Re: [spamdyke-users] Allow trusted relays from dynamic ips
This wouldn't be a right-hand whitelist exactly -- spamdyke already supports RHSWLs by checking the rDNS name against the list. Supporting DynDNS would require an extra step. It would function like an IP whitelist, except the IP addresses would be found by querying a list of FQDNs. For example, if this feature was used to whitelist mail.example.dyndns.com, spamdyke would perform a DNS A record for mail.example.dyndns.com. If that IP address was 11.22.33.44, spamdyke would add 11.22.33.44 to its IP whitelist. From that point on, spamdyke would behave as it does now. At least, that's my understanding of how DynDNS needs to be supported. It would increase the number of DNS queries, so it would have to be used sparingly. -- Sam Clippinger Eric Shubert wrote: Are you simply talking about a right-hand whitelist? That could be useful in some situations. For instance, I recently came across a mailer who was being rejected due to DENIED_RDNS_RESOLVE, so I whitelisted the IP (instead of turning off that check). I would rather whitelist the domain name though, in case they change their server's IP address (which I figure is a fair chance of happening given that it's presently not quite correct). I don't think this should apply to relays (non-local mail) though. Am I missing something here? Sam Clippinger wrote: SMTP AUTH is definitely the best option, if you can configure postfix to perform it for outbound email. I don't use DynDNS myself -- what would be required to support it? Would spamdyke need to find the IP address(es) of a (list of) DynDNS name(s), then add those IP address(es) to the whitelist? If that's all it would take, I don't think that would be very hard. -- Sam Clippinger Christian Aust wrote: Hi all, I'm using the latest release of spamdyke, and it's working great - thanks a lot. Now I'd like to have my home server relay it's mail through the main mail system. Spamdyke blocks the connecton with DENIED_IP_IN_CC_RDNS, because the home system certainly connects using a non-static IP which happens to have the ip in it's RDNS name. spamdyke is working perfectly and is doing what it has been told. But how could I allow my satellite server to actually send mail through this relay? If I could instruct spamdyke to check the IP against some given dyndns name (and allow if the IPs match) it would be all right, but AFAIK spamdyke doesn't offer such option. Or, does it? Any other ideas? BTW: I'm running postfix on the satellite and (obviously) qmail on the main server. Best regards, Christian ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
This behavior is correct. The reject-ip-in-cc-rdns option will only block a connection if it meets two criteria: 1) The IP address must be part of the rDNS name. 2) The rDNS name must end in a two-character country code. That's why you're seeing some connections being blocked -- their rDNS names end in country codes like .tr, .md and .ar. Other connections are not being blocked because their rDNS names don't end in country codes. Instead, they use three-character TLDs like .com and .net. If you want to block those connections as well, use the ip-in-rdns-keyword-file option and put .com and .net in the keyword file. -- Sam Clippinger Marcin Orlowski wrote: Hi, I am running latest spamdyke on couple of boxes with just plain config like: log-level=2 reject-empty-rdns reject-unresolvable-rdns reject-ip-in-cc-rdns greeting-delay-secs=5 but when I check the logs i see that DENIED_IP_IN_CC_RDNS does not work as expected. At the same time I see entries like: Apr 22 00:53:12 b1 spamdyke[24736]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 85.107.109.226 origin_rdns: dsl85-107-28130.ttnet.net.tr auth: (unknown) Apr 22 00:53:12 b1 spamdyke[24732]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 87.248.169.195 origin_rdns: 87-248-169-195.starnet.md auth: (unknown) Apr 22 00:53:27 b1 spamdyke[24738]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 190.55.105.219 origin_rdns: cpe-190-55-105-219.telecentro.com.ar auth: (unknown) Apr 22 00:53:29 b1 spamdyke[24740]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 190.173.222.12 origin_rdns: 190-173-222-12.speedy.com.ar auth: (unknown) Apr 22 00:53:52 b1 spamdyke[24743]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 190.55.105.219 origin_rdns: cpe-190-55-105-219.telecentro.com.ar auth: (unknown) but also these: Apr 22 00:51:30 b1 spamdyke[23611]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 68.38.167.167 origin_rdns: c-68-38-167-167.hsd1.nj.comcast.net auth: (unknown) Apr 22 00:51:31 b1 spamdyke[23612]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 65.83.199.240 origin_rdns: adsl-83-199-240.asm.bellsouth.net auth: (unknown) Apr 22 00:51:39 b1 spamdyke[23742]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 64.237.158.67 origin_rdns: adsl-64-237-158-67.prtc.net auth: (unknown) Apr 22 00:51:42 b1 spamdyke[23744]: ALLOWED from: (unknown) to: XX origin_ip: 146.82.152.68 origin_rdns: mman.smacek.com auth: (unknown) Apr 22 00:52:21 b1 spamdyke[23999]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 72.82.207.15 origin_rdns: pool-72-82-207-15.cmdnnj.east.verizon.net auth: (unknown) whose, to my underdstanding should be already trapped in DENIED_IP_IN_CC_RDNS but passed. It looks as spamdyke gets fooled sometimes when, perhaps, there is a letter prefix with dash prior the ip in rdns? Bug or feature? Thanks, Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Allow trusted relays from dynamic ips
You understood it correctly. The main problem is that it would produce a huge additional amount of dns queries. A periodically generated ip whitelist is still better than putting it into spamdyke. Regards Zoltan Sam Clippinger wrote: This wouldn't be a right-hand whitelist exactly -- spamdyke already supports RHSWLs by checking the rDNS name against the list. Supporting DynDNS would require an extra step. It would function like an IP whitelist, except the IP addresses would be found by querying a list of FQDNs. For example, if this feature was used to whitelist mail.example.dyndns.com, spamdyke would perform a DNS A record for mail.example.dyndns.com. If that IP address was 11.22.33.44, spamdyke would add 11.22.33.44 to its IP whitelist. From that point on, spamdyke would behave as it does now. At least, that's my understanding of how DynDNS needs to be supported. It would increase the number of DNS queries, so it would have to be used sparingly. -- Sam Clippinger Eric Shubert wrote: Are you simply talking about a right-hand whitelist? That could be useful in some situations. For instance, I recently came across a mailer who was being rejected due to DENIED_RDNS_RESOLVE, so I whitelisted the IP (instead of turning off that check). I would rather whitelist the domain name though, in case they change their server's IP address (which I figure is a fair chance of happening given that it's presently not quite correct). I don't think this should apply to relays (non-local mail) though. Am I missing something here? Sam Clippinger wrote: SMTP AUTH is definitely the best option, if you can configure postfix to perform it for outbound email. I don't use DynDNS myself -- what would be required to support it? Would spamdyke need to find the IP address(es) of a (list of) DynDNS name(s), then add those IP address(es) to the whitelist? If that's all it would take, I don't think that would be very hard. -- Sam Clippinger Christian Aust wrote: Hi all, I'm using the latest release of spamdyke, and it's working great - thanks a lot. Now I'd like to have my home server relay it's mail through the main mail system. Spamdyke blocks the connecton with DENIED_IP_IN_CC_RDNS, because the home system certainly connects using a non-static IP which happens to have the ip in it's RDNS name. spamdyke is working perfectly and is doing what it has been told. But how could I allow my satellite server to actually send mail through this relay? If I could instruct spamdyke to check the IP against some given dyndns name (and allow if the IPs match) it would be all right, but AFAIK spamdyke doesn't offer such option. Or, does it? Any other ideas? BTW: I'm running postfix on the satellite and (obviously) qmail on the main server. Best regards, Christian ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Allow trusted relays from dynamic ips
What would happen when the DynDNS changes? Would the IP still remain in the whiteiplist? If automatic de-listing is not possible, it would be useful to add a comment (like: # mail.example.org DynDNS) to the IP listing, to make manual editing easier. Just a thought. Thanks- Sergio -Original Message- This wouldn't be a right-hand whitelist exactly -- spamdyke already supports RHSWLs by checking the rDNS name against the list. Supporting DynDNS would require an extra step. It would function like an IP whitelist, except the IP addresses would be found by querying a list of FQDNs. For example, if this feature was used to whitelist mail.example.dyndns.com, spamdyke would perform a DNS A record for mail.example.dyndns.com. If that IP address was 11.22.33.44, spamdyke would add 11.22.33.44 to its IP whitelist. From that point on, spamdyke would behave as it does now. At least, that's my understanding of how DynDNS needs to be supported. It would increase the number of DNS queries, so it would have to be used sparingly. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: This behavior is correct. The reject-ip-in-cc-rdns option will only I just found out that leading zero fools this filter: 111.222.111.33 = 111-222-11-033.domain pass while it should not Regards, -- Daddy, what Formatting drive C: means?... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: Other connections are not being blocked because their rDNS names don't end in country codes. Instead, they use three-character TLDs like .com and .net. If you want to block those connections as well, use the ip-in-rdns-keyword-file option and put .com and .net in the keyword file. That would match the string anywhere in the rdns string though, not only at the end. Might this be a(nother) reason to implement regex matching? (e.g. \.com$) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Allow trusted relays from dynamic ips
This feature would not alter any whitelist files. It would only save the IP addresses in memory long enough to process the message. The next incoming message would have to look up the IP addresses again. -- Sam Clippinger Sergio Minini {NETKEY} wrote: What would happen when the DynDNS changes? Would the IP still remain in the whiteiplist? If automatic de-listing is not possible, it would be useful to add a comment (like: # mail.example.org DynDNS) to the IP listing, to make manual editing easier. Just a thought. Thanks- Sergio -Original Message- This wouldn't be a right-hand whitelist exactly -- spamdyke already supports RHSWLs by checking the rDNS name against the list. Supporting DynDNS would require an extra step. It would function like an IP whitelist, except the IP addresses would be found by querying a list of FQDNs. For example, if this feature was used to whitelist mail.example.dyndns.com, spamdyke would perform a DNS A record for mail.example.dyndns.com. If that IP address was 11.22.33.44, spamdyke would add 11.22.33.44 to its IP whitelist. From that point on, spamdyke would behave as it does now. At least, that's my understanding of how DynDNS needs to be supported. It would increase the number of DNS queries, so it would have to be used sparingly. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. As for putting filter entries in the main configuration file instead of separate files, I'm a step ahead of you. :) Version 4.0.0 already contains this feature. -- Sam Clippinger Marcin Orlowski wrote: Sam Clippinger wrote: Other connections are not being blocked because their rDNS names don't end in country codes. Instead, they use three-character TLDs like .com and .net. If you want to block those connections as well, use the ip-in-rdns-keyword-file option and put .com and .net in the keyword file. Thanks! That seem to work fine. Would it be possible to also match IPs in glued form? i.e: 11.22.33.44 = 11223344.domain not just 11.22.33.44.domain? PS: I'd love to have just one config file for spamdyke for siplicity and instead of ip-in-rdns-keyword-file put just a bunch of ip-in-rdns-keyword=.com ip-in-rdns-keyword=.net type of entires in main config file. Doable? Thanks for nice tool. Regards, ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Compile Error at 3.1.7 version
I see. Well, I need a way to reproduce this error before I can fix it. Does anyone know of any other distribution that included gcc version 3.4.6 that I could still download? Or is it possible you could give me access to your server so I can test this myself? -- Sam Clippinger Thorsten Puzich wrote: Hi Sam, there are no gentoo version releases. Gentoo ist in a flow an I have a gentoo version with gcc 3.4.6 :-( -Thorsten Am 21.04.2008 um 16:48 schrieb Sam Clippinger: It looks like gcc 3.4.6 is throwing a warning when anonymous inner functions (AKA trampoline functions) are used, which is causing the configuration script to stop. I need to add a flag to the configuration test that will suppress this warning. Unfortunately, I can't find a place to download Gentoo 3.4.6-r2, so I can't install it and test this myself. In fact, I can't find any information about that release at all. Can anyone help me out with a link? -- Sam Clippinger Thorsten Puzich wrote: Hi Eric, this is my config.log spamdyke # cat config.log This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by spamdyke configure 3.1.7, which was generated by GNU Autoconf 2.61. Invocation command line was $ ./configure ## - ## ## Platform. ## ## - ## hostname = zion uname -m = i686 uname -r = 2.6.16-gentoo-r6 uname -s = Linux uname -v = #2 Mon Aug 21 14:00:28 CEST 2006 /usr/bin/uname -p = Intel(R) Pentium(R) 4 CPU 2.40GHz /bin/uname -X = unknown /bin/arch = unknown /usr/bin/arch -k = unknown /usr/convex/getsysinfo = unknown /usr/bin/hostinfo = unknown /bin/machine = unknown /usr/bin/oslevel = unknown /bin/universe = unknown PATH: /usr/local/sbin PATH: /usr/local/bin PATH: /usr/sbin PATH: /usr/bin PATH: /sbin PATH: /bin PATH: /opt/bin PATH: /usr/i686-pc-linux-gnu/gcc-bin/3.4.6 PATH: /usr/qt/3/bin PATH: /var/qmail/bin PATH: /var/vpopmail/bin ## --- ## ## Core tests. ## ## --- ## configure:1719: checking for gcc configure:1735: found /usr/bin/gcc configure:1746: result: gcc configure:1782: checking for C compiler version configure:1789: gcc --version 5 gcc (GCC) 3.4.6 (Gentoo 3.4.6-r2, ssp-3.4.6-1.0, pie-8.7.10) Copyright (C) 2006 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. configure:1792: $? = 0 configure:1799: gcc -v 5 Reading specs from /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/specs Configured with: /var/tmp/portage/sys-devel/gcc-3.4.6-r2/work/gcc-3.4.6/configure --prefix=/usr --bindir=/usr/i686-pc-linux-gnu/gcc-bin/3.4.6 --includedir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.6/include --datadir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6 --mandir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/man --infodir=/usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/info --with-gxx-include-dir=/usr/lib/gcc/i686-pc-linux-gnu/3.4.6/include/g++-v3 --host=i686-pc-linux-gnu --build=i686-pc-linux-gnu --disable-altivec --enable-nls --without-included-gettext --with-system-zlib --disable-checking --disable-werror --enable-secureplt --disable-libunwind-exceptions --disable-multilib --disable-libgcj --enable-languages=c,c++,f77 --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu Thread model: posix gcc version 3.4.6 (Gentoo 3.4.6-r2, ssp-3.4.6-1.0, pie-8.7.10) configure:1802: $? = 0 configure:1809: gcc -V 5 gcc: `-V' option must have argument configure:1812: $? = 1 configure:1835: checking for C compiler default output file name configure:1862: gcc -Wall conftest.c 5 configure:1865: $? = 0 configure:1903: result: a.out configure:1920: checking whether the C compiler works configure:1930: ./a.out configure:1933: $? = 0 configure:1950: result: yes configure:1957: checking whether we are cross compiling configure:1959: result: no configure:1962: checking for suffix of executables configure:1969: gcc -o conftest -Wall conftest.c 5 configure:1972: $? = 0 configure:1996: result: configure:2002: checking for suffix of object files configure:2028: gcc -c -Wall conftest.c 5 configure:2031: $? = 0 configure:2054: result: o configure:2058: checking whether we are using the GNU C compiler configure:2087: gcc -c -Wall conftest.c 5 configure:2093: $? = 0 configure:2110: result: yes configure:2115: checking whether gcc accepts -g configure:2145: gcc -c -g conftest.c 5 configure:2151: $? = 0 configure:2250: result: yes configure:2267: checking for gcc option to accept ISO C89 configure:2341: gcc -c -Wall conftest.c 5 configure:2347: $? = 0 configure:2370: result: none needed configure:2439: checking for strip configure:2455: found /usr/bin/strip configure:2466: result: strip spamdyke configure:2490:
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
I see. I still think that regex's are more intuitive/flexible though. ;) Sam Clippinger wrote: If the entry starts with a dot, it will only match the end of the rDNS name. If there is no dot, it will match anywhere in the name. -- Sam Clippinger Eric Shubert wrote: Sam Clippinger wrote: Other connections are not being blocked because their rDNS names don't end in country codes. Instead, they use three-character TLDs like .com and .net. If you want to block those connections as well, use the ip-in-rdns-keyword-file option and put .com and .net in the keyword file. That would match the string anywhere in the rdns string though, not only at the end. Might this be a(nother) reason to implement regex matching? (e.g. \.com$) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. Here's another one for you Sam: 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: ihsystem-65-182-166-90.pugmarks.net auth: (unknown) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sorry, I should have mentioned that the dots in the formats I listed can actually be any non-alphanumeric character (dashes, underscores, etc). -- Sam Clippinger Eric Shubert wrote: Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. Here's another one for you Sam: 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: ihsystem-65-182-166-90.pugmarks.net auth: (unknown) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 [...] As for putting filter entries in the main configuration file instead of separate files, I'm a step ahead of you. :) Version 4.0.0 already contains this feature. What about option to allow matching i.e. 3 (or maybe even 2) parts of IP address? Pretty often seen, i.e. 11.22.33.44 = 44.33.22.foo.bar or (just seen in logs) 11.22.33.44 = host44-33-dynamic.22-11-x.foo ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Greylisting wishes
Hi, For graylisting to work in current version the domain folders must be created before graylisting will work. This is the most common mistake when setting up spamdyke to perform graylisting. May I opt for a feature to just make spamdyke graylist all the connections *without* the need of the folder existence? If it is needed - just mkdir() it and go ahead. It'd simplify the whole thing a lot as many people (inluding yours truly) just want all the traffic to be always graylisted (with optional exceptions). The need of manually created domain folder is sort-of pain in the a** for me. -- Regards, Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting wishes
Well what I did was create a shell script since i add all my new users and domains at the command line on my toaster to set my default quota's, etc. I just added a line to create that directory. Works like a charm and enables my gray listing from the get go. dnk On 22-Apr-08, at 11:31 AM, Marcin Orlowski wrote: Hi, For graylisting to work in current version the domain folders must be created before graylisting will work. This is the most common mistake when setting up spamdyke to perform graylisting. May I opt for a feature to just make spamdyke graylist all the connections *without* the need of the folder existence? If it is needed - just mkdir() it and go ahead. It'd simplify the whole thing a lot as many people (inluding yours truly) just want all the traffic to be always graylisted (with optional exceptions). The need of manually created domain folder is sort-of pain in the a** for me. -- Regards, Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting wishes
dnk wrote: I just added a line to create that directory. Works like a charm and enables my gray listing from the get go. If you want all traffic graylisted this is simply unnecesary. If spamdyke can create user dir it could domain too. One item less to manage and keep eye on. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Allow trusted relays from dynamic ips
On Tuesday 22 April 2008 18:30, Sam Clippinger wrote: This feature would not alter any whitelist files. It would only save the IP addresses in memory long enough to process the message. The next incoming message would have to look up the IP addresses again. Would djb's dnscache help in this instance? Personally I have found that installing an internal dnscache speeds up RBL lookups hugely. -- Sam Clippinger Sergio Minini {NETKEY} wrote: What would happen when the DynDNS changes? Would the IP still remain in the whiteiplist? If automatic de-listing is not possible, it would be useful to add a comment (like: # mail.example.org DynDNS) to the IP listing, to make manual editing easier. Just a thought. Thanks- Sergio -Original Message- This wouldn't be a right-hand whitelist exactly -- spamdyke already supports RHSWLs by checking the rDNS name against the list. Supporting DynDNS would require an extra step. It would function like an IP whitelist, except the IP addresses would be found by querying a list of FQDNs. For example, if this feature was used to whitelist mail.example.dyndns.com, spamdyke would perform a DNS A record for mail.example.dyndns.com. If that IP address was 11.22.33.44, spamdyke would add 11.22.33.44 to its IP whitelist. From that point on, spamdyke would behave as it does now. At least, that's my understanding of how DynDNS needs to be supported. It would increase the number of DNS queries, so it would have to be used sparingly. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- - Bob Hutchinson Midwales dot com - ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
That makes sense, but it's not what I read at http://www.spamdyke.org/documentation/README.html#RDNS I don't see anything there about looking up a corresponding DNS A record. Is the documentation perhaps out of date? (or am I losing it?) ;) Do we perhaps need 2 parameter/rules? One for when the rDNS record does not contain an IP address, and another for when there is no DNS A record for the address that's found? Sam Clippinger wrote: Your example was not rejected by the ip-in-rdns-keyword-file filter. It was rejected by the reject-unresolvable-rdns filter because the rDNS name does not resolve to an IP address (a DNS A record). In other words, ping ihsystem-65-182-166-90.pugmarks.net will fail with unknown host. -- Sam Clippinger Eric Shubert wrote: I don't understand (after having read the documentation) why the example I showed was rejected then. Please explain. Sam Clippinger wrote: Sorry, I should have mentioned that the dots in the formats I listed can actually be any non-alphanumeric character (dashes, underscores, etc). -- Sam Clippinger Eric Shubert wrote: Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. Here's another one for you Sam: 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: ihsystem-65-182-166-90.pugmarks.net auth: (unknown) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Timeout problem
I had a problem receiving a particular email message. It would always send the same amount of data, then timeout. The same amount of data was sent/received with timeouts of 60 and 180 seconds. I logged the message (great little feature of spamdyke btw), and the end part of the message log always shows: HR align=left SIZE=1 color=black div align=leftfont face=arial size=114072172/font/div/td/tr/TBODY/TABLE /BODY/HTML FF 04/22/2008 17:11:13 . QUIT FF 04/22/2008 17:11:13 421 Timeout. Talk faster next time. XX 04/22/2008 17:11:33 250 ok 1208909493 qp 11949 221 doris.shubes.net - Welcome to Qmail Toaster Ver. 1.3 SMTP Server 04/22/2008 17:11:33 CLOSED Here's the smtp log for the successful receipt (with no spamdyke): 04-22 17:21:13 tcpserver: pid 12162 from 208.46.47.130 04-22 17:21:13 tcpserver: ok 12162 doris:192.168.71.11:25 :208.46.47.130::51303 04-22 17:21:13 CHKUSER accepted sender: from [EMAIL PROTECTED]:: remote rapport.mysurvey.com:unknown:208.46.47.130 rcpt : sender accepted 04-22 17:21:13 CHKUSER accepted rcpt: from [EMAIL PROTECTED]:: remote rapport.mysurvey.com:unknown:208.46.47.130 rcpt [EMAIL PROTECTED] : found existing recipient 04-22 17:21:34 simscan:[12162]:CLEAN (-6.20/99.00):20.2626s:April Edition of MySurvey.com Opinion Matters:208.46.47.130:[EMAIL PROTECTED]:[EMAIL PROTECTED]: 04-22 17:21:34 tcpserver: end 12162 status 0 After receiving the entire message, I see this portion that was received after the part logged by spamdyke: IMG SRC=https://www.mysurvey.com/gems/gems_open_tracking.cfm?indid=14072172cmpid=1105r=1720290rundate=22-APR-2008+11%3a52%3a55z=67129618CF0844A786F0E0A6C20C49CDborder=0; width=1 height=1 --=_Layout_Part_DC7E1BB5_1105_4DB3_BAE3_2A6208EB099A-- Any idea why this would timeout (consistently, like clockwork) with spamdyke, but not without it? This message timed out all day long with spamdyke, but was received successfully on the first attempt without spamdyke. Did spamdyke somehow choke on the last bit? FWIW, it appears that the entire email was a bit hosed, as the html did not render properly in the client view (mac mail) once the entire message was received. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
You're reading the correct section. The third and fourth paragraphs describe reject-unresolvable-rdns, which is the filter that was triggered in your example. The text doesn't actually use the term A record, instead saying that spamdyke attempts to get an IP address from the name. When I wrote it, I was trying to limit my use of jargon as much as possible. I guess I should rewrite it if it's so unclear. Paragraphs five through ten describe ip-in-rdns-keyword-file and the last paragraph describes reject-ip-in-cc-rdns. The two rules you're wanting are already there -- reject-unresolvable-rdns and ip-in-rdns-keyword-file. The former only checks for an A record from the rDNS name. The latter checks for the IP address in the rDNS, plus a keyword from the file. -- Sam Clippinger Eric Shubert wrote: That makes sense, but it's not what I read at http://www.spamdyke.org/documentation/README.html#RDNS I don't see anything there about looking up a corresponding DNS A record. Is the documentation perhaps out of date? (or am I losing it?) ;) Do we perhaps need 2 parameter/rules? One for when the rDNS record does not contain an IP address, and another for when there is no DNS A record for the address that's found? Sam Clippinger wrote: Your example was not rejected by the ip-in-rdns-keyword-file filter. It was rejected by the reject-unresolvable-rdns filter because the rDNS name does not resolve to an IP address (a DNS A record). In other words, ping ihsystem-65-182-166-90.pugmarks.net will fail with unknown host. -- Sam Clippinger Eric Shubert wrote: I don't understand (after having read the documentation) why the example I showed was rejected then. Please explain. Sam Clippinger wrote: Sorry, I should have mentioned that the dots in the formats I listed can actually be any non-alphanumeric character (dashes, underscores, etc). -- Sam Clippinger Eric Shubert wrote: Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. Here's another one for you Sam: 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: ihsystem-65-182-166-90.pugmarks.net auth: (unknown) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users