ritten the next time Plesk saves a change.
-- Sam Clippinger
On Oct 3, 2016, at 7:58 AM, Faris Raouf via spamdyke-users
<spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org> > wrote:
Dear all,
I'm absolutely confounded by a problem I'm having after upgr
Dear all,
I'm absolutely confounded by a problem I'm having after upgrading five
systems from Spamdyke 4.3.1 to 5.0.1
On two of them, webmail (running locally, connecting from 127.0.0.1 to
127.0.0.1 port 25 via smtp, no authentication) works fine and can send
messages.
On the other
.0.1 but block it for all other IPs.
-- Sam Clippinger
On Aug 9, 2016, at 5:02 AM, Faris Raouf via spamdyke-users
<spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org> > wrote:
Dear all,
We're having problems with spam being allowed in from IPs with rDNS
re
Dear all,
We're having problems with spam being allowed in from IPs with rDNS
resolving to "localhost".
This gets past the reject-empty-rdns filter.
Initially I thought these IPs has no rDNS - using dnsstuff, I get no result
(normally meaning no rDNS). But using host or dig I see the IPs
Yup! That would be great. I just think it would be useful to know it is
happening, and where to look, sort of thing.
From: spamdyke-users [mailto:spamdyke-users-boun...@spamdyke.org] On Behalf
Of Sam Clippinger via spamdyke-users
Sent: 25 July 2016 14:50
To: spamdyke users
Hi Sam,
I just had a chance to have a go with the tests, and just as you expected it
was down to the rDNS of the sender being whitelisted.
I don't know how many times I'd checked, and missed seeing it :)
Unfortunately I can't remember why I whitelisted it :( It belongs to an ESP.
If they
Thanks Sam. That's brilliant and hugely helpful.
I'll try to do this this evening, and failing that over the weekend.
I will also check the whitelists again in case I missed something.
Yes, ms2 is the edge server and that's where the sender is backlisted,
although I've just added it to
Dear all,
I'm having a bit of an issue trying to block messages based on the envelope
sender. Basically it doesn't seem to work at all, so I'm obviously doing
something wrong.
All the other types of blacklists and whitelists seem to work just fine.
I understand the difference between the "From"
Aha! Thanks Gary. I'd missed the vital "the dots in the examples below can
be any single character" when reading this.
Thank you!
From: Gary Gendel [mailto:g...@genashor.com]
Sent: 06 May 2016 16:24
To: Faris Raouf <aster...@raouf.net>; spamdyke users
<spamdyke
Dear all,
Recently I've noticed that massive numbers of (presumably botnet) senders
are blocked by the earlytalker filter when greeting-delay-secs=11 but only a
fraction as many if I set it to 10 or less.
I'm guessing that the current main botnets are set to start talking after 10
seconds
> Behalf Of Alessio Cecchi via spamdyke-users
> Sent: 10 March 2016 08:00
>
> Hi,
>
> if you use spamdyke fixcrio is no more necessary.
> --
Ah, that's what I thought. The notes I have say that spamdyke takes care of
the bare LFs.
But because I could not remember if I added it to the tcpserver
> From: spamdyke-users [mailto:spamdyke-users-boun...@spamdyke.org] On
> Behalf Of Alessio Cecchi via spamdyke-users
> For me works fine with:
>
> tls-level=smtp-no-passthrough
> tls-certificate-file=/var/ssl/wildcard.pem
>
> and in /var/ssl/wildcard.pem there is a chain like this:
>
>
Dear all,
I'm stuck with a qmail installation that doesn't support TLS, so I'm trying
to get Spamdyke to deal with it on incoming connections.
Unfortunately I've not managed to get it to work - I get the following error
in the maillog when testing:
**
unable to start SSL/TLS
Thanks Sam!
From: spamdyke-users [mailto:spamdyke-users-boun...@spamdyke.org] On Behalf Of
Sam Clippinger via spamdyke-users
Sent: 17 January 2016 19:49
To: spamdyke users
Subject: Re: [spamdyke-users] RBL DNS query numbers
I think you're exactly right --
Thanks Sam. That's put my mind at ease.
To my knowledge, there are no security issues in version 4.3.1. I've since
fixed several bugs that can cause crashes, but nothing I can imagine could
be a security risk.
There have been recent bugs in OpenSSL and glibc; those libraries should
Dear all,
Forgive me for asking this question - I'm not a coder.
I've noticed that a few systems I look after use Spamdyke 4.3.1, compiled
back in 2012 or 2013.
Are there any security issues with this version?
Would any of the various vulnerabilities found in certain ancillary
Actually bad thinking - because the secondary wasn't in the exception file
after all - the IP was similar but not the right one.
I'm going blind in my old age.
So I'm back to square one. I really appreciate you looking into it for me
though. Sorry for the false alarm/red herring.
Good
Dear all,
Some of you may recall that I've posted a question on this topic before.
Essentially I'm having a problem with some sender/recipient pairs being
somehow permanently graylisted, with 0 byte graylist entry in the graylist
directory path never being removed.
I've just woken up
And to add my 2p/2c, check our multitail as an alternative to tail. It adds
the ability to split the screen into multiple sections and, possibly more
interestingly, allows colour coding and highlighting and has built-in
support for regex log item filtering.
The default highlighting rule are OK
Thanks Gary. That makes total sense. Unfortunately the file definitely
wasn't protected in any way, so this incident is still a bit of a mystery.
On a related matter, however, am I correct in thinking that if a graylisted
sender resends after the -min interval but fails to pass another filter
Can someone remind me please: under what circumstances would a
spamdyke-created graylist file be 0 bytes?
I used to know this but it has totally escaped my memory.
This came to light when we saw a sender who appeared to be permanently
graylisted when sending to a specific recipient (but not
Hmm.. I spoke to soon. I've tried it on a system without qmail-scanner and
still get:
ERROR: unable to read from SSL/TLS stream: The operation failed due to an
I/O error, Unexpected EOF found
The messages do seem to be getting into mailboxes though.
This is a bit of a long message and is on a topic that has been discussed a
few times in the past - sorry :(
I've just installed spamdyke on a particular server. Unlike every other
spamdyke installation I've ever done, this one is generating various TLS
errors when receiving mail via TLS
Please answer for both new and existing servers.
What is the tls-level you have in the configuration file?
None at all -- as in I don't have a tls-level option set on any system.
Given the way things behave, I'm assuming the default is smtp? I can't tell
from the docs.
On this issue, is
You constantly amaze me :)
Thanks!
Sometimes I amaze even myself. :)
-- Sam Clippinger
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Can someone point me in the right direction please?
I want to block all email with a FROM: sender address ending in a particular
TLD (.pw)
Unfortunately I'm not sure exactly what the correct syntax is.
In the docs, it says:
One form of wildcard address is supported. All usernames within
Thanks Lutz.
I'm sure that would work and I will definitely try it.
But I'd still not be able to do connection timeouts and rdns checks etc,
which ideally I'd like to do.
May be it's simple: spamdyke sits in front of all and does
authentification in
your case. Shouldn't it be possible to
You are welcome.
Please note that I made a slight error when typing:
Then, in that directory, create a *file* corresponding to the domain
name without the TLD e.g mydomain (i.e. your file is
/etc/spamdyke.d/_recipient_/com/mydomain
That last line should have read:
Hi Kevin,
You may also need to switch off spamassassin for the domain.
Anyway, the spamdkye side is really simple.
Say you have the following in your spamdyke.conf
(some graylist options)
(other options)
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=bl.spamcop.net
reject-empty-rdns
I think it uses something home-grown :-(
What does Plesk use for authentication? I would look in that direction for
a
solution.
--
-Eric 'shubes'
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
Thanks Sam and Eric,
I suspect I didn't explain what I want to do very well, and/or that my
assumption that the entire world would agree with my reasons for wanting to
do so was faulty :-)
Basically, on a Plesk server, anyone who has a mailbox set up in Plesk can
use their incoming mail
Dear all,
I've been using spamdyke (in conjunction with qmail-scanner/sa/clamav) with
various version of Plesk for years now. Thanks again to Sam for such a
fantastic project.
One of the vital features missing from Plesk is the ability to control who
can use the hosting server's
Dear all,
We have a customer who, for some inexplicable reason, is being sent legit
email from lots and lots of mailservers whose rdns does not resolve. We are
having to whitelist something new on an almost weekly basis.
I've therefore tried to disable reject-unresolvable-rdns for that domain
Sam,
It would be nice to know if a message is ALLOWED as a result of whitelisting
as opposed to passing all the normal tests. I'd therefore like to see
WHITELISTED, and more ideally
WHITELISTED-IP/WHITELISTED-RECIPIENT/WHITELISTED-SENDER (etc) in verbose
mode.
What do you think? Useful or just
If this is the same bug, the upcoming version (any day now) will fix it.
If you
could email the specific server name to me, I'll take a look and let you
know if
it's the same problem or something new.
-- Sam Clippinger
Thanks Sam,
I have emailed you.
Faris.
Dear all,
I've been happily using the DENIED_SENDER_NO_MX option for years with no
problems.
Yesterday, however, 24 hours after finally upgrading to 4.2.0 from a
previous 4.x version (sorry -- not sure which - possibly 4.0.6), I noticed
an oddity in my logs (redacted to protect the innocent).
Thank you Boris. That's great.
Faris.
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
I wonder if this idea might be extended in some way, so that if a message
from a particular IP is rejected on the basis of the recipient address being
non-existent, a badaddress counter is incremented for that ip. If badaddress
goes above X in Y seconds then either reject or more likely tempfail
Thanks Boris. Yes please!
Faris.
If you are interested I can post the settings for fail2ban here.
Regards,
Boris
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Way to go Chris! Outstanding work. Thanks.
Faris.
-Original Message-
From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users-
boun...@spamdyke.org] On Behalf Of Chris Boulton
Sent: 14 July 2010 7:33 AM
To: spamdyke users
Subject: [spamdyke-users] [patch] Configurable
Thanks Sam, David and Ulrich.
I'll pass on the suggestions to the sysadmin in question, in a polite way
:-)
Faris.
-Original Message-
From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users-
boun...@spamdyke.org] On Behalf Of Sam Clippinger
Sent: 12 February 2010 11:12 PM
I had a very interesting conversation with a sysadmin who is in charge of
mail server whose emails our Spamdyke servers are rejecting because their
PTR has no corresponding A record (reject-unresolvable-rdns in
spamdyke.conf).
The sending server runs MS Exchange 2007, and apparently when they add
Thanks Eric. It is very useful.
Faris.
-Original Message-
From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users-
boun...@spamdyke.org] On Behalf Of Eric Shubert
Sent: 06 February 2010 7:11 PM
To: spamdyke-users@spamdyke.org
Subject: Re: [spamdyke-users] graylist cleanup
Which version of Thunderbird?
I've found Thunderbird 3 to be a bit of a nightmare, insisting on using
encryption/ssl/tls/whatever and other strange things when it does its
auto-detect when you set up an account, but which subsequently don't
actually work.
So I would take a look at the use secure
When viewed in my email client, there was a space between the path and
spamdyke.conf in your
SPAMDYKE_OPTIONS=--hostname '$HOSTNAME' --config-file /etc/spamdyke/
spamdyke.conf
I don't know if that's how it really is in your config, but if it is then
maybe that's the problem?
I'm not familiar
No, it will always be like that, until the Internet (or its users) grows up.
Our typical figures are between 95% and 97% being denied.
It doesn't make me sad though. It makes me MAD. Furious, in fact. Most of
what we get comes from end-users in China, Eastern Europe and South America
who have
Yes...this problem sounds familiar.
I afraid I can't remember the details or even if it was last mentioned in
this mailing list or another one, but I think it was clamd or qmail-scanner
or something that was found to be the culprit in the end.
I know this is no help but I thought I'd mention it
It is OK -- it is working as it should be.
The no MX test applies to the domain of the email address in the From:
address in the header of the received email and not the rdns-resolved domain
of the IP address used to connecting to your mailserver.
e.g. if you are connecting from
From spamdyke.org docs:
reject-missing-sender-mx Check the domain name of the sender's email address
for a mail exchanger (an MX or an A record). If neither are found, reject
the connection.
Maybe you had authenticated for this test, in which case it would be let
through?
It definitely
Hehe. Yup. Plumbers are expensive :-)
Faris.
-Original Message-
From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users-
boun...@spamdyke.org] On Behalf Of BC
Sent: 02 June 2009 18:24
To: spamdyke-users@spamdyke.org
Subject: Re: [spamdyke-users] ERROR: Unable to write...
You don't need to worry about this. The sender disconnected. It is a common
thing to see in the logs. There's no error.
Faris.
-Original Message-
From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users-
boun...@spamdyke.org] On Behalf Of BC
Sent: 02 June 2009 00:01
To:
its messages will be sent to the
remote
server. Trying to move it deep inside a mail delivery system defeats
most of its design.
-- Sam Clippinger
Faris Raouf wrote:
Hi all,
I have a few email addresses that are not running on servers that I
control.
A lot of them are getting high
Hi all,
I have a few email addresses that are not running on servers that I control.
A lot of them are getting high levels of spam sent to them (coincidentally,
mostly ones where the FROM and TO are both the same and are my email
address).
What I want to somehow do is arrange things so that this
. But as bind thinks it's authoritative for that zone it'll fail
the dns request. You can verify this by doing something like:
host n.n.n.n 127.0.0.1
with the servers and the problematic IPs to see what your local DNS
returns for these IPs RDNS.
-- Felix Buenemann
On 07.10.2008 5:23 Uhr, Faris Raouf
The first two are easy. The remote probably dropped the connection,
resulting in the unable to write error.
For the last two, someone tried to use your server to relay spam, or at
least to test if they could (but they failed)
Faris.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
I was just having a random look through my logs and I found something I
don't understand.
I had lots and lots and lots of these (all for the same email address and
IP, over several days)
DENIED_RDNS_MISSING from: [EMAIL PROTECTED] to:
[EMAIL PROTECTED] origin_ip: ip-of-hostname.mydomain.tld
I'm going to guess and say this is harmless - don't worry about it.
The connection reset by peer probably means the sending server disconnected
before spamdyke could tell it to get lost in a friendly way. Or something
like that :-)
I'm sure I'll be corrected on this because it is all just a
Oh great! Why on earth did they do that I wonder? Thanks for the warning.
Faris.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christian Aust
Sent: 30 July 2008 21:38
To: spamdyke users
Subject: [spamdyke-users] Plesk 8.6.0 changes
FYI:
Yesterday,
Forgive me if I'm missing something here, but qmail-scanner already does
spamassassin and AV checking, and can be configured to reject (as opposed to
drop) any emails that fall outside of admin/user set parameters.
Because qmail-scanner is so easy to install (especially if you have Plesk
under
To: spamdyke users
Subject: Re: [spamdyke-users] yet another wishlist... :-)
On Fri, 2008-05-16 at 14:31 +0100, Faris Raouf wrote:
Forgive me if I'm missing something here, but qmail-scanner already
does
spamassassin and AV checking, and can be configured to reject (as
opposed to
drop) any
That sounds very interesting indeed.
Please can you add me as being someone who is interested in taking a look?
Thanks,
Faris.
-Original Message-
From: [EMAIL PROTECTED] [mailto:spamdyke-users-
[EMAIL PROTECTED] On Behalf Of David Stiller
Sent: 28 April 2008 08:07
To: spamdyke
Just have two local-domains-file lines in your config, one pointing to rcpt
hosts and the other to morercpthosts
Faris.
-Original Message-
From: [EMAIL PROTECTED] [mailto:spamdyke-users-
[EMAIL PROTECTED] On Behalf Of cyber fanatic
Sent: 07 March 2008 15:18
To:
That's very useful! Thanks Ken.
I'm getting some errors on running it though:
Use of uninitialized value in addition (+) at ./spamdyke-stats.pl line 27,
line 11167.
11167 16
Use of uninitialized value in concatenation (.) or string at
./spamdyke-stats.pl line 33, line 11167.
Allowed:
Denied
63 matches
Mail list logo