Thanks Gary. That makes total sense. Unfortunately the file definitely wasn't protected in any way, so this incident is still a bit of a mystery.
On a related matter, however, am I correct in thinking that if a graylisted sender resends after the "-min" interval but fails to pass another filter (which on my systems includes DENIED_OTHER which can indicate a full mailbox or a spamassassin/clamav fail), their graylisting file will not be updated - i.,e. they could still have a 0 byte graylist file, as though they never resent? Or am I imagining that I read something like this in the docs? This isn't what happened in the incident I'm talking about - I'm just thinking in general terms. Faris. (please excuse the HTML in my reply) It's my understanding (which may be faulty) that spamdyke always creates a 0 byte file the first time it gets mail from the domain. When it sees another email from that domain (after the prerequisite graylist-min-secs delay) then it puts the sending server into the file and allows the mail to go through as long as mail comes from that exact server. This is why you sometimes see multiple servers listed in the graylist file. Spamdyke does clean up these files periodically (as set by graylist-max-secs) My guess is that this file was protected, preventing spamdyke from doing it's job. This could happen if someone changed the owner of the file or it's permissions. Gary
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users