This doesn't look like it's email originating from your system.
Instead, it looks like spamdyke has accepted the message and then qmail
is doing the rejection. My guess is that it passes through spamdyke
with an invalid destination user. Qmail then tries to reject it.
You can avoid this by
Don't you need a private key file as well? Mine has:
tls-certificate-file=fullchain.pem
tls-privatekey-file=privkey.pem
On 10/12/2016 03:31 PM, marek--- via spamdyke-users wrote:
I read an old thread on this problem, but did not see a solution.
# spamdyke -v
spamdyke
ld show
the IP address right after the username, separated by a space. (NOTE:
I haven't compiled or tested this change, proceed with caution...)
-- Sam Clippinger
On Jul 22, 2016, at 6:17 PM, Gary Gendel via spamdyke-users
<spamdyke-users@spamdyke.org <mailto:spamdyke-users
Sam,
Is there a way to get spamdyke to log invalid authorizations in a manner
that fail2ban can use? My host has been hit continuously with
brute-force attacks. Unfortunately, the logs only have:
Jul 22 18:54:43 tardis spamdyke[26727]: [ID 702911 mail.info]
FILTER_AUTH_REQUIRED
Jul 22
Faris,
Looks like it does. From the documentation in the section on Reverse DNS:
When matching an IP address in an rDNS name, spamdyke looks for the IP
address in many forms; for example, if the IP address is 11.22.33.44,
spamdyke will look for the following patterns in the rDNS name (the
Sam,
I've started a discussion on the OpenIndiana developer's mailing list
about Spamdyke and generated a lot of interest. I know you're working
on divorcing Spamdyke from Qmail and also supporting IPv6. How is this
work progressing? It seems that IPv6 seems to be a sticky point for
show the AUTH lines
in every case.
How did you install qmail? Is this netqmail or Plesk or QTP or?
-- Sam Clippinger
On Aug 24, 2015, at 11:42 AM, Gary Gendel via spamdyke-users
spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org wrote:
Sam,
Yes I'm on 5.0.1.
I've
to
make sure you're on that version before I spend time chasing a bug
that's already fixed. :)
If you are on 5.0.1, could you post your configuration file that shows
how to reproduce this? That'll probably save me quite a bit of time.
-- Sam Clippinger
On Aug 21, 2015, at 1:54 PM, Gary
Sam,
If I use qmail with smtp auth, then spamdyke announces STARTTLS
capabilities, but if I have spamdyke do it then it doesn't. It's there
and works, but it isn't announced in the ehlo response.
gary@abby ~ openssl s_client -starttls smtp -crlf -connect
tardis.genashor.com:587 -starttls
I use port 22 for non-auth mail and 587 for TLS with auth mail. On 587
I ended up using postfix because I could never get spamdyke working. It
always failed valid authorizations.
I was putting together a new server and I decided to take another look.
The problem ended up in the
to let it go. If spamdyke can forward connections
from port 25 to port X while doing all the filtering it does now, it
should work nicely with just about any other mail server.
-- Sam Clippinger
On Aug 18, 2015, at 12:03 PM, Gary Gendel via spamdyke-users
spamdyke-users@spamdyke.org
Phil,
The greylisting feature of Spamdyke kicks in after whitelisting and
blacklisting operations. If these operations don't specifically reject
or accept the incoming email then it is chosen for greylisting. I
suggest you scan it's features from the spamdyke homepage. It sounds
like it
Sam,
Do you have a repository of your current filters that you're willing to
share? Or do I need to download the hunter_seeker package periodically?
Gary
On 11/05/2014 09:08 AM, Sam Clippinger wrote:
Looks like some Apache config entries didn't make it to the new server
when I set it up,
I also remember this discussion but it was quite a while ago. I had
subsequently removed greylisting as well with no noticeable increase in
spam. I did add Sam's hunter_seeker script and it did make a
difference. However, I haven't seen any new websites added to that
blocklist so I wonder
I tend to agree. The lists I've chosen have been the result of many
years of tuning. Actually shlink.org wasn't even in my radar and isn't
on many of the multi-rbl test sites so I need to test it.
I'd be curious to hear about Sam's blacklist setup.
Gary
On 03/09/2014 09:24 AM, Dossy
Almost all of my uncaught spam comes from two domains:
colocrossing.com
hostnoc.net
The latter usually has the ip address in the rdns so you can trap it
that way, but I just block them entirely. With these two out of the way,
and barracudacentral and zen.spamhaus, my users see almost no spam.
I tend to agree, however, it does depend on the ordering. I found that
there are a lot of duplications on the list so the first one tends to
get the most hits. My list consists of
b.barracudacentral.org
zen.spamhause.org
I've tried others, but the others I've added only add a very small
Sam,
Not an issue but you should mark down that 5.0.0 treats the spawned
program argument differently than 4.x. In 5.0.0 I have to explicitly
specify the fully qualified path to qmail-smtpd where 4.x found it in
the PATH.
Gary
___
spamdyke-users
Sam,
Just curious to see how things are coming? Sounds like you may have
expanded the scope of this release based upon some of the recent group
discussions.
Gary
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
Sam,
Thanks for this addition to spamdyke's capabilities. I back up my
system daily using rsync and it seems to re-copy many of the traps each
time. Are you touching these each time a message comes in regardless of
it being blocked?
Gary
___
Faris,
I thought there was a spamdyke flowchart somewhere, but my mind must be
playing tricks because I couldn't find it.
Logically, it would seem to me that order would be:
Check all whitelists, if found then accept the mail
Check all blacklists, if found then reject the mail
It it passes
:09 AM, Eric Shubert wrote:
On 11/19/2013 04:46 AM, Gary Gendel wrote:
Spamdyke does clean up these files periodically (as set by
graylist-max-secs)
I don't believe this is entirely true. Spamdyke will honor/see these
expirations only if/when another email is sent after this time has
elapsed
Whoops! I read the comment which was obviously wrong. :O
On 11/22/13, 9:13 PM, BC wrote:
On 11/22/2013 7:09 PM, Gary Gendel wrote:
My graylists do get constantly pruned but others seem to have old
ones remaining. Then again, my graylist-max-secs is set to 1296000
(one day) which
It's my understanding (which may be faulty) that spamdyke always creates
a 0 byte file the first time it gets mail from the domain. When it sees
another email from that domain (after the prerequisite graylist-min-secs
delay) then it puts the sending server into the file and allows the mail
to
Prefetch is evil and is disabled by default in illumos based
distributions (in newer versions it is enabled for scrubs since these
are sequential in nature and can get a performance boost). I'm talking
about the Adaptive Replacement Cache (ARC). This uses various metrics
such as lru to
Well sort of...
With ZFS this happens automatically because the file information is
cached in the ARC RAM unless forced out. I'm currently running a 91%
cache hit rate on this server which runs file, web, streaming, and mail
services. It's running OpenIndiana (hipster) and has 4G RAM with 4
On 10/21/2013 01:48 PM, Sam Clippinger wrote:
I have some good news and some bad news...
The good news: spamdyke version 5.0.0 is done, tested and ready. The
biggest new feature is recipient validation -- spamdyke uses the
qmail's configuration files and duplicates qmail's logic to determine
Sam,
I suppose that all rejects are sent back as temporary failures. Is it
possible to select specific ones and send back as permanent? For
example, I have two spam sites that pound my server daily over several
years. Do you think sending back permanent errors will dissuade these
sites or
Did you set dns-server-ip in your spamdyke.conf file? If so, it it
pointing to the right server?
On 08/23/2013 04:58 AM, JP Kelly wrote:
I am using spamdyke 4.3.1+TLS+CONFIGTEST+DEBUG+MYSQL[haggybear.de]
On Plesk 11 CentOS 5
All of the reverse DNS entries show up as unknown even though I can
Sam,
I just started playing with your hunter-seeker script. Is there a
repository where the latest hunter-seeker filters can be downloaded? I
don't know how often you and others update them, but new filters would
be a nice thing to share. Also, any unblacklistable domains that have
been
Clippinger
On Aug 13, 2013, at 8:39 AM, Gary Gendel wrote:
Sam,
I just started playing with your hunter-seeker script. Is there a
repository where the latest hunter-seeker filters can be downloaded? I
don't know how often you and others update them, but new filters would
be a nice thing
Hi all,
Anyone else see a growing number of spam that just breezes through
spamdyke and spamassassin?
They are short (10 lines of content), emails that contain shortened
URLs in them. An interesting thing is that many come from machines with
common domain prefixes. For example:
Sam,
Any plans to release your work to reject invalid users in Spamdyke to
prevent backscatter? This would be the (hopefully) the last needed
piece of the system for me.
Gary
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
I do something similar for my ip blacklist. I have a honeypot that, if
it receives email. it adds the sender's ip to the blacklist with a
timestamp in a preceding comment. If I get another email from that
server, it just updates the comment so the expiration gets extended. I
run a nightly
but it should be easy to figure out what needs
to be done from the included Jamfile.
Feel free to use it, modify it, or throw it away as needed. :)
Gary
On 03/26/2013 11:05 AM, Denny Jones wrote:
Interesting concept. Care to share your script?
-Original Message-
From: Gary Gendel g
On 02/08/2013 01:19 PM, Eric Shubert wrote:
On 02/08/2013 10:16 AM, Lutz Petersen wrote:
Again:
It is a very _bad_ idea to block hosts with the keyword dhcp in the rdns
name.
A lot of static hosts (hostingcenter etc.) have this keyword in their rdns
and
they all are static.
Kevin,
Qmail looks for the environment variable RELAYCLIENT, if that is
set, then qmail will happily relay.
My guess is that something upstream or downstream from spamdyke is
doing the dirty deed. For example, if you use tcpserver, check
it's
On 7/28/12 1:09 AM, Eric Shubert wrote:
A potential problem just occurred to me though. QMT uses the (preferred
default) submission port 587, and includes a qmail-smtpd patch which
forces authentication (export REQUIRE_AUTH=1). While spamdyke wouldn't
typically be used on the submission port
I'm in the same situation as you. The only reason I decided to move from
djbdns is because it doesn't handle IPV6 without patching. Since my ISP
has started providing IPV6, and saw that unbound was already in
OpenIndiana's repository, I figured that this is the time to see if was
an
On 7/12/12 1:18 PM, BC wrote:
On 7/12/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote:
I use an internal caching DNS server as a DNS forwarder for spamdyke's
dns requests. This way I only need to query outside once, and
subsequent spam bursts from the same server are rejected by
On 7/11/12 1:50 PM, Eric Shubert wrote:
On 07/11/2012 10:40 AM, BC wrote:
On 7/11/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote:
I've disabled graylisting on a few domains that are sensitive to timely
delivery. They haven't complained about any increase in spam. You might
try doing
Are you sure that there is nothing already bound to port 25?
On 6/14/12 6:26 AM, Doug Eggleton wrote:
Currently trying to get Spamdyke configured on Plesk 10.4/Qmail . It
works on port 587 but not port 25. Instead we get error messages
saying The server responded: spamdyke
Since spamdyke runs on an unmodified qmail setup, it seems that a good
addition would early detection of non-existing users. This will fix the
backscatter problem that is inherent with qmail by rejecting email
before queuing rather than bouncing them.
pulled
a few converts to the spamdyke fold.
I guess the next piece of the puzzle with be ipv6 support. Of course
that means that the rbl sites need to support this in a consistent fashion.
Gary
On 4/27/12 2:05 PM, Eric Shubert wrote:
On 04/27/2012 10:54 AM, Gary Gendel wrote:
Since spamdyke runs
44 matches
Mail list logo
