Re: [spamdyke-users] Blocking variations on a "From: " field
On 9/28/2020 7:51 AM, Philip Rhoades via spamdyke-users wrote: You need to block by header contents as it offers more wildcards: https://www.spamdyke.org/documentation/README.html#HEADERS From:* Hmm . . I thought I had tried that - oh well, I will give it a shot! I use this technique successfully but found that a space was required, thus: From: *https://spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] TLS and LibreSSL
Thank you, Sam. I wentwith the traditional OpenSSL just to be sure. On 6/4/2018 8:06 PM, Sam Clippinger via spamdyke-users wrote: I have no idea -- I've never used LibreSSL. As long as they've only updated the internal library code and not changed the API, it'll probably work fine. -- Sam Clippinger On May 26, 2018, at 2:42 PM, BC via spamdyke-users mailto:spamdyke-users@spamdyke.org>> wrote: Will spamdyke compile with TLS using the LibreSSL libraries? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org https://spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] MAILER-DAEMON Flood
Well, I have spamdyke-qrv installed and turned on in spamdyke.conf, but am still getting stuff like this (maillog): Nov 8 21:48:51 33a45916-5b78-11e6-a0e5-0cc47a6975be spamdyke[17138]: ALLOWED from: filenkokir...@shopon.net to: sergushk...@bk.ru origin_ip: 10.0.1.15 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: 250_ok_1478666931_qp_17140 so someone is trying to use my system as a relay, right? with the resulting MAILER-DAEMON bounce. The 10.0.1.15 is the IP of the jail that qmail runs in. Any other thoughts? On 11/7/2016 9:13 AM, Gary Gendel via spamdyke-users wrote: This doesn't look like it's email originating from your system. Instead, it looks like spamdyke has accepted the message and then qmail is doing the rejection. My guess is that it passes through spamdyke with an invalid destination user. Qmail then tries to reject it. You can avoid this by adding invalid user checks in spamdyke so it doesn't reach qmail by setting "recipient-validation-command=" (I use spamdyke-qrv) and "reject-recipient=invalid". Gary ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] MAILER-DAEMON Flood
Thank you very much. I'll look into that. On 11/7/2016 9:13 AM, Gary Gendel via spamdyke-users wrote: This doesn't look like it's email originating from your system. Instead, it looks like spamdyke has accepted the message and then qmail is doing the rejection. My guess is that it passes through spamdyke with an invalid destination user. Qmail then tries to reject it. You can avoid this by adding invalid user checks in spamdyke so it doesn't reach qmail by setting "recipient-validation-command=" (I use spamdyke-qrv) and "reject-recipient=invalid". ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] MAILER-DAEMON Flood
It hasn't risen to the level of DDOS, yet, but I'm getting many hundreds of these messages per night (and it is now continuing during the day). They look like this: Hi. This is the qmail-send program at purgatoire.org. I tried to deliver a bounce message to this address, but the bounce bounced!: 212.4.107.202 does not like recipient. Remote host said: 550 5.1.1 : Recipient address rejected: telcom.es Giving up on 212.4.107.202. --- Below this line is the original bounce. ... each one with totally unrelated email and IP addresses and with variable sizes and all in MIME format. I use FreeBSD here. Running qmail in a jail. I do use ssmtp running on the host (not jailed) in order to get the periodic daily/weekly/monthly reports. Is someone somehow using my system to try to send spam? Any idea how to block this? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Localhost relaying denied
On 10/3/2016 6:58 AM, Faris Raouf via spamdyke-users wrote: dns-blacklist-entry=b.barracudacentral.org Comment out the above and try it again. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Spamdyke Port Maintainer for FreeBSD Ports
While installing spamdyke on my latest FreeBSD build machine, I saw this notice: Message from spamdyke-5.0.1_1: ===> NOTICE: The spamdyke port currently does not have a maintainer. As a result, it is more likely to have unresolved issues, not be up-to-date, or even be removed in the future. To volunteer to maintain this port, please create an issue at: https://bugs.freebsd.org/bugzilla More information about port maintainership is available at: https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port I claim nothing more than rank amateurish abilities in running a mail server for my personal, in-home use and know nothing about how to maintain a FreeBSD port. I'm willing to learn how, but I'm a VERY slow learner with an obstinate bone in my head. Anyone among you who uses FreeBSD and spamdyke several levels above me who might be willing to assume the maintainership role? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Real Time Blacklists
I'm building out a new server box and figured it is time to revisit my configuration files, including spamdyke.conf. In 2014 I included some dns-blacklist-entry="entries...". But in 2015/2016 my configuration didn't include any. What say the congregants about the efficacy of RBL usage with spamdyke currently? Do you have favorite entries for the dns-blacklist-entry= parameters? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spam with rDNS resolving to "localhost"
I've got 127.0.0.1 in my "blacklist_ip" file and the system seems to be working fine. On 8/9/2016 4:02 AM, Faris Raouf via spamdyke-users wrote: Dear all, We’re having problems with spam being allowed in from IPs with rDNS resolving to “localhost”. This gets past the reject-empty-rdns filter. Initially I thought these IPs has no rDNS – using dnsstuff, I get no result (normally meaning no rDNS). But using host or dig I see the IPs really do reverse resolve to localhost. ** Example log entry: spamdyke[24468]: ALLOWED from: sqozt...@vnnic.net.vn to: redac...@redacted.tld origin_ip: 113.168.188.219 origin_rdns: localhost auth: (unknown) encryption: (none) reason: 250_ok_1470423419_qp_24501 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] softlimit error
A, the ulimit limits. I'd forgotten about those and was focusing on the "softlimit" word in the error. Thanks, Sam. On 5/5/2016 6:35 AM, Sam Clippinger via spamdyke-users wrote: You're correct that those messages are related to limits, but not the ones softlimit can set. Those messages are about "hard" limits, which are set using the "ulimit" command. I'd guess either BSD has a default hard limit or something on your system is setting them before spamdyke runs. Those limits are extremely high, so there's very little chance they're going to cause any problems, but spamdyke will keep complaining about them as long as log-level is "verbose" or higher. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] IPv6 Question
That is what I figured. Thanks, Sam. On 5/5/2016 6:30 AM, Sam Clippinger via spamdyke-users wrote: Right now, spamdyke has no support for IPv6 at all, so it can't understand that nameserver line. However, the only consequence should be that error message -- it shouldn't have any trouble skipping that line and using the IPv4 nameserver. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] softlimit error
Now that I've set log-level=excessive, I can see these two errors that spamdyke is spitting out a lot: May 4 13:54:52 Xeon_Right spamdyke[18726]: ERROR(undo_softlimit()@spamdyke.c:3226): data segment hard limit is less than infinity, could lead to unexplainable crashes: 34359738368 May 4 13:54:52 Xeon_Right spamdyke[18726]: ERROR(undo_softlimit()@spamdyke.c:3244): stack size hard limit is less than infinity, could lead to unexplainable crashes: 536870912 Seems to be a harmless error report. Per Sam's suggestion quite some time ago, I quit using the 'softlimit' option in the tcpserver startup "run" files. Available memory >5GiB free all the time. Very fast CPU. The email part of the server is very lightly used as the box is primarily an NAS and for me to play and experiment with intellectually. Had no crashes that I know of - been up for 41+ days since my last intentional reboot. Thoughts? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] IPv6 Question
Using FreeBSD here. In addition to my normal IPv4 connection, I have an IPv6 tunnel set up via Hurricane Electric. Also use unbound as my local DNS cache resolver for resolving both IPv4 & IPv6 addresses and it has been doing both for over a year now. spamdyke doesn't seem to like the IPv6 resolver. /var/log/maillog showing LOTS of lines like this (log-level=info): May 4 13:08:56 Xeon_Right spamdyke[18382]: ERROR(load_resolver_file()@search_fs.c:753): invalid/unparsable nameserver found: fd00::1 My /etc/resolv.conf file contains these two lines: nameserver 10.0.0.1 nameserver fd00::1 I didn't think that spamdyke is IPv6 aware? Shouldn't it ignore the second nameserver line above? In hopes of getting some more info about this, I've set log-level=excessive. Thoughts? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Softlimit messages
Wow. So for example, the starting linefor my smtpd-run file looks like this: exec /usr/local/bin/softlimit -m 2 /usr/local/bin/tcpserver -4v -R -l $LOCAL \ and I can simply change it to this: exec /usr/local/bin/tcpserver -4v -R -l $LOCAL \ with impunity? On 6/20/2015 5:12 PM, Sam Clippinger via spamdyke-users wrote: IMHO, everyone should delete the softlimit program from their servers immediately. Not that I have a strong opinion on the matter or anything. :) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 5.0.1
Thank you, Sam. For so much work on this update, a measly 0.0.1 version bump belittles it. On 5/1/2015 11:36 AM, Sam Clippinger via spamdyke-users wrote: spamdyke lives! spamdyke version 5.0.1 is now available: http://www.spamdyke.org/ This version fixes a ton of bugs, including a number of access violations that can lead to crashes. Most importantly, the recipient validation feature now works correctly (and has been exhaustively tested). Version 5.0.1 is backwards-compatible with version 5.0.0; simply replacing the old binary with the new one should be safe. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Error in log
Thank you, Sam! I'll go through my .conf file, too and remove the offending stuff. On 11/28/2014 2:49 PM, Sam Clippinger wrote: Found the problem -- very obscure! The structure of your configuration file is tickling a small bug so it adds an empty value to the end of the list of ip-in-rdns-keyword files. The filter is running normally and I don't see any way this bug could possibly add anything but a blank value to the end of the list, so the error messages are just noise. If you remove the comment lines from your configuration file, the error messages should stop. Fixing this bug also uncovered a related bug that would throw an error (and stop spamdyke) if a line in the configuration file contains only a single space. I thought I'd already fixed that before, but apparently not. Thanks for reporting this! I'm currently testing the next version and hope to release it next week with some important fixes to spamdyke-qrv. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Error in log
Same error here ona new build. No time to pursue it presently. Curious about the solution as well. On 11/27/2014 7:21 PM, Les Fenison wrote: I keep seeing this error in the log every few minutes... Nov 27 18:03:32 zeus spamdyke[28831]: ERROR(check_ip_in_rdns_keyword()@filter.c:919): unable to open keywords file : No such file or directory Nov 27 18:14:28 zeus spamdyke[7028]: ERROR(check_ip_in_rdns_keyword()@filter.c:919): unable to open keywords file : No such file or directory Nov 27 18:14:29 zeus spamdyke[7051]: ERROR(check_ip_in_rdns_keyword()@filter.c:919): unable to open keywords file : No such file or directory Nov 27 18:14:34 zeus spamdyke[7080]: ERROR(check_ip_in_rdns_keyword()@filter.c:919): unable to open keywords file : No such file or directory In my conf file I have... ip-in-rdns-keyword-blacklist-entry=dyn ip-in-rdns-keyword-blacklist-entry=dynamic ip-in-rdns-keyword-blacklist-entry=dhcp ip-in-rdns-keyword-blacklist-file=/etc/spamdyke.d/ip-in-rdns-keyword-blacklist.conf In /etc/spamdyke.d I do have a file called ip-in-rdns-keyword-blacklist.conf So it does exist. The permissions are exactly as they are for all my other config files in the same directory. I don't understand why I am getting this error. Les Fenison www.DeltaTechnicalServices.com https://www.deltatechnicalservices.com l...@deltatechnicalservices.com (503) 610-8747 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions
At the suggestion of others here, I turned OFF greylisting last year, after having used it for years before that. My spam level didn't increase one bit. I think the RBL sites are pretty good at identifying spam originations, so I use thatmethod now. On 11/4/2014 12:55 AM, Quinn Comendant wrote: I'm new to greylisting, and have just set up spamdyke on a mail server with a few hundred users. Immediately my colleagues and I got annoyed with delayed deliveries to our personal addresses ;P. I'm wondering if it would be a reasonable solution to create a `graylist-exception-rdns-file` containing the top 500 or so most common reputable rdns hosts? Surely no spam would be expected to originate from rdns origins matching, e.g.: .twitter.com .apple.com .amazonses.com .gmail.com ...etc Using a list such as http://moz.com/top500 might be a good start. I hope this method would allow the prevention of delivery delays from the hosts people rely on most, while still inhibiting spam from the other 99.9% of rdns hosts. Does anybody have experience using this method? I'm trying it now, and will report back if I have any issues. But I don't have a history of using greylisting, so not sure if it is a best practice. Thanks, Quinn ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Avoiding greylisting delays by making many exceptions
... and I'm not using the hunter_seeker script here. On 11/4/2014 12:15 PM, Gary Gendel wrote: I also remember this discussion but it was quite a while ago. I had subsequently removed greylisting as well with no noticeable increase in spam. I did add Sam's hunter_seeker script and it did make a difference. However, I haven't seen any new websites added to that blocklist so I wonder whether that is as effective as it used to be. On 11/04/2014 02:03 PM, BC wrote: I don't have a link to the conversation, but I literally turned off greylisting and turned on using RBLs at the same time. On 11/4/2014 11:56 AM, Quinn Comendant wrote: On Tue, 04 Nov 2014 08:05:22 -0700, BC wrote: At the suggestion of others here, I turned OFF greylisting last year, after having used it for years before that. My spam level didn't increase one bit. I think the RBL sites are pretty good at identifying spam originations, so I use thatmethod now. Hi BC, thanks for the reply. Do you have a link to that discussion you had? I'd like to know how y'all value greylisting in today's internet climate. I installed spamdyke at the same time as enabling several other spamassasin network rules. The result is, our users are seeing far less spam. But with all the changes, it's hard to say what is providing the most benefit (and what isn't). We were using rblsmtpd before, so the blocklists aren't a new aspect. Perhaps I'lll leave greylisting enabled for another week, then turn it off and go another week and compare the metrics. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New problems with spamdyke
On 10/30/2014 6:09 PM, Les Fenison wrote: Still wondering what we are to use for encryption now that SSLv3 is vulnerable. What are most people doing? Leaving the submission port vulnerable by leaving SSLv3 available and securing all the rest of the ports?Or just giving up on email encryption. Disabling ssl and only allowing tls? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] No TLS with openssl elliptic curve cipher suites / pfs perfect forward secrecy
On 3/28/2014 12:47 PM, Eric Shubert wrote: I'm also wondering, should 2048 and 4096 key lengths also be included? As of January 1, 2014 key lengths of 1024 are not to be allowed for new installations going forward. Newly issued certs have to be for a minimum of 2048 bit keys. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] RBLs
On 3/9/2014 1:21 PM, Sam Clippinger wrote: plus my private list that's generated by the hunter_seeker script. My private list has blocked about 4.5 times more connections today than the DNS RBLs. Sam - Is a functionality that could be built into spamdyke with a .conf configuration option? It sounds delicious. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] RBLs
On 3/8/2014 7:03 AM, Angus McIntyre wrote: TL;DR: if you null-route every IP that HostNoc owns, it will make a dramatic difference to the amount of spam you see. Angus, To what does the TL;DR refer? How are you null-routing all those IPs? With spamdyke somehow? Bucky PS - this is a very informative discussion, so please to all, keep it up. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] RBLs
On 3/8/2014 7:18 AM, Lutz Petersen wrote: Instead make this spamdyke.conf Settings: dns-blacklist-entry=bl.mailspike.net This is the one causing all sorts of mischief lately - blacklisting and unblacklisting legit and non-spamming IPs rapidly. What is wrong with barracuda? You said it isn't relevant. What does that mean? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] RBLs
Okay, thanks for the excellent explanation and I know how to null route an IP at the firewall. On 3/8/2014 7:58 AM, Angus McIntyre wrote: BC wrote: On 3/8/2014 7:03 AM, Angus McIntyre wrote: TL;DR: if you null-route every IP that HostNoc owns, it will make a dramatic difference to the amount of spam you see. To what does the TL;DR refer? TL;DR is Internet slang for 'Too Long; Didn't Read'. As it's used now, it's a way for someone who has written a long post to provide a very brief summary of what they said (usually no more than a single line) for the benefit of anyone skim-reading the post. Sometimes the summary may be a humorous simplification of whatever was said. ... How are you null-routing all those IPs? With spamdyke somehow? I'm not actually null-routing HostNoc IPs (but believe me, I've been tempted). You could probably use spamdyke to block mail coming from HostNoc customers, because spamdyke's ip blacklisting allows you to blacklist entire address ranges as well as individual addresses. However, when people talk of 'null-routing' an address, it means configuring your firewall (such as an iptables firewall) to simply drop any incoming packets from that source. It's the most absolute form of rejection possible. The other host literally cannot connect to your system in any way, because you've told the firewall Ignore everything coming from here. Basically, my TL;DR was saying If you refuse to accept any communication whatsoever from this entire chunk of the Internet, it wouldn't be a bad thing. And I was partly joking ... but only partly. Angus ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] RBLs
Thank you so much, Sam! On 3/7/2014 2:02 PM, Sam Clippinger wrote: Honestly, the RBL that seems to do the most good these days for me is the Barracuda Central list (b.barracudacentral.org http://b.barracudacentral.org). I also use Spamhaus, Spamcop and Spam Eating Monkey, but together those three don't catch even a tenth of what Barracuda catches. -- Sam Clippinger On Mar 6, 2014, at 6:05 PM, BC bc...@purgatoire.org mailto:bc...@purgatoire.org wrote: One of the RBLs I'm using isbl.mailspike.net http://bl.mailspike.net. Today they started listing an IP which 100 other blacklists don't have listed. Then it delisted it, then it put it back, then delisted it again - all over the course of a couple of hours. Now blacklisted again. What other free, RBL services are you guys using? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] RBLs
Do I need to sign up to use b.barracudacentral.org? I've been looking around their website... On 3/7/2014 2:11 PM, Gary Gendel wrote: I tend to agree, however, it does depend on the ordering. I found that there are a lot of duplications on the list so the first one tends to get the most hits. My list consists of b.barracudacentral.org zen.spamhause.org I've tried others, but the others I've added only add a very small additional catches and sometimes raise the false-negative results. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] RBLs
Okay, thanks. It told me to register, which I did... then it disappeared into a black hole (probably preparing to spam me into the next century :). The about info said if you don't register the IPs from which you'll be making inqueries, they might add that IP to the blacklist. Gulp. I'll see if I can log in. On 3/7/2014 2:32 PM, Sam Clippinger wrote: No, it's publicly available. Just add dns-blacklist-entry=b.barracudacentral.org http://b.barracudacentral.org to your spamdyke config file. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] RBLs
Okay, it all worked. Interesting that nowhere did they tell me to use the URL you listed below, butin 15 minutes I'll try it. Sounds like you andGary recommend putting it as the first RBL in the spamdyke.conf file, right? On 3/7/2014 2:32 PM, Sam Clippinger wrote: No, it's publicly available. Just add dns-blacklist-entry=b.barracudacentral.org http://b.barracudacentral.org to your spamdyke config file. -- Sam Clippinger On Mar 7, 2014, at 3:23 PM, BC bc...@purgatoire.org mailto:bc...@purgatoire.org wrote: Do I need to sign up to use b.barracudacentral.org? I've been looking around their website... On 3/7/2014 2:11 PM, Gary Gendel wrote: I tend to agree, however, it does depend on the ordering. I found that there are a lot of duplications on the list so the first one tends to get the most hits. My list consists of b.barracudacentral.org http://b.barracudacentral.org zen.spamhause.org http://zen.spamhause.org I've tried others, but the others I've added only add a very small additional catches and sometimes raise the false-negative results. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] RBLs
On 3/7/2014 3:25 PM, Sam Clippinger wrote: Actually, the order of the options doesn't matter. spamdyke queries all of the RBLs simultaneously and uses the first positive response it gets from the DNS server. Okay, thanks for that bit. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] RBLs
One of the RBLs I'm using is bl.mailspike.net. Today they started listing an IP which 100 other blacklists don't have listed. Then it delisted it, then it put it back, then delisted it again - all over the course of a couple of hours. Now blacklisted again. What other free, RBL services are you guys using? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 5.0.0
Thank you, Sam. Will spamdyke do IPv6 records as well? On 1/28/2014 8:42 AM, Sam Clippinger wrote: Just when you thought it was safe to go back in the water... spamdyke version 5.0.0 is now available! Get it here: http://www.spamdyke.org/ This version is a major update that adds 12 new options, renames 3 options and removes 5 options. The meaning of whitelisted is changed to allow whitelisted connections to bypass spamdyke's filters but not to automatically relay (unless allowed for some other reason). DNS searches for valid sender domains will now prioritize MX records before A records. Full recipient validation is now available. Sender addresses can be rejected if they don't match the username given during authentication (or if the domain doesn't match). Lots of bug fixes too! Because of all the changes to spamdyke's options, version 5.0.0 is not backwards compatible with previous versions. Be sure to read the documentation before upgrading! ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] 0byte graylist entries
On 11/23/2013 8:55 AM, Eric Shubert wrote: Having said that, I've come to the conclusion that graylisting isn't worth it to me. I disabled graylisting several months ago, and haven't really noticed any less effectiveness. Measuring the effectiveness of graylisting properly is very difficult, and it's a pain for users (myself included) at times. With all of the other filters spamdyke provides, I don't think the cost of graylisting is worth the benefit. Of course, YMMV. Curious you bring that up. In perusing the logs, it (very subjectively) looks like r_dns lookups are blocking 95% of the spam, RBL is getting about 4% and graylisting is only being invoked about 1% of the time. But what is the "cost of graylisting"? Graylisting delays a legit email by X amount of minutes. Is that the pain of which you are talking? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] 0byte graylist entries
On 11/23/2013 9:39 AM, Eric Shubert wrote: But what is the "cost of graylisting"? Graylisting delays a legit email by X amount of minutes. Is that the pain of which you are talking? Yes. I realize that the impact of the delay is infrequent, but when it happens, it's really annoying, and it impacts productivity. In my case, it usually happens when an email confirmation or notification of some sort is required to do something. This is the absolute worst time for there to be a delay, as it interrupts that process. Haha. Now that is a good point and I've been annoyed by that as well. Perhaps I'll try turning off graylisting for a while and see if it makes much difference. Thanks! ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] 0byte graylist entries
Thank you, Sam. spamdyke is a wonderful spam blocker! On 11/23/2013 2:43 PM, Sam Clippinger wrote: For what it's worth, I agree. Graylisting was designed to stop spam coming from spambots on infected home PCs -- because they're not "real" mail servers, they won't retry their deliveries. But the rDNS and blacklist filters seem to stop almost all deliveries from home PCs these days, so graylisting almost becomes redundant. (It's always fascinated me that the authors of those spambots didn't implement a retry feature -- it would have been so simple to do...) It seems to me the most "effective" spam these days is coming from compromised email accounts -- a spammer gets someone's password and pumps thousands of messages through their mail server with the user's credentials. I've added some additional filters to spamdyke's next version to limit allowed sender addresses after authentication -- the address can be required to exactly match the authentication username or just the domain can be required to match. Next version coming Real Soon Now(tm)! :) -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] 0byte graylist entries
Interesting. I've been doing it this way - should I stop? # time to delete old, empty graylist entries older than 15 days (empty files empty directories) find /var/qmail/antispam/graylist/ -type f -mtime +15 -print -delete find /var/qmail/antispam/graylist/ -empty -type d -mtime +15 -print -delete I run these in that order. Seems to do as I ask... On 11/22/2013 10:09 AM, Eric Shubert wrote: On 11/19/2013 04:46 AM, Gary Gendel wrote: Spamdyke does clean up these files periodically (as set by graylist-max-secs) I don't believe this is entirely true. Spamdyke will honor/see these expirations only if/when another email is sent after this time has elapsed, in which case the graylist process starts anew. Over time, un-resent records accumulate, which can take its toll on inodes. This is why I wrote the qtp-prune-graylist script: http://qtp.qmailtoaster.com/trac/browser/bin/qtp-prune-graylist :) Come to think of it, I should package that script with the spamdyke rpm. Oh, I should mention that you can find rpms for spamdyke at http://mirrors.qmailtoaster.com/. They're presently in the /testing directory, and will migrate to /current (stable) once everything's been tested. The spamdyke package should already be solid though. Very soon you'll be able to use yum to install it as well, once the qmailtoaster-release package (containing the yum repo stuff for QMT) is available. Note for posterity: the qtp web site is being migrated/integrated with the QMailToaster organization at GitHub: https://github.com/QMailToaster Look for this script there if the qtp.qmailtoaster.com site is gone. It might be in the spamdyke package there. :) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] 0byte graylist entries
On 11/22/2013 7:09 PM, Gary Gendel wrote: My graylists do get constantly pruned but others seem to have old ones remaining. Then again, my graylist-max-secs is set to 1296000 (one day) which is probably shorter than most. That looks like 15 days to me. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Reducing hard disk usage
You actually answered another question I had as well. I noticed in my latest server-build, that the 'top' command shows an additional line that I'd not seen on the previous server: Mem: 36M Active, 29M Inact, 206M Wired, 5647M Free ARC: 59M Total, 12M MFU, 45M MRU, 32K Anon, 587K Header, 1766K Other Swap: 2048M Total, 2048M Free That must be the ARC to which you make reference, yes? but despite having 6GB RAM here, I'm hearing the hard drive doing a lot of logging, and the boot drive is booted into zfs. So it doesn't seem that much is being retained in the ARC RAM. Is there a specific way that you turn that function 'on'? On 11/1/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: With ZFS this happens automatically because the file information is cached in the ARC RAM unless forced out. I'm currently running a 91% cache hit rate on this server which runs file, web, streaming, and mail services. It's running OpenIndiana (hipster) and has 4G RAM with 4 TB mirrored disk space (half full). ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Reducing hard disk usage
You are doing what I want to do. Which RAMdisk program are you running? Do you have a script that flushes the RAMdisk contents to disk periodically, so the info on the hard disk doesn't get too stale between reboots? Could you share your init Script(s) with me? Thank you. On 11/1/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: We don't greylist. But all external (receiving only) Frontend Servers Mailers are running in Ramdisks. This gives extremely good results espacially when receiving extreme high amounts of incoming Mails.. If rebooting one of these Servers there are init Scripts that copy 1:1 all Files, empty Queues and so on from a Master at a Harddisk to the Ramdisk. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Reducing hard disk usage
The other question I forgot to ask... With zfs and 4G RAM running, the prefetch is automatically disabled. Did you make the loader.conf change to enable prefetch caching anyway? Thanks. On 11/1/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: With ZFS this happens automatically because the file information is cached in the ARC RAM unless forced out. I'm currently running a 91% cache hit rate on this server which runs file, web, streaming, and mail services. It's running OpenIndiana (hipster) and has 4G RAM with 4 TB mirrored disk space (half full). ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Reducing hard disk usage
I can see I have some reading to do. Thanks. On 11/1/2013 1:32 PM, Gary Gendel wrote: Prefetch is evil and is disabled by default in illumos based distributions (in newer versions it is enabled for scrubs since these are sequential in nature and can get a performance boost). I'm talking about the Adaptive Replacement Cache (ARC). This uses various metrics such as lru to determine what to keep in RAM. As long as there is enough RAM, it will keep things cached forever. On 11/01/2013 03:02 PM, BC wrote: The other question I forgot to ask... With zfs and 4G RAM running, the prefetch is automatically disabled. Did you make the loader.conf change to enable prefetch caching anyway? Thanks. On 11/1/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: With ZFS this happens automatically because the file information is cached in the ARC RAM unless forced out. I'm currently running a 91% cache hit rate on this server which runs file, web, streaming, and mail services. It's running OpenIndiana (hipster) and has 4G RAM with 4 TB mirrored disk space (half full). ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Reducing hard disk usage
Does anyone use some sort of RAMdisk or memory disk to hold the graylist? I just did a 'du' on my graylist and it takes up 85mb of space. I'm trying to reduce the amount of hard drive accesses going on. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Reducing hard disk usage
Darn Thunderbird update...changed my default settings. Here was my question: Does anyone use some sort of RAMdisk or memory disk to hold the graylist? I just did a 'du' on my graylist and it takes up 85mb of space. I'm trying to reduce the amount of hard drive accesses going on. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] ip-in-rdns-keyword-blacklist-file
Thank you, Sam. That is a subtlety which I missed in reading the really excellent documentation! On 10/3/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Close... but you need a leading dot if you want it to match a domain name instead of looking for the keyword in the middle of the name. So change your file to contain this: .rr.com That should do it! ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] ip-in-rdns-keyword-blacklist-file
This spam got through today (after being graylisted 8 minutes): Oct 2 13:53:25 C2Q_Q9400 spamdyke[66462]: ALLOWED from: (unknown) to: b...@purgatoire.org origin_ip: 24.227.125.250 origin_rdns: rrcs-24-227-125-250.se.biz.rr.com auth: (unknown) encryption: (none) reason: 250_ok_1380743605_qp_66464 My ip-in-rdns-keyword-blacklist-file contains an entry (out of many others) on one line like this: rr.com Am I misunderstanding how this should work? The filter should have found the 'rr.com' in the rdns name that also contained the IP address, right? Thanks in advance. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Blacklisting 127.0.0.1
How about if I put 127.0.0.1 into the blacklist_ip file? Potential downsides? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke-users Digest, Vol 75, Issue 9
On 8/17/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Does your server have an IPv6 address? It's possible something is accepting incoming connections on an IPv6 interface and tunneling back into the localhost interface for software that doesn't support IPv6 (i.e. spamdyke and qmail). Doesn't look like it. em0 is the outside interface, retrieved with ifconfig: em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=219bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC ether 00:1b:21:xx:yy:zz inet 75.145.120.61 netmask 0xfffc broadcast 75.145.120.63 inet 10.1.10.79 netmask 0xff00 broadcast 10.1.10.255 nd6 options=29PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL media: Ethernet autoselect (100baseTX full-duplex) status: active Puzzling, but not even a nuisance. Thanks. Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] 127.0.0.1
On 8/14/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Gulp. Could I be spamming myself? On 8/13/2013 11:00 AM,spamdyke-users-requ...@spamdyke.org wrote: It looks like the originating IP address was 127.0.0.1, which is your server. In other words, this log entry is for a message that was generated by something on your server. The reject-unresolvable-rdns filter won't block connections where the name is localhost and the IP address is 127.0.0.1 -- that would block any emails generated by mailing lists, cron jobs, contact forms, etc. It only blocks localhost when the IP address is*not* 127.0.0.1 Webmail perhaps on the same host? No. I'll have to watch for another example of this. The spam message was processed by qmail at the same time the spamdyke log entry happened and nothing else happened on the machine anywhere near that time (not a busy machine). If I find another example of this, I'll parse out and post everything about it. Thanks to all. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] 127.0.0.1
Gulp. Could I be spamming myself? On 8/13/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: It looks like the originating IP address was 127.0.0.1, which is your server. In other words, this log entry is for a message that was generated by something on your server. The reject-unresolvable-rdns filter won't block connections where the name is localhost and the IP address is 127.0.0.1 -- that would block any emails generated by mailing lists, cron jobs, contact forms, etc. It only blocks localhost when the IP address is*not* 127.0.0.1 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke-users Digest, Vol 75, Issue 4
H. Just checked both whitelist files and nothing in them relates to localhost or anything else that would have allowed this that I can tell. Clearly the rDNS name was shown as localhost. Aug 11 13:40:50 C2Q_Q9400 spamdyke[73552]: ALLOWED from: (unknown) to:bc...@purgatoire.org origin_ip: 127.0.0.1 origin_rdns: localhost auth: (unknown) encryption: (none) reason: 250_ok_1376250050_qp_73554 Other thoughts? I'm willing to experiment for you, if you wish. (PS - no spam today, so the blacklists seem to be working.) On 8/12/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: The reject-unresolvable-rdns filter should block connections from hosts with rDNS names of localhost. Are you sure you this connection wasn't whitelisted for some reason -- i.e. you don't have localhost in your rDNS whitelist? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spam getting past, ip-in-rdns-keyword-blacklist-file?
On 8/11/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Aug 10 08:18:38 C2Q_Q9400 spamdyke[64027]: ALLOWED from: (unknown) to: [myemailaddress] origin_ip: 5.248.89.179 \ origin_rdns: 5-248-89-179-broadband.kyivstar.net auth: (unknown) Simply use the standard Blacklists. This IP (all ..broadband.kyivstar.net) ist blacklisted by Spamcop, CBL and the Spamhaus Policy List too. Okay, thanks. I also misread the documentation - I was thinking that spamdyke would block any connection with an rdns which included the IP address, but it will only do so if it contains an IP address *and* a keyword. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spam getting past, ip-in-rdns-keyword-blacklist-file?
Thank you very much. I'll add those and see what happens. On 8/11/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Sorry - was too fast. Here is what you need to add in your spamdyke.conf: dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.mailspike.net ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Blocking @ru
Ooops. That is exactly the problem. The envelope sender is someone else. Sorry... On 6/15/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Are you sure the envelope senders end in .ru? In other words, the log messages from spamdyke should show from:xxx...@yy.ru. If the .ru is part of the rDNS name or it's only on the From: line in the message header, sender blacklisting won't catch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Next Release
This just boggles the mind. Thank you for continuing to work on spamdyke, Sam... On 6/15/2013 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Yes, I am still trying to get that finished. The testing is taking forever -- there are 237K test scripts for that feature alone and each one takes a minimum of 6 seconds to run. Plus work got pretty hectic over the last two months, so I've had almost no time to keep the process moving forward. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Blocking @ru
A previous poster asked about blocking entire domains and asked if something like @ru would block all @.ru mail. It seemed that Sam chimed in and said it wasn't intended to do so, but does apparently work. Well, it doesn't... In my blacklist_senders file I've tried both @ru and @.ru and neither blocks anything from the domain .ru. Other suggestions? I'm running the lastest spamdyke. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke-users Digest, Vol 67, Issue 11
Sam has made this very simple to do by following the directions. Takes only minutes. On 12/24/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Yes. In the documentation folder, there is a file named UPGRADING_version_3_to_version_4.txt that lists exactly what options need to be changed. It's mostly a matter of renaming some of the options in your configuration file. Be sure to use the config-test feature to check your configuration file when you're done making changes! ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Replying Quoting
A favor please. Can we trim up the responses a bit? They are almost all requoting. Thanks. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Where to run the caching DNS resolver
This is probably over my head. From my reading about a DMZ, that would require using a 3rd NIC on the host machine, right? I have a mobo NIC that I'm not using presently and could assign it an address of say, 10.10.0.1 (the LAN is 10.0.0.1) Presently, everything that is running on the host machine is basically attached to the 10.0.0.1 IP address in some way or another. For a short time I experimented with tinydns and ran it on the 127.0.0.1 IP on the host, but I don't use local dns hosting. So, if I'm understanding you the proper way to do this would be like so: _ LAN (10.0.0.1) - all the processes needed (dhcp, resolver), various Windows machines... / WAN (internet)/ \ \__DMZ (10.10.0.1) - email server, spamdyke, separate resolving cache Do I have this right? Then I'd punch a hole through the firewall between 10.0.0.1 and 10.10.0.1 so I could do my email via the LAN? On 9/3/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Here's the thing. Your mail server should be on the DMZ subnet (I'm not sure of PF's terminology). That subnet has no access to dhcp or resolvers, for security reasons. I suppose you could punch a pinhole for DNS requests, but that sort of defeats the purpose. Since all hosts in the DMZ should use a resolver/recursor which is not on the (trusted) LAN, they can a) use their own, b) use a common one on the DMZ subnet (but preferably*not* an authoritative DNS host), or c) use one provided by an ISP or other service (OpenDNS and Google provide several free ones). The options are in order of efficiency, and probably preference as well for most cases. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Where to run the caching DNS resolver
On 9/2/2012 8:44 AM, spamdyke-users-requ...@spamdyke.org wrote: That's how I started as well. :) You might want to consider putting an IPCop (or other suitable firewall) host on your perimeter. I think it's the next logical step for your situation. Whew, good to know I'm on track. Running pf here, which is of one of the common firewalls for FreeBSD. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Where to run the caching DNS resolver
A novice question perhaps, but does it matter much where one runs the local caching resolver? I have a LAN with IP 10.x.x.x and simply use 10.0.0.1 as the local IP for the resolver. My understanding is that any local IP can be used so long as it can be reached by those functions needing access to it. Would I gain any advantage by using 127.0.0.1 instead? On 9/1/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Given what you've described, I would consider whether the host is running a caching nameserver or not. What are the contents of /etc/resolv.conf ? spamdyke is rather heavy on DNS, and network traffic can be reduced a bit by running a resolver on localhost (127.0.0.1). ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Where to run the caching DNS resolver
I think I understand what you are saying. My local LAN is quite simple: only one *nix box and it sits between the internet source and the rest of the machines on my LAN. That one box contains two NICs - the public (WAN-side NIC) and the private (LAN-side NIC) and runs spamdyke (as well as myriad other processes including qmail). The LAN-side NIC is the 10.0.0.1 IP and that is where the resolving cache runs. The box owns the 127.0.0.1 IP, right, just as every over box on the LAN has its own 127.0.0.1 (local host)? I'm presuming that if I had a second *nix box on the LAN and was running spamdyke over there, then I'd potentially be creating a lag time in responsiveness. Am I understanding what you are saying? PS - my email server has only one customer, me. On 9/1/2012 8:38 PM, spamdyke-users-requ...@spamdyke.org wrote: I think the question might have been (as I read it) regarding a configuration where the resolver is on the local network (private lan), but not on the host which is running spamdyke (not accessible as 127.0.0.1). This is not as ideal as having the resolver running on spamdyke's host, as all DNS traffic hits the wire in this case. However, cached requests don't make it out to the ISP, so it would help in that regard. If your LAN isn't hurting for bandwidth, this setup could be sufficient, but it's not ideal. I hope this makes sense. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DNS resolver and cache
Any good reason to NOT use djbdns, then? I'm not opposed to switching if there is a GOOD reason to switch. I run a tiny mail server with essentially one customer - me. On 7/16/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: I can't think of any good reason to use djbdns any more. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] DNS resolvers and local caching
I know that a local DNS server is virtually required for good performance with spamdyke. Am curious what you don't like about djbdns? Or what you like better about unbound? unbound looks interesting and is available to me via the FreeBSD ports collection. On 7/13/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Is this to say that you used to use djbdns for your caching DNS server but you are going to something else? Yes. I'm playing with unboundwww.unbound.net ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting Effectiveness
Right. But the bottom line is that spamdyke is still doing a fabulous job of blocking spam by whatever filter is doing it. Thanks. On 7/13/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Well, remember the filters run in a specific order. Graylisting is one of the very last filters to run -- it only gets a chance to reject connections that have already passed every other filter. So it's very possible some of the connections rejected by the missing rDNS filter would also have been stopped by graylisting, which would make graylisting's effectiveness appear higher. Ditto for the other tests like DNS blackholes, earlytalkers, etc. The only way to know for sure would be to disable every other filter and see what happens to the rejection rate. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting effectiveness?
On 7/12/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: I use an internal caching DNS server as a DNS forwarder for spamdyke's dns requests. This way I only need to query outside once, and subsequent spam bursts from the same server are rejected by local lookups to the cache. This dramatically lowers my pound rate on the above servers and gets subsequent spam rejected very quickly. I used to use dnscache, but I'm currently testing unbound as a replacement. Is this to say that you used to use djbdns for your caching DNS server but you are going to something else? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting effectiveness?
On 7/11/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: I've disabled graylisting on a few domains that are sensitive to timely delivery. They haven't complained about any increase in spam. You might try doing the same to see the effect. I expect that the various rDNS filters, along with blacklists, are doing an adequate job. I'm not using any external blacklists, just what spamdyke does internally. Shall I risk it and see? The maillog shows a LOT of greylisted attempts that are never repeated. A LOT!!! ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke-users Digest, Vol 62, Issue 6
How interesting. Well, whatever the reason I still only very occasionally get any spam, yet when I look at the maillog there are countless attempts to send me span each day. One in particular that is amusing is to one email address I used exactly ONE time 10 years ago. There are hundreds of attempts to send me email to that address, every day. So spamdyke is still tops in my mind and I look forward to Eric's findings. On 7/10/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: What does all that mean? I have no idea -- remember what Mark Twain said about statistics. I didn't do anything to match senders to recipients, check if the messages were actually spam, allow for frequent senders or mailing lists, check if the rejections came before or after the successes, etc. (For that matter, I'm not even completely sure my search commands were written correctly.) Also, since the DNS filters kick in before graylisting does, it's impossible to say how the graylisting percentage would change if I turned off all the DNS filters. Until those factors are accounted for, the numbers don't actually mean anything. Hopefully Eric's script will allow for all that (assuming he's writing one). :) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting effectiveness?
Then why am I not getting hammered with spam? Is it the failed-reverse-lookup that is saving me? On 7/9/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Overall, I suspect Eric suspects what I also believe -- graylisting isn't effective any more. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylist performance
On 7/8/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: I think that the simplest way of matching up messages would be if the log messages contained the Message-ID field from the email headers. I checked the TODO.txt file, and Frank beat me to the request: Log the Message-ID field so a message can be tracked from delivery to disk. spamdyke will need to add the Message-ID field if needed. Credit goes to Frank SDI. So I'd like to add +1 for this enhancement. Without it, the effectiveness of graylisting cannot be accurately determined A very clever suggestion. My hat is off to both you and Frank! And I second the kudos to Sam for writing/supporting spamdyke. Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Problems with outgoing SPAM
Is this what the tar pit option in qmail is suppose to do? On 7/18/2011 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: I would like to know if spamdyke can block relay if the client is trying to send a lot of email in a small period of time or something else that can ease this problem. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Spamdyke!
Sam - we all have to earn a living and know that Spamdyke is a labor of love-alone for you (and for US!!!) We all appreciate to the tips of our toes, what you've created here. Thank you very much! On 5/6/2011 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: I'm sorry the fixes have taken so long, but I've had very little free time for spamdyke lately. I'll try to get everything wrapped up and released within the next week. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Thinking out loud
Thank you, Sam, for puzzling this out on-list. Always interesting to see how a programmer's mind works. Bucky On 3/12/2011 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: So, two bugs. I'll get them fixed. :) Thanks for reporting this! ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] reject-identical-sender-recipient - how, it works?
kudos to Eric. He is right - it is very counter intuitive. Spamdyke blocks 98.9% of spam and doing as Eric suggested got rid of another 1%. On 1/12/2011 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: Another method of rejecting this sort of spam (forged from addresses) is to blacklist the domains that you host. This is counter intuitive, but works very well. Since all of your domains' users authenticate (they all do authenticate, right?), they will pass spamdyke's filters, and all imposters will be rejected. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] What firewalls do you use?
Was wondering what firewall programs you folks use with your OS/qmail/spamdyke setups? For example, for years now I've used FreeBSD/qmail/spamdyke with the ipfw firewall. I'm planning to change from ipfw to pf (which comes from OpenBSD) as the firewall. They work in fundamentally different ways. Anyone have trouble using pf with their qmail/spamdyke setup? Thanks, Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Databases revisited
I'm not a savvy programmer, so consider that when reading my comments. On 10/23/2009 spamdyke-users-requ...@spamdyke.org wrote: I'm thinking that no database might just be the best for this particular application (spamdyke). I don't know where people get the idea that databases provide better performance than a native filesystem. The database is implemented on top of a native filesystem after all. ;) I think there is some joking about such an argument. Short of trying it out both ways, who is to know? If someone is really interested in speed, why not simply put spamdyke's config file(s) on a ram drive? Would that materially speed things up? I don't know. I remember when Sam opted for no config file over just command line arguments. As I understood it, the config file might be too slow. Is the config file approach taken now because it doesn't slow things up much or where the command line arguments exceeding the max allowed by *nix? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Databases revisited
Hi Sam - That is a pretty good synopsis of what he is doing. Doesn't he claim to find *any* sought after data in no more than 7 seeks? Maybe I misread that somewhere. :) My take on the below would be that if spamdyke remains a qmail-only spam blocker, then going with a cdb-based database would be okay (with the provisos you point out.) But if spamdyke is ultimately going to go mainstream (work for most any MTA), then I'd say pick the database you like the best. Bucky On 10/22/2009 spamdyke-users-requ...@spamdyke.org wrote: So I said all that to say this: I don't personally believe CDB files live up to the hype, nor do I believe they solve any real-world problems (they're still binary formats, they can't be shared between servers, etc) but if people want them I can support them. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] ERROR: Unable to write... Broken Pipe
On 6/2/2009 spamdyke-users-requ...@spamdyke.org wrote: You don't need to worry about this. The sender disconnected. It is a common thing to see in the logs. There's no error. Thank you very much! Was worrying I'd have to engage a plumber... Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] ERROR: Unable to write... Broken Pipe
Found several of these messages sporadically in the ../maillog file today: [date/time/machine] spamdyke[57524]: ERROR: unable to write 26 bytes to file descriptor 1: Broken pipe Any ideas where I should start looking? Thanks, Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Ancient email address
A small bit of education for me, please... In September 2002 (!) for 2 weeks I used a TEMPORARY email address of say xyzzyx(at)purgatory.org. After those two weeks I deleted the 'for sale' ads for which that email address was used. The server on which that 'for sale' ad, and therefore my email address existed was destroyed 5 years ago. Today, SEVEN years later I see that spamdyke is blocking email to that very email address. Do email addresses ever go away? Where do spammers find 7 y/o email addresses? For that matter, I still get email attempts to an email address I haven't used in 13 years. Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] How qmail works...
Thank you, Sam, for a very excellent explanation of how it all works. Have you considered writing an MTA to replace qmail which can use spamdyke? Looking forward to the next version... Bucky On 5/4/2009 spamdyke-users-requ...@spamdyke.org wrote: When a message is delivered to a stock qmail server, there are a number of processes that handle delivery. First qmail-smtpd runs and actually receives the message from the network interface. During its run, qmail-smtpd will check (among others) [much excellent explanation deleted] ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: 4.0.0
Bravo and Thank You!!! On 7/14/2008 [EMAIL PROTECTED] wrote: At long, long last, the moment we've all been waiting for! spamdyke version 4.0.0 is now available: http://www.spamdyke.org/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylisting - how effective it really, is?
On 5/9/2008 [EMAIL PROTECTED] wrote: So - graylisting - how effective it really is for you? The only spam blocking I use presently is spamdyke with graylisting. Pre-spamdyke I was getting 1000 spams/day into my personal mailbox. Since installing spamdyke with graylisting I get 3-4 spams/day. Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Minimalist Servers
On 4/28/2008 [EMAIL PROTECTED] wrote: FWIW, the server in question is a PII/266/512 (try not to laugh too hard). Hey! I have two P2 machines as backup servers, but the primary server is a P1/150/128 (10 years old next month) that is showing some overloading strains but otherwise has run near-continuously since February 2002. Amazing elderly hardware, eh? Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Simple Perl Spam Statistics Contribution
On 2/16/2008 [EMAIL PROTECTED] wrote: Allowed: 425 Denied : 9968 % Spam : 95.91% Thank you very much for this, Ken. 96% spam. How sad... Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Performance uber alles
On 2/8/2008 [EMAIL PROTECTED] wrote: One important thought: have you tried installing a caching name server on your mail server? That's usually the single biggest thing you can do to improve performance. .. and it is EASY to do. Heed this advice! Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] The Rational Approach
On 2/8/2008 [EMAIL PROTECTED] wrote: I personally disagree with DJB's position about strictly interpreting the RFCs -- I believe software should strictly follow RFCs when producing output and loosely follow them when accepting it. This is a highly rational approach. DJB ought to look at it this way as well. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] The Rational Approach
On 2/8/2008 [EMAIL PROTECTED] wrote: I personally disagree with DJB's position about strictly interpreting the RFCs -- I believe software should strictly follow RFCs when producing output and loosely follow them when accepting it. This is a highly rational approach. DJB ought to look at it this way as well. I think keeping standards is important on both sides. Okay in altruistic theory, but pragmatically isn't Sam's approach better? What is put *out* onto the net has more importance for RFC compliance, don't you think? Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke seems to cause a change in, networktraffic that crashes my ADSL Routers
Andrew - I know I'm running off in weird directions, but a couple of questions: What OS are you running and how much RAM do your machines contain? Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] clamav with spamdyke
On 11/22/2007 [EMAIL PROTECTED] wrote: Anyone knows how can i do that after spamdyke scans the email if it's listed or not on a rbl. You need to read the documentation. Spamdyke does not 'scan the email'. Spamdyke is *better* than spamassassin and clamav in the way that it BLOCKS most illegitimate connections *before* email is transferred. Based on what I just wrote, you can see that spamassassin and/or clamav need to be invoked *after* spamdyke does its work. Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting
On 10/3/2007 [EMAIL PROTECTED] wrote: Ok but i must add a directory on /var/qmail/spamdyke/graylisted/ Like gmail.com It's not done automactly?I must do with all the domains i want receive emails from? You tell spamdyke the DOMAIN for which the greylisting will occur. For example, I have spamdyke look in my /var/qmail/antispam/graylist/ directory for my mail DOMAIN, which in my case is called purgatoire.org. So when I'm done adding the DOMAIN as a directory name, spamdyke is using: /var/qmail/antispam/graylist/purgatoire.org/ to create and read other directories and file. In addition, be sure that spamdyke has permission to read/write the ../graylist/purgatoire.org/ directory or graylisting will fail. In my case, spamdyke operates as qmaild:wheel for permissions. If that doesn't work for you, then temporarily tell spamdyke to write to the /tmp directory and see what permission it sets up for itself. Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke-users Digest, Vol 4, Issue 29
On 9/27/2007 [EMAIL PROTECTED] wrote: DENIED_OTHER means spamdyke did not reject the message; qmail did. spamdyke noticed the rejection and logged it. Hi Sam - Would it be possible to change the above log line info to read DENIED_BY_OTHER to better imply that spamdyke didn't do it? Thanks, Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke-users Digest, Vol 4, Issue 21
On 9/20/2007 [EMAIL PROTECTED] wrote: The disk access is very slow in compared with memory (ram) access. In the file of options per user, there is only users with specific options, the default option is only 1 line where the admin can manipulate default actions. I'm not programmer, but believe to look for lines in file with 1 lines not much slow...this file there's on memory previous load on startup and contain only specific options the users, not all users. I ask for excuses for the bad English, google helped me. Your English is fine and I just love the way you folks discuss with Sam the intricacies of how to solve a problem in the most efficient manner possible. I've wondered too, if it is possible to load a config file into memory once and then have it reread by each child process that is invoked. Not sure how to do that in the programming environment being used. (I'm not a programmer.) As a slight aside, Sam's posting of previous versions together with the changelogs represents a splendid way to learn quite a bit about C programming, streamlining and optimizing code. Bravo. Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users