nicole thomson wrote:
thanks eric
now i spent few hours in capturing those ip's and updated blacklist_ip,
the spam flow seems tobe low.
> .) What's in your /etc/spamdyke/whitelist_rdns file? I'm curious to know
> what's causing the WARNING message.
in whitelist_rdns i did added .vendordomain1.com .vendordomain2.com
etc., there were around 150 entries i made
I think you misunderstood how whitelist_rdns works. This file should
contain rDNS names, not vendor domain names. This file is useful when an
rDNS (PTR) record fails to resolve. In such a case you can add the rDNS
name to this file and it will be allowed to pass.
In order to whitelist vendor domain names, you should add entries to the
whitelist_senders file, in the form:
@vendordomain1.com
@vendordomain2.com
That being said, if you see a similar warning related to the
whitelist_senders file after adding the domains there, take heed. You
should use a directory structure instead of a single file for specifying
large numbers of whitelist entries.
> So when you identify a vendor whose email is being rejected, you need to
> whitelist that vendor. This can be done is a couple different ways. I
> would recommend whitelisting the domain by adding
> @myscrewedupvendorsdomain.com
> to your whitelist_senders file. This will always accept email from that
how do we identify the mails are rejected, is there any script
available? so that as when it is when the rejection happen's it will be
easier to find it.. else i need to go through the log's frequently and
grep it for the same?
qmlog can be helpful with this. It essentially greps through the logs
for you, and allows you to specify various flags for controlling the
process. I suggest you write a daily (or more frequent if required) cron
job that uses qmlog to grep the smtp logs by date(/time) for DENIED
messages, then pipe that through another grep looking for vendor names
that you haven't yet verified as being ok. You might want to develope a
little system of sorts for keeping track of vendor email server status.
Each vendor will be verified-ok, verified-bad, or not-verified. qmlog
and the smtp logs can be leveraged to help maintain this status.
Come to think of it, this could be a nice little application for
determining which domains need to be whitelisted and which ones don't.
Start with a file of all vendor domains. Each day (or more frequently),
a script can run to see if there were any denied messages for any of
those domains. If there are, then add the domain to the
whitelist_senders file and shoot off an email to the admin for follow
up. This might be a nice little add-on application for spamdyke. On the
other hand, why not simply whitelist all of the domains? The only realy
purpose such an application would serve would be to keep the whitelist
trim, which would improve efficiency (very minimally), and keep spam
with a forged sender from getting through. I'm not sure the costs
(development and scanning of logs) would be worth it.
Personally, I would leave it up to the vendors to contact me if their
emails weren't getting through. After all, you're the customer in that
relationship, and it's *their* email server that is misconfigured, not
yours.
On the other hand, if *customer* emails were being rejected, I'd
definitely be concerned. Perhaps you should develop a little script as I
described for your customer domains (as well as vendors). ;)
at present i have few @domainname.com in whitelist_senders, do i need to
give the full e-mail id's or just @domainname.com as you mentioned
"@myscrewedupvendorsdomain.com"
Just the domain name will work. It simply matches the last part of the
sender's address.
now i uncommented the zen.spamhaus.org in spamdyke.conf and could see
lots of DENIED_RBL_MATCH.. but still scared to red face of the
management (freaky paranoid :-) ).
False positives from this RBL are rare, but can happen.
we are solely depending on the vendors for the business. could be that
was causing the management guys to show their faces. No one is ready to
send mails to their mail server managed guys and explain, even when i
tried sending multiple multiple mails there wasn't no response from
them. Rather they would love to do a blame game on the same.
I would whitelist all of the vendor domains in this case. That will
ensure that spamdyke doesn't block them. You need somebody to give you a
list of the domains though, and be sure that there's a way to keep it up
to date.
That's worries me.
You can deal with this. Be sure that management appreciates the cost of
not filtering spam. You can always tweak spamdyke's configuration to
suit your needs.
--
-Eric 'shubes'
---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]