Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-09-25 Thread Sam Clippinger via spamdyke-users 
The header blacklist file has a different format from the sender blacklist 
file, so just copying entries from one to the other won't work.  You need to 
provide a pattern that matches the line(s) in the message header -- in your 
mail client, you should have an option to "view message source" or "view raw 
headers" that will show you what it looks like.  In this specific case, you 
probably want this:
Reply-To: *@skysoft.com*
The format is case insensitive and uses globbing for wildcards, so * will match 
multiple characters and [] will match a set or range of characters, just like 
the bash command prompt.  The filter will ignore any lines in the file that 
don't contain a colon.  Full details here:
http://www.spamdyke.org/documentation/README.html#HEADERS

For testing, you certainly can use telnet -- I do it all the time.  Just make 
sure the host you telnet from isn't blocked or whitelisted for some other 
reason (most folks whitelist localhost, for example).

-- Sam Clippinger




On Sep 25, 2015, at 1:31 AM, Philip Rhoades via spamdyke-users 
 wrote:

> Sam,
> 
> 
> On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote:
>> Actually, no. The sender-blacklist-* and recipient-blacklist-* filters
>> operate on different data from the header-blacklist-* filters. The
>> reason is because the sender and recipient addresses are given during
>> the SMTP protocol and aren't part of the message itself -- the
>> addresses you see in your mail client are the From and To entries from
>> the message header. The first paragraph here explains in a little more
>> detail:
>> http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
>> [1]
> 
> 
> Yes, sorry, I should have realised that . .
> 
> 
>> Put another way, the sender address doesn't have to match the "From"
>> address visible in the mail client -- well-behaved mail clients make
>> them the same, but that's a courtesy and not a requirement. The
>> Reply-To address is part of the message header and, again, is only a
>> convention used by well-behaved clients. If you've ever been Bcc'd on
>> a message, you've seen this in action -- the sender's mail client gave
>> your address as a recipient but didn't put your address on the "To"
>> line in the message header.
> 
> 
> Right, so, some follow up questions:  I moved the following from the 
> sender-blacklist to the header-blacklist:
> 
>  @iskysoft.com
> 
> - first in the conf file then later into a separate header-blacklist-file 
> with all the massaged addresses from my old setup - but the sender above 
> still seems to be getting through.  I thought the "@" was supposed to act 
> like a wild card?  Am I still doing something wrong?
> 
> When I add addresses etc to blacklists etc, is there any way of doing a test 
> myself to see that the block is working?  Using a telnet to port 25 on my 
> qmail server and manually pasting header lines is not a real test is it?
> 
> Thanks,
> 
> Phil.
> 
> 
>> -- Sam Clippinger
>> On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users
>>  wrote:
>>> Sam,
>>> On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:
 I'm not entirely sure I understand your question... if the
 Reply-To
 address is always the same, you should be able to block it using
 the
 header blacklist filter.
>>> Ah . . OK - I will try that but doesn't that mean that:
>>> sender-blacklist-entry
>>> is redundant - ie:
>>> header-blacklist-entry
>>> should cover everything?
>>> Thanks,
>>> Phil.
 If you're wanting to compare the Reply-To
 address to the From address or the sender address, spamdyke
 doesn't
 have that ability.
>>> -- Sam Clippinger
>>> On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users
>>>  wrote:
>>> People,
>>> One variety of spam that is successfully delivered to me has a
>>> different "From:" addresses but the same "Reply-To:" address - I
>>> can't see a way of blocking these mails in the conf file via the
>>> "Reply-To:" address - is it possible?
>>> Thanks,
>>> Phil.
>>> --
>>> Philip Rhoades
>>> PO Box 896
>>> Cowra NSW 2794
>>> Australia
>>> E-mail: p...@pricom.com.au
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>> --
>> Philip Rhoades
>> PO Box 896
>> Cowra NSW 2794
>> Australia
>> E-mail: p...@pricom.com.au
>> ___
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>> Links:
>> --
>> [1] http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
>>

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-09-25 Thread Philip Rhoades via spamdyke-users 

Sam,


On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote:

Actually, no. The sender-blacklist-* and recipient-blacklist-* filters
operate on different data from the header-blacklist-* filters. The
reason is because the sender and recipient addresses are given during
the SMTP protocol and aren't part of the message itself -- the
addresses you see in your mail client are the From and To entries from
the message header. The first paragraph here explains in a little more
detail:
 http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
[1]



Yes, sorry, I should have realised that . .



Put another way, the sender address doesn't have to match the "From"
address visible in the mail client -- well-behaved mail clients make
them the same, but that's a courtesy and not a requirement. The
Reply-To address is part of the message header and, again, is only a
convention used by well-behaved clients. If you've ever been Bcc'd on
a message, you've seen this in action -- the sender's mail client gave
your address as a recipient but didn't put your address on the "To"
line in the message header.



Right, so, some follow up questions:  I moved the following from the 
sender-blacklist to the header-blacklist:


  @iskysoft.com

- first in the conf file then later into a separate 
header-blacklist-file with all the massaged addresses from my old setup 
- but the sender above still seems to be getting through.  I thought the 
"@" was supposed to act like a wild card?  Am I still doing something 
wrong?


When I add addresses etc to blacklists etc, is there any way of doing a 
test myself to see that the block is working?  Using a telnet to port 25 
on my qmail server and manually pasting header lines is not a real test 
is it?


Thanks,

Phil.



-- Sam Clippinger

On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users
 wrote:


Sam,

On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:


I'm not entirely sure I understand your question... if the
Reply-To
address is always the same, you should be able to block it using
the
header blacklist filter.


Ah . . OK - I will try that but doesn't that mean that:

sender-blacklist-entry

is redundant - ie:

header-blacklist-entry

should cover everything?

Thanks,

Phil.


If you're wanting to compare the Reply-To
address to the From address or the sender address, spamdyke
doesn't
have that ability.


-- Sam Clippinger
On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users
 wrote:
People,
One variety of spam that is successfully delivered to me has a
different "From:" addresses but the same "Reply-To:" address - I
can't see a way of blocking these mails in the conf file via the
"Reply-To:" address - is it possible?
Thanks,
Phil.
--
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users


--
Philip Rhoades

PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users



Links:
--
[1] http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users


--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users