Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?
Regex support is on the (rather lengthy) to-do list, but frankly it's not a very high priority -- there's a lot of low-hanging fruit that would be of much more benefit right now. Plus, since I'm not one of the 10 people in the world who completely understands regexes, I doubt I would actually use them myself; I'd rather add globbing support, which I do understand. :) spamdyke's header filter runs at connection time, as all of its filters do. If a header line matches a blacklisted pattern, the entire message is rejected (the sending server receives an error code, qmail never sees the message). -- Sam Clippinger On Jun 19, 2015, at 9:09 PM, Philip Rhoades via spamdyke-users spamdyke-users@spamdyke.org wrote: Sam, See inline comments: On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote: You're correct spamdyke does not support regexes for any of its options, but you can use a wildcard in a sender or recipient white/blacklist file to match entire domains by prefixing the line with an @ symbol. For example: @example.com [1] Yep, saw that - is it possible to support regexes in the future? Full documentation here: http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS [2] BUT! Be careful -- the To and From lines in the message header are not the same as the sender and recipient. The sender and recipient are part of SMTP, the To and From lines are part of the message data and are completely unrelated. Think of it this way: when a letter is sent through the post office, the name on the outside of the envelope tells the postman which mailbox gets the envelope (or where to send it back to) but top of the letter inside may have a completely unrelated letterhead and salutation. Whenever spamdyke's options/documentation refer to a sender or a recipient, it means the name on the outside of the envelope. The user never sees those values in their mail client unless the sender chooses to use those values in the To and From fields. Spammers typically fake all sender/recipient/To/From fields, but other software does too for perfectly legitimate reasons (e.g. mailing lists, autoresponders). Right. If you want to block based on the To and From lines the user sees in their mail client, you should look at spamdyke's header blacklist filter: http://www.spamdyke.org/documentation/README.html#HEADERS [3] In that case the mail has already been accepted? When I was using the qmail-qfilter+Ruby script method - my understanding of it at least - was that my Ruby script could process the header and body of the email and exit with a particular error code if the mail was bad and this would terminate the SMTP negotiation with that error message (eg drop the mail silently). So in this case I was able to look at all the header fields as well as the mail body and do whatever I wanted before accepting the mail. Header filtering doesn't support regexes either, but it does use globbing to allow more wildcard options. Right. Thanks, Phil. On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users spamdyke-users@spamdyke.org wrote: People, As well as using GreyLite I have done my own thing for many years with qmail-qfilter and a Ruby script (it started off as a Ruby learning exercise . . ) - anyway for my white and black lists I was able to have in the plain text files things like: ad...@phillipsfinancial.com.au administrator@(booksjournals.com(|.au)|(prix.|)pricom.com.au|qps.com.au) adwords-noreply america.com ecolife where if any of those particular regexes appeared in the To: or From: or whatever, they could be allowed or blocked or whatever - I am guessing that eg the recipient-blacklist-file=FILE only allows for full email addresses? Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users Links: -- [1] http://example.com [2] http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS [3] http://www.spamdyke.org/documentation/README.html#HEADERS ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Softlimit messages
People, I played around with the logging verbosity and found if I used debug mode I saw suggestions (commands!?) in the log about remove the softlimit function from the start script for qmail-smtpd - while I was trying to sort out the last bug that was preventing eQmail from working, I did actually do that - is the softlimit function even necessary these days on a lightly loaded server with 8GB RAM? Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?
Sam, On 2015-06-21 03:12, Sam Clippinger via spamdyke-users wrote: Regex support is on the (rather lengthy) to-do list, but frankly it's not a very high priority -- there's a lot of low-hanging fruit that would be of much more benefit right now. Plus, since I'm not one of the 10 people in the world who completely understands regexes, I doubt I would actually use them myself; I'd rather add globbing support, which I do understand. :) OK, no worries - SD is going well so far so I may not need some of the mechanisms that I used in my own setup - we'll see how things go. spamdyke's header filter runs at connection time, as all of its filters do. If a header line matches a blacklisted pattern, the entire message is rejected (the sending server receives an error code, qmail never sees the message). Right - thanks for the clarification. Regards, Phil. -- Sam Clippinger On Jun 19, 2015, at 9:09 PM, Philip Rhoades via spamdyke-users spamdyke-users@spamdyke.org wrote: Sam, See inline comments: On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote: You're correct spamdyke does not support regexes for any of its options, but you can use a wildcard in a sender or recipient white/blacklist file to match entire domains by prefixing the line with an @ symbol. For example: @example.com [1] [1] Yep, saw that - is it possible to support regexes in the future? Full documentation here: http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS [2] [2] BUT! Be careful -- the To and From lines in the message header are not the same as the sender and recipient. The sender and recipient are part of SMTP, the To and From lines are part of the message data and are completely unrelated. Think of it this way: when a letter is sent through the post office, the name on the outside of the envelope tells the postman which mailbox gets the envelope (or where to send it back to) but top of the letter inside may have a completely unrelated letterhead and salutation. Whenever spamdyke's options/documentation refer to a sender or a recipient, it means the name on the outside of the envelope. The user never sees those values in their mail client unless the sender chooses to use those values in the To and From fields. Spammers typically fake all sender/recipient/To/From fields, but other software does too for perfectly legitimate reasons (e.g. mailing lists, autoresponders). Right. If you want to block based on the To and From lines the user sees in their mail client, you should look at spamdyke's header blacklist filter: http://www.spamdyke.org/documentation/README.html#HEADERS [3] [3] In that case the mail has already been accepted? When I was using the qmail-qfilter+Ruby script method - my understanding of it at least - was that my Ruby script could process the header and body of the email and exit with a particular error code if the mail was bad and this would terminate the SMTP negotiation with that error message (eg drop the mail silently). So in this case I was able to look at all the header fields as well as the mail body and do whatever I wanted before accepting the mail. Header filtering doesn't support regexes either, but it does use globbing to allow more wildcard options. Right. Thanks, Phil. On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users spamdyke-users@spamdyke.org wrote: People, As well as using GreyLite I have done my own thing for many years with qmail-qfilter and a Ruby script (it started off as a Ruby learning exercise . . ) - anyway for my white and black lists I was able to have in the plain text files things like: ad...@phillipsfinancial.com.au administrator@(booksjournals.com [4](|.au)|(prix.|)pricom.com.au [5]|qps.com.au [6]) adwords-noreply america.com [7] ecolife where if any of those particular regexes appeared in the To: or From: or whatever, they could be allowed or blocked or whatever - I am guessing that eg the recipient-blacklist-file=FILE only allows for full email addresses? Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users Links: -- [1] http://example.com [1] [2] http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS [2] [3] http://www.spamdyke.org/documentation/README.html#HEADERS [3] ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users Links: -- [1] http://example.com [2] http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS [3]
Re: [spamdyke-users] Softlimit messages
IMHO, everyone should delete the softlimit program from their servers immediately. Not that I have a strong opinion on the matter or anything. :) The softlimit program seems like a good idea -- set an upper limit on the amount of RAM a program can use, to guard against memory leaks (but not buffer overflows). In practice however, it causes far far more problems than it causes. When a program hits the limit, it always happens inside a library function and not the application itself. So the user sees strange errors from glibc or OpenSSL functions that are never related to memory allocation. Those errors always look like real bugs, because there's never any indication the limit was hit. There's also no way to even estimate how much memory is correct. Does anyone really understand how many libraries a program loads and how much memory they need? spamdyke uses OpenSSL and on some systems, separate libraries for math and DNS functions. Unpatched qmail doesn't use many libraries, but if patches have been applied to allow TLS or authentication, it may use many (who uses unpatched qmail anyway?). If vpopmail is in use, it may need MySQL, depending on how it was compiled. If the server is configured to use stack guarding or memory profiling, the virtual memory use could be astronomical. Every guide I've ever read says to use trial-and-error to find the lowest value that appears to work, then double (or triple) it. Crazy! I've spent way way too much time trying to track down bugs that were caused by softlimit and I finally reached my own limit this year. That's why spamdyke 5.0.1 examines the limits it starts with and, if it can, resets them. It can't undo hard limits set by the ulimit program, but it can (and does) undo softlimit. -- Sam Clippinger On Jun 20, 2015, at 2:05 PM, Philip Rhoades via spamdyke-users spamdyke-users@spamdyke.org wrote: People, I played around with the logging verbosity and found if I used debug mode I saw suggestions (commands!?) in the log about remove the softlimit function from the start script for qmail-smtpd - while I was trying to sort out the last bug that was preventing eQmail from working, I did actually do that - is the softlimit function even necessary these days on a lightly loaded server with 8GB RAM? Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Softlimit messages
Wow. So for example, the starting linefor my smtpd-run file looks like this: exec /usr/local/bin/softlimit -m 2 /usr/local/bin/tcpserver -4v -R -l $LOCAL \ and I can simply change it to this: exec /usr/local/bin/tcpserver -4v -R -l $LOCAL \ with impunity? On 6/20/2015 5:12 PM, Sam Clippinger via spamdyke-users wrote: IMHO, everyone should delete the softlimit program from their servers immediately. Not that I have a strong opinion on the matter or anything. :) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users