RE: [qmailtoaster] Re: Spam Help Plz
Good point Eric... I didn't think of this, since I'm not yet using the QMT in production yet, and am still using Qmailrocks (Is that a 4 letter word around here? :-) ) w/Spamdyke set to handle TLS directly...So, in my case, only Spamdyke is handling TLS, since my Qmail doesn't support it. (I don't think I ever configured it, or installed the patch, or whatever..I forget now!) I didn't like the way Spamdyke worked when allowing the TLS connection to bypass it, so I felt it better to have Spamdyke offer TLS, and then still be able to utilize all of it's filters. Although, I think the most of it's filters would still work, those based on the initial SMTP connection (RBL's etc), but graylisting, white/black listed sender/recipients, etc would not, so it could be exploited to some degree. I still think the best way to determine your issue Raphael is to provide the e-mail headers... :-) I've got my users trained...When they have any issues, either with spam getting through, or someone trying to send e-mail to them getting a bounce, they send me headers. Usually makes short work of figuring out the problem. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: Thursday, November 05, 2009 11:02 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Spam Help Plz Rafael Andrade wrote: Hello all, Im using qmailtoaster two years a go, and i`m very satisfied... some days a go my users receiving lots of spams, Tagged in subjects (spamassassin) or not. What could I be making to get better? Actually im using Qmailtoaster + Spamdyke with greylist. Excuse for english. My confs below: cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT= 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con trol/domainkeys/%/private,NOP0FCHECK=1 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120 ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke ys/%/private,NOP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 cat /var/qmail/control/simcontrol :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. idw:.ipt cat /etc/spamdyke/spamdyke.conf # rbl dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=dnsbl.njabl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts #log-level=debug log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients Raphael, I just came across what I think is a possible hole in spamdyke's configuration. I've been reading through the documentation regarding TLS, and it appears that with no tls-level option specified, if a spammer were to use TLS (advertised by qmail), spamdyke would be unable to use several of its filters because the data is encrypted passing through spamdyke to qmail-smtp. If you add tls-level=smtp to the spamdyke configuration file, this will cause spamdyke to
[qmailtoaster] Re: Spam Help Plz
Thanks, Michael. I agree. I just happened to think of this as I was communicating with Sam about adding an option to spamdyke which will require TLS before authentication. Would be a nice enhancement. Dovecot can do this. Michael Colvin wrote: Good point Eric... I didn't think of this, since I'm not yet using the QMT in production yet, and am still using Qmailrocks (Is that a 4 letter word around here? :-) ) w/Spamdyke set to handle TLS directly...So, in my case, only Spamdyke is handling TLS, since my Qmail doesn't support it. (I don't think I ever configured it, or installed the patch, or whatever..I forget now!) I didn't like the way Spamdyke worked when allowing the TLS connection to bypass it, so I felt it better to have Spamdyke offer TLS, and then still be able to utilize all of it's filters. Although, I think the most of it's filters would still work, those based on the initial SMTP connection (RBL's etc), but graylisting, white/black listed sender/recipients, etc would not, so it could be exploited to some degree. I still think the best way to determine your issue Raphael is to provide the e-mail headers... :-) I've got my users trained...When they have any issues, either with spam getting through, or someone trying to send e-mail to them getting a bounce, they send me headers. Usually makes short work of figuring out the problem. Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert Sent: Thursday, November 05, 2009 11:02 AM To: qmailtoaster-list@qmailtoaster.com Subject: [qmailtoaster] Re: Spam Help Plz Rafael Andrade wrote: Hello all, Im using qmailtoaster two years a go, and i`m very satisfied... some days a go my users receiving lots of spams, Tagged in subjects (spamassassin) or not. What could I be making to get better? Actually im using Qmailtoaster + Spamdyke with greylist. Excuse for english. My confs below: cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT= 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con trol/domainkeys/%/private,NOP0FCHECK=1 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120 ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke ys/%/private,NOP0FCHECK=1 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 cat /var/qmail/control/simcontrol :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. idw:.ipt cat /etc/spamdyke/spamdyke.conf # rbl dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=dnsbl.njabl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts #log-level=debug log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients Raphael, I just came across what I think is a possible hole in spamdyke's configuration. I've been reading through the documentation regarding TLS, and it appears that with no tls-level option specified, if a spammer were to use TLS (advertised by qmail), spamdyke would be unable to use several of its filters because the data is encrypted passing through spamdyke to qmail-smtp. If you add
Re: [qmailtoaster] Re: Spam Help Plz
W dniu 05.11.2009 20:02, Eric Shubert pisze: I just came across what I think is a possible hole in spamdyke's configuration. I've been reading through the documentation regarding TLS, and it appears that with no tls-level option specified, if a spammer were to use TLS (advertised by qmail), spamdyke would be unable to use several of its filters because the data is encrypted passing through spamdyke to qmail-smtp. [...] I don't think so. From http://www.spamdyke.org/documentation/README.html ,,If |tls-level| is not given, spamdyke will use a value of |smtp|.'' -- Pozdrawiam / Regards, Aleksander Podsiad?y mail: a...@westside.kielce.pl jid: a...@jabber.westside.kielce.pl ICQ: 201121279 gg: 9150578
Re: [qmailtoaster] Re: Spam Help Plz
See response below; Aleksander Podsiadly wrote: W dniu 05.11.2009 20:02, Eric Shubert pisze: I just came across what I think is a possible hole in spamdyke's configuration. I've been reading through the documentation regarding TLS, and it appears that with no tls-level option specified, if a spammer were to use TLS (advertised by qmail), spamdyke would be unable to use several of its filters because the data is encrypted passing through spamdyke to qmail-smtp. [...] I don't think so. From http://www.spamdyke.org/documentation/README.html ,,If |tls-level| is not given, spamdyke will use a value of |smtp|.'' -- Elsewhere on the same page: First, with no TLS options given, spamdyke will identify a TLS conversation and simply pass the data back and forth between qmail and the remote client. Can you say Ambiguous? Hey, HOW's about those headers so we can help solve this problem??? Kent Busbee Director of Technology Northlake Christian School - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
[qmailtoaster] Re: Spamdyke configuration question
Kent Busbee wrote: See response below; Aleksander Podsiadly wrote: W dniu 05.11.2009 20:02, Eric Shubert pisze: I just came across what I think is a possible hole in spamdyke's configuration. I've been reading through the documentation regarding TLS, and it appears that with no tls-level option specified, if a spammer were to use TLS (advertised by qmail), spamdyke would be unable to use several of its filters because the data is encrypted passing through spamdyke to qmail-smtp. [...] I don't think so. From http://www.spamdyke.org/documentation/README.html ,,If |tls-level| is not given, spamdyke will use a value of |smtp|.'' -- Elsewhere on the same page: First, with no TLS options given, spamdyke will identify a TLS conversation and simply pass the data back and forth between qmail and the remote client. Can you say Ambiguous? Thanks, Kent. That's what I read, but didn't notice the other reference. Since the tls-certificate-file is specified in the QMT configuration, I expect that no TLS options given does not apply. (I think I read this as meaning no tls-level option given). I think that having only the tls-certificate-file option specified, that tls-level=smtp is in effect whether it's specified or not. Sam, will you please confirm this? (I think Sam's on this list) -- -Eric 'shubes' - Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! - Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] DKIM Error
Anil Aliyan wrote: Ok Jake, So can we conclude here that all settings in my mail server and dns are correct ??? Anil Aliyan From here they look correct. The issue will be with the other server's DNS. I know when I implemented DKIM that Yahoo took a few days to correctly resolve the record.
Re: [qmailtoaster] Spam issues
nicole thomson wrote: here it is jake tcp.smtp #cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT=,SENDER_NOCHECK= 192.168.25.:allow,SENDER_NOCHECK= 172.16.0.:allow,RELAYCLIENT=,SENDER_NOCHECK= 216.9.253.191,allow,RBLSMTPD=-rblsmtpd deny: take your spam elsewhere! :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=1,CHKUSER_WRONGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=/var/qmail/bin/qmail-queue.orig,NOP0FCHECK=1,SENDER_NOCHECK=1 Hmm. This should have caught it. Can you show us a log entry (20 lines or so) when the message came in so we can trace it's path on your system? And FWIW, chkuser has a RCPTLIMIT of around 350 or so, hard coded in the C source.
[qmailtoaster] chkuser
Hello list, I have a client who is trying to send email using his blackberry to addresses on the qmailtoaster and is getting the following 'chkuser' rejection: -Original Message- From: Mail Delivery System mailer-dae...@smtp12.bis.na.blackberry.com Date: 05 Nov 2009 22:12:10 To: SRS0=/y9rsq=gz=domainone.com=johnqpup...@srs.bis.na.blackberry.com Subject: Delivery Status Notification (Failure) The following message to janeqpub...@domainone.com mailto:janeqpub...@acemt.com was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 571-'sorry, sender address has invalid format (#5.7.1 - chkuser)' Is the following the solution: http://wiki.qmailtoaster.com/index.php/Chkuser_Settings And, how would a person accomplish this, by editing one of the 'c' files? I find it interesting that this doesn't always happen when a client sends from a blackberry. Thank you! Eric
Re: [qmailtoaster] chkuser
Eric Broch wrote: Hello list, I have a client who is trying to send email using his blackberry to addresses on the qmailtoaster and is getting the following 'chkuser' rejection: -Original Message- From: Mail Delivery System mailer-dae...@smtp12.bis.na.blackberry.com Date: 05 Nov 2009 22:12:10 To: SRS0=/y9rsq=gz=domainone.com=johnqpup...@srs.bis.na.blackberry.com Subject: Delivery Status Notification (Failure) The following message to janeqpub...@domainone.com mailto:janeqpub...@acemt.com was undeliverable. The reason for the problem: 5.1.0 - Unknown address error 571-'sorry, sender address has invalid format (#5.7.1 - chkuser)' Is the following the solution: http://wiki.qmailtoaster.com/index.php/Chkuser_Settings And, how would a person accomplish this, by editing one of the 'c' files? I find it interesting that this doesn't always happen when a client sends from a blackberry. Thank you! Eric Easiest way to allow this is to add this to your :allow entry in tcp.smtp: SENDER_NOCHECK=1 As to why it only happens sometimes, read one of the posts I've made on this over the last couple years. I believe I explained it in depth a year or so ago.
RE: [qmailtoaster] Spam issues
at present i did stopped the spamdyke, (close to 3 months it was not in use because of some SPAM tag issues) i did used the default settings it provides when we install it. From: mcol...@norcalisp.com To: qmailtoaster-list@qmailtoaster.com Date: Thu, 5 Nov 2009 08:58:50 -0800 Subject: RE: [qmailtoaster] Spam issues I was actually referring to Nicole's posts Rafael... Michael J. Colvin NorCal Internet Services www.norcalisp.com -Original Message- From: Rafael Andrade [mailto:raf...@riosulense.com.br] Sent: Thursday, November 05, 2009 8:05 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Spam issues See my confs below... :) [r...@net ~]# ps aux | grep spamdyke vpopmail 7922 0.0 0.1 5992 2084 ? S 13:48 0:00 /usr/local/bin/spamdyke -f /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true vpopmail 7941 0.0 0.1 5104 2088 ? S 13:59 0:00 /usr/local/bin/spamdyke -f /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true root 8014 0.0 0.0 4120 612 pts/0 D+ 14:02 0:00 grep spamdyke vpopmail 21889 0.0 0.0 1736 532 ? S Nov03 0:00 /usr/bin/tcpserver -D -t 1 -v -P -R -H -l net -x /etc/tcprules.d/tcp.smtp.cdb -c 100 -u 89 -g 89 0 smtp /usr/local/bin/spamdyke -f /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true Nov 5 13:48:40 net spamdyke[7924]: DENIED_RBL_MATCH from: comprasbr...@geraarte.com.br to: comprascomp...@domain.com origin_ip: 94.178.208.254 origin_rdns: 254-208-178-94.pool.ukrtel.net auth: (unknown) Nov 5 13:57:03 net spamdyke[7937]: DENIED_RDNS_MISSING from: ayobanv...@metalservice.ind.br to: rafae...@domain.com origin_ip: 151.62.6.23 origin_rdns: (unknown) auth: (unknown) Nov 5 13:59:19 net spamdyke[7941]: DENIED_IP_IN_CC_RDNS from: jua...@faquibras.com.br to: ven...@domain.com origin_ip: 200.174.43.26 origin_rdns: 200-174-43-26.gegnet.com.br auth: (unknown) Nov 5 14:00:43 net spamdyke[8005]: DENIED_GRAYLISTED from: getmai...@getmailer.com to: comp...@domain.com origin_ip: 74.126.30.180 origin_rdns: mail.getmailer.com auth: (unknown) Nov 5 14:01:11 net spamdyke[8007]: DENIED_RDNS_RESOLVE from: finance...@natalshopping.com.br to: finance...@domain.com origin_ip: 58.186.19.63 origin_rdns: 58-186-19-xxx-dynamic.hcm.fpt.vn auth: (unknown) My spamdyke Conf: [r...@net ~]# cat /etc/spamdyke/spamdyke.conf # rbl dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=cbl.abuseat.org dns-blacklist-entry=dnsbl.njabl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts #log-level=debug log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients #EOF cat /var/qmail/supervise/smtp/smtpd/run #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 3000 \ /usr/bin/tcpserver -D -t 1 -v -P -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/spamdyke -f /etc/spamdyke/spamdyke.conf $SMTPD $VCHKPW /bin/true 21 What u think about? Can help? need more information? Thanks in advance Rafael Michael Colvin escreveu: Am I missing something here… I don’t
RE: [qmailtoaster] Spam issues
jake which log file i need to paste it here? smtp or spamd? Date: Thu, 5 Nov 2009 22:29:23 -0500 From: j...@qmailtoaster.com To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Spam issues nicole thomson wrote: here it is jake tcp.smtp #cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT=,SENDER_NOCHECK= 192.168.25.:allow,SENDER_NOCHECK= 172.16.0.:allow,RELAYCLIENT=,SENDER_NOCHECK= 216.9.253.191,allow,RBLSMTPD=-rblsmtpd deny: take your spam elsewhere! :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=1,CHKUSER_WRONGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=/var/qmail/bin/qmail-queue.orig,NOP0FCHECK=1,SENDER_NOCHECK=1 Hmm. This should have caught it. Can you show us a log entry (20 lines or so) when the message came in so we can trace it's path on your system? And FWIW, chkuser has a RCPTLIMIT of around 350 or so, hard coded in the C source. _ Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop
RE: [qmailtoaster] Spam issues
from smtp @40004af3c9c62ff93254 simscan:[16170]:SPAM REJECT (16.30/12.00):25.1791s:We Provide Nice Choice Of Affordable Soft.:222.254.140.77:mole...@rgleq.com:mydomainu...@mydomain.com: @40004af3c9c62ff99014 qmail-smtpd: qq hard reject (Your email is considered spam (16.30 spam-hits)): MAILFROM:mole...@rgleq.com RCPTTO:mydomainu...@mydomain.com @40004af3c9c70707fed4 tcpserver: end 16170 status 256 @40004af3c9c7070806a4 tcpserver: status: 2/50 @40004af3c9d51b8ed904 tcpserver: end 16336 status 0 @40004af3c9d51b8f32dc tcpserver: status: 1/50 @40004af3c9e51b78d44c tcpserver: end 16335 status 0 @40004af3c9e51b79226c tcpserver: status: 0/50 from spamd @40004af3c9c62f9c703c [16157] info: spamd: identified spam (16.3/12.0) for clamav:508 in 9.9 seconds, 4446 bytes. @40004af3c9c62f9e21d4 [16157] info: spamd: result: Y 16 - BAYES_99,HELO_LOCALHOST,HTML_MESSAGE,RDNS_NONE,URIBL_AB_SURBL,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SC_SURBL,URIBL_WS_SURBL scantime=9.9,size=4446,user=clamav,uid=508,required_score=12.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52586,mid=000d01ca5eae$d178b630$6400a...@molests,bayes=1.00,autolearn=spam @40004af3c9c6314a9d3c [2460] info: prefork: child states: B @40004af3c9c6314aa50c [2460] info: prefork: server reached --max-children setting, consider raising it @40004af3c9c631727c44 [16157] info: spamd: connection from localhost.localdomain [127.0.0.1] at port 52596 @40004af3c9c631f423ac [16157] info: spamd: processing message 008c01ca5eae$f2cd4620$d867d2...@com for vpopmail:508 @40004af3c9c917309794 [12120] info: spamd: clean message (-3.2/12.0) for vpopmail:508 in 4.2 seconds, 53607 bytes. @40004af3c9c917325cb4 [12120] info: spamd: result: . -3 - AWL,BAYES_00,HTML_MESSAGE,NO_RELAYS scantime=4.2,size=53607,user=vpopmail,uid=508,required_score=12.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=52591,mid=00b101ca5eae$e1c22d00$a54687...@com,bayes=0.00,autolearn=unavailable Date: Thu, 5 Nov 2009 22:29:23 -0500 From: j...@qmailtoaster.com To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] Spam issues nicole thomson wrote: here it is jake tcp.smtp #cat /etc/tcprules.d/tcp.smtp 127.:allow,RELAYCLIENT=,SENDER_NOCHECK= 192.168.25.:allow,SENDER_NOCHECK= 172.16.0.:allow,RELAYCLIENT=,SENDER_NOCHECK= 216.9.253.191,allow,RBLSMTPD=-rblsmtpd deny: take your spam elsewhere! :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=1,CHKUSER_WRONGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=/var/qmail/bin/qmail-queue.orig,NOP0FCHECK=1,SENDER_NOCHECK=1 Hmm. This should have caught it. Can you show us a log entry (20 lines or so) when the message came in so we can trace it's path on your system? And FWIW, chkuser has a RCPTLIMIT of around 350 or so, hard coded in the C source. _ New Windows 7: Find the right PC for you. Learn more. http://windows.microsoft.com/shop