nicole thomson wrote:
Thanks to Eric's guidance
Now after doing qtp-install-spamdyke
SUCCESS: Running tests as user vpopmail(508), group vchkpw(503).
SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer TLS support but
spamdyke will intercept and decrypt the TLS traffic so all of its
filters can operate.
SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer SMTP AUTH support.
spamdyke will observe any authentication and trust its response.
SUCCESS(access-file): Opened for reading: /etc/spamdyke/access-file
SUCCESS(config-file): Opened for reading: /etc/spamdyke/spamdyke.conf
ERROR(graylist-level): The "graylist-level" option is "none" but other
> graylist options were given. They will all be ignored.
Comment out graylist options other than graylist-level. This won't
effect functionality, but will get rid of ERROR messages with spamdyke
test. Just remember to uncomment them if/when you start using graylisting.
SUCCESS(ip-blacklist-file): Opened for reading: /etc/spamdyke/blacklist_ip
SUCCESS(ip-in-rdns-keyword-blacklist-file): Opened for reading:
/etc/spamdyke/blacklist_keywords
SUCCESS(ip-in-rdns-keyword-whitelist-file): Opened for reading:
/etc/spamdyke/whitelist_keywords
SUCCESS(ip-whitelist-file): Opened for reading: /etc/spamdyke/whitelist_ip
SUCCESS(local-domains-file): Opened for reading:
/var/qmail/control/rcpthosts
SUCCESS(rdns-blacklist-file): Opened for reading:
/etc/spamdyke/blacklist_rdns
WARNING(rdns-whitelist-file): File length is inefficient; consider using
a directory structure instead: /etc/spamdyke/whitelist_rdns
.) What's in your /etc/spamdyke/whitelist_rdns file? I'm curious to know
what's causing the WARNING message.
SUCCESS(recipient-blacklist-file): Opened for reading:
/etc/spamdyke/blacklist_recipients
SUCCESS(recipient-whitelist-file): Opened for reading:
/etc/spamdyke/whitelist_recipients
SUCCESS(sender-blacklist-file): Opened for reading:
/etc/spamdyke/blacklist_senders
SUCCESS(sender-whitelist-file): Opened for reading:
/etc/spamdyke/whitelist_senders
SUCCESS(tls-certificate-file): Opened for reading:
/var/qmail/control/servercert.pem
SUCCESS(tls-certificate-file): Certificate and key loaded; SSL/TLS
library successfully initialized
ERROR: Tests complete. Errors detected.
my smtp/current shows as follows
@400000004b18aab9101ed2cc CHKUSER accepted rcpt: from
<[email protected]::> remote <AFPSJHFPNU:unknown:123.18.246.68>
rcpt <[email protected]> : found existing recipient
@400000004b18aab9101f402c spamdyke[24708]: ALLOWED from:
[email protected] to: [email protected] origin_ip:
123.18.246.68 origin_rdns: (unknown) auth: (unknown)
You've apparently whitelisted this IP now? This shows that spamdyke
accepted the message, even though there is apparently no rDNS for it.
The unknown auth is normal for incoming inter-domain messages (because
they don't authenticate).
spamhaus scan msg
*123.18.246.68 is not listed in the SBL*
*123.18.246.68 is listed in the PBL*, in the following records:
* PBL146324 <http://www.spamhaus.org/pbl/query/PBL146324>
*123.18.246.68 is listed in the XBL*, because it appears in:
* CBL <http://cbl.abuseat.org/lookup.cgi?ip=123.18.246.68>
This explains why this IP was rejected before. I would contact the
vendor's email administrator and let them know about their problem. In
the meantime, simply whitelist their domain.
i am really worried on enabling any of these?
#dns-blacklist-entry=zombie.dnsbl.sorbs.net
#dns-blacklist-entry=dul.dnsbl.sorbs.net
#dns-blacklist-entry=bogons.cymru.com
#dns-blacklist-entry=zen.spamhaus.org
#dns-blacklist-entry=bl.spamcop.net
I use zen.spamhaus.org and bl.spamcopy.net, and see very few false
positives. YMMV of course.
because already my management people have dis-pleasure on bouncing mails
from vendors. so they started thinking on alternatives.
Of course they did. That's what they do. They don't understand, so you
need to educate them about spam.
Can you please guide me?
Sure.
Some of your vendors will and do have misconfigured mail servers. This
is a problem for them, and you'll be doing them a favor notifying them
of their misconfiguration. They will have trouble getting mail sent to
other domains as well, as many mail servers are adopting similar
anti-spam measures.
So when you identify a vendor whose email is being rejected, you need to
whitelist that vendor. This can be done is a couple different ways. I
would recommend whitelisting the domain by adding
@myscrewedupvendorsdomain.com
to your whitelist_senders file. This will always accept email from that
domain, even if/when it comes from different IP addresses or its rDNS
record changes. You should know though that sending addresses are easily
spoofed, so this might allow some spam if a spammer were to spoof your
vendor's domain name. If that were to happen, you should consider
whitelisting their IP address or rDNS name.
If your management is real freaky/paranoid about rejecting vendor
emails, you could simply add all of your vendor's domains to your
whitelist_senders file. I wouldn't recommend doing this, as it will not
allow you to identify which vendors have a problem, and you will not be
able to let them know that they have a problem so that they can get it
fixed. In addition, whitelisting every vendor opens the door to more
spam and confusion should a spammer happen to use your vendor's domain.
This isn't a big risk, but it could happen pretty easily.
Your management needs to know that it's your vendor's email server that
is misconfigured, *not* your server. Your management should also
appreciate that whitelisting is a (temporary) workaround that your email
server provides to circumvent errors with *other* servers. In addition,
whitelisting *needs* to be done only in a very small percentage of cases.
You might also consider showing your management how much spam is being
blocked by QMT. There are some scripts floating around, one for spamdyke
and one for spamassassin, that show some these statistics. QMT with
spamdyke and spamassassin is as capable as anything (including
commercial services) when it comes to blocking spam with very few false
positives.
That's my assessment at this point. Let us know how you make out.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]