I don't understand how you have your jails configured -- is qmail in a
different jail from spamdyke? I'm just wondering, if the message is
originating locally, why does spamdyke see the origin IP as 10.0.1.15 instead
of 127.0.0.1? And where is the message really coming from -- maybe a rogue
process or a compromised PHP script is generating them?
Do you have 10.0.1.15 whitelisted because it's the local IP? Or is it
configured in your /etc/tcp.smtp as a relay client? Either setting would cause
spamdyke to allow these messages.
-- Sam Clippinger
On Nov 8, 2016, at 10:53 PM, BC via spamdyke-users
> Well, I have spamdyke-qrv installed and turned on in spamdyke.conf, but am
> still getting stuff like this (maillog):
> Nov 8 21:48:51 33a45916-5b78-11e6-a0e5-0cc47a6975be spamdyke: ALLOWED
> from: filenkokir...@shopon.net to: sergushk...@bk.ru origin_ip: 10.0.1.15
> origin_rdns: (unknown) auth: (unknown) encryption: (none) reason:
> so someone is trying to use my system as a relay, right?
> with the resulting MAILER-DAEMON bounce. The 10.0.1.15 is the IP of the jail
> that qmail runs in.
> Any other thoughts?
> On 11/7/2016 9:13 AM, Gary Gendel via spamdyke-users wrote:
>> This doesn't look like it's email originating from your system. Instead, it
>> looks like spamdyke has accepted the message and then qmail is doing the
>> rejection. My guess is that it passes through spamdyke with an invalid
>> destination user. Qmail then tries to reject it.
>> You can avoid this by adding invalid user checks in spamdyke so it doesn't
>> reach qmail by setting "recipient-validation-command=<program>" (I use
>> spamdyke-qrv) and "reject-recipient=invalid".
> spamdyke-users mailing list
spamdyke-users mailing list