Believe me, have hav been reading that documentation many times. This is what i read: "One form of wildcard address is supported. All usernames within a domain (and its subdomains) may be blocked by a line starting with |@|. For example, if the file contained the following entry:| @example.com| spamdyke will block mail to |f...@example.com|, |f...@mail.example.com|, |bar...@mail.internal.example.com|, etc."
Kind Regards M Ulrich C. Manns skrev: > Look at the documentation > here: http://www.spamdyke.org/documentation/README.html#REJECTING_ADDRESSES > > > Spam comes from /paul.si...@artgarfunkel.com > <mailto:paul.si...@artgarfunkel.com>/ > > Add: /sender-blacklist-entry=.artgarfunkel.com/ > or: /sender-blacklist-ent...@artgarfunkel.com > <mailto:sender-blacklist-ent...@artgarfunkel.com>/ > to your /spamdyke.conf/ > > Be shure that your user uses authentification! > > Regards, > Ulrich > > Am 15.12.2009 um 22:36 schrieb Magnus Ringdahl: > >> Hi, and thanks for your reply. >> Should i use a "." instead of a "@" as a wildcard? >> >> Kind Regards >> M >> >> >> Ulrich C. Manns skrev: >>> Just add your domain to the senders blacklist with a . as wildchard. >>> Example: u...@spam.com <mailto:u...@spam.com> -> .spam.com >>> >>> Your Users should use authentification. So they can send e-mail >>> through spamdyke. >>> >>> Regards, >>> Ulrich >>> >>> Am 15.12.2009 um 21:54 schrieb Magnus Ringdahl: >>> >>> >>>> Hi. >>>> I have been using spamdyke for quite some time now, and it reduces my >>>> spammails alot. >>>> But it have a hell of a problem with spammers (often viagra) the spoof >>>> the localdomains. >>>> I often get spammails where the sending address is the same as my >>>> receiving address. >>>> And i dint know how to block them. >>>> >>>> I have pasted my configurationfiles so you coould see if there is some >>>> issues. Using Debian and Plesk 9.2. >>>> >>>> spamdyke.conf >>>> ------------------------------------ >>>> log-level=verbose >>>> filter-level=normal >>>> local-domains-file=/var/qmail/control/rcpthosts >>>> max-recipients=20 >>>> idle-timeout-secs=60 >>>> graylist-level=only >>>> graylist-dir=/var/qmail/spamdyke/greylist >>>> graylist-min-secs=300 >>>> graylist-max-secs=1814400 >>>> >>>> sender-whitelist-file=/var/qmail/spamdyke/whitelisted_senders >>>> rdns-whitelist-file=/var/qmail/spamdyke/whitelisted_rdns >>>> ip-whitelist-file=/var/qmail/spamdyke/whitelisted_ip >>>> >>>> sender-blacklist-file=/var/qmail/spamdyke/blacklisted_senders >>>> recipient-blacklist-file=/var/qmail/spamdyke/blacklisted_recipients >>>> ip-blacklist-file=/var/qmail/spamdyke/blacklisted_ip >>>> dns-blacklist-entry=zen.spamhaus.org >>>> >>>> reject-empty-rdns >>>> reject-unresolvable-rdns >>>> greeting-delay-secs=5 >>>> reject-missing-sender-mx >>>> >>>> policy-url=http://www.your-domain-here.com/spam_policy >>>> -------------------------------------------------------------------- >>>> >>>> smtp_psa >>>> -------------------------------------------------- >>>> service smtp >>>> { >>>> socket_type = stream >>>> protocol = tcp >>>> wait = no >>>> disable = no >>>> user = root >>>> instances = UNLIMITED >>>> env = SMTPAUTH=1 >>>> server = /var/qmail/bin/tcp-env >>>> server_args = -Rt0 /usr/local/bin/spamdyke -f >>>> /etc/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd >>>> /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw >>>> /var/qmail/bin/true >>>> } >>>> --------------------------------------------------------- >>>> >>>> The whitelisted_ip file contains the mailservers ip-addresses. >>>> The blacklisted_senders file contains the localdomains (@domain.tld). >>>> The blacklisted_words contains alot of words like .t-dialin.net, >>>> .t-ipconnect.de, .in-addr.arpa, .dhcp, .net, in-addr.arpa, dhcp, >>>> dynamic, and so on. >>>> >>>> I understand the spamdyke filters that they work something like >>>> this. If >>>> the sending server is listed in whitelisted_ip the mail passes the >>>> filter. If its not listed in whitelisted_ip it then checks the >>>> blabklisted_senders if the sending address is listed it drops the mail. >>>> Is that correct? >>>> >>>> Here is a sample of the mail.log of a spammail that in my opinion >>>> should >>>> have been dropped but passes all filters. >>>> >>>> Dec 15 17:52:55 web01 spamdyke[24928]: TLS_ENCRYPTED from: >>>> (unknown) to: >>>> (unknown) origin_ip: 80.179.197.221 origin_rdns: >>>> 80.179.197.221.cable.012.net.il auth: (unknown) >>>> Dec 15 17:52:56 web01 qmail-queue-handlers[24946]: Handlers Filter >>>> before-queue for qmail started ... >>>> Dec 15 17:52:56 web01 qmail-queue-handlers[24946]: >>>> from=vioirecyf8...@012.net.il <mailto:from=vioirecyf8...@012.net.il> >>>> Dec 15 17:52:56 web01 qmail-queue-handlers[24946]: >>>> to=i...@domain.tld <mailto:to=i...@domain.tld> >>>> Dec 15 17:52:56 web01 spf filter[24947]: Starting spf filter... >>>> Dec 15 17:52:56 web01 spf filter[24947]: SPF result: neutral >>>> Dec 15 17:52:56 web01 spf filter[24947]: SPF status: PASS >>>> Dec 15 17:52:56 web01 qmail: 1260895976.491935 new msg 4252544 >>>> Dec 15 17:52:56 web01 qmail: 1260895976.491935 info msg 4252544: bytes >>>> 2246 from <vioirecyf8...@012.net.il >>>> <mailto:vioirecyf8...@012.net.il>> qp 24948 uid 2020 >>>> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: Handlers Filter >>>> before-local for qmail started ... >>>> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: >>>> from=vioirecyf8...@012.net.il <mailto:from=vioirecyf8...@012.net.il> >>>> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: >>>> to=i...@domain.tld <mailto:to=i...@domain.tld> >>>> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: mailbox: >>>> /var/qmail/mailnames/domain.tld/info >>>> Dec 15 17:52:56 web01 qmail: 1260895976.515935 starting delivery 2744: >>>> msg 4252544 to local 9-i...@domain.tld <mailto:9-i...@domain.tld> >>>> Dec 15 17:52:56 web01 qmail: 1260895976.515935 status: local 1/10 >>>> remote >>>> 0/20 >>>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 delivery 2744: success: >>>> did_0+0+2/ >>>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 status: local 0/10 >>>> remote >>>> 0/20 >>>> Dec 15 17:52:56 web01 qmail: 1260895976.523935 end msg 4252544 >>>> >>>> Dec 15 21:22:57 web01 /var/qmail/bin/relaylock[6350]: >>>> /var/qmail/bin/relaylock: mail from 125.25.15.31:52521 >>>> (125.25.15.31.adsl.dynamic.totbb.net) >>>> Dec 15 21:22:59 web01 spamdyke[6349]: TLS_ENCRYPTED from: (unknown) to: >>>> (unknown) origin_ip: 125.25.15.31 origin_rdns: >>>> 125.25.15.31.adsl.dynamic.totbb.net auth: (unknown) >>>> Dec 15 21:23:01 web01 qmail-queue-handlers[6354]: Handlers Filter >>>> before-queue for qmail started ... >>>> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: >>>> from=kundtja...@domain.tld <mailto:from=kundtja...@domain.tld> >>>> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: >>>> to=kundtja...@domain.tld <mailto:to=kundtja...@domain.tld> >>>> Dec 15 21:23:02 web01 spf filter[6355]: Starting spf filter... >>>> Dec 15 21:23:02 web01 spf filter[6355]: Error code: (2) Could not >>>> find a >>>> valid SPF record >>>> Dec 15 21:23:02 web01 spf filter[6355]: Failed to query MAIL-FROM: No >>>> DNS data for 'domain.tld'. >>>> Dec 15 21:23:02 web01 spf filter[6355]: SPF result: none >>>> Dec 15 21:23:02 web01 spf filter[6355]: SPF status: PASS >>>> Dec 15 21:23:02 web01 qmail-queue[6356]: scan: the >>>> message(drweb.tmp.Wu6OR3) sent by kundtja...@domain.tld >>>> <mailto:kundtja...@domain.tld> to >>>> kundtja...@domain.tld <mailto:kundtja...@domain.tld> is passed >>>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 new msg 4253887 >>>> Dec 15 21:23:02 web01 qmail: 1260908582.819935 info msg 4253887: bytes >>>> 2469 from <kundtja...@domain.tld <mailto:kundtja...@domain.tld>> qp >>>> 6357 uid 2020 >>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: Handlers Filter >>>> before-local for qmail started ... >>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: >>>> from=kundtja...@domain.tld <mailto:from=kundtja...@domain.tld> >>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: >>>> to=kundtja...@domain.tld <mailto:to=kundtja...@domain.tld> >>>> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: mailbox: >>>> /var/qmail/mailnames/domain.tld/kundtjanst >>>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 starting delivery 2998: >>>> msg 4253887 to local 98-kundtja...@domain.tld >>>> <mailto:98-kundtja...@domain.tld> >>>> Dec 15 21:23:02 web01 qmail: 1260908582.855935 status: local 1/10 >>>> remote >>>> 0/20 >>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 delivery 2998: success: >>>> did_0+0+2/ >>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 status: local 0/10 >>>> remote >>>> 0/20 >>>> Dec 15 21:23:02 web01 qmail: 1260908582.859935 end msg 4253887 >>>> >>>> How can i check that smtp_auth is working? Im starting to wonder that >>>> it's not. >>>> I hope someone have the time to answer. I have been struggling with >>>> this >>>> for a long time withput getting rid of those annoying mails. >>>> >>>> Kind Regards >>>> M >>>> >>>> >>>> Eduard Svarc skrev: >>>> >>>>> Hello, >>>>> >>>>> these keywords .net and .com are used just for testing if IP is in >>>>> reverse DNS listed. Is not done against normal reverse DNS records for >>>>> servers like mail.somedomain.net <http://mail.somedomain.net>. So >>>>> in combination with keyword >>>>> reject-ip-in-cc-rdns and .net in file >>>>> /etc/spamdyke/ip-in-rdns-keyword-blacklist-file it will reject mail >>>>> from 242-29-179-94.pool.ukrtel.net >>>>> <http://242-29-179-94.pool.ukrtel.net> because that sender will be >>>>> positively tested as not valid reverse DNS. >>>>> >>>>> use just net without that '.' is not suficient because SPAMDYKE use >>>>> this '.' as flag for testing end of string only. So listing .com and >>>>> .net does magic for SPAMDYKE when it testing IP in reverse DNS for >>>>> country code DNS, like .it,, .uk etc it does same for .com and .net. >>>>> Personally I did add into that file other ones special domains like >>>>> .eu, .org, .info, .biz. These should not be used by ISP providers for >>>>> assigning reverse names, but who knows. Anyway it doesn't hurt my >>>>> configuration and I'm preparded. >>>>> >>>>> Eduard Švarc >>>>> >>>>> DATA Intertech s.r.o. >>>>> Kladenská 46 >>>>> 160 00 Praha 6 >>>>> Czech Republic >>>>> tel. +420-235365267, fax +420-235361446 >>>>> >>>>> spamdyke-users-boun...@spamdyke.org >>>>> <mailto:spamdyke-users-boun...@spamdyke.org> wrote on 14.12.2009 >>>>> 09:55:45: >>>>> >>>>> >>>>>> thanks Eduard Švarc >>>>>> >>>>>> Same query as david stiller raised, .com, .net are valid domain >>>>>> right? >>>>>> >>>>>> also >>>>>> >>>>>> @400000004b25fa572bd181a4 CHKUSER accepted rcpt: from <fx...@bmelaw. >>>>>> com::> remote <microsof-7b1919:unknown:94.179.29.242> rcpt >>>>>> <validdomainu...@mydomain.com >>>>>> <mailto:validdomainu...@mydomain.com>> : found existing recipient >>>>>> @400000004b25fa572bd2316c spamdyke[27021]: ALLOWED from: >>>>>> fx...@bmelaw.com <mailto:fx...@bmelaw.com> to: >>>>>> validdomainu...@mydomain.com >>>>>> <mailto:validdomainu...@mydomain.com> origin_ip: 94.179. >>>>>> 29.242 origin_rdns: 242-29-179-94.pool.ukrtel.net >>>>>> <http://242-29-179-94.pool.ukrtel.net> auth: (unknown) >>>>>> >>>>>> the above ip is listed in rbl , >>>>>> >>>>>> IP Address Lookup >>>>>> >>>>>> [image removed] >>>>>> >>>>>> 94.179.29.242 is not listed in the SBL >>>>>> 94.179.29.242 is listed in the PBL, in the following records: >>>>>> PBL239543 >>>>>> 94.179.29.242 is not listed in the XBL >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> this doesnt look like false positive >>>>>> >>>>>> From: Eduard Svarc <esv...@intertech.cz <mailto:esv...@intertech.cz>> >>>>>> To: spamdyke users <spamdyke-users@spamdyke.org >>>>>> <mailto:spamdyke-users@spamdyke.org>> >>>>>> Sent: Mon, December 14, 2009 12:48:07 PM >>>>>> Subject: Re: [spamdyke-users] spamdyke configuration finetuneing >>>>>> >>>>>> >>>>>> Hello, >>>>>> >>>>>> I see you have two things out. 1st you using RBLS, that could give >>>>>> you a lot positive false spam. 2nd you completely have commented out >>>>>> best thing in SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots >>>>>> and spams comming from Internet zombies. Here are my advices: >>>>>> >>>>>> 1 - comment out dns-blacklist-entry=zen.spamhaus.org >>>>>> 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, reject- >>>>>> missing-sender-mx and reject-unresolvable-rdns >>>>>> 3- into /etc/spamdyke/blacklist_recipients add your domain in format >>>>>> @your-domain (it will block all mails like to: n...@your-domain from: >>>>>> n...@your-domain) >>>>>> 4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these >>>>>> >>>>> words : >>>>> >>>>>> dsl >>>>>> .com >>>>>> .net >>>>>> broadband >>>>>> dynamic >>>>>> >>>>>> I could guarantee you will fall bellow 1% of SPAM with nearly zero >>>>>> false positives. Of course someone who can't follow certain >>>>>> guidelines for theirs servers will not be able to send you e-mails >>>>>> at all. But you can easily handle it by adding IP's in >>>>>> /etc/spamdyke/whitelist_ip or adding senders into >>>>>> /etc/spamdyke/whitelist_senders >>>>>> >>>>>> I stop using any RBLS services ages ago, they are way unreliable. >>>>>> >>>>>> Good luck, >>>>>> Eduard Švarc >>>>>> >>>>>> DATA Intertech s.r.o. >>>>>> Kladenská 46 >>>>>> 160 00 Praha 6 >>>>>> Czech Republic >>>>>> tel. +420-235365267, fax +420-235361446 >>>>>> >>>>>> spamdyke-users-boun...@spamdyke.org >>>>>> <mailto:spamdyke-users-boun...@spamdyke.org> wrote on 14.12.2009 >>>>>> 07:24:03: >>>>>> >>>>>> New Windows 7: Find the right PC for you. Learn more. >>>>>> _______________________________________________ >>>>>> spamdyke-users mailing list >>>>>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org> >>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> spamdyke-users mailing list >>>>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org> >>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>> >>>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org> >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org> >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >> >> _______________________________________________ >> spamdyke-users mailing list >> spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org> >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > ------------------------------------------------------------------------ > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
