status: PASS
>>>>>>> Dec 15 21:23:02 web01 qmail-queue[6356]: scan: the
>>>>>>> message(drweb.tmp.Wu6OR3) sent by kundtja...@domain.tld
>>>>>>> <mailto:kundtja...@domain.tld>
>>>>>>> <mailto:kundtja...@domain.tld>  to
>>>>>>> kundtja...@domain.tld<mailto:kundtja...@domain.tld>
>>>>>>> <mailto:kundtja...@domain.tld>  is passed
>>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 new msg 4253887
>>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 info msg 4253887:
>>>>>>> bytes
>>>>>>> 2469 frommailto:kundtja...@domain.tld>
>>>>>>> <mailto:kundtja...@domain.tld>>  qp
>>>>>>> 6357 uid 2020
>>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: Handlers Filter
>>>>>>> before-local for qmail started ...
>>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]:
>>>>>>> from=kundtja...@domain.tld<mailto:from=kundtja...@domain.tld>
>>>>>>> <mailto:from=kundtja...@domain.tld>
>>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]:
>>>>>>> to=kundtja...@domain.tld<mailto:to=kundtja...@domain.tld>
>>>>>>> <mailto:to=kundtja...@domain.tld>
>>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: mailbox:
>>>>>>> /var/qmail/mailnames/domain.tld/kundtjanst
>>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 starting delivery
>>>>>>> 2998:
>>>>>>> msg 4253887 to local 98-kundtja...@domain.tld
>>>>>>> <mailto:98-kundtja...@domain.tld>
>>>>>>> <mailto:98-kundtja...@domain.tld>
>>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 status: local 1/10
>>>>>>> remote
>>>>>>> 0/20
>>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 delivery 2998:
>>>>>>> success:
>>>>>>> did_0+0+2/
>>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 status: local 0/10
>>>>>>> remote
>>>>>>> 0/20
>>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 end msg 4253887
>>>>>>>
>>>>>>> How can i check that smtp_auth is working? Im starting to wonder that
>>>>>>> it's not.
>>>>>>> I hope someone have the time to answer. I have been struggling with
>>>>>>> this
>>>>>>> for a long time withput getting rid of those annoying mails.
>>>>>>>
>>>>>>> Kind Regards
>>>>>>> M
>>>>>>>
>>>>>>>
>>>>>>> Eduard Svarc skrev:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> these keywords .net and .com are used just for testing if IP is in
>>>>>>>> reverse DNS listed. Is not done against normal reverse DNS
>>>>>>>> records for
>>>>>>>> servers like mail.somedomain.net<http://mail.somedomain.net>
>>>>>>>> <http://mail.somedomain.net>. So
>>>>>>>> in combination with keyword
>>>>>>>> reject-ip-in-cc-rdns and .net in file
>>>>>>>> /etc/spamdyke/ip-in-rdns-keyword-blacklist-file it will reject mail
>>>>>>>> from 242-29-179-94.pool.ukrtel.net
>>>>>>>> <http://242-29-179-94.pool.ukrtel.net>
>>>>>>>> <http://242-29-179-94.pool.ukrtel.net>  because that sender will be
>>>>>>>> positively tested as not valid reverse DNS.
>>>>>>>>
>>>>>>>> use just net without that '.' is not suficient because SPAMDYKE use
>>>>>>>> this '.' as flag for testing end of string only. So listing .com and
>>>>>>>> .net does magic for SPAMDYKE when it testing IP in reverse DNS for
>>>>>>>> country code DNS, like .it,, .uk etc it does same for .com and .net.
>>>>>>>> Personally I did add into that file other ones special domains like
>>>>>>>> .eu, .org, .info, .biz. These should not be used by ISP
>>>>>>>> providers for
>>>>>>>> assigning reverse names, but who knows. Anyway it doesn't hurt my
>>>>>>>> configuration and I'm preparded.
>>>>>>>>
>>>>>>>> Eduard Švarc
>>>>>>>>
>>>>>>>> DATA Intertech s.r.o.
>>>>>>>> Kladenská 46
>>>>>>>> 160 00 Praha 6
>>>>>>>> Czech Republic
>>>>>>>> tel. +420-235365267, fax +420-235361446
>>>>>>>>
>>>>>>>> spamdyke-users-boun...@spamdyke.org
>>>>>>>> <mailto:spamdyke-users-boun...@spamdyke.org>
>>>>>>>> <mailto:spamdyke-users-boun...@spamdyke.org>  wrote on 14.12.2009
>>>>>>>> 09:55:45:
>>>>>>>>
>>>>>>>>
>>>>>>>>> thanks Eduard Švarc
>>>>>>>>>
>>>>>>>>> Same query as david stiller raised, .com, .net are valid domain
>>>>>>>>> right?
>>>>>>>>>
>>>>>>>>> also
>>>>>>>>>
>>>>>>>>> @40004b25fa572bd181a4 CHKUSER accepted rcpt: from
>>>>>>>>> >>>>>>>> com::>  remote  rcpt
>>>>>>>>> mailto:validdomainu...@mydomain.com>
>>>>>>>>> <mailto:validdomainu...@mydomain.com>>  : found existing recipient
>>>>>>>>> @40004b25fa572bd2316c spamdyke[27021]: ALLOWED from:
>>>>>>>>> fx...@bmelaw.com<mailto:fx...@bmelaw.com>
>>>>>>>>> <mailto:fx...@bmelaw.com>  to:
>>>>>>>>> validdomainu...@mydomain.com<mailto:validdomainu...@mydomain.com>
>>>>>>>>> <mailto:validdomainu...@mydomain.com>  origin_ip: 94.179.
>>>>>>>>> 29.242 origin_rdns: 242-29-179-94.pool.ukrtel.net
>>>>>>>>> <http://242-29-179-94.pool.ukrtel.net>
>>>>>>>>> <http://242-29-179-94.pool.ukrtel.net>  auth: (unknown)
>>>>>>>>>
>>>>>>>>> the above ip is listed in rbl ,
>>>>>>>>>
>>>>>>>>> IP Address Lookup
>>>>>>>>>
>>>>>>>>> [image removed]
>>>>>>>>>
>>>>>>>>> 94.179.29.242 is not listed in the SBL
>>>>>>>>> 94.179.29.242 is listed in the PBL, in the following records:
>>>>>>>>> PBL239543
>>>>>>>>> 94.179.29.242 is not listed in the XBL
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> this doesnt look like false positive
>>>>>>>>>
>>>>>>>>> From: Eduard Svarc>>>>>>>> <mailto:esv...@intertech.cz>  <mailto:esv...@intertech.cz>>
>>>>>>>>> To: spamdyke users>>>>>>>> <mailto:spamdyke-users@spamdyke.org>
>>>>>>>>> <mailto:spamdyke-users@spamdyke.org>>
>>>>>>>>> Sent: Mon, December 14, 2009 12:48:07 PM
>>>>>>>>> Subject: Re: [spamdyke-users] spamdyke configuration finetuneing
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> I see you have two things out. 1st you using RBLS, that could give
>>>>>>>>> you a lot positive false spam. 2nd you completely have
>>>>>>>>> commented out
>>>>>>>>> best thing in SPAMDYKE. Is sniffing IPs in reverse DNS. Most of
>>>>>>>>> bots
>>>>>>>>> and spams comming from Internet zombies. Here are my advices:
>>>>>>>>>
>>>>>>>>> 1 - comment out dns-blacklist-entry=zen.spamhaus.org
>>>>>>>>> 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, reject-
>>>>>>>>> missing-sender-mx and reject-unresolvable-rdns
>>>>>>>>> 3- into /etc/spamdyke/blacklist_recipients add your domain in
>>>>>>>>> format
>>>>>>>>> @your-domain (it will block all mails like to: n...@your-domain
>>>>>>>>> from:
>>>>>>>>> n...@your-domain)
>>>>>>>>> 4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these
>>>>>>>>>
>>>>>>>> words :
>>>>>>>>
>>>>>>>>> dsl
>>>>>>>>> .com
>>>>>>>>> .net
>>>>>>>>> broadband
>>>>>>>>> dynamic
>>>>>>>>>
>>>>>>>>> I could guarantee you will fall bellow 1% of SPAM with nearly zero
>>>>>>>>> false positives. Of course someone who can't follow certain
>>>>>>>>> guidelines for theirs servers will not be able to send you e-mails
>>>>>>>>> at all. But you can easily handle it by adding IP's in
>>>>>>>>> /etc/spamdyke/whitelist_ip or adding senders into
>>>>>>>>> /etc/spamdyke/whitelist_senders
>>>>>>>>>
>>>>>>>>> I stop using any RBLS services ages ago, they are way unreliable.
>>>>>>>>>
>>>>>>>>> Good luck,
>>>>>>>>> Eduard Švarc
>>>>>>>>>
>>>>>>>>> DATA Intertech s.r.o.
>>>>>>>>> Kladenská 46
>>>>>>>>> 160 00 Praha 6
>>>>>>>>> Czech Republic
>>>>>>>>> tel. +420-235365267, fax +420-235361446
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-16 Thread Magnus Ringdahl

gt;> <mailto:kundtja...@domain.tld>
>>>>>> <mailto:kundtja...@domain.tld> to
>>>>>> kundtja...@domain.tld <mailto:kundtja...@domain.tld> 
>>>>>> <mailto:kundtja...@domain.tld> is passed
>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 new msg 4253887
>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 info msg 4253887: 
>>>>>> bytes
>>>>>> 2469 from mailto:kundtja...@domain.tld> 
>>>>>> <mailto:kundtja...@domain.tld>> qp
>>>>>> 6357 uid 2020
>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: Handlers Filter
>>>>>> before-local for qmail started ...
>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]:
>>>>>> from=kundtja...@domain.tld <mailto:from=kundtja...@domain.tld> 
>>>>>> <mailto:from=kundtja...@domain.tld>
>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]:
>>>>>> to=kundtja...@domain.tld <mailto:to=kundtja...@domain.tld> 
>>>>>> <mailto:to=kundtja...@domain.tld>
>>>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: mailbox:
>>>>>> /var/qmail/mailnames/domain.tld/kundtjanst
>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 starting delivery 
>>>>>> 2998:
>>>>>> msg 4253887 to local 98-kundtja...@domain.tld 
>>>>>> <mailto:98-kundtja...@domain.tld>
>>>>>> <mailto:98-kundtja...@domain.tld>
>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 status: local 1/10
>>>>>> remote
>>>>>> 0/20
>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 delivery 2998: 
>>>>>> success:
>>>>>> did_0+0+2/
>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 status: local 0/10
>>>>>> remote
>>>>>> 0/20
>>>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 end msg 4253887
>>>>>>
>>>>>> How can i check that smtp_auth is working? Im starting to wonder that
>>>>>> it's not.
>>>>>> I hope someone have the time to answer. I have been struggling with
>>>>>> this
>>>>>> for a long time withput getting rid of those annoying mails.
>>>>>>
>>>>>> Kind Regards
>>>>>> M
>>>>>>
>>>>>>
>>>>>> Eduard Svarc skrev:
>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> these keywords .net and .com are used just for testing if IP is in
>>>>>>> reverse DNS listed. Is not done against normal reverse DNS 
>>>>>>> records for
>>>>>>> servers like mail.somedomain.net <http://mail.somedomain.net> 
>>>>>>> <http://mail.somedomain.net>. So
>>>>>>> in combination with keyword
>>>>>>> reject-ip-in-cc-rdns and .net in file
>>>>>>> /etc/spamdyke/ip-in-rdns-keyword-blacklist-file it will reject mail
>>>>>>> from 242-29-179-94.pool.ukrtel.net 
>>>>>>> <http://242-29-179-94.pool.ukrtel.net>
>>>>>>> <http://242-29-179-94.pool.ukrtel.net> because that sender will be
>>>>>>> positively tested as not valid reverse DNS.
>>>>>>>
>>>>>>> use just net without that '.' is not suficient because SPAMDYKE use
>>>>>>> this '.' as flag for testing end of string only. So listing .com and
>>>>>>> .net does magic for SPAMDYKE when it testing IP in reverse DNS for
>>>>>>> country code DNS, like .it,, .uk etc it does same for .com and .net.
>>>>>>> Personally I did add into that file other ones special domains like
>>>>>>> .eu, .org, .info, .biz. These should not be used by ISP 
>>>>>>> providers for
>>>>>>> assigning reverse names, but who knows. Anyway it doesn't hurt my
>>>>>>> configuration and I'm preparded.
>>>>>>>
>>>>>>> Eduard Švarc
>>>>>>>
>>>>>>> DATA Intertech s.r.o.
>>>>>>> Kladenská 46
>>>>>>> 160 00 Praha 6
>>>>>>> Czech Republic
>>&

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-16 Thread Eduard Svarc

4.12.2009 09:55:45:
> >
> > > thanks Eduard Švarc
> > >
> > > Same query as david stiller raised, .com, .net are valid domain 
right?
> > >
> > > also 
> > >
> > > @40004b25fa572bd181a4 CHKUSER accepted rcpt: from  > > com::> remote  rcpt
> > >  : found existing recipient
> > > @40004b25fa572bd2316c spamdyke[27021]: ALLOWED from:
> > > fx...@bmelaw.com to: validdomainu...@mydomain.com origin_ip: 94.179.
> > > 29.242 origin_rdns: 242-29-179-94.pool.ukrtel.net auth: (unknown)
> > >
> > > the above ip is listed in rbl ,
> > >
> > > IP Address Lookup
> >
> > >
> > > [image removed]
> > >
> > > 94.179.29.242 is not listed in the SBL
> > > 94.179.29.242 is listed in the PBL, in the following records:
> > > PBL239543
> > > 94.179.29.242 is not listed in the XBL
> > >
> > >
> > >
> >
> > >
> > > this doesnt look like false positive
> > >
> > > From: Eduard Svarc 
> > > To: spamdyke users 
> > > Sent: Mon, December 14, 2009 12:48:07 PM
> > > Subject: Re: [spamdyke-users] spamdyke configuration finetuneing
> > >
> > >
> > > Hello,
> > >
> > > I see you have two things out. 1st you using RBLS, that could give
> > > you a lot positive false spam. 2nd you completely have commented out
> > > best thing in SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots
> > > and spams comming from Internet zombies. Here are my advices:
> > >
> > > 1 - comment out dns-blacklist-entry=zen.spamhaus.org
> > > 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, reject-
> > > missing-sender-mx and reject-unresolvable-rdns
> > > 3- into /etc/spamdyke/blacklist_recipients add your domain in format
> > > @your-domain (it will block all mails like to: n...@your-domain from:
> > > n...@your-domain)
> > > 4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these 
> > words :
> > >
> > > dsl
> > > .com
> > > .net
> > > broadband
> > > dynamic
> > >
> > > I could guarantee you will fall bellow 1% of SPAM with nearly zero
> > > false positives. Of course someone who can't follow certain
> > > guidelines for theirs servers will not be able to send you e-mails
> > > at all. But you can easily handle it by adding IP's in
> > > /etc/spamdyke/whitelist_ip or adding senders into
> > > /etc/spamdyke/whitelist_senders
> > >
> > > I stop using any RBLS services ages ago, they are way unreliable.
> > >
> > > Good luck,
> > > Eduard Švarc
> > >
> > > DATA Intertech s.r.o.
> > > Kladenská 46
> > > 160 00 Praha 6
> > > Czech Republic
> > > tel. +420-235365267, fax +420-235361446
> > >
> > > spamdyke-users-boun...@spamdyke.org wrote on 14.12.2009 07:24:03:
> > >
> > > New Windows 7: Find the right PC for you. Learn more.
> > > ___
> > > spamdyke-users mailing list
> > > spamdyke-users@spamdyke.org
> > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> > 

> >
> > ___
> > spamdyke-users mailing list
> > spamdyke-users@spamdyke.org
> > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> > 
> 
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-15 Thread Magnus Ringdahl

lter
>>>> before-local for qmail started ...
>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: 
>>>> from=kundtja...@domain.tld <mailto:from=kundtja...@domain.tld>
>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: 
>>>> to=kundtja...@domain.tld <mailto:to=kundtja...@domain.tld>
>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: mailbox:
>>>> /var/qmail/mailnames/domain.tld/kundtjanst
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 starting delivery 2998:
>>>> msg 4253887 to local 98-kundtja...@domain.tld 
>>>> <mailto:98-kundtja...@domain.tld>
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 status: local 1/10 
>>>> remote
>>>> 0/20
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 delivery 2998: success:
>>>> did_0+0+2/
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 status: local 0/10 
>>>> remote
>>>> 0/20
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 end msg 4253887
>>>>
>>>> How can i check that smtp_auth is working? Im starting to wonder that
>>>> it's not.
>>>> I hope someone have the time to answer. I have been struggling with 
>>>> this
>>>> for a long time withput getting rid of those annoying mails.
>>>>
>>>> Kind Regards
>>>> M
>>>>
>>>>
>>>> Eduard Svarc skrev:
>>>>
>>>>> Hello,
>>>>>
>>>>> these keywords .net and .com are used just for testing if IP is in
>>>>> reverse DNS listed. Is not done against normal reverse DNS records for
>>>>> servers like mail.somedomain.net <http://mail.somedomain.net>. So 
>>>>> in combination with keyword
>>>>> reject-ip-in-cc-rdns and .net in file
>>>>> /etc/spamdyke/ip-in-rdns-keyword-blacklist-file it will reject mail
>>>>> from 242-29-179-94.pool.ukrtel.net 
>>>>> <http://242-29-179-94.pool.ukrtel.net> because that sender will be
>>>>> positively tested as not valid reverse DNS.
>>>>>
>>>>> use just net without that '.' is not suficient because SPAMDYKE use
>>>>> this '.' as flag for testing end of string only. So listing .com and
>>>>> .net does magic for SPAMDYKE when it testing IP in reverse DNS for
>>>>> country code DNS, like .it,, .uk etc it does same for .com and .net.
>>>>> Personally I did add into that file other ones special domains like
>>>>> .eu, .org, .info, .biz. These should not be used by ISP providers for
>>>>> assigning reverse names, but who knows. Anyway it doesn't hurt my
>>>>> configuration and I'm preparded.
>>>>>
>>>>> Eduard Švarc
>>>>>
>>>>> DATA Intertech s.r.o.
>>>>> Kladenská 46
>>>>> 160 00 Praha 6
>>>>> Czech Republic
>>>>> tel. +420-235365267, fax +420-235361446
>>>>>
>>>>> spamdyke-users-boun...@spamdyke.org 
>>>>> <mailto:spamdyke-users-boun...@spamdyke.org> wrote on 14.12.2009 
>>>>> 09:55:45:
>>>>>
>>>>>
>>>>>> thanks Eduard Švarc
>>>>>>
>>>>>> Same query as david stiller raised, .com, .net are valid domain 
>>>>>> right?
>>>>>>
>>>>>> also
>>>>>>
>>>>>> @40004b25fa572bd181a4 CHKUSER accepted rcpt: from >>>>> com::> remote  rcpt
>>>>>> >>>>> <mailto:validdomainu...@mydomain.com>> : found existing recipient
>>>>>> @40004b25fa572bd2316c spamdyke[27021]: ALLOWED from:
>>>>>> fx...@bmelaw.com <mailto:fx...@bmelaw.com> to: 
>>>>>> validdomainu...@mydomain.com 
>>>>>> <mailto:validdomainu...@mydomain.com> origin_ip: 94.179.
>>>>>> 29.242 origin_rdns: 242-29-179-94.pool.ukrtel.net 
>>>>>> <http://242-29-179-94.pool.ukrtel.net> auth: (unknown)
>>>>>>
>>>>>> the above ip is listed in rbl ,
>>>>>>
>>>>>> IP Address Lookup
>>>>>>
>>>>>> [image removed]
>>>>>>
>>>>>> 94.179.29.242 i

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-15 Thread Magnus Ringdahl

24949]: mailbox:
>> /var/qmail/mailnames/domain.tld/info
>> Dec 15 17:52:56 web01 qmail: 1260895976.515935 starting delivery 2744:
>> msg 4252544 to local 9-i...@domain.tld
>> Dec 15 17:52:56 web01 qmail: 1260895976.515935 status: local 1/10 remote
>> 0/20
>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 delivery 2744: success:
>> did_0+0+2/
>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 status: local 0/10 remote
>> 0/20
>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 end msg 4252544
>>
>> Dec 15 21:22:57 web01 /var/qmail/bin/relaylock[6350]:
>> /var/qmail/bin/relaylock: mail from 125.25.15.31:52521
>> (125.25.15.31.adsl.dynamic.totbb.net)
>> Dec 15 21:22:59 web01 spamdyke[6349]: TLS_ENCRYPTED from: (unknown) to:
>> (unknown) origin_ip: 125.25.15.31 origin_rdns:
>> 125.25.15.31.adsl.dynamic.totbb.net auth: (unknown)
>> Dec 15 21:23:01 web01 qmail-queue-handlers[6354]: Handlers Filter
>> before-queue for qmail started ...
>> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: from=kundtja...@domain.tld
>> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: to=kundtja...@domain.tld
>> Dec 15 21:23:02 web01 spf filter[6355]: Starting spf filter...
>> Dec 15 21:23:02 web01 spf filter[6355]: Error code: (2) Could not find a
>> valid SPF record
>> Dec 15 21:23:02 web01 spf filter[6355]: Failed to query MAIL-FROM: No
>> DNS data for 'domain.tld'.
>> Dec 15 21:23:02 web01 spf filter[6355]: SPF result: none
>> Dec 15 21:23:02 web01 spf filter[6355]: SPF status: PASS
>> Dec 15 21:23:02 web01 qmail-queue[6356]: scan: the
>> message(drweb.tmp.Wu6OR3) sent by kundtja...@domain.tld to
>> kundtja...@domain.tld is passed
>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 new msg 4253887
>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 info msg 4253887: bytes
>> 2469 from  qp 6357 uid 2020
>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: Handlers Filter
>> before-local for qmail started ...
>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: from=kundtja...@domain.tld
>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: to=kundtja...@domain.tld
>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: mailbox:
>> /var/qmail/mailnames/domain.tld/kundtjanst
>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 starting delivery 2998:
>> msg 4253887 to local 98-kundtja...@domain.tld
>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 status: local 1/10 remote
>> 0/20
>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 delivery 2998: success:
>> did_0+0+2/
>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 status: local 0/10 remote
>> 0/20
>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 end msg 4253887
>>
>> How can i check that smtp_auth is working? Im starting to wonder that
>> it's not.
>> I hope someone have the time to answer. I have been struggling with this
>> for a long time withput getting rid of those annoying mails.
>>
>> Kind Regards
>> M
>>
>>
>> Eduard Svarc skrev:
>> 
>>> Hello,
>>>
>>> these keywords .net and .com are used just for testing if IP is in
>>> reverse DNS listed. Is not done against normal reverse DNS records for
>>> servers like mail.somedomain.net. So in combination with keyword
>>> reject-ip-in-cc-rdns and .net in file
>>> /etc/spamdyke/ip-in-rdns-keyword-blacklist-file it will reject mail
>>> from 242-29-179-94.pool.ukrtel.net because that sender will be
>>> positively tested as not valid reverse DNS.
>>>
>>> use just net without that '.' is not suficient because SPAMDYKE use
>>> this '.' as flag for testing end of string only. So listing .com and
>>> .net does magic for SPAMDYKE when it testing IP in reverse DNS for
>>> country code DNS, like .it,, .uk etc it does same for .com and .net.
>>> Personally I did add into that file other ones special domains like
>>> .eu, .org, .info, .biz. These should not be used by ISP providers for
>>> assigning reverse names, but who knows. Anyway it doesn't hurt my
>>> configuration and I'm preparded.
>>>
>>> Eduard Švarc
>>>
>>> DATA Intertech s.r.o.
>>> Kladenská 46
>>> 160 00 Praha 6
>>> Czech Republic
>>> tel. +420-235365267, fax +420-235361446
>>>
>>> spamdyke-users-boun...@spamdyke.org wrote on 14.12.2009 09:55:45:
>>>
>>>   
>>>> thanks Eduard Švarc
>>>>
>>>> Same query as david stiller raised, .com, .net are valid domain right?
>>>>
>

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-15 Thread Ulrich C. Manns

350]:
> /var/qmail/bin/relaylock: mail from 125.25.15.31:52521
> (125.25.15.31.adsl.dynamic.totbb.net)
> Dec 15 21:22:59 web01 spamdyke[6349]: TLS_ENCRYPTED from: (unknown) to:
> (unknown) origin_ip: 125.25.15.31 origin_rdns:
> 125.25.15.31.adsl.dynamic.totbb.net auth: (unknown)
> Dec 15 21:23:01 web01 qmail-queue-handlers[6354]: Handlers Filter
> before-queue for qmail started ...
> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: from=kundtja...@domain.tld
> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: to=kundtja...@domain.tld
> Dec 15 21:23:02 web01 spf filter[6355]: Starting spf filter...
> Dec 15 21:23:02 web01 spf filter[6355]: Error code: (2) Could not find a
> valid SPF record
> Dec 15 21:23:02 web01 spf filter[6355]: Failed to query MAIL-FROM: No
> DNS data for 'domain.tld'.
> Dec 15 21:23:02 web01 spf filter[6355]: SPF result: none
> Dec 15 21:23:02 web01 spf filter[6355]: SPF status: PASS
> Dec 15 21:23:02 web01 qmail-queue[6356]: scan: the
> message(drweb.tmp.Wu6OR3) sent by kundtja...@domain.tld to
> kundtja...@domain.tld is passed
> Dec 15 21:23:02 web01 qmail: 1260908582.819935 new msg 4253887
> Dec 15 21:23:02 web01 qmail: 1260908582.819935 info msg 4253887: bytes
> 2469 from  qp 6357 uid 2020
> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: Handlers Filter
> before-local for qmail started ...
> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: from=kundtja...@domain.tld
> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: to=kundtja...@domain.tld
> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: mailbox:
> /var/qmail/mailnames/domain.tld/kundtjanst
> Dec 15 21:23:02 web01 qmail: 1260908582.855935 starting delivery 2998:
> msg 4253887 to local 98-kundtja...@domain.tld
> Dec 15 21:23:02 web01 qmail: 1260908582.855935 status: local 1/10 remote
> 0/20
> Dec 15 21:23:02 web01 qmail: 1260908582.859935 delivery 2998: success:
> did_0+0+2/
> Dec 15 21:23:02 web01 qmail: 1260908582.859935 status: local 0/10 remote
> 0/20
> Dec 15 21:23:02 web01 qmail: 1260908582.859935 end msg 4253887
> 
> How can i check that smtp_auth is working? Im starting to wonder that
> it's not.
> I hope someone have the time to answer. I have been struggling with this
> for a long time withput getting rid of those annoying mails.
> 
> Kind Regards
> M
> 
> 
> Eduard Svarc skrev:
>> 
>> Hello,
>> 
>> these keywords .net and .com are used just for testing if IP is in
>> reverse DNS listed. Is not done against normal reverse DNS records for
>> servers like mail.somedomain.net. So in combination with keyword
>> reject-ip-in-cc-rdns and .net in file
>> /etc/spamdyke/ip-in-rdns-keyword-blacklist-file it will reject mail
>> from 242-29-179-94.pool.ukrtel.net because that sender will be
>> positively tested as not valid reverse DNS.
>> 
>> use just net without that '.' is not suficient because SPAMDYKE use
>> this '.' as flag for testing end of string only. So listing .com and
>> .net does magic for SPAMDYKE when it testing IP in reverse DNS for
>> country code DNS, like .it,, .uk etc it does same for .com and .net.
>> Personally I did add into that file other ones special domains like
>> .eu, .org, .info, .biz. These should not be used by ISP providers for
>> assigning reverse names, but who knows. Anyway it doesn't hurt my
>> configuration and I'm preparded.
>> 
>> Eduard Švarc
>> 
>> DATA Intertech s.r.o.
>> Kladenská 46
>> 160 00 Praha 6
>> Czech Republic
>> tel. +420-235365267, fax +420-235361446
>> 
>> spamdyke-users-boun...@spamdyke.org wrote on 14.12.2009 09:55:45:
>> 
>>> thanks Eduard Švarc
>>> 
>>> Same query as david stiller raised, .com, .net are valid domain right?
>>> 
>>> also
>>> 
>>> @400000004b25fa572bd181a4 CHKUSER accepted rcpt: from >> com::> remote  rcpt
>>>  : found existing recipient
>>> @40004b25fa572bd2316c spamdyke[27021]: ALLOWED from:
>>> fx...@bmelaw.com to: validdomainu...@mydomain.com origin_ip: 94.179.
>>> 29.242 origin_rdns: 242-29-179-94.pool.ukrtel.net auth: (unknown)
>>> 
>>> the above ip is listed in rbl ,
>>> 
>>> IP Address Lookup
>> 
>>> 
>>> [image removed]
>>> 
>>> 94.179.29.242 is not listed in the SBL
>>> 94.179.29.242 is listed in the PBL, in the following records:
>>> PBL239543
>>> 94.179.29.242 is not listed in the XBL
>>> 
>>> 
>>> 
>> 
>>> 
>>> this doesnt look like false positive
>>> 
>>> From: Eduard Svarc 
>>> To: spam

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-15 Thread Magnus Ringdahl

 for 'domain.tld'.
Dec 15 21:23:02 web01 spf filter[6355]: SPF result: none
Dec 15 21:23:02 web01 spf filter[6355]: SPF status: PASS
Dec 15 21:23:02 web01 qmail-queue[6356]: scan: the 
message(drweb.tmp.Wu6OR3) sent by kundtja...@domain.tld to 
kundtja...@domain.tld is passed
Dec 15 21:23:02 web01 qmail: 1260908582.819935 new msg 4253887
Dec 15 21:23:02 web01 qmail: 1260908582.819935 info msg 4253887: bytes 
2469 from  qp 6357 uid 2020
Dec 15 21:23:02 web01 qmail-local-handlers[6358]: Handlers Filter 
before-local for qmail started ...
Dec 15 21:23:02 web01 qmail-local-handlers[6358]: from=kundtja...@domain.tld
Dec 15 21:23:02 web01 qmail-local-handlers[6358]: to=kundtja...@domain.tld
Dec 15 21:23:02 web01 qmail-local-handlers[6358]: mailbox: 
/var/qmail/mailnames/domain.tld/kundtjanst
Dec 15 21:23:02 web01 qmail: 1260908582.855935 starting delivery 2998: 
msg 4253887 to local 98-kundtja...@domain.tld
Dec 15 21:23:02 web01 qmail: 1260908582.855935 status: local 1/10 remote 
0/20
Dec 15 21:23:02 web01 qmail: 1260908582.859935 delivery 2998: success: 
did_0+0+2/
Dec 15 21:23:02 web01 qmail: 1260908582.859935 status: local 0/10 remote 
0/20
Dec 15 21:23:02 web01 qmail: 1260908582.859935 end msg 4253887

How can i check that smtp_auth is working? Im starting to wonder that 
it's not.
I hope someone have the time to answer. I have been struggling with this 
for a long time withput getting rid of those annoying mails.

Kind Regards
M


Eduard Svarc skrev:
>
> Hello,
>
> these keywords .net and .com are used just for testing if IP is in 
> reverse DNS listed. Is not done against normal reverse DNS records for 
> servers like mail.somedomain.net. So in combination with keyword 
> reject-ip-in-cc-rdns and .net in file 
> /etc/spamdyke/ip-in-rdns-keyword-blacklist-file it will reject mail 
> from 242-29-179-94.pool.ukrtel.net because that sender will be 
> positively tested as not valid reverse DNS.
>
> use just net without that '.' is not suficient because SPAMDYKE use 
> this '.' as flag for testing end of string only. So listing .com and 
> .net does magic for SPAMDYKE when it testing IP in reverse DNS for 
> country code DNS, like .it,, .uk etc it does same for .com and .net. 
> Personally I did add into that file other ones special domains like 
> .eu, .org, .info, .biz. These should not be used by ISP providers for 
> assigning reverse names, but who knows. Anyway it doesn't hurt my 
> configuration and I'm preparded.
>
> Eduard Švarc
>
> DATA Intertech s.r.o.
> Kladenská 46
> 160 00 Praha 6
> Czech Republic
> tel. +420-235365267, fax +420-235361446
>
> spamdyke-users-boun...@spamdyke.org wrote on 14.12.2009 09:55:45:
>
> > thanks Eduard Švarc
> >
> > Same query as david stiller raised, .com, .net are valid domain right?
> >
> > also  
> >
> > @40004b25fa572bd181a4 CHKUSER accepted rcpt: from  > com::> remote  rcpt
> >  : found existing recipient
> > @40004b25fa572bd2316c spamdyke[27021]: ALLOWED from:
> > fx...@bmelaw.com to: validdomainu...@mydomain.com origin_ip: 94.179.
> > 29.242 origin_rdns: 242-29-179-94.pool.ukrtel.net auth: (unknown)
> >
> > the above ip is listed in rbl ,
> >
> > IP Address Lookup
>
> >
> > [image removed]
> >
> > 94.179.29.242 is not listed in the SBL
> > 94.179.29.242 is listed in the PBL, in the following records:
> > PBL239543
> > 94.179.29.242 is not listed in the XBL
> >
> >
> >
>
> >
> > this doesnt look like false positive
> >
> > From: Eduard Svarc 
> > To: spamdyke users 
> > Sent: Mon, December 14, 2009 12:48:07 PM
> > Subject: Re: [spamdyke-users] spamdyke configuration finetuneing
> >
> >
> > Hello,
> >
> > I see you have two things out. 1st you using RBLS, that could give
> > you a lot positive false spam. 2nd you completely have commented out
> > best thing in SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots
> > and spams comming from Internet zombies. Here are my advices:
> >
> > 1 - comment out dns-blacklist-entry=zen.spamhaus.org
> > 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, reject-
> > missing-sender-mx and reject-unresolvable-rdns
> > 3- into /etc/spamdyke/blacklist_recipients add your domain in format
> > @your-domain (it will block all mails like to: n...@your-domain from:
> > n...@your-domain)
> > 4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these 
> words :
> >
> > dsl
> > .com
> > .net
> > broadband
> > dynamic
> >
> > I could guarantee you will fall bellow 1% of SPAM with nearly zero
> > false positives. Of course someone who can't

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-15 Thread Eduard Svarc

Hello,

these keywords .net and .com are used just for testing if IP is in reverse 
DNS listed. Is not done against normal reverse DNS records for servers 
like mail.somedomain.net. So in combination with keyword 
reject-ip-in-cc-rdns and .net in file 
/etc/spamdyke/ip-in-rdns-keyword-blacklist-file it will reject mail from 
242-29-179-94.pool.ukrtel.net because that sender will be positively 
tested as not valid reverse DNS.

use just net without that '.' is not suficient because SPAMDYKE use this 
'.' as flag for testing end of string only. So listing .com and .net does 
magic for SPAMDYKE when it testing IP in reverse DNS for country code DNS, 
like .it,, .uk etc it does same for .com and .net. Personally I did add 
into that file other ones special domains like .eu, .org, .info, .biz. 
These should not be used by ISP providers for assigning reverse names, but 
who knows. Anyway it doesn't hurt my configuration and I'm preparded.

Eduard Švarc

DATA Intertech s.r.o.
Kladenská 46
160 00 Praha 6
Czech Republic
tel. +420-235365267, fax +420-235361446

spamdyke-users-boun...@spamdyke.org wrote on 14.12.2009 09:55:45:

> thanks Eduard Švarc
> 
> Same query as david stiller raised, .com, .net are valid domain right?
> 
> also 
> 
> @40004b25fa572bd181a4 CHKUSER accepted rcpt: from  com::> remote  rcpt 
>  : found existing recipient
> @40004b25fa572bd2316c spamdyke[27021]: ALLOWED from: 
> fx...@bmelaw.com to: validdomainu...@mydomain.com origin_ip: 94.179.
> 29.242 origin_rdns: 242-29-179-94.pool.ukrtel.net auth: (unknown)
> 
> the above ip is listed in rbl , 
> 
> IP Address Lookup

> 
> [image removed] 
> 
> 94.179.29.242 is not listed in the SBL
> 94.179.29.242 is listed in the PBL, in the following records:
> PBL239543
> 94.179.29.242 is not listed in the XBL
> 
> 
> 

> 
> this doesnt look like false positive
> 
> From: Eduard Svarc 
> To: spamdyke users 
> Sent: Mon, December 14, 2009 12:48:07 PM
> Subject: Re: [spamdyke-users] spamdyke configuration finetuneing
> 
> 
> Hello, 
> 
> I see you have two things out. 1st you using RBLS, that could give 
> you a lot positive false spam. 2nd you completely have commented out
> best thing in SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots
> and spams comming from Internet zombies. Here are my advices: 
> 
> 1 - comment out dns-blacklist-entry=zen.spamhaus.org 
> 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, reject-
> missing-sender-mx and reject-unresolvable-rdns 
> 3- into /etc/spamdyke/blacklist_recipients add your domain in format
> @your-domain (it will block all mails like to: n...@your-domain from:
> n...@your-domain) 
> 4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these words 
: 
> 
> dsl 
> .com 
> .net 
> broadband 
> dynamic 
> 
> I could guarantee you will fall bellow 1% of SPAM with nearly zero 
> false positives. Of course someone who can't follow certain 
> guidelines for theirs servers will not be able to send you e-mails 
> at all. But you can easily handle it by adding IP's in 
> /etc/spamdyke/whitelist_ip or adding senders into 
> /etc/spamdyke/whitelist_senders 
> 
> I stop using any RBLS services ages ago, they are way unreliable. 
> 
> Good luck, 
> Eduard Švarc
> 
> DATA Intertech s.r.o.
> Kladenská 46
> 160 00 Praha 6
> Czech Republic
> tel. +420-235365267, fax +420-235361446 
> 
> spamdyke-users-boun...@spamdyke.org wrote on 14.12.2009 07:24:03:
> 
> New Windows 7: Find the right PC for you. Learn more.
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-14 Thread nicole thomson


thanks Eduard Švarc
Same query as david stiller raised, .com, .net are valid domain right?
also  

@40004b25fa572bd181a4 CHKUSER accepted rcpt: from  
remote  rcpt 
 : found existing 
recipi...@40004b25fa572bd2316c spamdyke[27021]: ALLOWED from: 
fx...@bmelaw.com to: validdomainu...@mydomain.com origin_ip: 94.179.29.242 
origin_rdns: 242-29-179-94.pool.ukrtel.net auth: (unknown)


the above ip is listed in rbl , 
IP Address Lookup

94.179.29.242 is not listed in the SBL
94.179.29.242 is listed in the PBL, in the following records:
PBL239543
94.179.29.242 is not listed in the XBL





this doesnt look like false positive
From: Eduard Svarc 
To: spamdyke users 
Sent: Mon, December 14, 2009 12:48:07 PM
Subject: Re: [spamdyke-users] spamdyke configuration finetuneing


Hello, 

I see you have two things out. 1st you using RBLS, that could give you a lot 
positive false spam. 2nd you completely have commented out best thing in 
SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots and spams comming from 
Internet zombies. Here are my advices: 

1 - comment out dns-blacklist-entry=zen.spamhaus.org 
2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, reject-missing-sender-mx 
and reject-unresolvable-rdns 
3- into /etc/spamdyke/blacklist_recipients add your domain in format 
@your-domain (it will block all mails like to: n...@your-domain from: 
n...@your-domain) 
4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these words : 

dsl 
.com 
.net 
broadband 
dynamic 

I could guarantee you will fall bellow 1% of SPAM with nearly zero false 
positives. Of course someone who can't follow certain guidelines for theirs 
servers will not be able to send you e-mails at all. But you can easily handle 
it by adding IP's in /etc/spamdyke/whitelist_ip or adding senders into 
/etc/spamdyke/whitelist_senders 

I stop using any RBLS services ages ago, they are way unreliable. 

Good luck, 
Eduard Švarc

DATA Intertech s.r.o.
Kladenská 46
160 00 Praha 6
Czech Republic
tel. +420-235365267, fax +420-235361446 

spamdyke-users-boun...@spamdyke.org wrote on 14.12.2009 07:24:03:   
  
_
New Windows 7: Find the right PC for you. Learn more.
http://windows.microsoft.com/shop___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-13 Thread David Stiller

Hi Eduard,

would you please explain me, why you add .com and .net to the
/etc/spamdyke/blacklist_keywords file? They are valid
tld's to send mails from, or do i just miss anything?


Eduard Svarc schrieb:
>
> Hello,
>
> I see you have two things out. 1st you using RBLS, that could give you
> a lot positive false spam. 2nd you completely have commented out best
> thing in SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots and
> spams comming from Internet zombies. Here are my advices:
>
> 1 - comment out dns-blacklist-entry=zen.spamhaus.org
> 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns,
> reject-missing-sender-mx and reject-unresolvable-rdns
> 3- into /etc/spamdyke/blacklist_recipients add your domain in format
> @your-domain (it will block all mails like to: n...@your-domain from:
> n...@your-domain)
> 4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these words :
>
> dsl
> .com
> .net
> broadband
> dynamic
>
> I could guarantee you will fall bellow 1% of SPAM with nearly zero
> false positives. Of course someone who can't follow certain guidelines
> for theirs servers will not be able to send you e-mails at all. But
> you can easily handle it by adding IP's in /etc/spamdyke/whitelist_ip
> or adding senders into /etc/spamdyke/whitelist_senders
>
> I stop using any RBLS services ages ago, they are way unreliable.
>
> Good luck,
> Eduard Švarc
>
> DATA Intertech s.r.o.
> Kladenská 46
> 160 00 Praha 6
> Czech Republic
> tel. +420-235365267, fax +420-235361446
>
> spamdyke-users-boun...@spamdyke.org wrote on 14.12.2009 07:24:03:
>
> > Dear team
> >
> > Greetings to all who is doing/coding such a great application
> >
> > I am experiancing few issues, when i use spamdyke to block the
> > spam's, most of the real time spam's are getting blocked, wherein
> > the false positives ratio is alos significant.
> >
> > Can anyone of you please help me?
> >
> > my spamdyke.conf
> >
> > cat /etc/spamdyke/spamdyke.conf
> > #dns-blacklist-entry=zombie.dnsbl.sorbs.net
> > #dns-blacklist-entry=dul.dnsbl.sorbs.net
> > #dns-blacklist-entry=bogons.cymru.com
> > dns-blacklist-entry=zen.spamhaus.org
> > #dns-blacklist-entry=bl.spamcop.net
> > graylist-dir=/var/spamdyke/graylist
> >
> graylist-exception-rdns-entry=/etc/spamdyke/graylist-exception-rdns-file
> > #graylist-level=none
> > graylist-max-secs=2678400
> > graylist-min-secs=180
> > greeting-delay-secs=5
> > idle-timeout-secs=6000
> > ip-blacklist-file=/etc/spamdyke/blacklist_ip
> > ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
> > ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
> > ip-whitelist-file=/etc/spamdyke/whitelist_ip
> > access-file=/etc/spamdyke/access-file
> > local-domains-file=/var/qmail/control/rcpthosts
> > log-level=info
> > log-target=stderr
> > max-recipients=50
> > #policy-url=http://my.policy.explanation.url/
> > rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
> > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
> > recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
> > recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
> > #reject-empty-rdns
> > ##reject-ip-in-cc-rdns
> > #reject-missing-sender-mx
> > #reject-unresolvable-rdns
> > sender-blacklist-file=/etc/spamdyke/blacklist_senders
> > sender-whitelist-file=/etc/spamdyke/whitelist_senders
> > tls-certificate-file=/var/qmail/control/servercert.pem
> >
> > @40004b1df18e1c8961bc.s:@40004b1d283c1d694a0c spamdyke[23866]:
> >  DENIED_RBL_MATCH from: validemai...@pcisecurity_x.org
> >   to:
> validusern...@mydomain.com
> >  origin_ip: 74.53.136.146 origin_rdns: ruby2.fastnix.com auth: (unknown)
> >  
> >  spamhaus lookup as follows
> >  IP Address Lookup
> >  
> >  *74.53.136.146 is not listed in the SBL*
> >  *74.53.136.146 is not listed in the PBL*
> >  
> >  *74.53.136.146 is not listed in the XBL*
> >  
> >
> > --Nic
> >
> > Windows 7: Find the right PC for you. Learn more.
> > ___
> > spamdyke-users mailing list
> > spamdyke-users@spamdyke.org
> > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> 
>
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>   

<>___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] spamdyke configuration finetuneing

2009-12-13 Thread Eduard Svarc

Hello,

I see you have two things out. 1st you using RBLS, that could give you a 
lot positive false spam. 2nd you completely have commented out best thing 
in SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots and spams 
comming from Internet zombies. Here are my advices:

1 - comment out dns-blacklist-entry=zen.spamhaus.org
2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, 
reject-missing-sender-mx and reject-unresolvable-rdns
3- into /etc/spamdyke/blacklist_recipients add your domain in format 
@your-domain (it will block all mails like to: n...@your-domain from: 
n...@your-domain)
4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these words :

dsl
.com
.net
broadband
dynamic

I could guarantee you will fall bellow 1% of SPAM with nearly zero false 
positives. Of course someone who can't follow certain guidelines for 
theirs servers will not be able to send you e-mails at all. But you can 
easily handle it by adding IP's in /etc/spamdyke/whitelist_ip or adding 
senders into /etc/spamdyke/whitelist_senders

I stop using any RBLS services ages ago, they are way unreliable.

Good luck,
Eduard Švarc

DATA Intertech s.r.o.
Kladenská 46
160 00 Praha 6
Czech Republic
tel. +420-235365267, fax +420-235361446

spamdyke-users-boun...@spamdyke.org wrote on 14.12.2009 07:24:03:

> Dear team
> 
> Greetings to all who is doing/coding such a great application
> 
> I am experiancing few issues, when i use spamdyke to block the 
> spam's, most of the real time spam's are getting blocked, wherein 
> the false positives ratio is alos significant.
> 
> Can anyone of you please help me?
> 
> my spamdyke.conf
> 
> cat /etc/spamdyke/spamdyke.conf
> #dns-blacklist-entry=zombie.dnsbl.sorbs.net
> #dns-blacklist-entry=dul.dnsbl.sorbs.net
> #dns-blacklist-entry=bogons.cymru.com
> dns-blacklist-entry=zen.spamhaus.org
> #dns-blacklist-entry=bl.spamcop.net
> graylist-dir=/var/spamdyke/graylist
> graylist-exception-rdns-entry=/etc/spamdyke/graylist-exception-rdns-file
> #graylist-level=none
> graylist-max-secs=2678400
> graylist-min-secs=180
> greeting-delay-secs=5
> idle-timeout-secs=6000
> ip-blacklist-file=/etc/spamdyke/blacklist_ip
> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
> ip-whitelist-file=/etc/spamdyke/whitelist_ip
> access-file=/etc/spamdyke/access-file
> local-domains-file=/var/qmail/control/rcpthosts
> log-level=info
> log-target=stderr
> max-recipients=50
> #policy-url=http://my.policy.explanation.url/
> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
> #reject-empty-rdns
> ##reject-ip-in-cc-rdns
> #reject-missing-sender-mx
> #reject-unresolvable-rdns
> sender-blacklist-file=/etc/spamdyke/blacklist_senders
> sender-whitelist-file=/etc/spamdyke/whitelist_senders
> tls-certificate-file=/var/qmail/control/servercert.pem
> 
> @40004b1df18e1c8961bc.s:@40004b1d283c1d694a0c spamdyke[23866]: 
>  DENIED_RBL_MATCH from: validemai...@pcisecurity_x.org 
>   to: 
validusern...@mydomain.com 
>  origin_ip: 74.53.136.146 origin_rdns: ruby2.fastnix.com auth: (unknown)
> 
>  spamhaus lookup as follows
>  IP Address Lookup
> 
>  *74.53.136.146 is not listed in the SBL*
>  *74.53.136.146 is not listed in the PBL*
> 
>  *74.53.136.146 is not listed in the XBL*
> 
> 
> --Nic
> 
> Windows 7: Find the right PC for you. Learn more.
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

Re: [spamdyke-users] spamdyke configuration finetuneing

16 matches

Site Navigation

Mail list logo

Footer information