Re: [spamdyke-users] Localhost relaying denied

ritten the next time Plesk saves a change. -- Sam Clippinger On Oct 3, 2016, at 7:58 AM, Faris Raouf via spamdyke-users <spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org> > wrote: Dear all, I'm absolutely confounded by a problem I'm having after upgr

[spamdyke-users] Localhost relaying denied

Dear all, I'm absolutely confounded by a problem I'm having after upgrading five systems from Spamdyke 4.3.1 to 5.0.1 On two of them, webmail (running locally, connecting from 127.0.0.1 to 127.0.0.1 port 25 via smtp, no authentication) works fine and can send messages. On the other

Re: [spamdyke-users] spam with rDNS resolving to "localhost"

.0.1 but block it for all other IPs. -- Sam Clippinger On Aug 9, 2016, at 5:02 AM, Faris Raouf via spamdyke-users <spamdyke-users@spamdyke.org <mailto:spamdyke-users@spamdyke.org> > wrote: Dear all, We're having problems with spam being allowed in from IPs with rDNS re

[spamdyke-users] spam with rDNS resolving to "localhost"

Dear all, We're having problems with spam being allowed in from IPs with rDNS resolving to "localhost". This gets past the reject-empty-rdns filter. Initially I thought these IPs has no rDNS - using dnsstuff, I get no result (normally meaning no rDNS). But using host or dig I see the IPs

Re: [spamdyke-users] can't block envelope sender

Yup! That would be great. I just think it would be useful to know it is happening, and where to look, sort of thing. From: spamdyke-users [mailto:spamdyke-users-boun...@spamdyke.org] On Behalf Of Sam Clippinger via spamdyke-users Sent: 25 July 2016 14:50 To: spamdyke users

Re: [spamdyke-users] can't block envelope sender

Hi Sam, I just had a chance to have a go with the tests, and just as you expected it was down to the rDNS of the sender being whitelisted. I don't know how many times I'd checked, and missed seeing it :) Unfortunately I can't remember why I whitelisted it :( It belongs to an ESP. If they

Re: [spamdyke-users] can't block envelope sender

Thanks Sam. That's brilliant and hugely helpful. I'll try to do this this evening, and failing that over the weekend. I will also check the whitelists again in case I missed something. Yes, ms2 is the edge server and that's where the sender is backlisted, although I've just added it to

[spamdyke-users] can't block envelope sender

Dear all, I'm having a bit of an issue trying to block messages based on the envelope sender. Basically it doesn't seem to work at all, so I'm obviously doing something wrong. All the other types of blacklists and whitelists seem to work just fine. I understand the difference between the "From"

Re: [spamdyke-users] ip-in-rdns-keyword - are hyphens supported?

Aha! Thanks Gary. I'd missed the vital "the dots in the examples below can be any single character" when reading this. Thank you! From: Gary Gendel [mailto:g...@genashor.com] Sent: 06 May 2016 16:24 To: Faris Raouf <aster...@raouf.net>; spamdyke users <spamdyke

[spamdyke-users] Sensible greeting delay?

Dear all, Recently I've noticed that massive numbers of (presumably botnet) senders are blocked by the earlytalker filter when greeting-delay-secs=11 but only a fraction as many if I set it to 10 or less. I'm guessing that the current main botnets are set to start talking after 10 seconds

Re: [spamdyke-users] Help getting TLS to work please

> Behalf Of Alessio Cecchi via spamdyke-users > Sent: 10 March 2016 08:00 > > Hi, > > if you use spamdyke fixcrio is no more necessary. > -- Ah, that's what I thought. The notes I have say that spamdyke takes care of the bare LFs. But because I could not remember if I added it to the tcpserver

Re: [spamdyke-users] Help getting TLS to work please

> From: spamdyke-users [mailto:spamdyke-users-boun...@spamdyke.org] On > Behalf Of Alessio Cecchi via spamdyke-users > For me works fine with: > > tls-level=smtp-no-passthrough > tls-certificate-file=/var/ssl/wildcard.pem > > and in /var/ssl/wildcard.pem there is a chain like this: > >

[spamdyke-users] Help getting TLS to work please

Dear all, I'm stuck with a qmail installation that doesn't support TLS, so I'm trying to get Spamdyke to deal with it on incoming connections. Unfortunately I've not managed to get it to work - I get the following error in the maillog when testing: ** unable to start SSL/TLS

Re: [spamdyke-users] RBL DNS query numbers

Thanks Sam! From: spamdyke-users [mailto:spamdyke-users-boun...@spamdyke.org] On Behalf Of Sam Clippinger via spamdyke-users Sent: 17 January 2016 19:49 To: spamdyke users Subject: Re: [spamdyke-users] RBL DNS query numbers I think you're exactly right --

Re: [spamdyke-users] Still using 4.3.1

Thanks Sam. That's put my mind at ease. To my knowledge, there are no security issues in version 4.3.1. I've since fixed several bugs that can cause crashes, but nothing I can imagine could be a security risk. There have been recent bugs in OpenSSL and glibc; those libraries should

[spamdyke-users] Still using 4.3.1

Dear all, Forgive me for asking this question - I'm not a coder. I've noticed that a few systems I look after use Spamdyke 4.3.1, compiled back in 2012 or 2013. Are there any security issues with this version? Would any of the various vulnerabilities found in certain ancillary

Re: [spamdyke-users] Graylist problem with whitelisted secondary mailserver

Actually bad thinking - because the secondary wasn't in the exception file after all - the IP was similar but not the right one. I'm going blind in my old age. So I'm back to square one. I really appreciate you looking into it for me though. Sorry for the false alarm/red herring. Good

[spamdyke-users] Graylist problem with whitelisted secondary mailserver

Dear all, Some of you may recall that I've posted a question on this topic before. Essentially I'm having a problem with some sender/recipient pairs being somehow permanently graylisted, with 0 byte graylist entry in the graylist directory path never being removed. I've just woken up

Re: [spamdyke-users] Basic script writing help please

And to add my 2p/2c, check our multitail as an alternative to tail. It adds the ability to split the screen into multiple sections and, possibly more interestingly, allows colour coding and highlighting and has built-in support for regex log item filtering. The default highlighting rule are OK

Re: [spamdyke-users] 0byte graylist entries

Thanks Gary. That makes total sense. Unfortunately the file definitely wasn't protected in any way, so this incident is still a bit of a mystery. On a related matter, however, am I correct in thinking that if a graylisted sender resends after the -min interval but fails to pass another filter

[spamdyke-users] 0byte graylist entries

Can someone remind me please: under what circumstances would a spamdyke-created graylist file be 0 bytes? I used to know this but it has totally escaped my memory. This came to light when we saw a sender who appeared to be permanently graylisted when sending to a specific recipient (but not

Re: [spamdyke-users] TLS errors - again

Hmm.. I spoke to soon. I've tried it on a system without qmail-scanner and still get: ERROR: unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found The messages do seem to be getting into mailboxes though.

[spamdyke-users] TLS errors - again

This is a bit of a long message and is on a topic that has been discussed a few times in the past - sorry :( I've just installed spamdyke on a particular server. Unlike every other spamdyke installation I've ever done, this one is generating various TLS errors when receiving mail via TLS

Re: [spamdyke-users] TLS errors - again

Please answer for both new and existing servers. What is the tls-level you have in the configuration file? None at all -- as in I don't have a tls-level option set on any system. Given the way things behave, I'm assuming the default is smtp? I can't tell from the docs. On this issue, is

Re: [spamdyke-users] Block complete TLD

You constantly amaze me :) Thanks! Sometimes I amaze even myself. :) -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users

[spamdyke-users] Block complete TLD

Can someone point me in the right direction please? I want to block all email with a FROM: sender address ending in a particular TLD (.pw) Unfortunately I'm not sure exactly what the correct syntax is. In the docs, it says: One form of wildcard address is supported. All usernames within

Re: [spamdyke-users] SMTP-AUTH and filters

Thanks Lutz. I'm sure that would work and I will definitely try it. But I'd still not be able to do connection timeouts and rdns checks etc, which ideally I'd like to do. May be it's simple: spamdyke sits in front of all and does authentification in your case. Shouldn't it be possible to

Re: [spamdyke-users] Turn on filtering on a single domain

You are welcome. Please note that I made a slight error when typing: Then, in that directory, create a *file* corresponding to the domain name without the TLD e.g mydomain (i.e. your file is /etc/spamdyke.d/_recipient_/com/mydomain That last line should have read:

Re: [spamdyke-users] Turn on filtering on a single domain

Hi Kevin, You may also need to switch off spamassassin for the domain. Anyway, the spamdkye side is really simple. Say you have the following in your spamdyke.conf (some graylist options) (other options) dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net reject-empty-rdns

Re: [spamdyke-users] Spamdyke on submission port for access control

I think it uses something home-grown :-( What does Plesk use for authentication? I would look in that direction for a solution. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org

Re: [spamdyke-users] Spamdyke on submission port for access control

Thanks Sam and Eric, I suspect I didn't explain what I want to do very well, and/or that my assumption that the entire world would agree with my reasons for wanting to do so was faulty :-) Basically, on a Plesk server, anyone who has a mailbox set up in Plesk can use their incoming mail

[spamdyke-users] Spamdyke on submission port for access control

Dear all, I've been using spamdyke (in conjunction with qmail-scanner/sa/clamav) with various version of Plesk for years now. Thanks again to Sam for such a fantastic project. One of the vital features missing from Plesk is the ability to control who can use the hosting server's

[spamdyke-users] Problems disabling reject-unresolvable-rnds for one domain

Dear all, We have a customer who, for some inexplicable reason, is being sent legit email from lots and lots of mailservers whose rdns does not resolve. We are having to whitelist something new on an almost weekly basis. I've therefore tried to disable reject-unresolvable-rdns for that domain

[spamdyke-users] Feature Request

Sam, It would be nice to know if a message is ALLOWED as a result of whitelisting as opposed to passing all the normal tests. I'd therefore like to see WHITELISTED, and more ideally WHITELISTED-IP/WHITELISTED-RECIPIENT/WHITELISTED-SENDER (etc) in verbose mode. What do you think? Useful or just

Re: [spamdyke-users] No MX: bug, misunderstanding or DNS failure?

If this is the same bug, the upcoming version (any day now) will fix it. If you could email the specific server name to me, I'll take a look and let you know if it's the same problem or something new. -- Sam Clippinger Thanks Sam, I have emailed you. Faris.

[spamdyke-users] No MX: bug, misunderstanding or DNS failure?

Dear all, I've been happily using the DENIED_SENDER_NO_MX option for years with no problems. Yesterday, however, 24 hours after finally upgrading to 4.2.0 from a previous 4.x version (sorry -- not sure which - possibly 4.0.6), I noticed an oddity in my logs (redacted to protect the innocent).

Re: [spamdyke-users] Does one blacklisted address kill the delivery?

Thank you Boris. That's great. Faris. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Does one blacklisted address kill the delivery?

I wonder if this idea might be extended in some way, so that if a message from a particular IP is rejected on the basis of the recipient address being non-existent, a badaddress counter is incremented for that ip. If badaddress goes above X in Y seconds then either reject or more likely tempfail

Re: [spamdyke-users] Does one blacklisted address kill the delivery?

Thanks Boris. Yes please! Faris. If you are interested I can post the settings for fail2ban here. Regards, Boris ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] [patch] Configurable TLS/SSL ciphers for spamdyke

Way to go Chris! Outstanding work. Thanks. Faris. -Original Message- From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users- boun...@spamdyke.org] On Behalf Of Chris Boulton Sent: 14 July 2010 7:33 AM To: spamdyke users Subject: [spamdyke-users] [patch] Configurable

Re: [spamdyke-users] Exchange server Webmail for Outlook and A records

Thanks Sam, David and Ulrich. I'll pass on the suggestions to the sysadmin in question, in a polite way :-) Faris. -Original Message- From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users- boun...@spamdyke.org] On Behalf Of Sam Clippinger Sent: 12 February 2010 11:12 PM

[spamdyke-users] Exchange server Webmail for Outlook and A records

I had a very interesting conversation with a sysadmin who is in charge of mail server whose emails our Spamdyke servers are rejecting because their PTR has no corresponding A record (reject-unresolvable-rdns in spamdyke.conf). The sending server runs MS Exchange 2007, and apparently when they add

Re: [spamdyke-users] graylist cleanup script

Thanks Eric. It is very useful. Faris. -Original Message- From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users- boun...@spamdyke.org] On Behalf Of Eric Shubert Sent: 06 February 2010 7:11 PM To: spamdyke-users@spamdyke.org Subject: Re: [spamdyke-users] graylist cleanup

Re: [spamdyke-users] plesk/spamdyke/thunderbird/port 25 problem

Which version of Thunderbird? I've found Thunderbird 3 to be a bit of a nightmare, insisting on using encryption/ssl/tls/whatever and other strange things when it does its auto-detect when you set up an account, but which subsequently don't actually work. So I would take a look at the use secure

Re: [spamdyke-users] Using spamdyke with tmda

When viewed in my email client, there was a space between the path and spamdyke.conf in your SPAMDYKE_OPTIONS=--hostname '$HOSTNAME' --config-file /etc/spamdyke/ spamdyke.conf I don't know if that's how it really is in your config, but if it is then maybe that's the problem? I'm not familiar

Re: [spamdyke-users] Spam Stats

No, it will always be like that, until the Internet (or its users) grows up. Our typical figures are between 95% and 97% being denied. It doesn't make me sad though. It makes me MAD. Furious, in fact. Most of what we get comes from end-users in China, Eastern Europe and South America who have

Re: [spamdyke-users] corrupt pdf/jpg files

Yes...this problem sounds familiar. I afraid I can't remember the details or even if it was last mentioned in this mailing list or another one, but I think it was clamd or qmail-scanner or something that was found to be the culprit in the end. I know this is no help but I thought I'd mention it

Re: [spamdyke-users] Testing DNS tests

It is OK -- it is working as it should be. The no MX test applies to the domain of the email address in the From: address in the header of the received email and not the rdns-resolved domain of the IP address used to connecting to your mailserver. e.g. if you are connecting from

Re: [spamdyke-users] Testing DNS tests

From spamdyke.org docs: reject-missing-sender-mx Check the domain name of the sender's email address for a mail exchanger (an MX or an A record). If neither are found, reject the connection. Maybe you had authenticated for this test, in which case it would be let through? It definitely

Re: [spamdyke-users] ERROR: Unable to write... Broken Pipe

Hehe. Yup. Plumbers are expensive :-) Faris. -Original Message- From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users- boun...@spamdyke.org] On Behalf Of BC Sent: 02 June 2009 18:24 To: spamdyke-users@spamdyke.org Subject: Re: [spamdyke-users] ERROR: Unable to write...

Re: [spamdyke-users] ERROR: Unable to write... Broken Pipe

You don't need to worry about this. The sender disconnected. It is a common thing to see in the logs. There's no error. Faris. -Original Message- From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users- boun...@spamdyke.org] On Behalf Of BC Sent: 02 June 2009 00:01 To:

Re: [spamdyke-users] [Slightly OT] Using fetchmail or similar with spamdyke

its messages will be sent to the remote server. Trying to move it deep inside a mail delivery system defeats most of its design. -- Sam Clippinger Faris Raouf wrote: Hi all, I have a few email addresses that are not running on servers that I control. A lot of them are getting high

[spamdyke-users] [Slightly OT] Using fetchmail or similar with spamdyke

Hi all, I have a few email addresses that are not running on servers that I control. A lot of them are getting high levels of spam sent to them (coincidentally, mostly ones where the FROM and TO are both the same and are my email address). What I want to somehow do is arrange things so that this

Re: [spamdyke-users] RNDS_MISSING - only it isn't

. But as bind thinks it's authoritative for that zone it'll fail the dns request. You can verify this by doing something like: host n.n.n.n 127.0.0.1 with the servers and the problematic IPs to see what your local DNS returns for these IPs RDNS. -- Felix Buenemann On 07.10.2008 5:23 Uhr, Faris Raouf

Re: [spamdyke-users] Unusual log entries

The first two are easy. The remote probably dropped the connection, resulting in the unable to write error. For the last two, someone tried to use your server to relay spam, or at least to test if they could (but they failed) Faris. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On

[spamdyke-users] RNDS_MISSING - only it isn't

I was just having a random look through my logs and I found something I don't understand. I had lots and lots and lots of these (all for the same email address and IP, over several days) DENIED_RDNS_MISSING from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: ip-of-hostname.mydomain.tld

Re: [spamdyke-users] ERROR msg in log-file

I'm going to guess and say this is harmless - don't worry about it. The connection reset by peer probably means the sending server disconnected before spamdyke could tell it to get lost in a friendly way. Or something like that :-) I'm sure I'll be corrected on this because it is all just a

Re: [spamdyke-users] Plesk 8.6.0 changes

Oh great! Why on earth did they do that I wonder? Thanks for the warning. Faris. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christian Aust Sent: 30 July 2008 21:38 To: spamdyke users Subject: [spamdyke-users] Plesk 8.6.0 changes FYI: Yesterday,

Re: [spamdyke-users] yet another wishlist... :-)

Forgive me if I'm missing something here, but qmail-scanner already does spamassassin and AV checking, and can be configured to reject (as opposed to drop) any emails that fall outside of admin/user set parameters. Because qmail-scanner is so easy to install (especially if you have Plesk under

Re: [spamdyke-users] yet another wishlist... :-)

To: spamdyke users Subject: Re: [spamdyke-users] yet another wishlist... :-) On Fri, 2008-05-16 at 14:31 +0100, Faris Raouf wrote: Forgive me if I'm missing something here, but qmail-scanner already does spamassassin and AV checking, and can be configured to reject (as opposed to drop) any

Re: [spamdyke-users] feature request spamdyke user interface

That sounds very interesting indeed. Please can you add me as being someone who is interested in taking a look? Thanks, Faris. -Original Message- From: [EMAIL PROTECTED] [mailto:spamdyke-users- [EMAIL PROTECTED] On Behalf Of David Stiller Sent: 28 April 2008 08:07 To: spamdyke

Re: [spamdyke-users] More then one rcpthost

Just have two local-domains-file lines in your config, one pointing to rcpt hosts and the other to morercpthosts Faris. -Original Message- From: [EMAIL PROTECTED] [mailto:spamdyke-users- [EMAIL PROTECTED] On Behalf Of cyber fanatic Sent: 07 March 2008 15:18 To:

Re: [spamdyke-users] Simple Perl Spam Statistics Contribution

That's very useful! Thanks Ken. I'm getting some errors on running it though: Use of uninitialized value in addition (+) at ./spamdyke-stats.pl line 27, line 11167. 11167 16 Use of uninitialized value in concatenation (.) or string at ./spamdyke-stats.pl line 33, line 11167. Allowed: Denied