Re: [spamdyke-users] Moving from GreyLite
Gary and Sam, Thanks for the useful info! I have SpamDyke running now with the simple conf and will start looking at the options. I have some white black lists to import to . . BTW, it appears top-posting is OK here? Regards, Phil. On 2015-06-20 05:52, Sam Clippinger via spamdyke-users wrote: I'm not familiar with GreyLite at all, but connection-time means spamdyke does its work while the message is still coming into your mail server -- while the connection with the sending server is active. This is as opposed to filtering messages in the mail queue, after the remote server is no longer connected (and believes the message has been delivered). The advantage of a connection-time filter is the remote server sees the rejection and the spam is never stored on your server at all. Rejecting messages after they've been queued requires either sending a bounce message or delivering it to a user's Junk folder. This distinction comes up a lot around qmail regarding recipient validation. By itself, qmail does not validate recipients when messages are accepted. Any username at a valid domain is accepted, then bounced later if the address turns out to be invalid. This leads to the problem of backscatter spam -- spammers deliberately send messages to invalid addresses and set the from address to their intended target. A qmail server will bounce the message (complete with spam or virus) to the victim. For qmail to validate recipients at connection time requires a patch or a filter like spamdyke. -- Sam Clippinger On Jun 19, 2015, at 5:21 AM, Philip Rhoades via spamdyke-users spamdyke-users@spamdyke.org wrote: People, I have been using GreyLite for many years but it hasn't been supported for quite a while - I think it is time to update to SpamDyke . . but I have some questions - first one: I looked at the SpamDyke web site and it is still not clear to me - it says 'connection-time means spamdyke evaluates and rejects spam while the remote server is still delivering it' - does this mean it does it at the TCP / mail envelope level? ie so it would be the same as GreyLite? GL blocks and forces possibly bad mails to be resent some time later which many spammers don't attempt . . Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?
You're correct spamdyke does not support regexes for any of its options, but you can use a wildcard in a sender or recipient white/blacklist file to match entire domains by prefixing the line with an @ symbol. For example: @example.com Full documentation here: http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS BUT! Be careful -- the To and From lines in the message header are not the same as the sender and recipient. The sender and recipient are part of SMTP, the To and From lines are part of the message data and are completely unrelated. Think of it this way: when a letter is sent through the post office, the name on the outside of the envelope tells the postman which mailbox gets the envelope (or where to send it back to) but top of the letter inside may have a completely unrelated letterhead and salutation. Whenever spamdyke's options/documentation refer to a sender or a recipient, it means the name on the outside of the envelope. The user never sees those values in their mail client unless the sender chooses to use those values in the To and From fields. Spammers typically fake all sender/recipient/To/From fields, but other software does too for perfectly legitimate reasons (e.g. mailing lists, autoresponders). If you want to block based on the To and From lines the user sees in their mail client, you should look at spamdyke's header blacklist filter: http://www.spamdyke.org/documentation/README.html#HEADERS Header filtering doesn't support regexes either, but it does use globbing to allow more wildcard options. -- Sam Clippinger On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users spamdyke-users@spamdyke.org wrote: People, As well as using GreyLite I have done my own thing for many years with qmail-qfilter and a Ruby script (it started off as a Ruby learning exercise . . ) - anyway for my white and black lists I was able to have in the plain text files things like: ad...@phillipsfinancial.com.au administrator@(booksjournals.com(|.au)|(prix.|)pricom.com.au|qps.com.au) adwords-noreply america.com ecolife where if any of those particular regexes appeared in the To: or From: or whatever, they could be allowed or blocked or whatever - I am guessing that eg the recipient-blacklist-file=FILE only allows for full email addresses? Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] recipient-blacklist-file=FILE with RegExes?
People, As well as using GreyLite I have done my own thing for many years with qmail-qfilter and a Ruby script (it started off as a Ruby learning exercise . . ) - anyway for my white and black lists I was able to have in the plain text files things like: ad...@phillipsfinancial.com.au administrator@(booksjournals.com(|.au)|(prix.|)pricom.com.au|qps.com.au) adwords-noreply america.com ecolife where if any of those particular regexes appeared in the To: or From: or whatever, they could be allowed or blocked or whatever - I am guessing that eg the recipient-blacklist-file=FILE only allows for full email addresses? Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?
Sam, See inline comments: On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote: You're correct spamdyke does not support regexes for any of its options, but you can use a wildcard in a sender or recipient white/blacklist file to match entire domains by prefixing the line with an @ symbol. For example: @example.com [1] Yep, saw that - is it possible to support regexes in the future? Full documentation here: http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS [2] BUT! Be careful -- the To and From lines in the message header are not the same as the sender and recipient. The sender and recipient are part of SMTP, the To and From lines are part of the message data and are completely unrelated. Think of it this way: when a letter is sent through the post office, the name on the outside of the envelope tells the postman which mailbox gets the envelope (or where to send it back to) but top of the letter inside may have a completely unrelated letterhead and salutation. Whenever spamdyke's options/documentation refer to a sender or a recipient, it means the name on the outside of the envelope. The user never sees those values in their mail client unless the sender chooses to use those values in the To and From fields. Spammers typically fake all sender/recipient/To/From fields, but other software does too for perfectly legitimate reasons (e.g. mailing lists, autoresponders). Right. If you want to block based on the To and From lines the user sees in their mail client, you should look at spamdyke's header blacklist filter: http://www.spamdyke.org/documentation/README.html#HEADERS [3] In that case the mail has already been accepted? When I was using the qmail-qfilter+Ruby script method - my understanding of it at least - was that my Ruby script could process the header and body of the email and exit with a particular error code if the mail was bad and this would terminate the SMTP negotiation with that error message (eg drop the mail silently). So in this case I was able to look at all the header fields as well as the mail body and do whatever I wanted before accepting the mail. Header filtering doesn't support regexes either, but it does use globbing to allow more wildcard options. Right. Thanks, Phil. On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users spamdyke-users@spamdyke.org wrote: People, As well as using GreyLite I have done my own thing for many years with qmail-qfilter and a Ruby script (it started off as a Ruby learning exercise . . ) - anyway for my white and black lists I was able to have in the plain text files things like: ad...@phillipsfinancial.com.au administrator@(booksjournals.com(|.au)|(prix.|)pricom.com.au|qps.com.au) adwords-noreply america.com ecolife where if any of those particular regexes appeared in the To: or From: or whatever, they could be allowed or blocked or whatever - I am guessing that eg the recipient-blacklist-file=FILE only allows for full email addresses? Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users Links: -- [1] http://example.com [2] http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS [3] http://www.spamdyke.org/documentation/README.html#HEADERS ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Moving from GreyLite
Phil, The greylisting feature of Spamdyke kicks in after whitelisting and blacklisting operations. If these operations don't specifically reject or accept the incoming email then it is chosen for greylisting. I suggest you scan it's features from the spamdyke homepage. It sounds like it is a GreyLite replacement since it uses the connection information to determine whether to greylist. There has been multiple discussions on whether greylisting is a good or bad spam filter. In my case, I turned it off because sometimes registration confirmations aren't resent at all, are sent too late so they get caught in the greylist again, or they finally come through after they've expired. I had to be proactive in these cases and whitelist that domain before I register. For the small percentage of spam rejections over my other spamdyke filter settings, I decided it wasn't worth the hassle of false positive delays. Gary On 06/19/2015 06:21 AM, Philip Rhoades via spamdyke-users wrote: People, I have been using GreyLite for many years but it hasn't been supported for quite a while - I think it is time to update to SpamDyke . . but I have some questions - first one: I looked at the SpamDyke web site and it is still not clear to me - it says 'connection-time means spamdyke evaluates and rejects spam while the remote server is still delivering it' - does this mean it does it at the TCP / mail envelope level? ie so it would be the same as GreyLite? GL blocks and forces possibly bad mails to be resent some time later which many spammers don't attempt . . Thanks, Phil. smime.p7s Description: S/MIME Cryptographic Signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Moving from GreyLite
People, I have been using GreyLite for many years but it hasn't been supported for quite a while - I think it is time to update to SpamDyke . . but I have some questions - first one: I looked at the SpamDyke web site and it is still not clear to me - it says 'connection-time means spamdyke evaluates and rejects spam while the remote server is still delivering it' - does this mean it does it at the TCP / mail envelope level? ie so it would be the same as GreyLite? GL blocks and forces possibly bad mails to be resent some time later which many spammers don't attempt . . Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Moving from GreyLite
I'm not familiar with GreyLite at all, but connection-time means spamdyke does its work while the message is still coming into your mail server -- while the connection with the sending server is active. This is as opposed to filtering messages in the mail queue, after the remote server is no longer connected (and believes the message has been delivered). The advantage of a connection-time filter is the remote server sees the rejection and the spam is never stored on your server at all. Rejecting messages after they've been queued requires either sending a bounce message or delivering it to a user's Junk folder. This distinction comes up a lot around qmail regarding recipient validation. By itself, qmail does not validate recipients when messages are accepted. Any username at a valid domain is accepted, then bounced later if the address turns out to be invalid. This leads to the problem of backscatter spam -- spammers deliberately send messages to invalid addresses and set the from address to their intended target. A qmail server will bounce the message (complete with spam or virus) to the victim. For qmail to validate recipients at connection time requires a patch or a filter like spamdyke. -- Sam Clippinger On Jun 19, 2015, at 5:21 AM, Philip Rhoades via spamdyke-users spamdyke-users@spamdyke.org wrote: People, I have been using GreyLite for many years but it hasn't been supported for quite a while - I think it is time to update to SpamDyke . . but I have some questions - first one: I looked at the SpamDyke web site and it is still not clear to me - it says 'connection-time means spamdyke evaluates and rejects spam while the remote server is still delivering it' - does this mean it does it at the TCP / mail envelope level? ie so it would be the same as GreyLite? GL blocks and forces possibly bad mails to be resent some time later which many spammers don't attempt . . Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
