Op Sat, 04 Feb 2017 10:03:02 +0100 schreef Clint Pachl
<[email protected]>:
Can someone explain how the spammer at 81.7.16.33 got white listed by
spamd and delivered 3 spam emails to me? What exactly triggered the
white listing?
I may not understand spamd's behavior, but according to the spamd log
below, the spammer attempted only 5 deliveries via spamd, each with a
different envelope-from address. Correct?
At 17:12 there is a 6th connection. Presumably this is a re-try of one of
the existing grey entries.
With -v you would have seen something like:
Feb 3 17:12:29 zeus spamd[34374]: (GREY) 81.7.16.33:
<[email protected]> -> <[email protected]>
/B
If so, shouldn't white listing be considered only if, during passtime,
the retries from a GREY host contain the same envelope-from and
envelope-to? Legitimate mail would be resent with the same
envelope-from/-to, but spammers (this one in particular) often do not.
Ensuring consistent envelope addresses may be a way to stop more spam.
No?
# passtime set short as I'm currently experimenting
$ rcctl get spamd | grep flags
spamd_flags=-G 1:10:1080
$ fgrep 81.7.16.33 /var/log/spamd
Feb 3 16:58:27 zeus spamd[34374]: 81.7.16.33: connected (3/1)
Feb 3 17:00:05 zeus spamd[21625]: new entry 81.7.16.33 from
<[email protected]> to <[email protected]>, helo minyu1esc.com
Feb 3 17:00:10 zeus spamd[34374]: 81.7.16.33: disconnected after 103
seconds.
Feb 3 17:06:50 zeus spamd[34374]: 81.7.16.33: connected (3/2)
Feb 3 17:07:10 zeus spamd[21625]: new entry 81.7.16.33 from
<[email protected]> to <[email protected]>, helo minyu1esc.com
Feb 3 17:07:10 zeus spamd[34374]: 81.7.16.33: disconnected after 20
seconds.
Feb 3 17:07:47 zeus spamd[34374]: 81.7.16.33: connected (3/2)
Feb 3 17:08:00 zeus spamd[21625]: new entry 81.7.16.33 from
<[email protected]> to <[email protected]>, helo minyu1esc.com
Feb 3 17:08:02 zeus spamd[34374]: 81.7.16.33: disconnected after 15
seconds.
Feb 3 17:08:28 zeus spamd[34374]: 81.7.16.33: connected (4/3)
Feb 3 17:08:41 zeus spamd[21625]: new entry 81.7.16.33 from
<[email protected]> to <[email protected]>, helo minyu1esc.com
Feb 3 17:08:41 zeus spamd[34374]: 81.7.16.33: disconnected after 13
seconds.
Feb 3 17:10:22 zeus spamd[34374]: 81.7.16.33: connected (4/3)
Feb 3 17:10:39 zeus spamd[21625]: new entry 81.7.16.33 from
<[email protected]> to <[email protected]>, helo minyu1esc.com
Feb 3 17:10:39 zeus spamd[34374]: 81.7.16.33: disconnected after 17
seconds.
Feb 3 17:12:13 zeus spamd[34374]: 81.7.16.33: connected (5/4)
Feb 3 17:12:29 zeus spamd[34374]: 81.7.16.33: disconnected after 16
seconds.
Feb 3 17:12:50 zeus spamd[17428]: queueing add of 81.7.16.33
Feb 3 17:12:50 zeus spamd[17428]: whitelisting 81.7.16.33 in
/var/db/spamd
--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
