Thanks Sam. That's brilliant and hugely helpful.
I'll try to do this this evening, and failing that over the weekend. I will also check the whitelists again in case I missed something. Yes, ms2 is the edge server and that's where the sender is backlisted, although I've just added it to the ip147 one as well for good measure :) From: spamdyke-users [mailto:spamdyke-users-boun...@spamdyke.org] On Behalf Of Sam Clippinger via spamdyke-users Sent: 21 July 2016 14:14 To: spamdyke users <spamdyke-users@spamdyke.org> Subject: Re: [spamdyke-users] can't block envelope sender >From what I can see, spamdyke should be blocking those messages. This could be a bug, but first I'd suggest carefully checking your whitelists. In almost every case I've seen like this where a blacklist simply will not work, it turns out to be a whitelist entry that's overriding it. You mentioned your email flows through several different servers before it reaches the user's mailbox... from the message headers, it looks like ms2 is your edge server, is that where the blacklist entry is set? If you can login to ms2 at the command line, you could also try running spamdyke by hand so you can see more verbose output without flooding your logs. You don't need to stop your mail server for this; it won't interfere with any normal operations. First, set an environment variable so spamdyke will think it's getting a connection from a remote server: export TCPREMOTEIP=94.143.105.188 Next create a very small spamdyke config file (can be anywhere, doesn't have to be in /etc) with two options: log-target=stderr log-level=excessive Then find the command line spamdyke is started with (in your "run" file) and run it the same way, but add another "-f" for the new config file AFTER your real config file. (If you're curious why, it's because config options are applied in the order they are read. We want to override those two options for this run, so they need to be read last.) For example, on my server I would run this: spamdyke -f /etc/spamdyke.d/spamdyke.conf -f /tmp/testing.conf -- /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true You should see the SMTP greeting banner just like a mail client does (possibly delayed a few seconds by spamdyke) plus debug messages that would normally go in the logs. Type in these SMTP commands to imitate a client and test the blacklist: EHLO cloudtengroup1.mta.dotmailer.com <http://cloudtengroup1.mta.dotmailer.com> MAIL FROM:<bo-3ueb-2dqy-yto27-c0...@tooplemail.com <mailto:bo-3ueb-2dqy-yto27-c0...@tooplemail.com> > RCPT TO:<redac...@redacted.tld <mailto:redac...@redacted.tld> > At that point, you should see either a 250 response if the message is accepted or a 500 response if it is blocked, plus tons of debugging output from spamdyke to show what it's thinking. You can type QUIT or ctrl-C to exit. Hopefully that'll show what's happening. If you can't spot the issue or have trouble deciphering the output, feel free to email it to me privately and I'll take a look.
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users