Re: [spamdyke-users] Need Paid Assistance Referral

[Gary Gendel]

Kevin, Qmail looks for the environment variable RELAYCLIENT, if that is set, then qmail will happily relay. My guess is that something upstream or downstream from spamdyke is doing the dirty deed.  For example, if you use tcpserver, check it's rules and make sure that the correct rules have been compiled.  Specifically, look for any rule that would match the offender's ip address: 76.186.240.2. For example, if the following line was in the tcpserver rules file: 78.168.:allow,RELAYCLIENT="" It would be allowed to relay. Gary On 9/26/12 2:10 PM, ke...@firedrum.com wrote: Can anyone refer a company or individual for help with Qmail?   We are fairly experienced admins with email hosting but this one has us stumped.   We installed spamdyke and that has helped considerably to inspect what is happening but were not able to stop access to qmail relaying to remote addresses for this one particular user.   The user can not even be found in our system, yet, this user "tom" can access our smtp and relay mail through.   We are desperate and willing to pay for any assistance.   Thanks, Kevin   Example log file:   09/25/2012 22:29:43 CURRENT CONFIG config-file=/etc/spamdyke.conf dns-blacklist-entry=sbl-xbl.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=b.barracudacentral.org full-log-dir=/var/www/spamdykelog graylist-dir=/var/www/graylist graylist-level=always-create-dir graylist-max-secs=1814400 graylist-min-secs=300 greeting-delay-secs=3 idle-timeout-secs=300 ip-blacklist-file=/var/www/blacklist_ip/ip-blacklist-file ip-in-rdns-keyword-blacklist-file=/var/www/ip-in-rdns-keyword-blacklist-file local-domains-file=/var/qmail/control/rcpthosts log-level=info max-recipients=10 recipient-blacklist-entry=@mail.ru recipient-blacklist-entry=@rambler.ru recipient-blacklist-entry=@udm.ru recipient-blacklist-entry=@trans-oil.ru recipient-blacklist-entry=@rshb.samtel.ru recipient-blacklist-entry=@.ru recipient-blacklist-entry=@yandex.ru reject-missing-sender-mx=1 sender-blacklist-file=/var/www/blacklist_senders/sender-blacklist-file   09/25/2012 22:29:53 LOG OUTPUT AUTH:tom DEBUG(find_username()@spamdyke.c:194): searching for username between positions 9 and 27: RCPT TO:<darkbars...@mail.ru> DEBUG(find_domain()@spamdyke.c:428): searching for domain between positions 20 and 27: RCPT TO:<darkbars...@mail.ru> DEBUG(find_address()@spamdyke.c:793): found username: darkbars666 DEBUG(find_address()@spamdyke.c:810): found domain: mail.ru DEBUG(filter_recipient_relay()@filter.c:2360): checking relaying; relay-level: 0 recipient: darkbars...@mail.ru ip: 76.186.240.2 rdns: cpe-76-186-240-2.tx.res.rr.com local_recipient: false relaying_allowed: false   ALLOWED from: ro...@zaz.com.br to: darkbars...@mail.ru origin_ip: 76.186.240.2 origin_rdns: cpe-76-186-240-2.tx.res.rr.com auth: tom encryption: (none) reason: 250_ok_1348637395_qp_22493              “Get Your Message Out!”   Kevin Troendle | VP Technology FireDrum Internet Marketing Tel: 480.699.1524 | Fax: 480.699.1657 7898 E. Acoma Dr. Suite 210 Scottsdale, AZ 85260 www.FireDrum.com   |   www.firedrummarketing.com                  _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users

_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users