I think you're exactly right -- the filter was triggered once and no other DNS lookups were performed. Then multiple recipients were given, so you're seeing a rejection line for each one. If you want to be absolutely sure, you could enable the "full-log-dir" option to capture one of these deliveries -- that log will show all the DNS traffic and all of the SMTP traffic.
-- Sam Clippinger On Jan 15, 2016, at 2:32 PM, Faris Raouf via spamdyke-users <spamdyke-users@spamdyke.org> wrote: > Dear Sam/everyone, > > With verbose logging enabled, is it reasonable to assume that the only time > the RBLs Spamdyke is configured to use are actually queried is when a > FILTER_RBL_MATCH appears in the log? > > The reason I’m asking is that there seem to be an order of magnitude more > DENIED_RBL_MATCH entries in the log than there are FILTER_RBL_MATCH entries. > > Here’s a cut down example of what I’m talking about: > > spamdyke[30436]: FILTER_RBL_MATCH ip: 67.233.95.226 rbl: Redacted-RBL.tld > > > > spamdyke[30436]: DENIED_RBL_MATCH from: wpvuhihjsye...@enterprisefishco.com > to: rik...@redacted.tld origin_ip: 67.233.95.226 origin_rdns: > va-67-233-95-226.dhcp.embarqhsd.net auth: (unknown) encryption: (none) > reason: > │ > spamdyke[30436]: DENIED_RBL_MATCH from: wpvuhihjsye...@enterprisefishco.com > to: riki_10@ redacted.tld origin_ip: 67.233.95.226 origin_rdns: > va-67-233-95-226.dhcp.embarqhsd.net auth: (unknown) encryption: (none) > reason: > │ > spamdyke[30436]: DENIED_RBL_MATCH from: wpvuhihjsye...@enterprisefishco.com > to: riki_10n@ redacted.tld origin_ip: 67.233.95.226 origin_rdns: > va-67-233-95-226.dhcp.embarqhsd.net auth: (unknown) encryption: (none) > reason: > [In reality there can be as many as 20 or more messages from the same IP, all > rejected] > > So, in this example, *three* messages have been rejected but there’s only > been *one* set of RBL lookups (to all the RBLs that spamdye has been > configured to use), I hope? > > I’m assuming that this is a result of an attempt to send to more than one > recipient in the course of one connection or something along those lines. At > any rate the connecting IP of long sets of DENIED_RBL_MATCH rejected messages > is the same, and corresponds to the IP shown in the FILTER_RBL_MATCH log > entry that precedes them. > > Is this a reasonable assumption, or am I off-target? > > Thanks, > > Faris. > > > > > > > > > > > > > > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
