On Tue, Sep 18, 2007 at 10:30:45AM -0400, Juan Miscaro wrote:
> { This is a resend. No replies after 24 hours }
>
> Running OBSD 4.0 here.
>
> I was under the impression that spamd only did greylisting and dynamic
> whitelisting. Static blacklisting available via spamd-setup (and
> pseudo-whitelisting; of some of those blacklisted hosts).
>
> But not dynamic blacklisting.
It can also blacklist for 24 hours for spamtrap addresses.
> I occasionally get log messages like:
>
> spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> ->
> <[EMAIL PROTECTED]>
>
> I searched my spamdb table (static blacklist) and the IP address above
> is not in there.
>
> What am I missing?
You are missing a lot of detective work on your end, for starters.
That IP address certainly isn't Microsoft. It's probably sent spam under
different domains as well. It could have been in a blacklist via
spamd-setup, or one of your own spamtraps (if you're using them), or ...
Search your spamd logs for that IP and you should see the
connect/disconnect lines that may show "lists: xxx" where "xxx" will be
the list that it's on. If you are keeping logs long enough, or if you
catch this quick enough, you can also see the initial interaction.
--
Darrin Chandler | Phoenix BSD User Group | MetaBUG
[EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/
http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
