Re: [spamdyke-users] Vesrion 5.0.0 reject-sender=no-mx overriding based on source IP address
Hi everyone, Sam, your advice with "reject-sender=!!!" totally works! :) Thank you. -- Konstantin On 2015-04-08 16:46, Sam Clippinger via spamdyke-users wrote: I think I found the problem here. It's definitely a bug in the configuration parsing code! Options that can take multiple pre-defined values like reject-sender are cumulative -- they only add more values, they don't subtract. So when spamdyke finds "none" in the configuration directory, it adds "none" to the existing value of "no-mx". Since "none" has a value of zero, nothing happens. Trying to unset "no-mx" by using a value of "!no-mx" doesn't work either. But simply clearing the value seems to work fine. So for now, I'd suggest changing the "1" file in your configuration directory to use this line instead: reject-sender=!!! That will reset the reject-sender option to zero (none), which is what you want. I'll include a real fix for this in the next version. Still trying to find the segfault, that's a deeper rabbit hole... -- Sam Clippinger On Apr 8, 2015, at 12:35 AM, Konstantin via spamdyke-users wrote: Hi Everyone, On Apr 6, 2015, at 12:45 AM, Konstantin via spamdyke-users wrote: Hi Sam, Thank you very much for what you are doing. I'm testing spamdyke 5.0.0 now and I found spamdyke-qrv feature very useful. Sometimes it crashes, but still usable. :) I'm trying to make some exceptions for emails that comes from a certain IP subnets using config-dir=/etc/spamdyke/config.d mail spamdyke # cat /etc/spamdyke/config.d/_ip_/10/1 reject-empty-rdns=0 reject-sender=none And it doesn't seem working for me. Did I missed something? On 2015-04-07 18:06, Sam Clippinger via spamdyke-users wrote: It's hard to say without more information. From what you've shown, it looks like the reject-empty-dns and reject-sender filters should be deactivated for any connections from 10.1.x.x. But if that's not working, could you post your full config and some log messages? I'd also suggest running the config-test feature to look for problems; sometimes it's as simple as permissions on a folder. You are correct. Instead of creating MX records and resolvable PTR records for every local server I'm just trying to skip these checks when connecton comes from a certain IP addresses. My current spamdyke configuration is: --- log-level=verbose tls-certificate-file=/var/qmail/control/servercert.pem graylist-level=always graylist-dir=/var/tmp/spamdyke/graylist graylist-exception-ip-file=/etc/spamdyke/graylist-exception-ip-file graylist-exception-rdns-file=/etc/spamdyke/graylist-exception-rdns-file graylist-max-secs=3369600 graylist-min-secs=50 reject-empty-rdns reject-unresolvable-rdns reject-sender=no-mx rejection-text-recipient-same-as-sender rhs-blacklist-entry=sbl-xbl.spamhaus.org [1] greeting-delay-secs=0 max-recipients=100 connection-timeout-secs=1800 idle-timeout-secs=120 config-dir=/etc/spamdyke/config.d rdns-blacklist-file=/etc/spamdyke/rdns-keyword-blacklist-file ip-blacklist-file=/etc/spamdyke/ip-blacklist-file reject-recipient=invalid recipient-validation-command=/usr/local/bin/spamdyke-qrv --- I don't think that file/directory permissions issue happens in my case. As long as I'm seeing from excessive logs spamdyke reads the change: DEBUG(process_config_dir()@configuration.c:4469): searching for config dir at /etc/spamdyke/config.d/_ip_ DEBUG(process_config_dir()@configuration.c:4496): searching for config file or dir at /etc/spamdyke/config.d/_ip_/10/1/5/4 DEBUG(process_config_dir()@configuration.c:4496): searching for config file or dir at /etc/spamdyke/config.d/_ip_/10/1/5 DEBUG(process_config_dir()@configuration.c:4496): searching for config file or dir at /etc/spamdyke/config.d/_ip_/10/1 DEBUG(process_config_dir()@configuration.c:4509): reading configuration file: /etc/spamdyke/config.d/_ip_/10/1 EXCESSIVE(process_config_file()@configuration.c:4351): set configuration option reject-empty-rdns from file /etc/spamdyke/config.d/_ip_/10/1, line 1: 0 EXCESSIVE(process_config_file()@configuration.c:4351): set configuration option reject-sender from file /etc/spamdyke/config.d/_ip_/10/1, line 2: none I'll send you my excessive log output personally if you have a time to look at it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Vesrion 5.0.0 reject-sender=no-mx overriding based on source IP address
I think I found the problem here. It's definitely a bug in the configuration parsing code! Options that can take multiple pre-defined values like reject-sender are cumulative -- they only add more values, they don't subtract. So when spamdyke finds "none" in the configuration directory, it adds "none" to the existing value of "no-mx". Since "none" has a value of zero, nothing happens. Trying to unset "no-mx" by using a value of "!no-mx" doesn't work either. But simply clearing the value seems to work fine. So for now, I'd suggest changing the "1" file in your configuration directory to use this line instead: reject-sender=!!! That will reset the reject-sender option to zero (none), which is what you want. I'll include a real fix for this in the next version. Still trying to find the segfault, that's a deeper rabbit hole... -- Sam Clippinger On Apr 8, 2015, at 12:35 AM, Konstantin via spamdyke-users wrote: > Hi Everyone, > >> On Apr 6, 2015, at 12:45 AM, Konstantin via spamdyke-users >> wrote: >>> Hi Sam, >>> Thank you very much for what you are doing. I'm testing spamdyke >>> 5.0.0 now and I found spamdyke-qrv feature very useful. Sometimes it >>> crashes, but still usable. :) >>> I'm trying to make some exceptions for emails that comes from a >>> certain IP subnets using >>> config-dir=/etc/spamdyke/config.d >>> mail spamdyke # cat /etc/spamdyke/config.d/_ip_/10/1 >>> reject-empty-rdns=0 >>> reject-sender=none >>> And it doesn't seem working for me. Did I missed something? > > On 2015-04-07 18:06, Sam Clippinger via spamdyke-users wrote: >> It's hard to say without more information. From what you've shown, it >> looks like the reject-empty-dns and reject-sender filters should be >> deactivated for any connections from 10.1.x.x. But if that's not >> working, could you post your full config and some log messages? I'd >> also suggest running the config-test feature to look for problems; >> sometimes it's as simple as permissions on a folder. > > You are correct. Instead of creating MX records and resolvable PTR records > for every local server I'm just trying to skip these checks when connecton > comes from a certain IP addresses. > > My current spamdyke configuration is: > --- > log-level=verbose > tls-certificate-file=/var/qmail/control/servercert.pem > graylist-level=always > graylist-dir=/var/tmp/spamdyke/graylist > graylist-exception-ip-file=/etc/spamdyke/graylist-exception-ip-file > graylist-exception-rdns-file=/etc/spamdyke/graylist-exception-rdns-file > graylist-max-secs=3369600 > graylist-min-secs=50 > reject-empty-rdns > reject-unresolvable-rdns > reject-sender=no-mx > rejection-text-recipient-same-as-sender > rhs-blacklist-entry=sbl-xbl.spamhaus.org > greeting-delay-secs=0 > max-recipients=100 > connection-timeout-secs=1800 > idle-timeout-secs=120 > config-dir=/etc/spamdyke/config.d > rdns-blacklist-file=/etc/spamdyke/rdns-keyword-blacklist-file > ip-blacklist-file=/etc/spamdyke/ip-blacklist-file > reject-recipient=invalid > recipient-validation-command=/usr/local/bin/spamdyke-qrv > --- > > I don't think that file/directory permissions issue happens in my case. As > long as I'm seeing from excessive logs spamdyke reads the change: > > DEBUG(process_config_dir()@configuration.c:4469): searching for config dir at > /etc/spamdyke/config.d/_ip_ > DEBUG(process_config_dir()@configuration.c:4496): searching for config file > or dir at /etc/spamdyke/config.d/_ip_/10/1/5/4 > DEBUG(process_config_dir()@configuration.c:4496): searching for config file > or dir at /etc/spamdyke/config.d/_ip_/10/1/5 > DEBUG(process_config_dir()@configuration.c:4496): searching for config file > or dir at /etc/spamdyke/config.d/_ip_/10/1 > DEBUG(process_config_dir()@configuration.c:4509): reading configuration file: > /etc/spamdyke/config.d/_ip_/10/1 > EXCESSIVE(process_config_file()@configuration.c:4351): set configuration > option reject-empty-rdns from file /etc/spamdyke/config.d/_ip_/10/1, line 1: 0 > EXCESSIVE(process_config_file()@configuration.c:4351): set configuration > option reject-sender from file /etc/spamdyke/config.d/_ip_/10/1, line 2: none > > I'll send you my excessive log output personally if you have a time to look > at it. > > -- > BR, > Konstantin > ___ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Vesrion 5.0.0 reject-sender=no-mx overriding based on source IP address
Hi Everyone, On Apr 6, 2015, at 12:45 AM, Konstantin via spamdyke-users wrote: Hi Sam, Thank you very much for what you are doing. I'm testing spamdyke 5.0.0 now and I found spamdyke-qrv feature very useful. Sometimes it crashes, but still usable. :) I'm trying to make some exceptions for emails that comes from a certain IP subnets using config-dir=/etc/spamdyke/config.d mail spamdyke # cat /etc/spamdyke/config.d/_ip_/10/1 reject-empty-rdns=0 reject-sender=none And it doesn't seem working for me. Did I missed something? On 2015-04-07 18:06, Sam Clippinger via spamdyke-users wrote: It's hard to say without more information. From what you've shown, it looks like the reject-empty-dns and reject-sender filters should be deactivated for any connections from 10.1.x.x. But if that's not working, could you post your full config and some log messages? I'd also suggest running the config-test feature to look for problems; sometimes it's as simple as permissions on a folder. You are correct. Instead of creating MX records and resolvable PTR records for every local server I'm just trying to skip these checks when connecton comes from a certain IP addresses. My current spamdyke configuration is: --- log-level=verbose tls-certificate-file=/var/qmail/control/servercert.pem graylist-level=always graylist-dir=/var/tmp/spamdyke/graylist graylist-exception-ip-file=/etc/spamdyke/graylist-exception-ip-file graylist-exception-rdns-file=/etc/spamdyke/graylist-exception-rdns-file graylist-max-secs=3369600 graylist-min-secs=50 reject-empty-rdns reject-unresolvable-rdns reject-sender=no-mx rejection-text-recipient-same-as-sender rhs-blacklist-entry=sbl-xbl.spamhaus.org greeting-delay-secs=0 max-recipients=100 connection-timeout-secs=1800 idle-timeout-secs=120 config-dir=/etc/spamdyke/config.d rdns-blacklist-file=/etc/spamdyke/rdns-keyword-blacklist-file ip-blacklist-file=/etc/spamdyke/ip-blacklist-file reject-recipient=invalid recipient-validation-command=/usr/local/bin/spamdyke-qrv --- I don't think that file/directory permissions issue happens in my case. As long as I'm seeing from excessive logs spamdyke reads the change: DEBUG(process_config_dir()@configuration.c:4469): searching for config dir at /etc/spamdyke/config.d/_ip_ DEBUG(process_config_dir()@configuration.c:4496): searching for config file or dir at /etc/spamdyke/config.d/_ip_/10/1/5/4 DEBUG(process_config_dir()@configuration.c:4496): searching for config file or dir at /etc/spamdyke/config.d/_ip_/10/1/5 DEBUG(process_config_dir()@configuration.c:4496): searching for config file or dir at /etc/spamdyke/config.d/_ip_/10/1 DEBUG(process_config_dir()@configuration.c:4509): reading configuration file: /etc/spamdyke/config.d/_ip_/10/1 EXCESSIVE(process_config_file()@configuration.c:4351): set configuration option reject-empty-rdns from file /etc/spamdyke/config.d/_ip_/10/1, line 1: 0 EXCESSIVE(process_config_file()@configuration.c:4351): set configuration option reject-sender from file /etc/spamdyke/config.d/_ip_/10/1, line 2: none I'll send you my excessive log output personally if you have a time to look at it. -- BR, Konstantin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Vesrion 5.0.0 reject-sender=no-mx overriding based on source IP address
It's hard to say without more information. From what you've shown, it looks like the reject-empty-dns and reject-sender filters should be deactivated for any connections from 10.1.x.x. But if that's not working, could you post your full config and some log messages? I'd also suggest running the config-test feature to look for problems; sometimes it's as simple as permissions on a folder. -- Sam Clippinger On Apr 6, 2015, at 12:45 AM, Konstantin via spamdyke-users wrote: > Hi Sam, > > Thank you very much for what you are doing. I'm testing spamdyke 5.0.0 now > and I found spamdyke-qrv feature very useful. Sometimes it crashes, but still > usable. :) > > I'm trying to make some exceptions for emails that comes from a certain IP > subnets using > config-dir=/etc/spamdyke/config.d > > mail spamdyke # cat /etc/spamdyke/config.d/_ip_/10/1 > reject-empty-rdns=0 > reject-sender=none > > And it doesn't seem working for me. Did I missed something? > > -- > BR, > Konstantin > ___ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users