Hi there
I have a toaster that hosts a domain that receives email regularly
from another. The client noticed that they were not getting the emails
anymore. Below are the log samples:
simscan:[28419]:VIRUS:
1.0962s:Phishing.Heuristics.Email.SpoofedDomain:xxx.xxx.xxx.xxx:[email protected]
:[email protected]:
qmail-smtpd: qq hard reject (Your email was rejected because it
contains the Phishing.Heuristics.Email.SpoofedDomain virus): MAILFROM:<[email protected]
> RCPTTO:[email protected]
They have assured me 100% that they still want to get this kind of
email from this user.
When it comes to this kind of blocking - what is the best way to allow
it through?
I have included some verbose output below as to my system config (in
case it is needed - ignore below if not needed).
(((((((((( System Info ))))))))))
# qtp-whatami
qtp-whatami v0.3.2
DISTRO=CentOS
OSVER=5.3
QTARCH=i686
QTKERN=2.6.18-128.1.6.el5
BUILD_DIST=cnt50
BUILD_DIR=/usr/src/redhat
This machine's OS is supported, but this version/arch has not been
tested.
----------
# rpm -qa | grep toaster | sort
autorespond-toaster-2.0.4-1.3.4
clamav-toaster-0.95.0-1.3.26
control-panel-toaster-0.5-1.3.5
courier-authlib-toaster-0.59.2-1.3.7
courier-imap-toaster-4.1.2-1.3.8
daemontools-toaster-0.76-1.3.4
ezmlm-cgi-toaster-0.53.324-1.3.4
ezmlm-toaster-0.53.324-1.3.4
isoqlog-toaster-2.1-1.3.5
libdomainkeys-toaster-0.68-1.3.4
libsrs2-toaster-1.0.18-1.3.4
maildrop-toaster-2.0.3-1.3.6
maildrop-toaster-devel-2.0.3-1.3.6
qmailadmin-toaster-1.2.11-1.3.5
qmailmrtg-toaster-4.2-1.3.4
qmail-pop3d-toaster-1.03-1.3.16
qmail-toaster-1.03-1.3.16
qmailtoaster-plus-0.3.1-1.4.9
qmailtoaster-plus.repo-0.1-1
ripmime-toaster-1.4.0.6-1.3.4
send-emails-toaster-0.5-1.3.5
simscan-toaster-1.3.1-1.3.7
spamassassin-toaster-3.2.5-1.3.15
squirrelmail-toaster-1.4.17-1.3.12
ucspi-tcp-toaster-0.88-1.3.6
vpopmail-toaster-5.4.17-1.3.5
vqadmin-toaster-2.3.4-1.3.4
----------
# spamdyke -v
spamdyke 3.1.8+TLS
----------
# cat /etc/spamdyke/spamdyke.conf | grep -v "#"
check-dnsrbl=zen.spamhaus.org
check-dnsrbl=bl.spamcop.net
check-dnsrbl=list.dsbl.org
graylist-dir=/var/spamdyke/graylist
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-file=/etc/spamdyke/blacklist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
local-domains-file=/var/qmail/control/rcpthosts
log-level=2
log-target=0
max-recipients=5
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
reject-missing-sender-mx
sender-blacklist-file=/etc/spamdyke/blacklist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
----------
# cat /var/qmail/supervise/smtp/run | grep -v "#"
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
BLACKLIST=`cat /var/qmail/control/blacklists`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
RBLSMTPD="/usr/bin/rblsmtpd"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0
exec /usr/bin/softlimit -m 20000000 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
$RBLSMTPD $BLACKLIST $SMTPD $VCHKPW /bin/true 2>&1
----------
---------------------------------------------------------------------------------
Managed Qmailtoaster servers are now available
Visit http://qmailtoaster.com/QMTManaged.html to order yours today!
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
