Believe me, have hav been reading that documentation many times.
This is what i read:
"One form of wildcard address is supported. All usernames within a 
domain (and its subdomains) may be blocked by a line starting with |@|. 
For example, if the file contained the following entry:| @example.com|
spamdyke will block mail to |f...@example.com|, |f...@mail.example.com|, 
|bar...@mail.internal.example.com|, etc."

Kind Regards
M

Ulrich C. Manns skrev:
> Look at the documentation 
> here: http://www.spamdyke.org/documentation/README.html#REJECTING_ADDRESSES 
>
>
> Spam comes from /paul.si...@artgarfunkel.com 
> <mailto:paul.si...@artgarfunkel.com>/
>
> Add: /sender-blacklist-entry=.artgarfunkel.com/
> or: /sender-blacklist-ent...@artgarfunkel.com 
> <mailto:sender-blacklist-ent...@artgarfunkel.com>/
> to your /spamdyke.conf/
>
> Be shure that your user uses authentification!
>
> Regards,
> Ulrich
>
> Am 15.12.2009 um 22:36 schrieb Magnus Ringdahl:
>
>> Hi, and thanks for your reply.
>> Should i use a "." instead of a "@" as a wildcard?
>>
>> Kind Regards
>> M
>>
>>
>> Ulrich C. Manns skrev:
>>> Just add your domain to the senders blacklist with a . as wildchard. 
>>> Example: u...@spam.com <mailto:u...@spam.com> -> .spam.com
>>>
>>> Your Users should use authentification. So they can send e-mail 
>>> through spamdyke.
>>>
>>> Regards,
>>> Ulrich
>>>
>>> Am 15.12.2009 um 21:54 schrieb Magnus Ringdahl:
>>>
>>>
>>>> Hi.
>>>> I have been using spamdyke for quite some time now, and it reduces my
>>>> spammails alot.
>>>> But it have a hell of a problem with spammers (often viagra) the spoof
>>>> the localdomains.
>>>> I often get spammails where the sending address is the same as my
>>>> receiving address.
>>>> And i dint know how to block them.
>>>>
>>>> I have pasted my configurationfiles so you coould see if there is some
>>>> issues. Using Debian and Plesk 9.2.
>>>>
>>>> spamdyke.conf
>>>> ------------------------------------
>>>> log-level=verbose
>>>> filter-level=normal
>>>> local-domains-file=/var/qmail/control/rcpthosts
>>>> max-recipients=20
>>>> idle-timeout-secs=60
>>>> graylist-level=only
>>>> graylist-dir=/var/qmail/spamdyke/greylist
>>>> graylist-min-secs=300
>>>> graylist-max-secs=1814400
>>>>
>>>> sender-whitelist-file=/var/qmail/spamdyke/whitelisted_senders
>>>> rdns-whitelist-file=/var/qmail/spamdyke/whitelisted_rdns
>>>> ip-whitelist-file=/var/qmail/spamdyke/whitelisted_ip
>>>>
>>>> sender-blacklist-file=/var/qmail/spamdyke/blacklisted_senders
>>>> recipient-blacklist-file=/var/qmail/spamdyke/blacklisted_recipients
>>>> ip-blacklist-file=/var/qmail/spamdyke/blacklisted_ip
>>>> dns-blacklist-entry=zen.spamhaus.org
>>>>
>>>> reject-empty-rdns
>>>> reject-unresolvable-rdns
>>>> greeting-delay-secs=5
>>>> reject-missing-sender-mx
>>>>
>>>> policy-url=http://www.your-domain-here.com/spam_policy
>>>> --------------------------------------------------------------------
>>>>
>>>> smtp_psa
>>>> --------------------------------------------------
>>>> service smtp
>>>> {
>>>>       socket_type     = stream
>>>>       protocol        = tcp
>>>>       wait            = no
>>>>       disable         = no
>>>>       user            = root
>>>>       instances       = UNLIMITED
>>>>       env             = SMTPAUTH=1
>>>>       server          = /var/qmail/bin/tcp-env
>>>>       server_args     = -Rt0 /usr/local/bin/spamdyke -f
>>>> /etc/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd
>>>> /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw
>>>> /var/qmail/bin/true
>>>> }
>>>> ---------------------------------------------------------
>>>>
>>>> The whitelisted_ip file contains the mailservers ip-addresses.
>>>> The blacklisted_senders file contains the localdomains (@domain.tld).
>>>> The blacklisted_words contains alot of words like .t-dialin.net,
>>>> .t-ipconnect.de, .in-addr.arpa, .dhcp, .net, in-addr.arpa, dhcp,
>>>> dynamic, and so on.
>>>>
>>>> I understand the spamdyke filters that they work something like 
>>>> this. If
>>>> the sending server is listed in whitelisted_ip the mail passes the
>>>> filter. If its not listed in whitelisted_ip it then checks the
>>>> blabklisted_senders if the sending address is listed it drops the mail.
>>>> Is that correct?
>>>>
>>>> Here is a sample of the mail.log of a spammail that in my opinion 
>>>> should
>>>> have been dropped but passes all filters.
>>>>
>>>> Dec 15 17:52:55 web01 spamdyke[24928]: TLS_ENCRYPTED from: 
>>>> (unknown) to:
>>>> (unknown) origin_ip: 80.179.197.221 origin_rdns:
>>>> 80.179.197.221.cable.012.net.il auth: (unknown)
>>>> Dec 15 17:52:56 web01 qmail-queue-handlers[24946]: Handlers Filter
>>>> before-queue for qmail started ...
>>>> Dec 15 17:52:56 web01 qmail-queue-handlers[24946]:
>>>> from=vioirecyf8...@012.net.il <mailto:from=vioirecyf8...@012.net.il>
>>>> Dec 15 17:52:56 web01 qmail-queue-handlers[24946]: 
>>>> to=i...@domain.tld <mailto:to=i...@domain.tld>
>>>> Dec 15 17:52:56 web01 spf filter[24947]: Starting spf filter...
>>>> Dec 15 17:52:56 web01 spf filter[24947]: SPF result: neutral
>>>> Dec 15 17:52:56 web01 spf filter[24947]: SPF status: PASS
>>>> Dec 15 17:52:56 web01 qmail: 1260895976.491935 new msg 4252544
>>>> Dec 15 17:52:56 web01 qmail: 1260895976.491935 info msg 4252544: bytes
>>>> 2246 from <vioirecyf8...@012.net.il 
>>>> <mailto:vioirecyf8...@012.net.il>> qp 24948 uid 2020
>>>> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: Handlers Filter
>>>> before-local for qmail started ...
>>>> Dec 15 17:52:56 web01 qmail-local-handlers[24949]:
>>>> from=vioirecyf8...@012.net.il <mailto:from=vioirecyf8...@012.net.il>
>>>> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: 
>>>> to=i...@domain.tld <mailto:to=i...@domain.tld>
>>>> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: mailbox:
>>>> /var/qmail/mailnames/domain.tld/info
>>>> Dec 15 17:52:56 web01 qmail: 1260895976.515935 starting delivery 2744:
>>>> msg 4252544 to local 9-i...@domain.tld <mailto:9-i...@domain.tld>
>>>> Dec 15 17:52:56 web01 qmail: 1260895976.515935 status: local 1/10 
>>>> remote
>>>> 0/20
>>>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 delivery 2744: success:
>>>> did_0+0+2/
>>>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 status: local 0/10 
>>>> remote
>>>> 0/20
>>>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 end msg 4252544
>>>>
>>>> Dec 15 21:22:57 web01 /var/qmail/bin/relaylock[6350]:
>>>> /var/qmail/bin/relaylock: mail from 125.25.15.31:52521
>>>> (125.25.15.31.adsl.dynamic.totbb.net)
>>>> Dec 15 21:22:59 web01 spamdyke[6349]: TLS_ENCRYPTED from: (unknown) to:
>>>> (unknown) origin_ip: 125.25.15.31 origin_rdns:
>>>> 125.25.15.31.adsl.dynamic.totbb.net auth: (unknown)
>>>> Dec 15 21:23:01 web01 qmail-queue-handlers[6354]: Handlers Filter
>>>> before-queue for qmail started ...
>>>> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: 
>>>> from=kundtja...@domain.tld <mailto:from=kundtja...@domain.tld>
>>>> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: 
>>>> to=kundtja...@domain.tld <mailto:to=kundtja...@domain.tld>
>>>> Dec 15 21:23:02 web01 spf filter[6355]: Starting spf filter...
>>>> Dec 15 21:23:02 web01 spf filter[6355]: Error code: (2) Could not 
>>>> find a
>>>> valid SPF record
>>>> Dec 15 21:23:02 web01 spf filter[6355]: Failed to query MAIL-FROM: No
>>>> DNS data for 'domain.tld'.
>>>> Dec 15 21:23:02 web01 spf filter[6355]: SPF result: none
>>>> Dec 15 21:23:02 web01 spf filter[6355]: SPF status: PASS
>>>> Dec 15 21:23:02 web01 qmail-queue[6356]: scan: the
>>>> message(drweb.tmp.Wu6OR3) sent by kundtja...@domain.tld 
>>>> <mailto:kundtja...@domain.tld> to
>>>> kundtja...@domain.tld <mailto:kundtja...@domain.tld> is passed
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 new msg 4253887
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 info msg 4253887: bytes
>>>> 2469 from <kundtja...@domain.tld <mailto:kundtja...@domain.tld>> qp 
>>>> 6357 uid 2020
>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: Handlers Filter
>>>> before-local for qmail started ...
>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: 
>>>> from=kundtja...@domain.tld <mailto:from=kundtja...@domain.tld>
>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: 
>>>> to=kundtja...@domain.tld <mailto:to=kundtja...@domain.tld>
>>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: mailbox:
>>>> /var/qmail/mailnames/domain.tld/kundtjanst
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 starting delivery 2998:
>>>> msg 4253887 to local 98-kundtja...@domain.tld 
>>>> <mailto:98-kundtja...@domain.tld>
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 status: local 1/10 
>>>> remote
>>>> 0/20
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 delivery 2998: success:
>>>> did_0+0+2/
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 status: local 0/10 
>>>> remote
>>>> 0/20
>>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 end msg 4253887
>>>>
>>>> How can i check that smtp_auth is working? Im starting to wonder that
>>>> it's not.
>>>> I hope someone have the time to answer. I have been struggling with 
>>>> this
>>>> for a long time withput getting rid of those annoying mails.
>>>>
>>>> Kind Regards
>>>> M
>>>>
>>>>
>>>> Eduard Svarc skrev:
>>>>
>>>>> Hello,
>>>>>
>>>>> these keywords .net and .com are used just for testing if IP is in
>>>>> reverse DNS listed. Is not done against normal reverse DNS records for
>>>>> servers like mail.somedomain.net <http://mail.somedomain.net>. So 
>>>>> in combination with keyword
>>>>> reject-ip-in-cc-rdns and .net in file
>>>>> /etc/spamdyke/ip-in-rdns-keyword-blacklist-file it will reject mail
>>>>> from 242-29-179-94.pool.ukrtel.net 
>>>>> <http://242-29-179-94.pool.ukrtel.net> because that sender will be
>>>>> positively tested as not valid reverse DNS.
>>>>>
>>>>> use just net without that '.' is not suficient because SPAMDYKE use
>>>>> this '.' as flag for testing end of string only. So listing .com and
>>>>> .net does magic for SPAMDYKE when it testing IP in reverse DNS for
>>>>> country code DNS, like .it,, .uk etc it does same for .com and .net.
>>>>> Personally I did add into that file other ones special domains like
>>>>> .eu, .org, .info, .biz. These should not be used by ISP providers for
>>>>> assigning reverse names, but who knows. Anyway it doesn't hurt my
>>>>> configuration and I'm preparded.
>>>>>
>>>>> Eduard Švarc
>>>>>
>>>>> DATA Intertech s.r.o.
>>>>> Kladenská 46
>>>>> 160 00 Praha 6
>>>>> Czech Republic
>>>>> tel. +420-235365267, fax +420-235361446
>>>>>
>>>>> spamdyke-users-boun...@spamdyke.org 
>>>>> <mailto:spamdyke-users-boun...@spamdyke.org> wrote on 14.12.2009 
>>>>> 09:55:45:
>>>>>
>>>>>
>>>>>> thanks Eduard Švarc
>>>>>>
>>>>>> Same query as david stiller raised, .com, .net are valid domain 
>>>>>> right?
>>>>>>
>>>>>> also
>>>>>>
>>>>>> @400000004b25fa572bd181a4 CHKUSER accepted rcpt: from <fx...@bmelaw.
>>>>>> com::> remote <microsof-7b1919:unknown:94.179.29.242> rcpt
>>>>>> <validdomainu...@mydomain.com 
>>>>>> <mailto:validdomainu...@mydomain.com>> : found existing recipient
>>>>>> @400000004b25fa572bd2316c spamdyke[27021]: ALLOWED from:
>>>>>> fx...@bmelaw.com <mailto:fx...@bmelaw.com> to: 
>>>>>> validdomainu...@mydomain.com 
>>>>>> <mailto:validdomainu...@mydomain.com> origin_ip: 94.179.
>>>>>> 29.242 origin_rdns: 242-29-179-94.pool.ukrtel.net 
>>>>>> <http://242-29-179-94.pool.ukrtel.net> auth: (unknown)
>>>>>>
>>>>>> the above ip is listed in rbl ,
>>>>>>
>>>>>> IP Address Lookup
>>>>>>
>>>>>> [image removed]
>>>>>>
>>>>>> 94.179.29.242 is not listed in the SBL
>>>>>> 94.179.29.242 is listed in the PBL, in the following records:
>>>>>> PBL239543
>>>>>> 94.179.29.242 is not listed in the XBL
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> this doesnt look like false positive
>>>>>>
>>>>>> From: Eduard Svarc <esv...@intertech.cz <mailto:esv...@intertech.cz>>
>>>>>> To: spamdyke users <spamdyke-users@spamdyke.org 
>>>>>> <mailto:spamdyke-users@spamdyke.org>>
>>>>>> Sent: Mon, December 14, 2009 12:48:07 PM
>>>>>> Subject: Re: [spamdyke-users] spamdyke configuration finetuneing
>>>>>>
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I see you have two things out. 1st you using RBLS, that could give
>>>>>> you a lot positive false spam. 2nd you completely have commented out
>>>>>> best thing in SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots
>>>>>> and spams comming from Internet zombies. Here are my advices:
>>>>>>
>>>>>> 1 - comment out dns-blacklist-entry=zen.spamhaus.org
>>>>>> 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, reject-
>>>>>> missing-sender-mx and reject-unresolvable-rdns
>>>>>> 3- into /etc/spamdyke/blacklist_recipients add your domain in format
>>>>>> @your-domain (it will block all mails like to: n...@your-domain from:
>>>>>> n...@your-domain)
>>>>>> 4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these
>>>>>>
>>>>> words :
>>>>>
>>>>>> dsl
>>>>>> .com
>>>>>> .net
>>>>>> broadband
>>>>>> dynamic
>>>>>>
>>>>>> I could guarantee you will fall bellow 1% of SPAM with nearly zero
>>>>>> false positives. Of course someone who can't follow certain
>>>>>> guidelines for theirs servers will not be able to send you e-mails
>>>>>> at all. But you can easily handle it by adding IP's in
>>>>>> /etc/spamdyke/whitelist_ip or adding senders into
>>>>>> /etc/spamdyke/whitelist_senders
>>>>>>
>>>>>> I stop using any RBLS services ages ago, they are way unreliable.
>>>>>>
>>>>>> Good luck,
>>>>>> Eduard Švarc
>>>>>>
>>>>>> DATA Intertech s.r.o.
>>>>>> Kladenská 46
>>>>>> 160 00 Praha 6
>>>>>> Czech Republic
>>>>>> tel. +420-235365267, fax +420-235361446
>>>>>>
>>>>>> spamdyke-users-boun...@spamdyke.org 
>>>>>> <mailto:spamdyke-users-boun...@spamdyke.org> wrote on 14.12.2009 
>>>>>> 07:24:03:
>>>>>>
>>>>>> New Windows 7: Find the right PC for you. Learn more.
>>>>>> _______________________________________________
>>>>>> spamdyke-users mailing list
>>>>>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
>>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>> _______________________________________________
>>>>> spamdyke-users mailing list
>>>>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>>>
>>>>>
>>>> _______________________________________________
>>>> spamdyke-users mailing list
>>>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>>
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>
>> _______________________________________________
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org>
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>   

_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Reply via email to