Re: strange behaviour spamd

2016-08-23 Thread Boudewijn Dijkstra 

Op Thu, 21 Jul 2016 17:34:37 +0200 schreef Markus Rosjat :
I noticed that a trapped ip gets whitelisted when there are still  
greylisted messages. this shouldn't happen when I use the -a -t switches  
to trap the ip or do I miss something here ?


Indeed it shouldn't and since OpenBSD 4.9 it is believed that it doesn't.

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec/spamd/grey.c.diff?r1=1.49=1.50=h

If it does anyway, then maybe there is a mistake in your configuration or  
your spamlogd is interfering (w/ outgoing mail).



--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

Re: strange behaviour spamd

2016-07-22 Thread Chris Bennett 
On Fri, Jul 22, 2016 at 10:53:01AM +0200, Markus Rosjat wrote:
> This seems flawed , because when I see a spammer sending a mail to 10
> addresses and I trap the spammer IP the grey entries shouldn't over ride the
> Trap entry at all. I even put the ip on my personal blacklist and called the
> spamd-setup to take effect. At this point the grey entries shouldnt be
> delivered in my opinion.
> 
> 
> 
> Am 22.07.2016 um 09:54 schrieb Peter Hessler:
> >Greytrap addresses only trap the systems when it has not been seen
> >before.  In your case, they arlready have a GREY entry, so they have
> >been seen and the trapping won't take effect.

I have to agree with Markus Rosjat 100%.
I have a script running that picks out evil spam addresses that I have
seen previously and traps them.
Which is worthless, as it runs off the Greytrapped addresses.
Which means that the only way I can block them is with pfctl blocking
the address permanently? Some of these IP addresses are forged, but
would still block that address for the incoming spam.

Seriously, I'm looking at this wrong or is there another answer I'm not
seeing?

Thanks,
Chris Bennett

Re: strange behaviour spamd

2016-07-22 Thread Markus Rosjat 
This seems flawed , because when I see a spammer sending a mail to 10 
addresses and I trap the spammer IP the grey entries shouldn't over ride 
the Trap entry at all. I even put the ip on my personal blacklist and 
called the spamd-setup to take effect. At this point the grey entries 
shouldnt be delivered in my opinion.




Am 22.07.2016 um 09:54 schrieb Peter Hessler:

Greytrap addresses only trap the systems when it has not been seen
before.  In your case, they arlready have a GREY entry, so they have
been seen and the trapping won't take effect.


On 2016 Jul 21 (Thu) at 17:34:37 +0200 (+0200), Markus Rosjat wrote:
:Hi there,
:
:I noticed that a trapped ip gets whitelisted when there are still greylisted
:messages. this shouldn't happen when I use the -a -t switches to trap the ip
:or do I miss something here ?
:
:Regards
:
:--
:Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de
:
:G+H Webservice GbR Gorzolla, Herrmann
:K??nigsbr??cker Str. 70, 01099 Dresden
:
:http://www.ghweb.de
:fon: +49 351 8107220   fax: +49 351 8107227
:
:Bitte pr??fen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you
:print it, think about your responsibility and commitment to the ENVIRONMENT
:



--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: strange behaviour spamd

2016-07-22 Thread Peter Hessler 
Greytrap addresses only trap the systems when it has not been seen
before.  In your case, they arlready have a GREY entry, so they have
been seen and the trapping won't take effect.


On 2016 Jul 21 (Thu) at 17:34:37 +0200 (+0200), Markus Rosjat wrote:
:Hi there,
:
:I noticed that a trapped ip gets whitelisted when there are still greylisted
:messages. this shouldn't happen when I use the -a -t switches to trap the ip
:or do I miss something here ?
:
:Regards
:
:--
:Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de
:
:G+H Webservice GbR Gorzolla, Herrmann
:K??nigsbr??cker Str. 70, 01099 Dresden
:
:http://www.ghweb.de
:fon: +49 351 8107220   fax: +49 351 8107227
:
:Bitte pr??fen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you
:print it, think about your responsibility and commitment to the ENVIRONMENT
:

--
We don't understand the software, and sometimes we don't understand the
hardware, but we can *___see* the blinking lights!