Looks like my messing with the settings for dns-query-type-X configurations broke it. I commented these out and it is working now. Thanks!
On Aug 23, 2013, at 11:12 AM, JP Kelly <listu...@jpkvideo.net> wrote: > That was not set in my config but it is still not working after setting > "dns-server-ip" to my DNS servers ip. > Does this setting need the port added to the ip address? if so is the format > xx.xx.xx.xx:port? > > from the maillog it looks like qmail is able to resolve rDNS: > Aug 23 10:59:38 dv2 /var/qmail/bin/relaylock[22273]: > /var/qmail/bin/relaylock: mail from 201.151.76.82:36001 > (static-201-151-76-82.alestra.net.mx) > > but spamdyke comes up empty for rDNS (along with some other empty info). > Aug 23 10:59:44 dv2 spamdyke[22273]: DENIED_GRAYLISTED from: > virgilap...@acengenhariase.com.br to: virgilap...@jpkvideo.com origin_ip: > 201.151.76.82 origin_rdns: (unknown) auth: (unknown) encryption: (none) > reason: (empty) > > Here is my complete /etc/spamdyke.conf file: > > # cat /etc/spamdyke.conf > # This is an example spamdyke configuration file for spamdyke version 4.3.1. > # > # Without editing, this file will do nothing -- every available option is > # commented out. To enable options, edit the values and remove the comment > # markers at the beginning of the lines (#). > # See the README.html file in spamdyke's documentation directory for a full > # description of each option. The documentation is also available on > spamdyke's > # website: > # http://www.spamdyke.org/ > > ################################################################################ > # Sets spamdyke's overall filter behavior. > # Available values: allow-all, normal, require-auth, reject-all > # Default: normal > filter-level=normal > # Delays the SMTP greeting banner for SECS seconds. A value of 0 disables > this > # feature. > # Default: 0 > #greeting-delay-secs=SECS > # Limit incoming messages to NUM recipients. A value of 0 disables this > max-recipients=15 > # Drop superuser privileges and run as USER instead. > # Default: none > #run-as-user=USER[:GROUP] > # DNS TESTS > # Reject connections from remote servers without rDNS names. > # Default: no > # Reject connections from servers with rDNS names that contain their IP > address > # and end in a two-character country code. > # Reject messages from sender whose domain names have no MX records. > # Reject connections from servers with rDNS names that do not resolve to IP > # addresses. > # Default:no > # LOGGING > # Controls the amount (and detail) of the log messages spamdyke produces. > # Available values: none, error, info, verbose, debug, excessive > # Default: error > log-level=debug > # Controls where spamdyke's log messages are sent. > # Available values: syslog, stderr > # Default: syslog > log-target=syslog > # Outputs all SMTP data into files in DIR. > #full-log-dir=DIR > # CONFIGURATION FILES > # Configuration files can include other configuration files. > #config-file=FILE > # Configuration directories are very powerful but can also be very > complicated; > # don't use them if you don't need to. > # Controls how configuration directories are searched. > # Available values: first, all-ip, all-rdns, all-sender, all-recipient > # Default: first > # TIMEOUTS > # Close the connection after SECS seconds, regardless of activity. A value of > # 0 disables this feature. > #connection-timeout-secs=SECS > # Close the connection after SECS seconds of inactivity. A value of 0 > disables > # this feature. > #idle-timeout-secs=SECS > # SENDERS AND RECIPIENTS > # Reject all recipients that exactly match the sender address. > # LOCAL BLACKLISTS > # Reject connections from IP addresses that match IPADDRESS. > #ip-blacklist-entry=IPADDRESS > # Reject connections from IP addresses that match entries in FILE. > ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip > # Reject connections from rDNS names that match NAME. > # Reject connections from rDNS names that match entries in FILE. > #rdns-blacklist-file=FILE > # Reject connections from rDNS names that match files in DIR. > #rdns-blacklist-dir=DIR > # Reject all messages sent to recipient ADDRESS. > #recipient-blacklist-entry=ADDRESS > # Reject all messages sent to any recipient address listed in FILE. > recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients > # Reject all messages sent from sender ADDRESS. > #sender-blacklist-entry=ADDRESS > # Reject all messages sent from any sender address listed in FILE. > sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders > # Reject connections from rDNS names that contain their IP address and > KEYWORD. > #ip-in-rdns-keyword-blacklist-entry=KEYWORD > # Reject connections from rDNS names that contain their IP address and a > keyword > # in FILE. > ip-in-rdns-keyword-blacklist-file=/var/qmail/spamdyke/blacklist_keywords > # Reject all messages with header lines that match VALUE. > #header-blacklist-entry=VALUE > # Reject all messages sent header lines that match entries in FILE. > #header-blacklist-file=FILE > # LOCAL WHITELISTS > # Whitelist connections from IP addresses that match IPADDRESS. > #ip-whitelist-entry=IPADDRESS > # Whitelist connections from IP addresses that match entries in FILE. > ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip > # Whitelist connections from rDNS names that match NAME. > # Whitelist connections from rDNS names that match entries in FILE. > rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns > # Whitelist connections from rDNS names that match files in DIR. > #rdns-whitelist-dir=DIR > # Whitelist all messages sent to recipient ADDRESS. > #recipient-whitelist-entry=ADDRESS > # Whitelist all messages sent to any recipient address listed in FILE. > #recipient-whitelist-file=FILE > # Whitelist all messages sent from sender ADDRESS. > #sender-whitelist-entry=ADDRESS > # Whitelist all messages sent from any sender address listed in FILE. > sender-whitelist-file=/var/qmail/spamdyke/whitelist_senders > # Whitelist connections from rDNS names that contain their IP address and > # KEYWORD. > #ip-in-rdns-keyword-whitelist-entry=KEYWORD > # Whitelist connections from rDNS names that contain their IP address and a > # keyword in FILE. > #ip-in-rdns-keyword-whitelist-file=FILE > # DNS-BASED BLACKLISTS > # Check a DNS RBL. > # Check all DNS RBLs listed in FILE. > #dns-blacklist-file=FILE > # Check an RHSBL. > # Check all RHSBLs listed in FILE. > #rhs-blacklist-file=FILE > # DNS-BASED WHITELISTS > # Check a DNS whitelist. > # Check all DNS whitelist listed in a file. > #dns-whitelist-file=FILE > # Check an RHS whitelist. > #rhs-whitelist-entry=RHSBL > # Check all RHS whitelists listed in FILE. > #rhs-whitelist-file=FILE > # GRAYLISTING > # Controls the behavior of spamdyke's graylist filter. > # Available values: none, always, always-create-dir, only, only-create-dir > graylist-level=always-create-dir > # Create the graylist files in DIR. > graylist-dir=/var/qmail/spamdyke/greylist > # Invalidate graylist entries after SECS seconds. A value of 0 deactivates > this > #graylist-max-secs=SECS > # Graylist entries are not valid until they are SECS seconds old. A value of > 0 > # deactivates this feature. > #graylist-min-secs=SECS > # Reverse the current graylist behavior for incoming connections whose IP > # addresses match IPADDRESS. > #graylist-exception-ip-entry=IPADDRESS > # Read a list of IP addresses from a file and reverse the current graylist > # behavior for any connections from matching IP addresses. > #graylist-exception-ip-file=FILE > # Reverse the current graylist behavior for incoming connections whose rDNS > # names match NAME. > # Default: none. > #graylist-exception-rdns-entry=NAME > # Read a list of rDNS names from a file and reverse the current graylist > # behavior for any connections from matching rDNS names. > #graylist-exception-rdns-file=FILE > # Search an rDNS directory and reverse the current graylist behavior for any > # connections from matching rDNS names. > #graylist-exception-rdns-dir=DIR > # SMTP AUTHENTICATION > # Controls the way spamdyke offers, supports and processes SMTP > authentication. > # Available values: none, observe, ondemand, ondemand-encrypted, always, > # always-encrypted > # Default: observe > smtp-auth-level=ondemand-encrypted > # Process authentication by running COMMAND, if necessary. > smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true > /var/qmail/bin/cmd5checkpw /bin/true > # Use NAME as the local server's name during CRAM-MD5 authentication. > # Default: unknown.server.unknown.domain > #hostname=NAME > # Read the local server's name from the first line of FILE for use during > # CRAM-MD5 authentication. > # Default: /var/qmail/control/me > #hostname-file=FILE > # Run COMMAND and read the local server's name from the first line of output > # for use during CRAM-MD5 authentication. > #hostname-command=COMMAND > # TLS / SSL > # Controls the way spamdyke offers and supports TLS or SMTPS. > # Available values: none, smtp, smtp-no-passthrough, smtps > #tls-level=VALUE > # Read SSL certificate from FILE. > #tls-certificate-file=/var/qmail/control/servercert.pem > # Read SSL certificate private key from FILE. > #tls-privatekey-file=FILE > # Decrypt SSL certificate private key using PASSWORD. > #tls-privatekey-password=PASSWORD > # Read the password for the SSL certificate private key from the first line of > # FILE. > #tls-privatekey-password-file=FILE > # Only use the ciphers in LIST during TLS or SMTPS. > # Default: DEFAULT > #tls-cipher-list=LIST > # RELAYING OPTIONS > # Sets spamdyke's relay protection level. > # Available values: block-all, no-check, normal, allow-all > #relay-level=VALUE > # spamdyke's relay protection requires reading qmail's access file. > # This file is usually: /etc/tcp.smtp > #access-file=FILE > # Several features require access to the list of locally hosted domains. > # This file is usually: /var/qmail/control/rcpthosts > local-domains-file=/var/qmail/control/rcpthosts > # Adds a single domain to spamdyke's list of locally hosted domains. > #local-domains-entry=DOMAIN > # DNS OPTIONS > # These options should only be used if spamdyke's default behavior is causing > # problems. > # Sets the aggressiveness of spamdyke's DNS resolver. > # Available values: none, normal, aggressive > # Default: aggressive > dns-level=aggressive > # Adds a nameserver to spamdyke's list of primary nameservers. > # Default: none (reads nameservers from /etc/resolv.conf) > dns-server-ip-primary=<REDACTED> > # Adds a nameserver to spamdyke's list of secondary nameservers. > dns-server-ip=<REDACTED> > # Sets the number of times spamdyke queries its primary nameservers. > # Default: 1 > #dns-max-retries-primary=NUM > # Sets the total number of times spamdyke queries nameservers. > # Default: 3 > #dns-max-retries-total=NUM > # Sets the total number of seconds spamdyke will spend on any DNS query. > # Default: 30 > #dns-timeout-secs=SECS > # Sets the name of the file to read for the list of default nameservers. > # Default: /etc/resolv.conf > #dns-resolv-conf=FILE > # Controls whether TCP is used for DNS queries (when needed). > # Available values: none, normal > dns-tcp=normal > # Controls how DNS spoofing is handled. > # Available values: accept-all, accept-same-ip, accept-same-port, reject > # Default: accept-all > #dns-spoof=VALUE > # Controls the types of queries performed when looking up an IP address. > # Available values: a, cname > # Default: a + cname > dns-query-type-a=a > # Controls the types of queries performed when looking up a mail exchanger. > # Available values: a, cname, mx > # Default: a + cname + mx > dns-query-type-mx=mx > # Controls the types of queries performed when looking up a reverse DNS > record. > # Available values: cname, ptr > # Default: cname + ptr > dns-query-type-ptr=cname > # Controls the types of queries performed when looking up a records in DNS > RBLs, > # DNS RWLs, DNS RHSBLs and DNS RHSWLs. > # Available values: a, cname, txt > # Default: a + cname + txt > #dns-query-type-rbl=VALUE > # REJECTION MESSAGES > # Append URL to the end of every rejection message sent to the remote server. > #policy-url=URL > # Use TEXT as the rejection message when a connection is blocked because the > # remote server matches a line in an access file that denies access. > # Default: Refused. > #MySQL-Logging: > config-mysql-database=<REDACTED> > config-mysql-username=<REDACTED> > config-mysql-password=<REDACTED> > graylist-level=always-create-dir > graylist-min-secs=15 > greeting-delay-secs=5 > connection-timeout-secs=5000 > idle-timeout-secs=180 > graylist-max-secs=1814400 > config-dir=/var/qmail/spamdyke/conf.d > config-dir=/var/qmail/spamdyke/conf.s > dns-blacklist-entry=zen.spamhaus.org > #dns-blacklist-entry=bl.spamcop.net > #dns-blacklist-entry=bogons.cymru.com > dns-whitelist-entry=list.dnswl.org > > > On Aug 23, 2013, at 3:28 AM, Gary Gendel <g...@genashor.com> wrote: > >> Did you set "dns-server-ip" in your spamdyke.conf file? If so, it it >> pointing to the right server? >> >> On 08/23/2013 04:58 AM, JP Kelly wrote: >>> I am using spamdyke 4.3.1+TLS+CONFIGTEST+DEBUG+MYSQL[haggybear.de] >>> On Plesk 11 CentOS 5 >>> All of the reverse DNS entries show up as unknown even though I can resolve >>> the IP addresses to valid rDNS hosts. >>> As far as I can tell I have the config file correct but obviously something >>> is wrong. >>> /etc/resolve.conf is fine. I can resolve the hosts from the machine >>> spamdyke is running on using the command 'host <IP ADDRESS>'. >>> Any ideas how to troubleshoot this? >>> TIA >>> JP Kelly >>> >>> _______________________________________________ > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
