subject:"Re\: \[spamdyke\-users\] recipient\-blacklist\-file=FILE with RegExes\?"

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

2015-12-30 Thread Sam Clippinger via spamdyke-users

Ah... you're confusing the "sender" address with the "From" address.  The 
sender address is what appears in the logs.  The From address is what appears 
in the message headers and is also what you see in your mail client.  The two 
are completely separate and spammers usually supply different (bogus) values 
for them.

To block both of the examples you gave, add these lines to your 
sender-blacklist-file (not your header-blacklist-file):
@brewster.com
@nice.com

That should do it!  More info here:
http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS

-- Sam Clippinger




On Dec 29, 2015, at 11:54 PM, Philip Rhoades via spamdyke-users 
 wrote:

> People,
> 
> I thought of starting a new thread but the question relates to this 
> discussion so I thought I would revive it - see inline comments:
> 
> 
> On 2015-06-21 04:57, Philip Rhoades via spamdyke-users wrote:
>> Sam,
>> On 2015-06-21 03:12, Sam Clippinger via spamdyke-users wrote:
>>> Regex support is on the (rather lengthy) to-do list, but frankly it's
>>> not a very high priority -- there's a lot of low-hanging fruit that
>>> would be of much more benefit right now. Plus, since I'm not one of
>>> the 10 people in the world who completely understands regexes, I doubt
>>> I would actually use them myself; I'd rather add globbing support,
>>> which I do understand. :)
>> OK, no worries - SD is going well so far so I may not need some of the
>> mechanisms that I used in my own setup - we'll see how things go.
>>> spamdyke's header filter runs at connection time, as all of its
>>> filters do. If a header line matches a blacklisted pattern, the entire
>>> message is rejected (the sending server receives an error code, qmail
>>> never sees the message).
>> Right - thanks for the clarification.
> 
> 
> One annoying spammer continues to get their mail through but I don't 
> understand why - my header-blacklist-file includes these two lines in it:
> 
>  [FR][re][op][ml]*:*brewster.com*
>  [FR][re][op][ml]*:*nice.com*
> 
> but the first one works and the second one doesn't!:
> 
> /var/log/maillog-20151230:Dec 29 17:08:43 prix spamdyke[15684]: 
> DENIED_HEADER_BLACKLISTED from: smartdel...@brewster.com to: 
> p...@pricom.com.au origin_ip: 23.253.183.234 origin_rdns: 
> mail-183-234.mailgun.info auth: (unknown) encryption: (none) reason: 
> /usr/local/bin/srejector2/spamdyke_blacklist_header.txt:11
> 
> /var/log/maillog-20151230:Dec 29 17:08:00 prix spamdyke[15609]: ALLOWED from: 
> support.a...@nice.com to: mailer-dae...@pricom.com.au origin_ip: 
> 192.114.148.4 origin_rdns: mailil.nice.com auth: (unknown) encryption: (none) 
> reason: 250_ok_1451369280_qp_15628
> 
> I have even saved the file in vim a couple of times and restarted qmail a 
> couple of times but no change in the behaviour - what could the explanation 
> be?
> 
> Thanks,
> 
> Phil.
> 
> 
>>> On Jun 19, 2015, at 9:09 PM, Philip Rhoades via spamdyke-users
>>>  wrote:
 Sam,
 See inline comments:
 On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote:
> You're correct spamdyke does not support regexes for any of its
> options, but you can use a wildcard in a sender or recipient
> white/blacklist file to match entire domains by prefixing the line
> with an @ symbol. For example:
> @example.com [1] [1]
 Yep, saw that - is it possible to support regexes in the future?
> Full documentation here:
>>> http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS
> [2]
> [2]
> BUT! Be careful -- the "To" and "From" lines in the message header
> are
> not the same as the "sender" and "recipient". The sender and
> recipient
> are part of SMTP, the To and From lines are part of the message
> data
> and are completely unrelated. Think of it this way: when a letter
> is
> sent through the post office, the name on the outside of the
> envelope
> tells the postman which mailbox gets the envelope (or where to
> send it
> back to) but top of the letter inside may have a completely
> unrelated
> letterhead and salutation. Whenever spamdyke's
> options/documentation
> refer to a "sender" or a "recipient", it means the name on the
> outside
> of the envelope. The user never sees those values in their mail
> client
> unless the sender chooses to use those values in the To and From
> fields. Spammers typically fake all sender/recipient/To/From
> fields,
> but other software does too for perfectly legitimate reasons (e.g.
> mailing lists, autoresponders).
 Right.
> If you want to block based on the To
> and From lines the user sees in their mail client, you should look
> at
> spamdyke's header blacklist filter:
> http://www.spamdyke.org/documentation/README.html#HEADERS [3] [3]
 In that case the mail has already been accepted? When I was

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

2015-12-30 Thread Philip Rhoades via spamdyke-users


Sam,


On 2015-12-31 06:34, Sam Clippinger via spamdyke-users wrote:

Ah... you're confusing the "sender" address with the "From" address.



Dammit! . . I get caught with that every time I come back to look at 
this stuff . .




The sender address is what appears in the logs.



Of course . .



The From address is
what appears in the message headers and is also what you see in your
mail client.  The two are completely separate and spammers usually
supply different (bogus) values for them.



Right . .



To block both of the examples you gave, add these lines to your
sender-blacklist-file (not your header-blacklist-file):
 @brewster.com [1]
 @nice.com [2]



Yes . . but I solved the "From:" and "Reply-to:" problem with a single 
file and globbing but I can't do that with the sender-blacklist-file as 
well . . I might set up one master file and do a nightly cron job that 
produces both of the needed files from the master file . .


Thanks again!

Phil.



That should do it!  More info here:
 http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS

-- Sam Clippinger

On Dec 29, 2015, at 11:54 PM, Philip Rhoades via spamdyke-users
 wrote:


People,

I thought of starting a new thread but the question relates to this
discussion so I thought I would revive it - see inline comments:

On 2015-06-21 04:57, Philip Rhoades via spamdyke-users wrote:
Sam,
On 2015-06-21 03:12, Sam Clippinger via spamdyke-users wrote:
Regex support is on the (rather lengthy) to-do list, but frankly
it's
not a very high priority -- there's a lot of low-hanging fruit that
would be of much more benefit right now. Plus, since I'm not one of
the 10 people in the world who completely understands regexes, I
doubt
I would actually use them myself; I'd rather add globbing support,
which I do understand. :)
OK, no worries - SD is going well so far so I may not need some of
the
mechanisms that I used in my own setup - we'll see how things go.
spamdyke's header filter runs at connection time, as all of its
filters do. If a header line matches a blacklisted pattern, the
entire
message is rejected (the sending server receives an error code,
qmail
never sees the message).
Right - thanks for the clarification.


One annoying spammer continues to get their mail through but I don't
understand why - my header-blacklist-file includes these two lines in
it:

 [FR][re][op][ml]*:*brewster.com*
 [FR][re][op][ml]*:*nice.com*

but the first one works and the second one doesn't!:

/var/log/maillog-20151230:Dec 29 17:08:43 prix spamdyke[15684]:
DENIED_HEADER_BLACKLISTED from: smartdel...@brewster.com to:
p...@pricom.com.au origin_ip: 23.253.183.234 origin_rdns:
mail-183-234.mailgun.info auth: (unknown) encryption: (none) reason:
/usr/local/bin/srejector2/spamdyke_blacklist_header.txt:11

/var/log/maillog-20151230:Dec 29 17:08:00 prix spamdyke[15609]:
ALLOWED from: support.a...@nice.com to: mailer-dae...@pricom.com.au
origin_ip: 192.114.148.4 origin_rdns: mailil.nice.com auth: (unknown)
encryption: (none) reason: 250_ok_1451369280_qp_15628

I have even saved the file in vim a couple of times and restarted
qmail a couple of times but no change in the behaviour - what could
the explanation be?

Thanks,

Phil.


On Jun 19, 2015, at 9:09 PM, Philip Rhoades via spamdyke-users
 wrote:
Sam,
See inline comments:
On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote:
You're correct spamdyke does not support regexes for any of its
options, but you can use a wildcard in a sender or recipient
white/blacklist file to match entire domains by prefixing the line
with an @ symbol. For example:
@example.com [1] [1]
Yep, saw that - is it possible to support regexes in the future?
Full documentation here:

 http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS


[2]
[2]
BUT! Be careful -- the "To" and "From" lines in the message header
are
not the same as the "sender" and "recipient". The sender and
recipient
are part of SMTP, the To and From lines are part of the message
data
and are completely unrelated. Think of it this way: when a letter
is
sent through the post office, the name on the outside of the
envelope
tells the postman which mailbox gets the envelope (or where to
send it
back to) but top of the letter inside may have a completely
unrelated
letterhead and salutation. Whenever spamdyke's
options/documentation
refer to a "sender" or a "recipient", it means the name on the
outside
of the envelope. The user never sees those values in their mail
client
unless the sender chooses to use those values in the To and From
fields. Spammers typically fake all sender/recipient/To/From
fields,
but other software does too for perfectly legitimate reasons (e.g.
mailing lists, autoresponders).

Right.


If you want to block based on the To
and From lines the user sees in their mail client, you should look
at
spamdyke's header blacklist filter:

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

2015-12-29 Thread Philip Rhoades via spamdyke-users


People,

I thought of starting a new thread but the question relates to this 
discussion so I thought I would revive it - see inline comments:



On 2015-06-21 04:57, Philip Rhoades via spamdyke-users wrote:

Sam,


On 2015-06-21 03:12, Sam Clippinger via spamdyke-users wrote:

Regex support is on the (rather lengthy) to-do list, but frankly it's
not a very high priority -- there's a lot of low-hanging fruit that
would be of much more benefit right now. Plus, since I'm not one of
the 10 people in the world who completely understands regexes, I doubt
I would actually use them myself; I'd rather add globbing support,
which I do understand. :)



OK, no worries - SD is going well so far so I may not need some of the
mechanisms that I used in my own setup - we'll see how things go.



spamdyke's header filter runs at connection time, as all of its
filters do. If a header line matches a blacklisted pattern, the entire
message is rejected (the sending server receives an error code, qmail
never sees the message).



Right - thanks for the clarification.



One annoying spammer continues to get their mail through but I don't 
understand why - my header-blacklist-file includes these two lines in 
it:


  [FR][re][op][ml]*:*brewster.com*
  [FR][re][op][ml]*:*nice.com*

but the first one works and the second one doesn't!:

/var/log/maillog-20151230:Dec 29 17:08:43 prix spamdyke[15684]: 
DENIED_HEADER_BLACKLISTED from: smartdel...@brewster.com to: 
p...@pricom.com.au origin_ip: 23.253.183.234 origin_rdns: 
mail-183-234.mailgun.info auth: (unknown) encryption: (none) reason: 
/usr/local/bin/srejector2/spamdyke_blacklist_header.txt:11


/var/log/maillog-20151230:Dec 29 17:08:00 prix spamdyke[15609]: ALLOWED 
from: support.a...@nice.com to: mailer-dae...@pricom.com.au origin_ip: 
192.114.148.4 origin_rdns: mailil.nice.com auth: (unknown) encryption: 
(none) reason: 250_ok_1451369280_qp_15628


I have even saved the file in vim a couple of times and restarted qmail 
a couple of times but no change in the behaviour - what could the 
explanation be?


Thanks,

Phil.



On Jun 19, 2015, at 9:09 PM, Philip Rhoades via spamdyke-users
 wrote:


Sam,

See inline comments:

On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote:


You're correct spamdyke does not support regexes for any of its
options, but you can use a wildcard in a sender or recipient
white/blacklist file to match entire domains by prefixing the line
with an @ symbol. For example:
@example.com [1] [1]


Yep, saw that - is it possible to support regexes in the future?


Full documentation here:




http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS

[2]
[2]
BUT! Be careful -- the "To" and "From" lines in the message header
are
not the same as the "sender" and "recipient". The sender and
recipient
are part of SMTP, the To and From lines are part of the message
data
and are completely unrelated. Think of it this way: when a letter
is
sent through the post office, the name on the outside of the
envelope
tells the postman which mailbox gets the envelope (or where to
send it
back to) but top of the letter inside may have a completely
unrelated
letterhead and salutation. Whenever spamdyke's
options/documentation
refer to a "sender" or a "recipient", it means the name on the
outside
of the envelope. The user never sees those values in their mail
client
unless the sender chooses to use those values in the To and From
fields. Spammers typically fake all sender/recipient/To/From
fields,
but other software does too for perfectly legitimate reasons (e.g.
mailing lists, autoresponders).


Right.


If you want to block based on the To
and From lines the user sees in their mail client, you should look
at
spamdyke's header blacklist filter:
http://www.spamdyke.org/documentation/README.html#HEADERS [3] [3]


In that case the mail has already been accepted? When I was using
the qmail-qfilter+Ruby script method - my understanding of it at
least - was that my Ruby script could process the header and body of
the email and exit with a particular error code if the mail was bad
and this would terminate the SMTP negotiation with that error
message (eg drop the mail silently). So in this case I was able to
look at all the header fields as well as the mail body and do
whatever I wanted before accepting the mail.


Header filtering doesn't support regexes either, but it does use
"globbing" to allow more wildcard options.


Right.

Thanks,

Phil.

On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users
 wrote:
People,
As well as using GreyLite I have done my own thing for many years
with qmail-qfilter and a Ruby script (it started off as a Ruby
learning exercise . . ) - anyway for my white and black lists I was
able to have in the plain text files things like:
ad...@phillipsfinancial.com.au
administrator@(booksjournals.com [4](|.au)|(prix.|)pricom.com.au
[5]|qps.com.au [6])
adwords-noreply

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

2015-06-20 Thread Sam Clippinger via spamdyke-users

Regex support is on the (rather lengthy) to-do list, but frankly it's not a 
very high priority -- there's a lot of low-hanging fruit that would be of much 
more benefit right now.  Plus, since I'm not one of the 10 people in the world 
who completely understands regexes, I doubt I would actually use them myself; 
I'd rather add globbing support, which I do understand. :)

spamdyke's header filter runs at connection time, as all of its filters do.  If 
a header line matches a blacklisted pattern, the entire message is rejected 
(the sending server receives an error code, qmail never sees the message).

-- Sam Clippinger




On Jun 19, 2015, at 9:09 PM, Philip Rhoades via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Sam,
 
 See inline comments:
 
 
 On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote:
 You're correct spamdyke does not support regexes for any of its
 options, but you can use a wildcard in a sender or recipient
 white/blacklist file to match entire domains by prefixing the line
 with an @ symbol. For example:
 @example.com [1]
 
 
 Yep, saw that - is it possible to support regexes in the future?
 
 
 Full documentation here:
 http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS
 [2]
 BUT! Be careful -- the To and From lines in the message header are
 not the same as the sender and recipient. The sender and recipient
 are part of SMTP, the To and From lines are part of the message data
 and are completely unrelated. Think of it this way: when a letter is
 sent through the post office, the name on the outside of the envelope
 tells the postman which mailbox gets the envelope (or where to send it
 back to) but top of the letter inside may have a completely unrelated
 letterhead and salutation. Whenever spamdyke's options/documentation
 refer to a sender or a recipient, it means the name on the outside
 of the envelope. The user never sees those values in their mail client
 unless the sender chooses to use those values in the To and From
 fields. Spammers typically fake all sender/recipient/To/From fields,
 but other software does too for perfectly legitimate reasons (e.g.
 mailing lists, autoresponders).
 
 
 Right.
 
 
 If you want to block based on the To
 and From lines the user sees in their mail client, you should look at
 spamdyke's header blacklist filter:
 http://www.spamdyke.org/documentation/README.html#HEADERS [3]
 
 
 In that case the mail has already been accepted?  When I was using the 
 qmail-qfilter+Ruby script method - my understanding of it at least - was that 
 my Ruby script could process the header and body of the email and exit with a 
 particular error code if the mail was bad and this would terminate the SMTP 
 negotiation with that error message (eg drop the mail silently).  So in this 
 case I was able to look at all the header fields as well as the mail body and 
 do whatever I wanted before accepting the mail.
 
 
 Header filtering doesn't support regexes either, but it does use
 globbing to allow more wildcard options.
 
 
 Right.
 
 Thanks,
 
 Phil.
 
 
 On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users
 spamdyke-users@spamdyke.org wrote:
 People,
 As well as using GreyLite I have done my own thing for many years
 with qmail-qfilter and a Ruby script (it started off as a Ruby
 learning exercise . . ) - anyway for my white and black lists I was
 able to have in the plain text files things like:
 ad...@phillipsfinancial.com.au
 administrator@(booksjournals.com(|.au)|(prix.|)pricom.com.au|qps.com.au)
 adwords-noreply
 america.com
 ecolife
 where if any of those particular regexes appeared in the To: or
 From: or whatever, they could be allowed or blocked or whatever - I
 am guessing that eg the recipient-blacklist-file=FILE only allows
 for full email addresses?
 Thanks,
 Phil.
 --
 Philip Rhoades
 PO Box 896
 Cowra NSW 2794
 Australia
 E-mail: p...@pricom.com.au
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users
 Links:
 --
 [1] http://example.com
 [2] http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS
 [3] http://www.spamdyke.org/documentation/README.html#HEADERS
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users
 
 -- 
 Philip Rhoades
 
 PO Box 896
 Cowra  NSW  2794
 Australia
 E-mail:  p...@pricom.com.au
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

2015-06-20 Thread Philip Rhoades via spamdyke-users


Sam,


On 2015-06-21 03:12, Sam Clippinger via spamdyke-users wrote:

Regex support is on the (rather lengthy) to-do list, but frankly it's
not a very high priority -- there's a lot of low-hanging fruit that
would be of much more benefit right now. Plus, since I'm not one of
the 10 people in the world who completely understands regexes, I doubt
I would actually use them myself; I'd rather add globbing support,
which I do understand. :)



OK, no worries - SD is going well so far so I may not need some of the 
mechanisms that I used in my own setup - we'll see how things go.




spamdyke's header filter runs at connection time, as all of its
filters do. If a header line matches a blacklisted pattern, the entire
message is rejected (the sending server receives an error code, qmail
never sees the message).



Right - thanks for the clarification.

Regards,

Phil.



-- Sam Clippinger

On Jun 19, 2015, at 9:09 PM, Philip Rhoades via spamdyke-users
spamdyke-users@spamdyke.org wrote:


Sam,

See inline comments:

On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote:


You're correct spamdyke does not support regexes for any of its
options, but you can use a wildcard in a sender or recipient
white/blacklist file to match entire domains by prefixing the line
with an @ symbol. For example:
@example.com [1] [1]


Yep, saw that - is it possible to support regexes in the future?


Full documentation here:




http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS

[2]
[2]
BUT! Be careful -- the To and From lines in the message header
are
not the same as the sender and recipient. The sender and
recipient
are part of SMTP, the To and From lines are part of the message
data
and are completely unrelated. Think of it this way: when a letter
is
sent through the post office, the name on the outside of the
envelope
tells the postman which mailbox gets the envelope (or where to
send it
back to) but top of the letter inside may have a completely
unrelated
letterhead and salutation. Whenever spamdyke's
options/documentation
refer to a sender or a recipient, it means the name on the
outside
of the envelope. The user never sees those values in their mail
client
unless the sender chooses to use those values in the To and From
fields. Spammers typically fake all sender/recipient/To/From
fields,
but other software does too for perfectly legitimate reasons (e.g.
mailing lists, autoresponders).


Right.


If you want to block based on the To
and From lines the user sees in their mail client, you should look
at
spamdyke's header blacklist filter:
http://www.spamdyke.org/documentation/README.html#HEADERS [3] [3]


In that case the mail has already been accepted? When I was using
the qmail-qfilter+Ruby script method - my understanding of it at
least - was that my Ruby script could process the header and body of
the email and exit with a particular error code if the mail was bad
and this would terminate the SMTP negotiation with that error
message (eg drop the mail silently). So in this case I was able to
look at all the header fields as well as the mail body and do
whatever I wanted before accepting the mail.


Header filtering doesn't support regexes either, but it does use
globbing to allow more wildcard options.


Right.

Thanks,

Phil.

On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users
spamdyke-users@spamdyke.org wrote:
People,
As well as using GreyLite I have done my own thing for many years
with qmail-qfilter and a Ruby script (it started off as a Ruby
learning exercise . . ) - anyway for my white and black lists I was
able to have in the plain text files things like:
ad...@phillipsfinancial.com.au
administrator@(booksjournals.com [4](|.au)|(prix.|)pricom.com.au
[5]|qps.com.au [6])
adwords-noreply
america.com [7]
ecolife
where if any of those particular regexes appeared in the To: or
From: or whatever, they could be allowed or blocked or whatever - I
am guessing that eg the recipient-blacklist-file=FILE only allows
for full email addresses?
Thanks,
Phil.
--
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Links:
--
[1] http://example.com [1]
[2]


http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS

[2]
[3] http://www.spamdyke.org/documentation/README.html#HEADERS [3]
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users


--
Philip Rhoades

PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users



Links:
--
[1] http://example.com
[2] 
http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS

[3]

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

2015-06-19 Thread Sam Clippinger via spamdyke-users

You're correct spamdyke does not support regexes for any of its options, but 
you can use a wildcard in a sender or recipient white/blacklist file to match 
entire domains by prefixing the line with an @ symbol.  For example:
@example.com
Full documentation here:
http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS

BUT!  Be careful -- the To and From lines in the message header are not the 
same as the sender and recipient.  The sender and recipient are part of 
SMTP, the To and From lines are part of the message data and are completely 
unrelated.  Think of it this way: when a letter is sent through the post 
office, the name on the outside of the envelope tells the postman which mailbox 
gets the envelope (or where to send it back to) but top of the letter inside 
may have a completely unrelated letterhead and salutation.  Whenever spamdyke's 
options/documentation refer to a sender or a recipient, it means the name 
on the outside of the envelope.  The user never sees those values in their mail 
client unless the sender chooses to use those values in the To and From fields. 
 Spammers typically fake all sender/recipient/To/From fields, but other 
software does too for perfectly legitimate reasons (e.g. mailing lists, 
autoresponders).  If you want to block based on the To and From lines the user 
sees in their mail client, you should look at spamdyke's header blacklist 
filter:
http://www.spamdyke.org/documentation/README.html#HEADERS
Header filtering doesn't support regexes either, but it does use globbing to 
allow more wildcard options.

-- Sam Clippinger




On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 People,
 
 As well as using GreyLite I have done my own thing for many years with 
 qmail-qfilter and a Ruby script (it started off as a Ruby learning exercise . 
 . ) - anyway for my white and black lists I was able to have in the plain 
 text files things like:
 
 ad...@phillipsfinancial.com.au
 administrator@(booksjournals.com(|.au)|(prix.|)pricom.com.au|qps.com.au)
 adwords-noreply
 america.com
 ecolife
 
 where if any of those particular regexes appeared in the To: or From: or 
 whatever, they could be allowed or blocked or whatever - I am guessing that 
 eg the recipient-blacklist-file=FILE only allows for full email addresses?
 
 Thanks,
 
 Phil.
 -- 
 Philip Rhoades
 
 PO Box 896
 Cowra  NSW  2794
 Australia
 E-mail:  p...@pricom.com.au
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

2015-06-19 Thread Philip Rhoades via spamdyke-users


Sam,

See inline comments:


On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote:

You're correct spamdyke does not support regexes for any of its
options, but you can use a wildcard in a sender or recipient
white/blacklist file to match entire domains by prefixing the line
with an @ symbol. For example:
 @example.com [1]



Yep, saw that - is it possible to support regexes in the future?



Full documentation here:
 http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS
[2]

BUT! Be careful -- the To and From lines in the message header are
not the same as the sender and recipient. The sender and recipient
are part of SMTP, the To and From lines are part of the message data
and are completely unrelated. Think of it this way: when a letter is
sent through the post office, the name on the outside of the envelope
tells the postman which mailbox gets the envelope (or where to send it
back to) but top of the letter inside may have a completely unrelated
letterhead and salutation. Whenever spamdyke's options/documentation
refer to a sender or a recipient, it means the name on the outside
of the envelope. The user never sees those values in their mail client
unless the sender chooses to use those values in the To and From
fields. Spammers typically fake all sender/recipient/To/From fields,
but other software does too for perfectly legitimate reasons (e.g.
mailing lists, autoresponders).



Right.



If you want to block based on the To
and From lines the user sees in their mail client, you should look at
spamdyke's header blacklist filter:
 http://www.spamdyke.org/documentation/README.html#HEADERS [3]



In that case the mail has already been accepted?  When I was using the 
qmail-qfilter+Ruby script method - my understanding of it at least - was 
that my Ruby script could process the header and body of the email and 
exit with a particular error code if the mail was bad and this would 
terminate the SMTP negotiation with that error message (eg drop the mail 
silently).  So in this case I was able to look at all the header fields 
as well as the mail body and do whatever I wanted before accepting the 
mail.




Header filtering doesn't support regexes either, but it does use
globbing to allow more wildcard options.



Right.

Thanks,

Phil.



On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users
spamdyke-users@spamdyke.org wrote:


People,

As well as using GreyLite I have done my own thing for many years
with qmail-qfilter and a Ruby script (it started off as a Ruby
learning exercise . . ) - anyway for my white and black lists I was
able to have in the plain text files things like:

ad...@phillipsfinancial.com.au


administrator@(booksjournals.com(|.au)|(prix.|)pricom.com.au|qps.com.au)

adwords-noreply
america.com
ecolife

where if any of those particular regexes appeared in the To: or
From: or whatever, they could be allowed or blocked or whatever - I
am guessing that eg the recipient-blacklist-file=FILE only allows
for full email addresses?

Thanks,

Phil.
--
Philip Rhoades

PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users




Links:
--
[1] http://example.com
[2] 
http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS

[3] http://www.spamdyke.org/documentation/README.html#HEADERS

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users


--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

7 matches

Site Navigation

Mail list logo

Footer information