-----Original Message-----
From: Rafael Andrade [mailto:raf...@riosulense.com.br]
Sent: Tuesday, November 03, 2009 8:50 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Spam Help Plz
Hello, Eric and all list,
First thank u for the answer
My users receiving lots of spams dont have a specific sender domain, or
default spam type.
My spamdyke is running see:
spamdyke-stats /var/log/maillog
Allowed: 35619
Denied : 140729
Sum: 176348
% Spam : 79.80%
in logfile:
Nov 3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)
I`m using lots of Rbls to try reduce the spam numbers but not working
correctly.
Does anybody have some idea?
Thanks so much
Rafael
Eric Shubert escreveu:
Rafael Andrade wrote:
Hello all,
Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects
(spamassassin) or not.
What could I be making to get better?
Actually im using Qmailtoaster + Spamdyke with greylist.
Excuse for english.
My confs below:
cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=""
192.168.1.:allow,RELAYCLIENT="",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_R
CPTLIMIT="120",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJ
Kfh",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/con
trol/domainkeys/%/private",NOP0FCHECK="1"
xxx.xx.xx.xx:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="120
",CHKUSER_WRONGRCPTLIMIT="10",DKVERIFY="DEGIJKfh",QMAILQUE
UE="/var/qmail/bin/simscan",DKQUEUE="",DKSIGN="/var/qmail/control/domainke
ys/%/private",NOP0FCHECK="1"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRO
NGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",DKSIG
N="/var/qmail/control/domainkeys/%/private",NOP0FCHECK="1"
cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
idw:.ipt
cat /etc/spamdyke/spamdyke.conf
# rbl
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=dnsbl.sorbs.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=ix.dnsbl.manitu.net
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=dnsbl.njabl.org
# graylist
#graylist-dir=/etc/spamdyke/graylist.d
graylist-dir=/home/vpopmail/graylist.d
graylist-level=always
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5
local-domains-file=/var/qmail/control/rcpthosts
#log-level=debug
log-level=info
log-target=syslog
#log-target=stderr
max-recipients=50
#policy-url=http://my.policy.explanation.url/
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-missing-sender-mx
reject-unresolvable-rdns
tls-certificate-file=/var/qmail/control/servercert.pem
# blacklist and whitelist ip
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-whitelist-file=/etc/spamdyke/whitelist_ip
# blacklist and whitelist keywords
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
# blacklist and whitelist senders
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
# blacklist and whitelist rdns
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
# whitelist dns
dns-whitelist-file=/etc/spamdyke/whitelist_dns
# blacklist and whitelist recipients
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
-----------------------------------------------------------------------
----------
(Wow - that's a lot of RBLs)
Are you sure that spamdyke's running?
I like to use
log-target=stderr
so I can see spamdyke's messages in the smtp log along with the other
related messages. Make sure spamdyke is running.
Looks to me like you have the screws turned down pretty tight spam
wise. I think the next step would be to look at a representative
sample of the spam you're receiving, to see why it's getting through.
Perhaps there is a workstation or server on your network that's been
compromised and is sending out the spam. Examining the headers of the
spams you're receiving to see where they originate.
--------------------------------------------------------------------------
-------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and
installations.
If you need professional help with your setup, contact them today!
--------------------------------------------------------------------------
-------
Please visit qmailtoaster.com for the latest news, updates, and
packages.
To unsubscribe, e-mail: qmailtoaster-list-
unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-
h...@qmailtoaster.com