[qmailtoaster] Re: More SPAM

I like this idea. Please start a new thread. Once it's refined a bit we can start the new wiki with it on github. Will someone please start a new thread for this? Thanks. -- -Eric 'shubes' On 03/12/2014 07:21 AM, Scot Needy wrote: Lets make one! Here are tid bit’s I have picked up over the p

[qmailtoaster] Re: More SPAM

On 03/12/2014 07:47 AM, Scot Needy wrote: Yep spamd is running although I don’t see any denies. 03-12 10:24:02 Mar 12 10:24:02.712 [7620] info: prefork: child states: II 03-12 10:25:15 Mar 12 10:25:15.315 [7644] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 50874 03-12

Re: [qmailtoaster] Re: More SPAM

On 3/12/2014 7:32 AM, Jim Shupert wrote: > > On 3/11/2014 3:09 PM, Eric Shubert wrote: >> On 03/11/2014 11:53 AM, Scot Needy wrote: >>> Yea, >>> >>> I guess that was my original question when I asked about NAT. >>> >>> Forgive me if I ask a dumb question but.. >>> >>> I thought that the source TC

Re: [qmailtoaster] Re: More SPAM

On 3/11/2014 3:09 PM, Eric Shubert wrote: On 03/11/2014 11:53 AM, Scot Needy wrote: Yea, I guess that was my original question when I asked about NAT. Forgive me if I ask a dumb question but.. I thought that the source TCP address wasn’t an issue because much of the spam prevention will l

[qmailtoaster] Re: More SPAM

On 03/12/2014 03:59 AM, Scot Needy wrote: Yea I got, that but I’m a little confused on how one would have multiple mail scanners operating on a msg in flight to a forward. This is how I think that’s working. / / // /The supervise script runs both symscan and spamdyke via the supervise script.

[qmailtoaster] Re: More SPAM

On 03/12/2014 02:55 AM, Finn Buhelt wrote: Hi Scot. Nope You're not alone ! Remember to check /etc/spamdyke/spamdyke.conf to en/disable dns-blacklists, greylists ,time etc.., (advice will be to make use of a couple of these dns-blacklists) Regards, Finn Interesting thread regarding RBLs h

[qmailtoaster] Re: More SPAM

Scot, You really need to get QMT on the perimeter so spamdyke can do its thing. This will give you the biggest bang for your buck. Plus, there's nothing else nearly as effective. I've said for quite some time that if I had to pick just one anti-spam software, it'd be spamdyke hands down. Ther

[qmailtoaster] Re: More SPAM

On 03/11/2014 12:04 PM, Eric Shubert wrote: Yes, blacklists will still help, but not this way. Specify them in the spamdyke.conf file. When spamdyke is installed, the control/blacklists file is not used (it's used by rblsmtpd, which is disabled when spamdyke is installed). Wrong. Sorry, I wasn'

[qmailtoaster] Re: More SPAM

On 03/11/2014 11:53 AM, Scot Needy wrote: Yea, I guess that was my original question when I asked about NAT. Forgive me if I ask a dumb question but.. I thought that the source TCP address wasn’t an issue because much of the spam prevention will look at mail headers not just the TCP source

[qmailtoaster] Re: More SPAM

On 03/11/2014 11:40 AM, Scot Needy wrote: I had to disable my SPF checks until I get this resolved. /var/qmail/control/spfbehavior = 1 Not entirely a bad thing. But even with this disables I should still be using blacklists and other spamdyke features. Like I said, spamdyke's not nearly as

[qmailtoaster] Re: More SPAM

On 03/11/2014 10:46 AM, Scot Needy wrote: The device is behind a firewall/SLB. So I take it that all of the messages appear to be coming from the 10.x address. spamdyke's pretty much ineffective that way, because it relies heavily on the sender's IP address for many of its filters. I can't

[qmailtoaster] Re: More SPAM

On 03/11/2014 09:57 AM, Scot Needy wrote: NOTE: All sender domains and IP’s have been replaced with a unique name. CHKUSER accepted sender: from remote rcpt <> : sender accepted spamdyke[8804]: DENIED_OTHER from:joeu...@mydomain.com to:serviced...@supportdomain.com origin_ip: 10.189.254.

[qmailtoaster] Re: More SPAM

I would expect the SPF patch to be checking the (assuming public) IP of the sending server. Is this not the case? An example from your smtp log might be helpful. qmlog can find this easily for you. -- -Eric 'shubes' On 03/11/2014 08:49 AM, Scot Needy wrote: Appears to be a valid deny based

[qmailtoaster] Re: More SPAM

On 03/11/2014 08:16 AM, Scot Needy wrote: SPAM dyke is working great but I am also getting false positives from my clients SPF records. Just to be clear, SPF checking doesn't happen in spamdyke. Yet. This might be a feature of spamdyke in the future. In the meantime, I've seen problems in t

[qmailtoaster] Re: More SPAM

FWIW, I set up my servers to authenticate using a "relay" account when sending emails for logwatch, cron and such. They all use the same account. I haven't bothered setting up any restrictions regarding turning off imap and pop3, nor doing anything about receiving email for that account. For ha

Re: [qmailtoaster] Re: More SPAM

Just wanted to sound off the list as I would have figured this to be a common requirement that has been solved many times over. On Mar 10, 2014, at 5:24 AM, Eric Shubert wrote: > On 03/09/2014 08:01 PM, Scot Needy wrote: >> Yes, I could, but I was really hoping to avoid managing psudo users a

[qmailtoaster] Re: More SPAM

On 03/09/2014 08:01 PM, Scot Needy wrote: Yes, I could, but I was really hoping to avoid managing psudo users as employees come and go from support here as well as AD. A single common account and password seems to be the best way to handle this One password to change when an employee leaves.

[qmailtoaster] Re: More SPAM

Can't you (simply) set up each support person with their own authentication account, and configure their client with supp...@mydomain.com as the sender email address? -- -Eric 'shubes' On 03/09/2014 07:11 AM, Scot wrote: I would prefer not to have a local account and password shared by everyo

Re: [qmailtoaster] Re: More SPAM

I would prefer not to have a local account and password shared by everyone in support. Sending mail from an authenticated user was the only way it would relay the mail. I don't want to inadvertently create an open relay either. My support users can come from a variety of ip's but even adding a

[qmailtoaster] Re: More SPAM

On 03/07/2014 11:57 PM, sco...@gmail.com wrote: For my purpose I just want them to be able to reply to these forwards assupp...@mydomain.com. And send new mail assupp...@mydomain.com so when customers reply, mail goes back tosupp...@mydomain.com That's trivial, right? -- -Eric 'shubes' --

Re: [qmailtoaster] Re: More SPAM

Reverse that. Exchange are user accounts and the toaster will be used to send supp...@mydomain.com mail to them via a forward right now. Outlook and any other mail client worth it's bits can have multiple mail accounts setup. If that's the way to go.. For my purpose I just want them to be ab

[qmailtoaster] Re: More SPAM

On 03/07/2014 03:05 PM, Scot Needy wrote: Ok Got spamdyke up and running. Seems to be catching the spam very well.. This domain has no local accounts at this time other than postmaster and other admin accounts. So I have a forward supp...@mydomain.com -> Exchang

[qmailtoaster] Re: More

"No Email For You!" ;) -- -Eric 'shubes' On 03/07/2014 02:16 PM, rk...@simplicityhosting.com wrote: only one to get users to stop lyingcancel them! ;) On March 8, 2014 4:11:11 AM GMT+07:00, Dave M wrote: Stop everything.. My users are lying to me, The iphone test failed

[qmailtoaster] Re: More

Try # qmlog -lc "recipient@domain" send ? -- -Eric 'shubes' On 03/07/2014 01:52 PM, Dave M wrote: qmlog -lc send qmlog - pattern not found in any send logs Yes I changed recipi...@domain.com to real address`s which gave errors ?? Dave M On 3/7/2014 1:31 PM, Eric Shubert wrote

Re: [qmailtoaster] Re: More

only one to get users to stop lyingcancel them! ;) On March 8, 2014 4:11:11 AM GMT+07:00, Dave M wrote: >Stop everything.. > >My users are lying to me, >The iphone test failed for this particular one: >Meaning , their email account was rejected by their server , not ours. > >Sorry guys, I

Re: [qmailtoaster] Re: More

Stop everything.. My users are lying to me, The iphone test failed for this particular one: Meaning , their email account was rejected by their server , not ours. Sorry guys, I will gather more precise information in future. Dave M On 3/7/2014 2:08 PM, Dave M wrote: Now running qmlog -l

Re: [qmailtoaster] Re: More

Now running qmlog -lc send gives 03-07 14:01:15 delivery 1925: failure: User_and_password_not_set,_continuing_without_authentication./68.178.213.37_does_not_like_recipient./Remote_host_said:_550_5.1.1__recipient_rejected/Giving_up_on_68.178.213.37./ but I am told it worked from iphone, with em

Re: [qmailtoaster] Re: More

second test to another user comes back Sorry, I couldn't find a mail exchanger or IP address. (#5.4.4) On 3/7/2014 2:03 PM, Dave Gmail wrote: New test ( from PC ) to these emails quickly returns errors User and password not set, continuing without authentication. 68.178.213.37 does not like r

Re: [qmailtoaster] Re: More

New test ( from PC ) to these emails quickly returns errors User and password not set, continuing without authentication. 68.178.213.37 does not like recipient. However , test from iPhone works On 3/7/2014 2:00 PM, Dave M wrote: More: in the send log folder , I have 98 files like this @4000

Re: [qmailtoaster] Re: More

More: in the send log folder , I have 98 files like this @40005318107705f638e4 each is 975 kb, inside each is 12962 lines of this same message @40005318107705f638e4 alert: cannot start: qmail-send is already running Server has now been reboot, and these messages have stopped. I will g

Re: [qmailtoaster] Re: More

looking at send logs manually is see thousands of this @40005318107705f638e4 alert: cannot start: qmail-send is already running On 3/7/2014 1:52 PM, Dave M wrote: qmlog -lc send qmlog - pattern not found in any send logs Yes I changed recipi...@domain.com to real address`s which gave erro

Re: [qmailtoaster] Re: More

qmlog -lc send qmlog - pattern not found in any send logs Yes I changed recipi...@domain.com to real address`s which gave errors ?? Dave M On 3/7/2014 1:31 PM, Eric Shubert wrote: Can you find corresponding messages in send log? # qmlog -lc send On 03/07/2014 01:14 PM, Dave G

[qmailtoaster] Re: More

Can you find corresponding messages in send log? # qmlog -lc send On 03/07/2014 01:14 PM, Dave Gmail wrote: Seeing this in bounce messages from my users On 3/7/2014 12:33 PM, Eric Shubert wrote: On 03/07/2014 11:39 AM, Dave M wrote: Hi Guys, starting to get more and more of these errors S

Re: [qmailtoaster] Re: More

Seeing this in bounce messages from my users On 3/7/2014 12:33 PM, Eric Shubert wrote: On 03/07/2014 11:39 AM, Dave M wrote: Hi Guys, starting to get more and more of these errors Sorry, I couldn't find a mail exchanger or IP address. (#5.4.4) Various domain names, I have pdns resolver ins

[qmailtoaster] Re: More SPAM

spamdyke will reject 80+% of spam w/out even receiving it. That lightens the load on your server considerably as well, as none of these messages are scanned by clamav and spamassassin, which are cpu intensive. Everyone should run spamdyke. It's 'stock' in the upcoming QMT packages. You should

[qmailtoaster] Re: More

On 03/07/2014 11:39 AM, Dave M wrote: Hi Guys, starting to get more and more of these errors Sorry, I couldn't find a mail exchanger or IP address. (#5.4.4) Various domain names, I have pdns resolver installed , and have done for some time. my resolv.conf only has 127.0.0.1 If I " dig "the a

[qmailtoaster] Re: More SPAM

Your QMAILQUEUE appears to be ok. Otherwise, you wouldn't be seeing any messages in the spamd log. Do you have spamdyke installed? That's where the robust spam control is happening. You'll see the results when you # qmlog -f smtp -- -Eric 'shubes' On 03/07/2014 11:07 AM, Scot Needy wrote: I

[qmailtoaster] Re: More SPAM

On 03/07/2014 07:39 AM, Scot Needy wrote: My spam assassin does not appear to be working. Appears to me to be working. If you're running spamdyke, it's very likely that spamassassin won't find much spam. Anyone have any good links for validating and troubleshooting spam through a NAT ?