I'm really sorry I haven't been able to get to spamdyke issues lately, let me see if I can catch up...
When I test the earlytalker filter by itself from the command line, it appears to work: root@patched:/usr/local/src/spamdyke-5.0.0/spamdyke# ./spamdyke --log-target stderr -linfo -e 10 ../tests/smtpdummy/smtpdummy helo me 220 smtpdummy ESMTP 250 HELO received mail from:<f...@bar.com> 250 Refused. You are not following the SMTP protocol. rcpt to:<b...@foo.com> 554 Refused. You are not following the SMTP protocol. spamdyke[4199]: DENIED_EARLYTALKER from: f...@bar.com to: b...@foo.com origin_ip: 0.0.0.0 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) quit 221 Refused. You are not following the SMTP protocol. So if your connections aren't being whitelisted, there may be a bug where the earlytalker filter is failing when combined with some other option(s). Could you send me your spamdyke configuration file so I can try to reproduce your setup and nail it down? -- Sam Clippinger On Mar 13, 2014, at 3:03 PM, Shane Bywater <sh...@apexia.ca> wrote: > Hi, > I disabled all whitelist options in spamdyke.conf and restarted > spamdyke. Confirmed no whitelist filters continued to be displayed in the > maillog file and also confirmed that only FILTER_EARLYTALKER delay: 5 was > found but still no DENIED_EARLYTALKER entries. I even checked back in > maillog files from 2012 and found the same result. It just can't be an > authenticated user from so many different IPs (100s) from such a long period > of time as my server would certainly be listed in multiple DNS blacklists > (it's currently not in any). If anyone else has the same issue I would be > curious if it has anything to do with Plesk being involved. If there are no > other recommendations maybe I'll try installing Spamdyke 5.0.0 unless anyone > has had issues using it on a Plesk 10.4.4, CentoOS 6 server. All comments > are welcomed. > > Regards, > Shane Bywater > > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 12 Mar 2014 17:28:58 -0500 > From: Sam Clippinger <s...@silence.org> > Subject: Re: [spamdyke-users] modifying way that filters are shown in > log files > To: spamdyke users <spamdyke-users@spamdyke.org> > Message-ID: <a70266f0-2742-4c3b-9820-adc66fe9f...@silence.org> > Content-Type: text/plain; charset="us-ascii" > > If the earlytalker filter actually blocks a connection, you should see a > "DENIED_EARLYTALKER" message in the log. Are you sure that connection isn't > whitelisted or authenticating? Either of those things would prevent the > earlytalker filter from actually blocking the connection. > > -- Sam Clippinger > > > > > On Mar 11, 2014, at 10:04 PM, Shane Bywater <sh...@apexia.ca> wrote: > >> Hi, >> I'm running Spamdyke 4.3.1 on a Centos 6 server. I've been >> successfully using spamdyke along with fail2ban to block IPs with the >> following characteristics: >> Missing RNDS and RDNS containing IP address. >> >> In the maillog files I see the following: >> Aug 24 04:14:42 server spamdyke[20879]: FILTER_IP_IN_CC_RDNS ip: >> 186.52.196.7 rdns: r186-52-196-7.dialup.adsl.anteldata.net.uy >> Aug 24 04:14:42 server spamdyke[20879]: DENIED_IP_IN_CC_RDNS from: >> birgitta.weh...@vll.ca to: u...@domain.com origin_ip: 186.52.196.7 >> origin_rdns: r186-52-196-7.dialup.adsl.an Aug 24 04:15:07 server >> spamdyke[23813]: FILTER_RDNS_MISSING ip: 117.207.23.39 Aug 24 04:15:07 >> server spamdyke[23813]: DENIED_RDNS_MISSING from: 73a8...@enerdeco.nl >> to: u...@domain.com origin_ip: 117.207.23.39 origin_rdns: (unknown) >> auth: (unknown) Aug 24 04:21:33 apexia spamdyke[25574]: >> FILTER_EARLYTALKER delay: 5 Aug 24 04:21:33 apexia >> /var/qmail/bin/relaylock[25582]: /var/qmail/bin/relaylock: mail from >> 101.208.35.161:51645 (not defined) >> >> My fail2ban configuration file contains: >> [Definition] >> failregex = spamdyke.+: DENIED_RDNS_MISSING from:.+origin_ip: <HOST> >> spamdyke.+: DENIED_IP_IN_CC_RDNS from:.+origin_ip: <HOST> >> spamdyke.+: FILTER_EARLYTALKER delay: 5.+from <HOST> >> <--not working ignoreregex = >> >> My issue is I now want to start banning IPs that set off the >> FILTER_EARLYTALKER filter but as there is no corresponding >> DENIED_EARLYTALKER from: x...@yyy.com to u...@domain.com origin_ip: >> 111.222.333.444 I cannot figure out the proper failregex expression to match >> the exising format for FILTER_EARLYTALKER nor do I know how to change >> spamdyke to show a familiar DENIED_EARLYTALKER ... heading in the maillog >> which I could determine the proper failregex for. If anyone can provide me >> with some suggestions that would be appreciated. >> >> Regards, >> Shane Bywater >> >> _______________________________________________ >> spamdyke-users mailing list >> spamdyke-users@spamdyke.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://www.spamdyke.org/mailman/private/spamdyke-users/attachments/20140312/af220ab8/attachment-0001.html > > > ------------------------------ > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > End of spamdyke-users Digest, Vol 82, Issue 9 > ********************************************* > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users