subject:"Re\: \[spamdyke\-users\] Blocking \"Reply\-To\:\" addresses"

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-10-17 Thread Linux via spamdyke-users

Sam, thank you very much for your answer. It is as you describe ... header
without the  "From"


Ej:

Oct  4 01:08:44 ns spamdyke[15166]: ALLOWED from: (unknown) to:
i...@dominio.cl origin_ip: 157.55.234.249 origin_rdns:
mail-db3hn0249.outbound.protection.outlook.com auth: (unknown) encryption:
TLS reason: 250_ok_1443931724_qp_15172


Original Header:


Return-Path: <>
Delivered-To: i...@dominio.cl
Received: (qmail 15172 invoked by uid 89); 4 Oct 2015 04:08:44 -
Received: from unknown (HELO emea01-db3-obe.outbound.protection.outlook.com)
(157.55.234.249)
by ns.dominio.cl with SMTP; 4 Oct 2015 04:08:44 -
Received-SPF: pass (ns.dominio.cl: SPF record at spf.protection.outlook.com
designates 157.55.234.249 as permitted sender)
Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=<>;
Received: from [104.243.24.168] (104.243.24.168) by
VI1PR09MB0430.eurprd09.prod.outlook.com (10.162.9.146) with Microsoft SMTP
Server (TLS) id 15.1.286.20; Sun, 4 Oct 2015 04:10:37 +
Content-Type: multipart/alternative; boundary="===1143449470=="
MIME-Version: 1.0
Subject: E-Mail Update
To: Recipients
From: Administrator
Date: Sun, 4 Oct 2015 00:10:15 -0700
Reply-To: 
X-Originating-IP: [104.243.24.168]
X-ClientProxiedBy: CY1PR13CA0087.namprd13.prod.outlook.com (25.164.65.13) To
VI1PR09MB0430.eurprd09.prod.outlook.com (25.162.9.146)
Return-Path: <>
Message-ID: <
vi1pr09mb04304bf51c82487363476aa8b8...@vi1pr09mb0430.eurprd09.prod.outlook.com
>
X-Microsoft-Exchange-Diagnostics:
1;VI1PR09MB0430;2:xmJp4A8bl5Y8HNBBaHwn02MUj6nIoi8l8Rglo9n8gOlyGDIIoJKqzHzKyzTiNIs/ruzH0ix+Yv3NVbl/xsLBpfmNEjqbU6ZWcsLq/0VPd1JYFFKpP26sbclf+c4PiFsj1ieo0RwMMNxt4F6Nt8M2Flu60fRH00FNtcy5FT4DEsA=;3:fSzVh1RpaRAzT6JQq86H32z6lJeYl3ZiI6ZAovurpzUknHT7OCYPELiuoGGMREHGX+/KI7MXcWLGr9chTrsThfXSCgyC8HR0xC0ARTO/0j3JqiYzWryOx5RFbxa7/DKE7ACHZYBx6KxyKnSCWZZHhA==;25:5ReVVKf5e/bdKcnBfeGopfqNhK51r06vcgfQECO6PRPvjaM0OftkjhF/ia+pLVVEolr5WtHy71jjb8MM3h5O+VLBKJYAcq2YGCF+0AsVJDbJqRSCGtu2iIZKQXzc4u7fX0sHM460RTtYrYeoi2tOTGGYA0n5bYozZVUj9thLUkn1FK6jIdfbNgGORcjfkQO7CQBrpPHi/TX86+Pt1m12njEc9G3LVE4W7wxEnjGcl3oa3iVf40/J8SBDHNlT0g/F;4:Q57Q9gDAm9qikUGbG1cPBXxCUUwakIHff+WNZvqNPP1ERepyXAUiQbAdEU3pKAtqt3oCHPGp6XPrwbkQsLyEWblf7skc9rD/aB/sl/x98PbbVWjANJoEBcyyzo+XkFNTVrZZ5TE2tInpfzbvu2h7Hpq7zvye/fVGegN06Bn/7BK6D1wS+l8w3+533s3kgJv6jf9fDt12f9GehLsnRL9W5xl1pwifAwL0REBkiStE6gOe2mBGgS3/N1ufSbtvFsFBP6bUSw/oUUpw9AAj0SNESYhKC672OClnoAdXWCYuw5e1ulxBbguHws6fIzeJ6HK0fxXu+FTSLhzPV5dFbGh5ur6Vdu+88BLcNr7YrLKw+bE=
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR09MB0430;
X-Microsoft-Antispam-PRVS: <
vi1pr09mb0430c644faa522cf5807ccabb8...@vi1pr09mb0430.eurprd09.prod.outlook.com
>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test:
BCL:0;PCL:0;RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(3002001);SRVR:VI1PR09MB0430;BCL:0;PCL:0;RULEID:;SRVR:VI1PR09MB0430;
X-Forefront-PRVS: 0719EC6A9A
X-Forefront-Antispam-Report:
SFV:SPM;SFS:(10019020)(6049001)(500562017);DIR:OUT;SFP:1501;SCL:9;SRVR:VI1PR09MB0430;H:[104.243.24.168];FPR:;SPF:None;PTR:InfoNoRecords;LANG:en;
Received-SPF: None (protection.outlook.com: [104.243.24.168] does not
designate permitted sender hosts)
X-Microsoft-Exchange-Diagnostics:
1;VI1PR09MB0430;23:eSEok75S9treOLjvA6skaDVR4Uc+bQc6shjBHq1JOxhn0pcCvwvlQzh7T2bRTF8hNpOf1ULWvxis3rAzbLKpWKRT894izYD3Mbeflj9eLRf3DqFSrrcfc9lo/kQf0nRGy+hMTRAu3dvXbxigrWQ0R0o3/r2rVn6mw4K8GB50LCjz8d/dz2L/wMgMMqtzDR4aswUefinHPuSckQzW9j5Y6pgtsASrZOpas4o9MhLHBEg=;5:RUq29oCWKEljA59XILxIyeSXjJPkZJNbzGI1ix5k0L8UGNvaVL9ico4o/ShY6NyeC2PRP5htv/KBpk6WCn7ckBHq64BgsGYYJA9e7hyTa33ElwbGVKOKoCjKcvCvtY5d7QJ2W/m1QkRYqjja2N+qNg==;24:UCZ6Ev6gwE4pK9adEaHnl9vq6f3z/Nbbq92W9+xZ5Uhjb5vElZMoxiuRRuaVBwEInX6qiTIkx8bi4b7v2TP6UQ==;20:OLbRn6GKCkL4dZx2dnqZ/eE/LBF+bllJanQAl8sFiyFM9gh9tmdW7w2u6lH2d/ODvxYoZt3NjuP/vLk/1JWiIw==
SpamDiagnosticOutput: 1:22
SpamDiagnosticMetadata: %2D%2D%2D%2D
X-OriginatorOrg: contactun.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Oct 2015 04:10:37.6998
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR09MB0430

*--===1143449470==*
*Content-Type: text/plain; charset="iso-8859-1"*
*MIME-Version: 1.0*
*Content-Transfer-Encoding: quoted-printable*
*Content-Description: Mail message body*

E-Mail Update =

20GB =

23GB
Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator, A=
nd You Will Not Be Able To Receive New Mails Until You Re-Validate It. To R=
e-Validate click =

=

=20
---


you can filter it with maildrop? There is some howto to read?

Best regards,

Paul

2015-10-11 19:45 GMT-03:00 Sam Clippinger via spamdyke-users <
spamdyke-users@spamdyke.org>:

> I'm not sure I understand your question.  If you want to block messages
> without a "From"

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-10-12 Thread Philip Rhoades via spamdyke-users


Sam,


On 2015-10-12 09:45, Sam Clippinger via spamdyke-users wrote:

I'm not sure I understand your question. If you want to block messages
without a "From" line in their header, spamdyke can't do that. You may
be able to use a secondary filter like maildrop to delete the message
after it is accepted however.



The original problem was that the "From:" header might have something 
that was believable but the "Reply-to:" header was always dodgy - 
(re)learning about the difference between the SMTP envelope and mail 
header stuff clarified things in my own head and finding out about how 
the header-blacklist-file works essentially solved all of my problems 
relating to this thread.


What I have now blocks anyone I don't like in either the "From:" or 
"Reply-to:" fields - so I am happy!  After a decent amount of time I 
will post updated stats so we can see how much more spam is being 
stopped over the basic setup - it won't be much but it will be 
interesting . .


Regards,

Phil.



-- Sam Clippinger

On Oct 9, 2015, at 10:17 AM, Linux via spamdyke-users
 wrote:


sorry to hang me for this post, but I would consult them taking
advantage of the conversation can be locked via e-mail comes without
sender? I'm getting a lot of spam that has this pattern.

Best regards,

Paul

2015-10-03 1:05 GMT-03:00 Philip Rhoades via spamdyke-users
:
Sam,

On 2015-10-02 23:47, Sam Clippinger via spamdyke-users wrote:
I guess so, but remember the wildcarding uses globbing, not
regexes.
What I mean is: using "?*" is equivalent to just "*".

Right.

Also, the line
has to contain at least one colon or spamdyke won't use it (message
headers always use a colon to separate the field name from the
value).

Yep.

Why not just use multiple entries in the file? If either one
matches,
the message will be blocked and it'd be easier to understand:
From: *@skysoft.com [1] [1]
Reply-To: *@skysoft.com [1] [1]

Doubling the number of lines offends my sensibilities . . this
works:

[FR][re][op][ml]*:*iskysoft.com [2]*

Also, sorting this issue out forced me to sort out the rDNS problem
for my main web server - so thanks for that too!

Regards,

Phil.

-- Sam Clippinger

On Oct 2, 2015, at 4:34 AM, Philip Rhoades via spamdyke-users
 wrote:

On 2015-10-02 15:42, Philip Rhoades via spamdyke-users wrote:
Sam,
On 2015-09-26 01:12, Sam Clippinger via spamdyke-users wrote:
The header blacklist file has a different format from the sender
blacklist file, so just copying entries from one to the other won't
work. You need to provide a pattern that matches the line(s) in the
message header -- in your mail client, you should have an option to
"view message source" or "view raw headers" that will show you what
it
looks like. In this specific case, you probably want this:
Reply-To: *@skysoft.com [1] [1] [3]*
The format is case insensitive and uses globbing for wildcards, so *
will match multiple characters and [] will match a set or range of
characters, just like the bash command prompt. The filter will
ignore
any lines in the file that don't contain a colon. Full details here:
http://www.spamdyke.org/documentation/README.html#HEADERS [3] [2]
[4]
So if I wanted to block the same address for both From: and
Reply-To:
I could use:
[fr][re][op][ml].*@skysoft.com [1] [1]

[fr][re][op][ml]?*@skysoft.com [1] [1]

so "*" doesn't repeat only "[ml]" ?

?
Thanks,
Phil.
For testing, you certainly can use telnet -- I do it all the time.
Just make sure the host you telnet from isn't blocked or whitelisted
for some other reason (most folks whitelist localhost, for example).
-- Sam Clippinger
On Sep 25, 2015, at 1:31 AM, Philip Rhoades via spamdyke-users
 wrote:
Sam,
On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote:
Actually, no. The sender-blacklist-* and recipient-blacklist-*
filters
operate on different data from the header-blacklist-* filters. The
reason is because the sender and recipient addresses are given
during
the SMTP protocol and aren't part of the message itself -- the
addresses you see in your mail client are the From and To entries
from
the message header. The first paragraph here explains in a little
more
detail:
http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
[4]
[3]

[1]
[1]
Yes, sorry, I should have realised that . .
Put another way, the sender address doesn't have to match the
"From"
address visible in the mail client -- well-behaved mail clients
make
them the same, but that's a courtesy and not a requirement. The
Reply-To address is part of the message header and, again, is only
a
convention used by well-behaved clients. If you've ever been Bcc'd
on
a message, you've seen this in action -- the sender's mail client
gave
your address as a recipient but didn't put your address on the
"To"
line in the message header.
Right, so, some follow up questions: I moved the following from the
sender-blacklist to the

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-10-02 Thread Sam Clippinger via spamdyke-users

I guess so, but remember the wildcarding uses globbing, not regexes.  What I 
mean is: using "?*" is equivalent to just "*".  Also, the line has to contain 
at least one colon or spamdyke won't use it (message headers always use a colon 
to separate the field name from the value).

Why not just use multiple entries in the file?  If either one matches, the 
message will be blocked and it'd be easier to understand:
From: *@skysoft.com
Reply-To: *@skysoft.com

-- Sam Clippinger




On Oct 2, 2015, at 4:34 AM, Philip Rhoades via spamdyke-users 
 wrote:

> On 2015-10-02 15:42, Philip Rhoades via spamdyke-users wrote:
>> Sam,
>> On 2015-09-26 01:12, Sam Clippinger via spamdyke-users wrote:
>>> The header blacklist file has a different format from the sender
>>> blacklist file, so just copying entries from one to the other won't
>>> work. You need to provide a pattern that matches the line(s) in the
>>> message header -- in your mail client, you should have an option to
>>> "view message source" or "view raw headers" that will show you what it
>>> looks like. In this specific case, you probably want this:
>>> Reply-To: *@skysoft.com [3]*
>>> The format is case insensitive and uses globbing for wildcards, so *
>>> will match multiple characters and [] will match a set or range of
>>> characters, just like the bash command prompt. The filter will ignore
>>> any lines in the file that don't contain a colon. Full details here:
>>> http://www.spamdyke.org/documentation/README.html#HEADERS [4]
>> So if I wanted to block the same address for both From: and Reply-To:
>> I could use:
>>  [fr][re][op][ml].*@skysoft.com
> 
> 
>  [fr][re][op][ml]?*@skysoft.com
> 
> so "*" doesn't repeat only "[ml]" ?
> 
> 
>> ?
>> Thanks,
>> Phil.
>>> For testing, you certainly can use telnet -- I do it all the time.
>>> Just make sure the host you telnet from isn't blocked or whitelisted
>>> for some other reason (most folks whitelist localhost, for example).
>>> -- Sam Clippinger
>>> On Sep 25, 2015, at 1:31 AM, Philip Rhoades via spamdyke-users
>>>  wrote:
 Sam,
 On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote:
> Actually, no. The sender-blacklist-* and recipient-blacklist-*
> filters
> operate on different data from the header-blacklist-* filters. The
> reason is because the sender and recipient addresses are given
> during
> the SMTP protocol and aren't part of the message itself -- the
> addresses you see in your mail client are the From and To entries
> from
> the message header. The first paragraph here explains in a little
> more
> detail:
 http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
> [1]
> [1]
 Yes, sorry, I should have realised that . .
> Put another way, the sender address doesn't have to match the
> "From"
> address visible in the mail client -- well-behaved mail clients
> make
> them the same, but that's a courtesy and not a requirement. The
> Reply-To address is part of the message header and, again, is only
> a
> convention used by well-behaved clients. If you've ever been Bcc'd
> on
> a message, you've seen this in action -- the sender's mail client
> gave
> your address as a recipient but didn't put your address on the
> "To"
> line in the message header.
 Right, so, some follow up questions: I moved the following from the
 sender-blacklist to the header-blacklist:
 @iskysoft.com [2]
 - first in the conf file then later into a separate
 header-blacklist-file with all the massaged addresses from my old
 setup - but the sender above still seems to be getting through. I
 thought the "@" was supposed to act like a wild card? Am I still
 doing something wrong?
 When I add addresses etc to blacklists etc, is there any way of
 doing a test myself to see that the block is working? Using a telnet
 to port 25 on my qmail server and manually pasting header lines is
 not a real test is it?
 Thanks,
 Phil.
 -- Sam Clippinger
 On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users
  wrote:
 Sam,
 On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:
 I'm not entirely sure I understand your question... if the
 Reply-To
 address is always the same, you should be able to block it using
 the
 header blacklist filter.
 Ah . . OK - I will try that but doesn't that mean that:
 sender-blacklist-entry
 is redundant - ie:
 header-blacklist-entry
 should cover everything?
 Thanks,
 Phil.
 If you're wanting to compare the Reply-To
 address to the From address or the sender address, spamdyke
 doesn't
 have that ability.
 -- Sam Clippinger
 On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-10-02 Thread Philip Rhoades via spamdyke-users


On 2015-10-02 15:42, Philip Rhoades via spamdyke-users wrote:

Sam,


On 2015-09-26 01:12, Sam Clippinger via spamdyke-users wrote:

The header blacklist file has a different format from the sender
blacklist file, so just copying entries from one to the other won't
work. You need to provide a pattern that matches the line(s) in the
message header -- in your mail client, you should have an option to
"view message source" or "view raw headers" that will show you what it
looks like. In this specific case, you probably want this:
 Reply-To: *@skysoft.com [3]*

The format is case insensitive and uses globbing for wildcards, so *
will match multiple characters and [] will match a set or range of
characters, just like the bash command prompt. The filter will ignore
any lines in the file that don't contain a colon. Full details here:
 http://www.spamdyke.org/documentation/README.html#HEADERS [4]



So if I wanted to block the same address for both From: and Reply-To:
I could use:

  [fr][re][op][ml].*@skysoft.com



  [fr][re][op][ml]?*@skysoft.com

so "*" doesn't repeat only "[ml]" ?



?

Thanks,

Phil.



For testing, you certainly can use telnet -- I do it all the time.
Just make sure the host you telnet from isn't blocked or whitelisted
for some other reason (most folks whitelist localhost, for example).

-- Sam Clippinger

On Sep 25, 2015, at 1:31 AM, Philip Rhoades via spamdyke-users
 wrote:


Sam,

On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote:


Actually, no. The sender-blacklist-* and recipient-blacklist-*
filters
operate on different data from the header-blacklist-* filters. The
reason is because the sender and recipient addresses are given
during
the SMTP protocol and aren't part of the message itself -- the
addresses you see in your mail client are the From and To entries
from
the message header. The first paragraph here explains in a little
more
detail:


http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS

[1]
[1]


Yes, sorry, I should have realised that . .


Put another way, the sender address doesn't have to match the
"From"
address visible in the mail client -- well-behaved mail clients
make
them the same, but that's a courtesy and not a requirement. The
Reply-To address is part of the message header and, again, is only
a
convention used by well-behaved clients. If you've ever been Bcc'd
on
a message, you've seen this in action -- the sender's mail client
gave
your address as a recipient but didn't put your address on the
"To"
line in the message header.


Right, so, some follow up questions: I moved the following from the
sender-blacklist to the header-blacklist:

@iskysoft.com [2]

- first in the conf file then later into a separate
header-blacklist-file with all the massaged addresses from my old
setup - but the sender above still seems to be getting through. I
thought the "@" was supposed to act like a wild card? Am I still
doing something wrong?

When I add addresses etc to blacklists etc, is there any way of
doing a test myself to see that the block is working? Using a telnet
to port 25 on my qmail server and manually pasting header lines is
not a real test is it?

Thanks,

Phil.

-- Sam Clippinger
On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users
 wrote:
Sam,
On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:
I'm not entirely sure I understand your question... if the
Reply-To
address is always the same, you should be able to block it using
the
header blacklist filter.
Ah . . OK - I will try that but doesn't that mean that:
sender-blacklist-entry
is redundant - ie:
header-blacklist-entry
should cover everything?
Thanks,
Phil.
If you're wanting to compare the Reply-To
address to the From address or the sender address, spamdyke
doesn't
have that ability.
-- Sam Clippinger
On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users
 wrote:
People,
One variety of spam that is successfully delivered to me has a
different "From:" addresses but the same "Reply-To:" address - I
can't see a way of blocking these mails in the conf file via the
"Reply-To:" address - is it possible?
Thanks,
Phil.
--
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

 --
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Links:
--
[1]
http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-10-02 Thread Philip Rhoades via spamdyke-users


Sam,


On 2015-10-02 23:47, Sam Clippinger via spamdyke-users wrote:

I guess so, but remember the wildcarding uses globbing, not regexes.
What I mean is: using "?*" is equivalent to just "*".



Right.



Also, the line
has to contain at least one colon or spamdyke won't use it (message
headers always use a colon to separate the field name from the value).



Yep.



Why not just use multiple entries in the file? If either one matches,
the message will be blocked and it'd be easier to understand:
 From: *@skysoft.com [1]
 Reply-To: *@skysoft.com [1]



Doubling the number of lines offends my sensibilities . . this works:

  [FR][re][op][ml]*:*iskysoft.com*

Also, sorting this issue out forced me to sort out the rDNS problem for 
my main web server - so thanks for that too!


Regards,

Phil.



-- Sam Clippinger

On Oct 2, 2015, at 4:34 AM, Philip Rhoades via spamdyke-users
 wrote:


On 2015-10-02 15:42, Philip Rhoades via spamdyke-users wrote:
Sam,
On 2015-09-26 01:12, Sam Clippinger via spamdyke-users wrote:
The header blacklist file has a different format from the sender
blacklist file, so just copying entries from one to the other won't
work. You need to provide a pattern that matches the line(s) in the
message header -- in your mail client, you should have an option to
"view message source" or "view raw headers" that will show you what
it
looks like. In this specific case, you probably want this:
Reply-To: *@skysoft.com [1] [3]*
The format is case insensitive and uses globbing for wildcards, so *
will match multiple characters and [] will match a set or range of
characters, just like the bash command prompt. The filter will
ignore
any lines in the file that don't contain a colon. Full details here:
http://www.spamdyke.org/documentation/README.html#HEADERS [2] [4]
So if I wanted to block the same address for both From: and
Reply-To:
I could use:
[fr][re][op][ml].*@skysoft.com [1]


 [fr][re][op][ml]?*@skysoft.com [1]

so "*" doesn't repeat only "[ml]" ?


?
Thanks,
Phil.
For testing, you certainly can use telnet -- I do it all the time.
Just make sure the host you telnet from isn't blocked or whitelisted
for some other reason (most folks whitelist localhost, for example).
-- Sam Clippinger
On Sep 25, 2015, at 1:31 AM, Philip Rhoades via spamdyke-users
 wrote:
Sam,
On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote:
Actually, no. The sender-blacklist-* and recipient-blacklist-*
filters
operate on different data from the header-blacklist-* filters. The
reason is because the sender and recipient addresses are given
during
the SMTP protocol and aren't part of the message itself -- the
addresses you see in your mail client are the From and To entries
from
the message header. The first paragraph here explains in a little
more
detail:
http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
[3]
[1]
[1]
Yes, sorry, I should have realised that . .
Put another way, the sender address doesn't have to match the
"From"
address visible in the mail client -- well-behaved mail clients
make
them the same, but that's a courtesy and not a requirement. The
Reply-To address is part of the message header and, again, is only
a
convention used by well-behaved clients. If you've ever been Bcc'd
on
a message, you've seen this in action -- the sender's mail client
gave
your address as a recipient but didn't put your address on the
"To"
line in the message header.
Right, so, some follow up questions: I moved the following from the
sender-blacklist to the header-blacklist:
@iskysoft.com [2]
- first in the conf file then later into a separate
header-blacklist-file with all the massaged addresses from my old
setup - but the sender above still seems to be getting through. I
thought the "@" was supposed to act like a wild card? Am I still
doing something wrong?
When I add addresses etc to blacklists etc, is there any way of
doing a test myself to see that the block is working? Using a telnet
to port 25 on my qmail server and manually pasting header lines is
not a real test is it?
Thanks,
Phil.
-- Sam Clippinger
On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users
 wrote:
Sam,
On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:
I'm not entirely sure I understand your question... if the
Reply-To
address is always the same, you should be able to block it using
the
header blacklist filter.
Ah . . OK - I will try that but doesn't that mean that:
sender-blacklist-entry
is redundant - ie:
header-blacklist-entry
should cover everything?
Thanks,
Phil.
If you're wanting to compare the Reply-To
address to the From address or the sender address, spamdyke
doesn't
have that ability.
-- Sam Clippinger
On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users
 wrote:
People,
One variety of spam that is successfully delivered to me has a
different "From:" addresses but the same "Reply-To:"

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-10-01 Thread Philip Rhoades via spamdyke-users


Sam,


On 2015-09-26 01:12, Sam Clippinger via spamdyke-users wrote:

The header blacklist file has a different format from the sender
blacklist file, so just copying entries from one to the other won't
work. You need to provide a pattern that matches the line(s) in the
message header -- in your mail client, you should have an option to
"view message source" or "view raw headers" that will show you what it
looks like. In this specific case, you probably want this:
 Reply-To: *@skysoft.com [3]*

The format is case insensitive and uses globbing for wildcards, so *
will match multiple characters and [] will match a set or range of
characters, just like the bash command prompt. The filter will ignore
any lines in the file that don't contain a colon. Full details here:
 http://www.spamdyke.org/documentation/README.html#HEADERS [4]



So if I wanted to block the same address for both From: and Reply-To: I 
could use:


  [fr][re][op][ml].*@skysoft.com

?

Thanks,

Phil.



For testing, you certainly can use telnet -- I do it all the time.
Just make sure the host you telnet from isn't blocked or whitelisted
for some other reason (most folks whitelist localhost, for example).

-- Sam Clippinger

On Sep 25, 2015, at 1:31 AM, Philip Rhoades via spamdyke-users
 wrote:


Sam,

On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote:


Actually, no. The sender-blacklist-* and recipient-blacklist-*
filters
operate on different data from the header-blacklist-* filters. The
reason is because the sender and recipient addresses are given
during
the SMTP protocol and aren't part of the message itself -- the
addresses you see in your mail client are the From and To entries
from
the message header. The first paragraph here explains in a little
more
detail:


http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS

[1]
[1]


Yes, sorry, I should have realised that . .


Put another way, the sender address doesn't have to match the
"From"
address visible in the mail client -- well-behaved mail clients
make
them the same, but that's a courtesy and not a requirement. The
Reply-To address is part of the message header and, again, is only
a
convention used by well-behaved clients. If you've ever been Bcc'd
on
a message, you've seen this in action -- the sender's mail client
gave
your address as a recipient but didn't put your address on the
"To"
line in the message header.


Right, so, some follow up questions: I moved the following from the
sender-blacklist to the header-blacklist:

@iskysoft.com [2]

- first in the conf file then later into a separate
header-blacklist-file with all the massaged addresses from my old
setup - but the sender above still seems to be getting through. I
thought the "@" was supposed to act like a wild card? Am I still
doing something wrong?

When I add addresses etc to blacklists etc, is there any way of
doing a test myself to see that the block is working? Using a telnet
to port 25 on my qmail server and manually pasting header lines is
not a real test is it?

Thanks,

Phil.

-- Sam Clippinger
On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users
 wrote:
Sam,
On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:
I'm not entirely sure I understand your question... if the
Reply-To
address is always the same, you should be able to block it using
the
header blacklist filter.
Ah . . OK - I will try that but doesn't that mean that:
sender-blacklist-entry
is redundant - ie:
header-blacklist-entry
should cover everything?
Thanks,
Phil.
If you're wanting to compare the Reply-To
address to the From address or the sender address, spamdyke
doesn't
have that ability.
-- Sam Clippinger
On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users
 wrote:
People,
One variety of spam that is successfully delivered to me has a
different "From:" addresses but the same "Reply-To:" address - I
can't see a way of blocking these mails in the conf file via the
"Reply-To:" address - is it possible?
Thanks,
Phil.
--
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

 --
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Links:
--
[1]
http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

--
Philip Rhoades

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-09-30 Thread Philip Rhoades via spamdyke-users


Martin,


On 2015-09-26 22:10, Martin H. Sluka via spamdyke-users wrote:

Sam wrote:


For testing, you certainly can use telnet -- I do it all the time.


Tip: You might want to have a look at Swaks (Swiss Army Knife
for SMTP, http://www.jetmore.org/john/code/swaks/).
I find it very convenient for testing and monitoring purposes,
especially if you want to perform similar tests several times.



Thanks for the reminder!  I had forgotten about swaks . .

Phil.
--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-09-26 Thread Martin H. Sluka via spamdyke-users

Sam wrote:

> For testing, you certainly can use telnet -- I do it all the time.

Tip: You might want to have a look at Swaks (Swiss Army Knife
for SMTP, http://www.jetmore.org/john/code/swaks/).
I find it very convenient for testing and monitoring purposes,
especially if you want to perform similar tests several times.

Regards
Martin

-- 
___ _
Martin H. Sluka  \ mailto:mar...@sluka.de /   ASCII ribbon ( )
Breite Straße 3   \ tel +49-700-19751024 /  campaign - against  X
D-90552 Röthenbach \-- http://unf.ug ---/  HTML email & vcards / \

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-09-25 Thread Sam Clippinger via spamdyke-users

The header blacklist file has a different format from the sender blacklist 
file, so just copying entries from one to the other won't work.  You need to 
provide a pattern that matches the line(s) in the message header -- in your 
mail client, you should have an option to "view message source" or "view raw 
headers" that will show you what it looks like.  In this specific case, you 
probably want this:
Reply-To: *@skysoft.com*
The format is case insensitive and uses globbing for wildcards, so * will match 
multiple characters and [] will match a set or range of characters, just like 
the bash command prompt.  The filter will ignore any lines in the file that 
don't contain a colon.  Full details here:
http://www.spamdyke.org/documentation/README.html#HEADERS

For testing, you certainly can use telnet -- I do it all the time.  Just make 
sure the host you telnet from isn't blocked or whitelisted for some other 
reason (most folks whitelist localhost, for example).

-- Sam Clippinger




On Sep 25, 2015, at 1:31 AM, Philip Rhoades via spamdyke-users 
 wrote:

> Sam,
> 
> 
> On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote:
>> Actually, no. The sender-blacklist-* and recipient-blacklist-* filters
>> operate on different data from the header-blacklist-* filters. The
>> reason is because the sender and recipient addresses are given during
>> the SMTP protocol and aren't part of the message itself -- the
>> addresses you see in your mail client are the From and To entries from
>> the message header. The first paragraph here explains in a little more
>> detail:
>> http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
>> [1]
> 
> 
> Yes, sorry, I should have realised that . .
> 
> 
>> Put another way, the sender address doesn't have to match the "From"
>> address visible in the mail client -- well-behaved mail clients make
>> them the same, but that's a courtesy and not a requirement. The
>> Reply-To address is part of the message header and, again, is only a
>> convention used by well-behaved clients. If you've ever been Bcc'd on
>> a message, you've seen this in action -- the sender's mail client gave
>> your address as a recipient but didn't put your address on the "To"
>> line in the message header.
> 
> 
> Right, so, some follow up questions:  I moved the following from the 
> sender-blacklist to the header-blacklist:
> 
>  @iskysoft.com
> 
> - first in the conf file then later into a separate header-blacklist-file 
> with all the massaged addresses from my old setup - but the sender above 
> still seems to be getting through.  I thought the "@" was supposed to act 
> like a wild card?  Am I still doing something wrong?
> 
> When I add addresses etc to blacklists etc, is there any way of doing a test 
> myself to see that the block is working?  Using a telnet to port 25 on my 
> qmail server and manually pasting header lines is not a real test is it?
> 
> Thanks,
> 
> Phil.
> 
> 
>> -- Sam Clippinger
>> On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users
>>  wrote:
>>> Sam,
>>> On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:
 I'm not entirely sure I understand your question... if the
 Reply-To
 address is always the same, you should be able to block it using
 the
 header blacklist filter.
>>> Ah . . OK - I will try that but doesn't that mean that:
>>> sender-blacklist-entry
>>> is redundant - ie:
>>> header-blacklist-entry
>>> should cover everything?
>>> Thanks,
>>> Phil.
 If you're wanting to compare the Reply-To
 address to the From address or the sender address, spamdyke
 doesn't
 have that ability.
>>> -- Sam Clippinger
>>> On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users
>>>  wrote:
>>> People,
>>> One variety of spam that is successfully delivered to me has a
>>> different "From:" addresses but the same "Reply-To:" address - I
>>> can't see a way of blocking these mails in the conf file via the
>>> "Reply-To:" address - is it possible?
>>> Thanks,
>>> Phil.
>>> --
>>> Philip Rhoades
>>> PO Box 896
>>> Cowra NSW 2794
>>> Australia
>>> E-mail: p...@pricom.com.au
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>> --
>> Philip Rhoades
>> PO Box 896
>> Cowra NSW 2794
>> Australia
>> E-mail: p...@pricom.com.au
>> ___
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>> Links:
>> --
>> [1] http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
>>

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-09-25 Thread Philip Rhoades via spamdyke-users


Sam,


On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote:

Actually, no. The sender-blacklist-* and recipient-blacklist-* filters
operate on different data from the header-blacklist-* filters. The
reason is because the sender and recipient addresses are given during
the SMTP protocol and aren't part of the message itself -- the
addresses you see in your mail client are the From and To entries from
the message header. The first paragraph here explains in a little more
detail:
 http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
[1]



Yes, sorry, I should have realised that . .



Put another way, the sender address doesn't have to match the "From"
address visible in the mail client -- well-behaved mail clients make
them the same, but that's a courtesy and not a requirement. The
Reply-To address is part of the message header and, again, is only a
convention used by well-behaved clients. If you've ever been Bcc'd on
a message, you've seen this in action -- the sender's mail client gave
your address as a recipient but didn't put your address on the "To"
line in the message header.



Right, so, some follow up questions:  I moved the following from the 
sender-blacklist to the header-blacklist:


  @iskysoft.com

- first in the conf file then later into a separate 
header-blacklist-file with all the massaged addresses from my old setup 
- but the sender above still seems to be getting through.  I thought the 
"@" was supposed to act like a wild card?  Am I still doing something 
wrong?


When I add addresses etc to blacklists etc, is there any way of doing a 
test myself to see that the block is working?  Using a telnet to port 25 
on my qmail server and manually pasting header lines is not a real test 
is it?


Thanks,

Phil.



-- Sam Clippinger

On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users
 wrote:


Sam,

On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:


I'm not entirely sure I understand your question... if the
Reply-To
address is always the same, you should be able to block it using
the
header blacklist filter.


Ah . . OK - I will try that but doesn't that mean that:

sender-blacklist-entry

is redundant - ie:

header-blacklist-entry

should cover everything?

Thanks,

Phil.


If you're wanting to compare the Reply-To
address to the From address or the sender address, spamdyke
doesn't
have that ability.


-- Sam Clippinger
On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users
 wrote:
People,
One variety of spam that is successfully delivered to me has a
different "From:" addresses but the same "Reply-To:" address - I
can't see a way of blocking these mails in the conf file via the
"Reply-To:" address - is it possible?
Thanks,
Phil.
--
Philip Rhoades
PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users


--
Philip Rhoades

PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users



Links:
--
[1] http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users


--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-09-14 Thread Sam Clippinger via spamdyke-users

Actually, no.  The sender-blacklist-* and recipient-blacklist-* filters operate 
on different data from the header-blacklist-* filters.  The reason is because 
the sender and recipient addresses are given during the SMTP protocol and 
aren't part of the message itself -- the addresses you see in your mail client 
are the From and To entries from the message header.  The first paragraph here 
explains in a little more detail:
http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS

Put another way, the sender address doesn't have to match the "From" address 
visible in the mail client -- well-behaved mail clients make them the same, but 
that's a courtesy and not a requirement.  The Reply-To address is part of the 
message header and, again, is only a convention used by well-behaved clients.  
If you've ever been Bcc'd on a message, you've seen this in action -- the 
sender's mail client gave your address as a recipient but didn't put your 
address on the "To" line in the message header.

-- Sam Clippinger

On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users 
 wrote:

> Sam,
> 
> 
> On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:
>> I'm not entirely sure I understand your question... if the Reply-To
>> address is always the same, you should be able to block it using the
>> header blacklist filter.
> 
> 
> Ah . . OK - I will try that but doesn't that mean that:
> 
>  sender-blacklist-entry
> 
> is redundant - ie:
> 
>  header-blacklist-entry
> 
> should cover everything?
> 
> Thanks,
> 
> Phil.
> 
> 
>> If you're wanting to compare the Reply-To
>> address to the From address or the sender address, spamdyke doesn't
>> have that ability.
> 
> 
>> -- Sam Clippinger
>> On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users
>>  wrote:
>>> People,
>>> One variety of spam that is successfully delivered to me has a
>>> different "From:" addresses but the same "Reply-To:" address - I
>>> can't see a way of blocking these mails in the conf file via the
>>> "Reply-To:" address - is it possible?
>>> Thanks,
>>> Phil.
>>> --
>>> Philip Rhoades
>>> PO Box 896
>>> Cowra NSW 2794
>>> Australia
>>> E-mail: p...@pricom.com.au
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>> ___
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> 
> -- 
> Philip Rhoades
> 
> PO Box 896
> Cowra  NSW  2794
> Australia
> E-mail:  p...@pricom.com.au
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-09-13 Thread Philip Rhoades via spamdyke-users


Sam,


On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:

I'm not entirely sure I understand your question... if the Reply-To
address is always the same, you should be able to block it using the
header blacklist filter.



Ah . . OK - I will try that but doesn't that mean that:

  sender-blacklist-entry

is redundant - ie:

  header-blacklist-entry

should cover everything?

Thanks,

Phil.



If you're wanting to compare the Reply-To
address to the From address or the sender address, spamdyke doesn't
have that ability.




-- Sam Clippinger

On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users
 wrote:


People,

One variety of spam that is successfully delivered to me has a
different "From:" addresses but the same "Reply-To:" address - I
can't see a way of blocking these mails in the conf file via the
"Reply-To:" address - is it possible?

Thanks,

Phil.
--
Philip Rhoades

PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users



___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users


--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Blocking "Reply-To:" addresses

2015-09-13 Thread Sam Clippinger via spamdyke-users

I'm not entirely sure I understand your question... if the Reply-To address is 
always the same, you should be able to block it using the header blacklist 
filter.  If you're wanting to compare the Reply-To address to the From address 
or the sender address, spamdyke doesn't have that ability.

-- Sam Clippinger

On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users 
 wrote:

> People,
> 
> One variety of spam that is successfully delivered to me has a different 
> "From:" addresses but the same "Reply-To:" address - I can't see a way of 
> blocking these mails in the conf file via the "Reply-To:" address - is it 
> possible?
> 
> Thanks,
> 
> Phil.
> -- 
> Philip Rhoades
> 
> PO Box 896
> Cowra  NSW  2794
> Australia
> E-mail:  p...@pricom.com.au
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

Re: [spamdyke-users] Blocking "Reply-To:" addresses

13 matches

Site Navigation

Mail list logo

Footer information