Just a quick question: have you considered using RDNS blacklist instead? Then you wouldn't need that many IPs for the same mail host.
Cheers, Sebastian On 12.01.2012, at 13:41, Angus McIntyre <an...@pobox.com> wrote: > Apologies in advance for what is undoubtedly going to turn out to be a > "D'oh!" error on my part, but I'm running out of ideas here. > > I'm trying to block incoming mail from French snowshoe spammer > "multi-fax.fr", who sends mail from a range of IP addresses and changes > domain names every day to try to avoid detection. > > In my IP blacklist file at '/home/vpopmail/spamdyke/ip-blacklist', I have > entries: > > 195.43.150.170 > 195.43.150.171 > 194.43.150.172 > > and so forth. The file contains just 40 lines (so I'm not hitting any upper > limits on file size). > > My spamdyke configuration file at '/etc/spamdyke.conf' contains the line: > > ip-blacklist-file=/home/vpopmail/spamdyke/ip-blacklist > > The configuration file does not contain any other 'ip-blacklist-file=' > entries, and 'ip-blacklist-entry' is commented out. > > Spamdyke itself is being invoked with: > > /usr/local/bin/spamdyke -f /etc/spamdyke.conf … > > and I know that the correct config file is being read, because it's creating > its graylists at the appropriate place. Graylisting and blacklisting work > splendidly, by the way. > > However, the French are still getting through. Here's a 'Received' line from > a message: > > Received: from mx.lirmat.net (195.43.150.172) > by mail.mydomain.com with SMTP; 12 Jan 2012 03:15:02 -0500 > > and here's what the logs have to say about it: > > /var/log/maillog:Jan 12 03:15:02 s1 spamdyke[16941]: ALLOWED from: > 2420428z18...@bounce.lirmat.net to: u...@mydomain.com origin_ip: > 195.43.150.172 origin_rdns: mx.lirmat.net auth: (unknown) encryption: (none) > > I was running Spamdyke 4.1.0, I've just upgraded to Spamdyke 4.2.1. > > Can anyone think of a reason why IP blacklisting might not be working? > > Thanks for any help or suggestions, > > Angus > > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
