Re: [spamdyke-users] Cannot block sender with header-blacklist-entry or sender-blacklist-entry

Thu, 24 Mar 2016 18:21:52 -0700 

Assuming the "ALLOWED" log message you provided is accurate, it looks like the 
problem is authentication -- all filters are disabled after authentication 
succeeds.  Your log message shows the same username in both the "from" and 
"auth" fields, which makes me suspect either the user's password has been 
compromised or the user's PC has been infected with malware.

I'd suggest changing the account password so authentication will fail -- 
spamdyke's filters should work fine after that.

-- Sam Clippinger




On Mar 23, 2016, at 5:00 AM, Stephen Provis via spamdyke-users 
<spamdyke-users@spamdyke.org> wrote:

> Hi, I'm having trouble blacklisting specific sending email addresses and 
> would appreciate some advice please. I am using Spamdyke 5.0.1 on Ubuntu 
> 10.04 and qmail.
> 
> I have tried all of the following rules to block email from a specific email 
> (for security lets say the email address is j...@smith.fake) but each time 
> Spamdyke allows the emails through.
> 
> My config file looks like this:
> 
> header-blacklist-entry=From: *<*smith.fake>*
> header-blacklist-entry=from:*smith.fake*
> header-blacklist-entry=From:*j...@smith.fake*
> 
> sender-blacklist-entry=@smith.fake
> sender-blacklist-entry=j...@smith.fake
> 
> #sender-blacklist-file=/tmp/spamdyke.txt
> 
> dns-server-ip=208.67.222.222:53
> log-level=excessive
> max-recipients=5
> idle-timeout-secs=300
> reject-empty-rdns
> reject-unresolvable-rdns
> reject-ip-in-cc-rdns
> reject-sender=no-mx
> dns-blacklist-entry=b.barracudacentral.org
> dns-blacklist-entry=zen.spamhaus.org
> rhs-blacklist-entry=fresh.spameatingmonkey.com
> 
> 
> ################################################################################
> # SET THE FILENAME BELOW AND ENABLE BOTH OF THESE OPTIONS
> ################################################################################
> # Controls the way spamdyke offers and supports TLS or SMTPS.
> tls-level=smtp
> 
> # Read SSL certificate from FILE.
> tls-certificate-file=/var/qmail/control/servercert.pem
> 
> And the syslog reports the following:
> 
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: 
> from=j...@smith.fake
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: 
> to=some...@somewhere.fake
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: hook_dir = 
> '/opt/psa/handlers/before-queue'
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: recipient[3] = 
> 'some...@somewhere.fake'
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: handlers dir = 
> '/opt/psa/handlers/before-queue/recipient/some...@somewhere.fake'
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: starter: 
> submitter[6899] exited normally
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail: 1458726477.792849 new msg 32933026
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail: 1458726477.792929 info msg 32933026: 
> bytes 1269 from <j...@smith.fake> qp 6899 uid 2020
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx spamdyke[6822]: ALLOWED from: 
> j...@smith.fake to: some...@somewhere.fake origin_ip: xxx.xxx.xxx.xxx 
> origin_rdns: xxxx.xxxxxxx.net auth: j...@smith.fake encryption: TLS reason: 
> 250_ok_1458726477_qp_6890
> 
> Any assistance would be greatly appreciated.
> 
> Regards,
> Stephen
> 
> 
> 
> Stephen Provis
> Website Developer
> Stephen Provis and Co
> 
> t: 07922 195703
> w: www.stephenprovis.com
> _______________________________________________
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users


_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Reply via email to