People,

I thought of starting a new thread but the question relates to this discussion so I thought I would revive it - see inline comments:



On 2015-06-21 04:57, Philip Rhoades via spamdyke-users wrote:
Sam,


On 2015-06-21 03:12, Sam Clippinger via spamdyke-users wrote:
Regex support is on the (rather lengthy) to-do list, but frankly it's
not a very high priority -- there's a lot of low-hanging fruit that
would be of much more benefit right now. Plus, since I'm not one of
the 10 people in the world who completely understands regexes, I doubt
I would actually use them myself; I'd rather add globbing support,
which I do understand. :)


OK, no worries - SD is going well so far so I may not need some of the
mechanisms that I used in my own setup - we'll see how things go.


spamdyke's header filter runs at connection time, as all of its
filters do. If a header line matches a blacklisted pattern, the entire
message is rejected (the sending server receives an error code, qmail
never sees the message).


Right - thanks for the clarification.


One annoying spammer continues to get their mail through but I don't understand why - my header-blacklist-file includes these two lines in it:

  [FR][re][op][ml]*:*brewster.com*
  [FR][re][op][ml]*:*nice.com*

but the first one works and the second one doesn't!:

/var/log/maillog-20151230:Dec 29 17:08:43 prix spamdyke[15684]: DENIED_HEADER_BLACKLISTED from: smartdel...@brewster.com to: p...@pricom.com.au origin_ip: 23.253.183.234 origin_rdns: mail-183-234.mailgun.info auth: (unknown) encryption: (none) reason: /usr/local/bin/srejector2/spamdyke_blacklist_header.txt:11

/var/log/maillog-20151230:Dec 29 17:08:00 prix spamdyke[15609]: ALLOWED from: support.a...@nice.com to: mailer-dae...@pricom.com.au origin_ip: 192.114.148.4 origin_rdns: mailil.nice.com auth: (unknown) encryption: (none) reason: 250_ok_1451369280_qp_15628

I have even saved the file in vim a couple of times and restarted qmail a couple of times but no change in the behaviour - what could the explanation be?

Thanks,

Phil.


On Jun 19, 2015, at 9:09 PM, Philip Rhoades via spamdyke-users
<spamdyke-users@spamdyke.org> wrote:

Sam,

See inline comments:

On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote:

You're correct spamdyke does not support regexes for any of its
options, but you can use a wildcard in a sender or recipient
white/blacklist file to match entire domains by prefixing the line
with an @ symbol. For example:
@example.com [1] [1]

Yep, saw that - is it possible to support regexes in the future?

Full documentation here:


http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS
[2]
[2]
BUT! Be careful -- the "To" and "From" lines in the message header
are
not the same as the "sender" and "recipient". The sender and
recipient
are part of SMTP, the To and From lines are part of the message
data
and are completely unrelated. Think of it this way: when a letter
is
sent through the post office, the name on the outside of the
envelope
tells the postman which mailbox gets the envelope (or where to
send it
back to) but top of the letter inside may have a completely
unrelated
letterhead and salutation. Whenever spamdyke's
options/documentation
refer to a "sender" or a "recipient", it means the name on the
outside
of the envelope. The user never sees those values in their mail
client
unless the sender chooses to use those values in the To and From
fields. Spammers typically fake all sender/recipient/To/From
fields,
but other software does too for perfectly legitimate reasons (e.g.
mailing lists, autoresponders).

Right.

If you want to block based on the To
and From lines the user sees in their mail client, you should look
at
spamdyke's header blacklist filter:
http://www.spamdyke.org/documentation/README.html#HEADERS [3] [3]

In that case the mail has already been accepted? When I was using
the qmail-qfilter+Ruby script method - my understanding of it at
least - was that my Ruby script could process the header and body of
the email and exit with a particular error code if the mail was bad
and this would terminate the SMTP negotiation with that error
message (eg drop the mail silently). So in this case I was able to
look at all the header fields as well as the mail body and do
whatever I wanted before accepting the mail.

Header filtering doesn't support regexes either, but it does use
"globbing" to allow more wildcard options.

Right.

Thanks,

Phil.

On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users
<spamdyke-users@spamdyke.org> wrote:
People,
As well as using GreyLite I have done my own thing for many years
with qmail-qfilter and a Ruby script (it started off as a Ruby
learning exercise . . ) - anyway for my white and black lists I was
able to have in the plain text files things like:
ad...@phillipsfinancial.com.au
administrator@(booksjournals.com [4](|.au)|(prix.|)pricom.com.au
[5]|qps.com.au [6])
adwords-noreply
america.com [7]
ecolife
where if any of those particular regexes appeared in the To: or
From: or whatever, they could be allowed or blocked or whatever - I
am guessing that eg the recipient-blacklist-file=FILE only allows
for full email addresses?
Thanks,
Phil.

--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  p...@pricom.com.au
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Reply via email to