RE: [qmailtoaster] Re: Spam Help Plz

[Michael Colvin]

Good point Eric...  I didn't think of this, since I'm not yet using the QMT
in production yet, and am still using Qmailrocks (Is that a 4 letter word
around here? :-)  ) w/Spamdyke set to handle TLS directly...So, in my case,
only Spamdyke is handling TLS, since my Qmail doesn't support it.  (I don't
think I ever configured it, or installed the patch, or whatever..I forget
now!)

I didn't like the way Spamdyke worked when allowing the TLS connection to
bypass it, so I felt it better to have Spamdyke offer TLS, and then still be
able to utilize all of it's filters.

Although, I think the most of it's filters would still work, those based on
the initial SMTP connection (RBL's etc), but graylisting, white/black listed
sender/recipients, etc would not, so it could be exploited to some degree.

I still think the best way to determine your issue Raphael is to provide the
e-mail headers...  :-)  I've got my users trained...When they have any
issues, either with spam getting through, or someone trying to send e-mail
to them getting a bounce, they send me headers.  Usually makes short work of
figuring out the problem.
 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert
 Sent: Thursday, November 05, 2009 11:02 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: [qmailtoaster] Re: Spam Help Plz
 
 Rafael Andrade wrote:
  Hello all,
 
  Im using qmailtoaster two years a go, and i`m very satisfied...
  some days a go my users receiving lots of spams, Tagged in subjects
  (spamassassin) or not.
 
  What could I be making to get better?
 
  Actually im using Qmailtoaster + Spamdyke with greylist.
 
  Excuse for english.
 
  My confs below:
 
  cat /etc/tcprules.d/tcp.smtp
  127.:allow,RELAYCLIENT=
 
 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R
 CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ
 
 
 Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con
 trol/domainkeys/%/private,NOP0FCHECK=1
 
 
 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120
 ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE
 
 
 UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke
 ys/%/private,NOP0FCHECK=1
 
 
 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO
 NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG
 
  N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1
 
  cat /var/qmail/control/simcontrol
 
 :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
 mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
 
 
 l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
 :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
 
  idw:.ipt
 
  cat /etc/spamdyke/spamdyke.conf
  # rbl
  dns-blacklist-entry=bl.spamcop.net
  dns-blacklist-entry=zen.spamhaus.org
  dns-blacklist-entry=dnsbl.sorbs.net
  dns-blacklist-entry=bogons.cymru.com
  dns-blacklist-entry=ix.dnsbl.manitu.net
  dns-blacklist-entry=cbl.abuseat.org
  dns-blacklist-entry=dnsbl.njabl.org
 
 
  # graylist
  #graylist-dir=/etc/spamdyke/graylist.d
  graylist-dir=/home/vpopmail/graylist.d
  graylist-level=always
  graylist-max-secs=2678400
  graylist-min-secs=180
  greeting-delay-secs=5
 
 
  local-domains-file=/var/qmail/control/rcpthosts
  #log-level=debug
  log-level=info
  log-target=syslog
  #log-target=stderr
  max-recipients=50
  #policy-url=http://my.policy.explanation.url/
  reject-empty-rdns
  #reject-ip-in-cc-rdns
  reject-missing-sender-mx
  reject-unresolvable-rdns
  tls-certificate-file=/var/qmail/control/servercert.pem
  # blacklist and whitelist ip
  ip-blacklist-file=/etc/spamdyke/blacklist_ip
  ip-whitelist-file=/etc/spamdyke/whitelist_ip
 
  # blacklist and whitelist keywords
  ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
  ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
 
  # blacklist and whitelist senders
  sender-blacklist-file=/etc/spamdyke/blacklist_senders
  sender-whitelist-file=/etc/spamdyke/whitelist_senders
 
  # blacklist and whitelist rdns
  rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
  rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
 
  # whitelist dns
  dns-whitelist-file=/etc/spamdyke/whitelist_dns
 
  # blacklist and whitelist recipients
  recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
  recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
 
 
 Raphael,
 
 I just came across what I think is a possible hole in spamdyke's
 configuration.
 
 I've been reading through the documentation regarding TLS, and it
 appears that with no tls-level option specified, if a spammer were to
 use TLS (advertised by qmail), spamdyke would be unable to use several
 of its filters because the data is encrypted passing through spamdyke to
 qmail-smtp.
 
 If you add tls-level=smtp to the spamdyke configuration file, this
 will cause spamdyke

[qmailtoaster] Re: Spam Help Plz

[Eric Shubert]

Thanks, Michael. I agree.

I just happened to think of this as I was communicating with Sam about 
adding an option to spamdyke which will require TLS before 
authentication. Would be a nice enhancement. Dovecot can do this.


Michael Colvin wrote:

Good point Eric...  I didn't think of this, since I'm not yet using the QMT
in production yet, and am still using Qmailrocks (Is that a 4 letter word
around here? :-)  ) w/Spamdyke set to handle TLS directly...So, in my case,
only Spamdyke is handling TLS, since my Qmail doesn't support it.  (I don't
think I ever configured it, or installed the patch, or whatever..I forget
now!)

I didn't like the way Spamdyke worked when allowing the TLS connection to
bypass it, so I felt it better to have Spamdyke offer TLS, and then still be
able to utilize all of it's filters.

Although, I think the most of it's filters would still work, those based on
the initial SMTP connection (RBL's etc), but graylisting, white/black listed
sender/recipients, etc would not, so it could be exploited to some degree.

I still think the best way to determine your issue Raphael is to provide the
e-mail headers...  :-)  I've got my users trained...When they have any
issues, either with spam getting through, or someone trying to send e-mail
to them getting a bounce, they send me headers.  Usually makes short work of
figuring out the problem.
 
Michael J. Colvin

NorCal Internet Services
www.norcalisp.com
 





-Original Message-
From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Shubert
Sent: Thursday, November 05, 2009 11:02 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: [qmailtoaster] Re: Spam Help Plz

Rafael Andrade wrote:

Hello all,

Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects
(spamassassin) or not.

What could I be making to get better?

Actually im using Qmailtoaster + Spamdyke with greylist.

Excuse for english.

My confs below:

cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=


192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R
CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ



Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con
trol/domainkeys/%/private,NOP0FCHECK=1



xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120
,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE



UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke
ys/%/private,NOP0FCHECK=1



:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO
NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG

N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1

cat /var/qmail/control/simcontrol


:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p



l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.

idw:.ipt

cat /etc/spamdyke/spamdyke.conf
# rbl
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=dnsbl.sorbs.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=ix.dnsbl.manitu.net
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=dnsbl.njabl.org


# graylist
#graylist-dir=/etc/spamdyke/graylist.d
graylist-dir=/home/vpopmail/graylist.d
graylist-level=always
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5


local-domains-file=/var/qmail/control/rcpthosts
#log-level=debug
log-level=info
log-target=syslog
#log-target=stderr
max-recipients=50
#policy-url=http://my.policy.explanation.url/
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-missing-sender-mx
reject-unresolvable-rdns
tls-certificate-file=/var/qmail/control/servercert.pem
# blacklist and whitelist ip
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-whitelist-file=/etc/spamdyke/whitelist_ip

# blacklist and whitelist keywords
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords

# blacklist and whitelist senders
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders

# blacklist and whitelist rdns
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns

# whitelist dns
dns-whitelist-file=/etc/spamdyke/whitelist_dns

# blacklist and whitelist recipients
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients


Raphael,

I just came across what I think is a possible hole in spamdyke's
configuration.

I've been reading through the documentation regarding TLS, and it
appears that with no tls-level option specified, if a spammer were to
use TLS (advertised by qmail), spamdyke would be unable to use several
of its filters because the data is encrypted passing through spamdyke to
qmail-smtp.

If you add

Re: [qmailtoaster] Re: Spam Help Plz

[Aleksander Podsiadly]

W dniu 05.11.2009 20:02, Eric Shubert pisze:


I just came across what I think is a possible hole in spamdyke's 
configuration.


I've been reading through the documentation regarding TLS, and it 
appears that with no tls-level option specified, if a spammer were 
to use TLS (advertised by qmail), spamdyke would be unable to use 
several of its filters because the data is encrypted passing through 
spamdyke to qmail-smtp.

[...]

I don't think so.
From http://www.spamdyke.org/documentation/README.html
,,If |tls-level| is not given, spamdyke will use a value of |smtp|.''

--
Pozdrawiam / Regards,
Aleksander Podsiad?y
mail: a...@westside.kielce.pl
jid: a...@jabber.westside.kielce.pl
ICQ: 201121279
gg: 9150578

Re: [qmailtoaster] Re: Spam Help Plz

[Kent Busbee]

See response below; Aleksander Podsiadly wrote:
 W dniu 05.11.2009 20:02, Eric Shubert pisze:

 I just came across what I think is a possible hole in spamdyke's
 configuration.

 I've been reading through the documentation regarding TLS, and it
 appears that with no tls-level option specified, if a spammer were
 to use TLS (advertised by qmail), spamdyke would be unable to use
 several of its filters because the data is encrypted passing through
 spamdyke to qmail-smtp.
 [...]
 I don't think so.
  From http://www.spamdyke.org/documentation/README.html
 ,,If |tls-level| is not given, spamdyke will use a value of |smtp|.''

 --

Elsewhere on the same page:

First, with no TLS options given, spamdyke will identify a TLS
conversation and simply pass the data back and forth between qmail and the
remote client.

Can you say Ambiguous?

Hey, HOW's about those headers so we can help solve this problem???


Kent Busbee
Director of Technology
Northlake Christian School


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
Vickers Consulting Group offers Qmailtoaster support and installations.
  If you need professional help with your setup, contact them today!
-
 Please visit qmailtoaster.com for the latest news, updates, and packages.
 
  To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
 For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Re: Spam Help Plz

[Eric Shubert]

I seem to recall asking before, but am not sure. Is there a version of 
this script that works with stderr/smtp logs?


Brent Gardner wrote:

Thanks!


Rafael Andrade wrote:

Excuse for the delay. The spamdyke-stats code above.

usage = ./spamdyke-stats /var/log/maillog (stdout of spamdyke)

cat spamdyke-stats

#!/usr/bin/perl -w

use diagnostics;

use strict;

# Usage:  # cat /var/log/qmail/smtpd/current | ./this_file

my %status = ();# hash of status connections
my ($allow, $deny, $spampercentage, $sum);

$allow = 0;

while(){
   my $line = $_;
   if( m/spamdyke\[/ ){
   my ($a, $b, $c, $d) = split(/:/ , $line);
   my ($e, $sdstatus) = split(/ /, $d);
   #print $b\n;
   next if $sdstatus eq CHKUSER;
   $status{$sdstatus}++;
   }

}
foreach my $stat (sort keys %status){
   if( $stat =~ m/ALLOWED/){
   $allow = $status{$stat};
   }
   else{
   $deny += $status{$stat};
   }
}

$spampercentage = sprintf(%.2f, ($deny/($allow+$deny)*100) );

foreach my $key (sort { $status{$b} = $status{$a} || $a cmp $b; } 
keys %status){

   print $status{$key}\t$key\n;
}
$sum = ($deny + $allow);
print \n;
print Allowed: $allow \n;
print Denied : $deny \n;
print Sum: $sum \n;
print % Spam : $spampercentage% \n;


#EOF




Brent Gardner escreveu:

Rafael Andrade wrote:

Hello, Eric and all list,

First thank u for the answer

My users receiving lots of spams dont have a specific sender domain, 
or default spam type.


My spamdyke is running see:

spamdyke-stats /var/log/maillog
Allowed: 35619
Denied : 140729
Sum: 176348
% Spam : 79.80%


snip

Where can I find spamdyke-stats?

This command intrigues me.


Brent Gardner



- 

Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and 
installations.

 If you need professional help with your setup, contact them today!
- 

Please visit qmailtoaster.com for the latest news, updates, and 
packages.
 To unsubscribe, e-mail: 
qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: 
qmailtoaster-list-h...@qmailtoaster.com





- 



--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Help Plz

[Jake Vickers]

Kent Busbee wrote:
Did anyone else notice that he is missing spam_hits in his config file? 
Does it default to something without it?


HIS:
cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.wmv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
idw:.ipt

MINE:
# cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd:.dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh

  


Yes I did notice, but I'm trying to catch up on the thread.
Depending on what version of simscan he's running, it will default to 
either 20 or 40 (40 is the newer versions, 20 being the older versions).
We really need to see the headers of a spam that got through to help any 
more though. Anything else is just guessing at this point.



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Re: Spam Help Plz

[Eric Shubert]

Rafael Andrade wrote:

Hello all,

Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects 
(spamassassin) or not.


What could I be making to get better?

Actually im using Qmailtoaster + Spamdyke with greylist.

Excuse for english.

My confs below:

cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=
192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ 

Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 

xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE 

UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 

:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG 


N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1

cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.wmv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p 

l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. 


idw:.ipt

cat /etc/spamdyke/spamdyke.conf
# rbl
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=dnsbl.sorbs.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=ix.dnsbl.manitu.net
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=dnsbl.njabl.org


# graylist
#graylist-dir=/etc/spamdyke/graylist.d
graylist-dir=/home/vpopmail/graylist.d
graylist-level=always
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5


local-domains-file=/var/qmail/control/rcpthosts
#log-level=debug
log-level=info
log-target=syslog
#log-target=stderr
max-recipients=50
#policy-url=http://my.policy.explanation.url/
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-missing-sender-mx
reject-unresolvable-rdns
tls-certificate-file=/var/qmail/control/servercert.pem
# blacklist and whitelist ip
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-whitelist-file=/etc/spamdyke/whitelist_ip

# blacklist and whitelist keywords
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords

# blacklist and whitelist senders
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders

# blacklist and whitelist rdns
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns

# whitelist dns
dns-whitelist-file=/etc/spamdyke/whitelist_dns

# blacklist and whitelist recipients
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients


- 


(Wow - that's a lot of RBLs)

Are you sure that spamdyke's running?
I like to use
log-target=stderr
so I can see spamdyke's messages in the smtp log along with the other 
related messages. Make sure spamdyke is running.


Looks to me like you have the screws turned down pretty tight spam wise. 
 I think the next step would be to look at a representative sample of 
the spam you're receiving, to see why it's getting through.


Perhaps there is a workstation or server on your network that's been 
compromised and is sending out the spam. Examining the headers of the 
spams you're receiving to see where they originate.


--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] Re: Spam Help Plz

[Eric Shubert]

Rafael Andrade wrote:

Hello, Eric and all list,

First thank u for the answer

My users receiving lots of spams dont have a specific sender domain, or 
default spam type.


The sender domain is commonly spoofed (faked), so you can't go by that. 
Are you certain that they are coming from outside of your domain?


Check the headers on many spam messages. You need to find something in 
common with several of them. Verify that they're not coming from your 
domain. Also, are they originating from private or public addresses? You 
need to do some investigative type work.



My spamdyke is running see:

spamdyke-stats /var/log/maillog
Allowed: 35619
Denied : 140729
Sum: 176348
% Spam : 79.80%

in logfile:
Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from: 
misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip: 
84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)


I`m using lots of Rbls to try reduce the spam numbers but not working 
correctly.


Does anybody have some idea?


Thanks so much

Rafael

Eric Shubert escreveu:

Rafael Andrade wrote:

Hello all,

Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects 
(spamassassin) or not.


What could I be making to get better?

Actually im using Qmailtoaster + Spamdyke with greylist.

Excuse for english.

My confs below:

cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=
192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ 

Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 

xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE 

UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1 

:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRONGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG 


N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1

cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.wmv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p 

l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:. 


idw:.ipt

cat /etc/spamdyke/spamdyke.conf
# rbl
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=dnsbl.sorbs.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=ix.dnsbl.manitu.net
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=dnsbl.njabl.org


# graylist
#graylist-dir=/etc/spamdyke/graylist.d
graylist-dir=/home/vpopmail/graylist.d
graylist-level=always
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5


local-domains-file=/var/qmail/control/rcpthosts
#log-level=debug
log-level=info
log-target=syslog
#log-target=stderr
max-recipients=50
#policy-url=http://my.policy.explanation.url/
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-missing-sender-mx
reject-unresolvable-rdns
tls-certificate-file=/var/qmail/control/servercert.pem
# blacklist and whitelist ip
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-whitelist-file=/etc/spamdyke/whitelist_ip

# blacklist and whitelist keywords
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords

# blacklist and whitelist senders
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders

# blacklist and whitelist rdns
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns

# whitelist dns
dns-whitelist-file=/etc/spamdyke/whitelist_dns

# blacklist and whitelist recipients
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients


- 




(Wow - that's a lot of RBLs)

Are you sure that spamdyke's running?
I like to use
log-target=stderr
so I can see spamdyke's messages in the smtp log along with the other 
related messages. Make sure spamdyke is running.


Looks to me like you have the screws turned down pretty tight spam 
wise.  I think the next step would be to look at a representative 
sample of the spam you're receiving, to see why it's getting through.


Perhaps there is a workstation or server on your network that's been 
compromised and is sending out the spam. Examining the headers of the 
spams you're receiving to see where they originate.





--
-Eric 'shubes'


-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need 

RE: [qmailtoaster] Re: Spam Help Plz

[Michael Colvin]

Like Eric mentioned, at this point, you need to take a look at the headers
of the spam e-mails that your users are getting.  You need to find something
in the type of e-mails you're getting that you can filter on...

Or, as also mentioned, it might be an internal user that is bypassing some
of the filtering because they are authenticated...

At this point, you need to look at the specific spam, and use specific
techniques to filter it, not simply add more RBL's, or blacklists, etc.
It's likely that just making one small tweak will eliminate most of your
spam.

 
Michael J. Colvin
NorCal Internet Services
www.norcalisp.com
 



 -Original Message-
 From: Rafael Andrade [mailto:raf...@riosulense.com.br]
 Sent: Tuesday, November 03, 2009 8:50 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: Re: [qmailtoaster] Re: Spam Help Plz
 
 Hello, Eric and all list,
 
 First thank u for the answer
 
 My users receiving lots of spams dont have a specific sender domain, or
 default spam type.
 
 My spamdyke is running see:
 
 spamdyke-stats /var/log/maillog
 Allowed: 35619
 Denied : 140729
 Sum: 176348
 % Spam : 79.80%
 
 in logfile:
 Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
 misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
 84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)
 
 I`m using lots of Rbls to try reduce the spam numbers but not working
 correctly.
 
 Does anybody have some idea?
 
 
 Thanks so much
 
 Rafael
 
 Eric Shubert escreveu:
  Rafael Andrade wrote:
  Hello all,
 
  Im using qmailtoaster two years a go, and i`m very satisfied...
  some days a go my users receiving lots of spams, Tagged in subjects
  (spamassassin) or not.
 
  What could I be making to get better?
 
  Actually im using Qmailtoaster + Spamdyke with greylist.
 
  Excuse for english.
 
  My confs below:
 
  cat /etc/tcprules.d/tcp.smtp
  127.:allow,RELAYCLIENT=
 
 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R
 CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ
 
 
 Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con
 trol/domainkeys/%/private,NOP0FCHECK=1
 
 
 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120
 ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE
 
 
 UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke
 ys/%/private,NOP0FCHECK=1
 
 
 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO
 NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG
 
  N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1
 
  cat /var/qmail/control/simcontrol
 
 :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
 mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
 
 
 l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
 :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
 
  idw:.ipt
 
  cat /etc/spamdyke/spamdyke.conf
  # rbl
  dns-blacklist-entry=bl.spamcop.net
  dns-blacklist-entry=zen.spamhaus.org
  dns-blacklist-entry=dnsbl.sorbs.net
  dns-blacklist-entry=bogons.cymru.com
  dns-blacklist-entry=ix.dnsbl.manitu.net
  dns-blacklist-entry=cbl.abuseat.org
  dns-blacklist-entry=dnsbl.njabl.org
 
 
  # graylist
  #graylist-dir=/etc/spamdyke/graylist.d
  graylist-dir=/home/vpopmail/graylist.d
  graylist-level=always
  graylist-max-secs=2678400
  graylist-min-secs=180
  greeting-delay-secs=5
 
 
  local-domains-file=/var/qmail/control/rcpthosts
  #log-level=debug
  log-level=info
  log-target=syslog
  #log-target=stderr
  max-recipients=50
  #policy-url=http://my.policy.explanation.url/
  reject-empty-rdns
  #reject-ip-in-cc-rdns
  reject-missing-sender-mx
  reject-unresolvable-rdns
  tls-certificate-file=/var/qmail/control/servercert.pem
  # blacklist and whitelist ip
  ip-blacklist-file=/etc/spamdyke/blacklist_ip
  ip-whitelist-file=/etc/spamdyke/whitelist_ip
 
  # blacklist and whitelist keywords
  ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
  ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
 
  # blacklist and whitelist senders
  sender-blacklist-file=/etc/spamdyke/blacklist_senders
  sender-whitelist-file=/etc/spamdyke/whitelist_senders
 
  # blacklist and whitelist rdns
  rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
  rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
 
  # whitelist dns
  dns-whitelist-file=/etc/spamdyke/whitelist_dns
 
  # blacklist and whitelist recipients
  recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
  recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
 
 
  ---
 --
 
 
  (Wow - that's a lot of RBLs)
 
  Are you sure that spamdyke's running?
  I like to use
  log-target=stderr
  so I can see spamdyke's messages in the smtp log along with the other
  related messages. Make sure spamdyke is running.
 
  Looks to me like you have the screws turned down pretty

RE: [qmailtoaster] Re: Spam Help Plz

[Kent Busbee]

Did anyone else notice that he is missing spam_hits in his config file? 
Does it default to something without it?

HIS:
cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.wmv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
idw:.ipt

MINE:
# cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd:.dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh


See response above; Michael Colvin wrote:
 Like Eric mentioned, at this point, you need to take a look at the headers
 of the spam e-mails that your users are getting.  You need to find
 something
 in the type of e-mails you're getting that you can filter on...

 Or, as also mentioned, it might be an internal user that is bypassing some
 of the filtering because they are authenticated...

 At this point, you need to look at the specific spam, and use specific
 techniques to filter it, not simply add more RBL's, or blacklists, etc.
 It's likely that just making one small tweak will eliminate most of your
 spam.

  
 Michael J. Colvin
 NorCal Internet Services
 www.norcalisp.com
  



 -Original Message-
 From: Rafael Andrade [mailto:raf...@riosulense.com.br]
 Sent: Tuesday, November 03, 2009 8:50 AM
 To: qmailtoaster-list@qmailtoaster.com
 Subject: Re: [qmailtoaster] Re: Spam Help Plz

 Hello, Eric and all list,

 First thank u for the answer

 My users receiving lots of spams dont have a specific sender domain, or
 default spam type.

 My spamdyke is running see:

 spamdyke-stats /var/log/maillog
 Allowed: 35619
 Denied : 140729
 Sum: 176348
 % Spam : 79.80%

 in logfile:
 Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
 misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
 84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)

 I`m using lots of Rbls to try reduce the spam numbers but not working
 correctly.

 Does anybody have some idea?


 Thanks so much

 Rafael

 Eric Shubert escreveu:
  Rafael Andrade wrote:
  Hello all,
 
  Im using qmailtoaster two years a go, and i`m very satisfied...
  some days a go my users receiving lots of spams, Tagged in subjects
  (spamassassin) or not.
 
  What could I be making to get better?
 
  Actually im using Qmailtoaster + Spamdyke with greylist.
 
  Excuse for english.
 
  My confs below:
 
  cat /etc/tcprules.d/tcp.smtp
  127.:allow,RELAYCLIENT=
 
 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R
 CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ
 
 
 Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con
 trol/domainkeys/%/private,NOP0FCHECK=1
 
 
 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120
 ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE
 
 
 UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke
 ys/%/private,NOP0FCHECK=1
 
 
 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO
 NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG
 
  N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1
 
  cat /var/qmail/control/simcontrol
 
 :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
 mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
 
 
 l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
 :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
 
  idw:.ipt
 
  cat /etc/spamdyke/spamdyke.conf
  # rbl
  dns-blacklist-entry=bl.spamcop.net
  dns-blacklist-entry=zen.spamhaus.org
  dns-blacklist-entry=dnsbl.sorbs.net
  dns-blacklist-entry=bogons.cymru.com
  dns-blacklist-entry=ix.dnsbl.manitu.net
  dns-blacklist-entry=cbl.abuseat.org
  dns-blacklist-entry=dnsbl.njabl.org
 
 
  # graylist
  #graylist-dir=/etc/spamdyke/graylist.d
  graylist-dir=/home/vpopmail/graylist.d
  graylist-level=always
  graylist-max-secs=2678400
  graylist-min-secs=180
  greeting-delay-secs=5
 
 
  local-domains-file=/var/qmail/control/rcpthosts
  #log-level=debug
  log-level=info
  log-target=syslog
  #log-target=stderr
  max-recipients=50
  #policy-url=http://my.policy.explanation.url/
  reject-empty-rdns
  #reject-ip-in-cc-rdns
  reject-missing-sender-mx
  reject-unresolvable-rdns
  tls-certificate-file=/var/qmail/control/servercert.pem
  # blacklist and whitelist ip
  ip-blacklist-file=/etc/spamdyke/blacklist_ip
  ip-whitelist-file=/etc/spamdyke/whitelist_ip
 
  # blacklist and whitelist keywords
  ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
  ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
 
  # blacklist and whitelist senders
  sender-blacklist-file=/etc/spamdyke/blacklist_senders
  sender-whitelist-file=/etc/spamdyke/whitelist_senders
 
  # blacklist and whitelist rdns
  rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
  rdns-whitelist-file=/etc

RE: [qmailtoaster] Re: Spam Help Plz

[Michael Colvin]

 
 Did anyone else notice that he is missing spam_hits in his config file?
 Does it default to something without it?

I believe it defaults to 5 or something similar.  It would only effect
SpamAssassin anyway, and I've come to not really rely on SpamAssassin to
block most of my spam.  SpamDyke catches nearly all of it.  If he's getting
a lot of spam through, SpamAssassin is likely not the answer, blocking it
with SpamDyke is.   :-)

 Mike


 
 HIS:
 cat /var/qmail/control/simcontrol
 :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
 mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
 l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
 :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
 idw:.ipt
 
 MINE:
 # cat /var/qmail/control/simcontrol
 :clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd:.
 dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh
 
 
 See response above; Michael Colvin wrote:
  Like Eric mentioned, at this point, you need to take a look at the
 headers
  of the spam e-mails that your users are getting.  You need to find
  something
  in the type of e-mails you're getting that you can filter on...
 
  Or, as also mentioned, it might be an internal user that is bypassing
 some
  of the filtering because they are authenticated...
 
  At this point, you need to look at the specific spam, and use specific
  techniques to filter it, not simply add more RBL's, or blacklists, etc.
  It's likely that just making one small tweak will eliminate most of your
  spam.
 
 
  Michael J. Colvin
  NorCal Internet Services
  www.norcalisp.com
 
 
 
 
  -Original Message-
  From: Rafael Andrade [mailto:raf...@riosulense.com.br]
  Sent: Tuesday, November 03, 2009 8:50 AM
  To: qmailtoaster-list@qmailtoaster.com
  Subject: Re: [qmailtoaster] Re: Spam Help Plz
 
  Hello, Eric and all list,
 
  First thank u for the answer
 
  My users receiving lots of spams dont have a specific sender domain, or
  default spam type.
 
  My spamdyke is running see:
 
  spamdyke-stats /var/log/maillog
  Allowed: 35619
  Denied : 140729
  Sum: 176348
  % Spam : 79.80%
 
  in logfile:
  Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
  misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
  84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)
 
  I`m using lots of Rbls to try reduce the spam numbers but not working
  correctly.
 
  Does anybody have some idea?
 
 
  Thanks so much
 
  Rafael
 
  Eric Shubert escreveu:
   Rafael Andrade wrote:
   Hello all,
  
   Im using qmailtoaster two years a go, and i`m very satisfied...
   some days a go my users receiving lots of spams, Tagged in subjects
   (spamassassin) or not.
  
   What could I be making to get better?
  
   Actually im using Qmailtoaster + Spamdyke with greylist.
  
   Excuse for english.
  
   My confs below:
  
   cat /etc/tcprules.d/tcp.smtp
   127.:allow,RELAYCLIENT=
  
 
 192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R
  CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ
  
  
 
 Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con
  trol/domainkeys/%/private,NOP0FCHECK=1
  
  
 
 xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120
  ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE
  
  
 
 UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke
  ys/%/private,NOP0FCHECK=1
  
  
 
 :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO
  NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG
  
   N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1
  
   cat /var/qmail/control/simcontrol
  
 
 :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w
  mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
  
  
 
 l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr
  :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
  
   idw:.ipt
  
   cat /etc/spamdyke/spamdyke.conf
   # rbl
   dns-blacklist-entry=bl.spamcop.net
   dns-blacklist-entry=zen.spamhaus.org
   dns-blacklist-entry=dnsbl.sorbs.net
   dns-blacklist-entry=bogons.cymru.com
   dns-blacklist-entry=ix.dnsbl.manitu.net
   dns-blacklist-entry=cbl.abuseat.org
   dns-blacklist-entry=dnsbl.njabl.org
  
  
   # graylist
   #graylist-dir=/etc/spamdyke/graylist.d
   graylist-dir=/home/vpopmail/graylist.d
   graylist-level=always
   graylist-max-secs=2678400
   graylist-min-secs=180
   greeting-delay-secs=5
  
  
   local-domains-file=/var/qmail/control/rcpthosts
   #log-level=debug
   log-level=info
   log-target=syslog
   #log-target=stderr
   max-recipients=50
   #policy-url=http://my.policy.explanation.url/
   reject-empty-rdns
   #reject-ip-in-cc-rdns
   reject-missing-sender-mx
   reject-unresolvable-rdns
   tls-certificate-file=/var/qmail/control/servercert.pem
   # blacklist and whitelist ip
   ip-blacklist-file=/etc/spamdyke

Re: [qmailtoaster] Re: Spam Help Plz

[Andreas Galatis]

Hi Rafael,

Why do you have disabled the spamdyke- ip-in-cc-rdns?
#reject-ip-in-cc-rdns

This spamdyke-rule catches about 30% of incoming mails because coming from 
dynamic addresses.

Andreas
Am Tuesday 03 November 2009 18:44:15 schrieb Michael Colvin:
  Did anyone else notice that he is missing spam_hits in his config file?
  Does it default to something without it?

 I believe it defaults to 5 or something similar.  It would only effect
 SpamAssassin anyway, and I've come to not really rely on SpamAssassin to
 block most of my spam.  SpamDyke catches nearly all of it.  If he's getting
 a lot of spam through, SpamAssassin is likely not the answer, blocking it
 with SpamDyke is.   :-)

  Mike

  HIS:
  cat /var/qmail/control/simcontrol
 
  :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.
  :w
 
  mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
  l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dw
 r
 
  :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
 
  idw:.ipt
 
  MINE:
  # cat /var/qmail/control/simcontrol
 
  :clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd:
  :.
 
  dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh
 
  See response above; Michael Colvin wrote:
   Like Eric mentioned, at this point, you need to take a look at the
 
  headers
 
   of the spam e-mails that your users are getting.  You need to find
   something
   in the type of e-mails you're getting that you can filter on...
  
   Or, as also mentioned, it might be an internal user that is bypassing
 
  some
 
   of the filtering because they are authenticated...
  
   At this point, you need to look at the specific spam, and use specific
   techniques to filter it, not simply add more RBL's, or blacklists, etc.
   It's likely that just making one small tweak will eliminate most of
   your spam.
  
  
   Michael J. Colvin
   NorCal Internet Services
   www.norcalisp.com
  
   -Original Message-
   From: Rafael Andrade [mailto:raf...@riosulense.com.br]
   Sent: Tuesday, November 03, 2009 8:50 AM
   To: qmailtoaster-list@qmailtoaster.com
   Subject: Re: [qmailtoaster] Re: Spam Help Plz
  
   Hello, Eric and all list,
  
   First thank u for the answer
  
   My users receiving lots of spams dont have a specific sender domain,
   or default spam type.
  
   My spamdyke is running see:
  
   spamdyke-stats /var/log/maillog
   Allowed: 35619
   Denied : 140729
   Sum: 176348
   % Spam : 79.80%
  
   in logfile:
   Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
   misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
   84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)
  
   I`m using lots of Rbls to try reduce the spam numbers but not working
   correctly.
  
   Does anybody have some idea?
  
  
   Thanks so much
  
   Rafael
  
   Eric Shubert escreveu:
Rafael Andrade wrote:
Hello all,
   
Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects
(spamassassin) or not.
   
What could I be making to get better?
   
Actually im using Qmailtoaster + Spamdyke with greylist.
   
Excuse for english.
   
My confs below:
   
cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=
 
  192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_
 R
 
   CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ
 
  Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/co
 n
 
   trol/domainkeys/%/private,NOP0FCHECK=1
 
  xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=12
 0
 
   ,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE
 
  UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domaink
 e
 
   ys/%/private,NOP0FCHECK=1
  :
  :allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WR
  :O
  :
   NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG
  
N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1
   
cat /var/qmail/control/simcontrol
  :
  :clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.
  :w
  :
   mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
 
  l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dw
 r
 
   :.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
   :
idw:.ipt
   
cat /etc/spamdyke/spamdyke.conf
# rbl
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=dnsbl.sorbs.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=ix.dnsbl.manitu.net
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=dnsbl.njabl.org
   
   
# graylist
#graylist-dir=/etc/spamdyke/graylist.d
graylist-dir=/home/vpopmail/graylist.d
graylist-level=always
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5
   
   
local-domains-file

Re: [qmailtoaster] Re: Spam Help Plz

[Brent Gardner]

Rafael Andrade wrote:

Hello, Eric and all list,

First thank u for the answer

My users receiving lots of spams dont have a specific sender domain, 
or default spam type.


My spamdyke is running see:

spamdyke-stats /var/log/maillog
Allowed: 35619
Denied : 140729
Sum: 176348
% Spam : 79.80%


snip

Where can I find spamdyke-stats?

This command intrigues me.


Brent Gardner



-
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
 If you need professional help with your setup, contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and packages.

 To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Re: Spam Help Plz

[Rafael Andrade]

of the spam e-mails that your users are getting.  You need to find
something
in the type of e-mails you're getting that you can filter on...

Or, as also mentioned, it might be an internal user that is 
bypassing some

of the filtering because they are authenticated...

At this point, you need to look at the specific spam, and use specific
techniques to filter it, not simply add more RBL's, or blacklists, etc.
It's likely that just making one small tweak will eliminate most of 
your

spam.

 
Michael J. Colvin

NorCal Internet Services
www.norcalisp.com
 





-Original Message-
From: Rafael Andrade [mailto:raf...@riosulense.com.br]
Sent: Tuesday, November 03, 2009 8:50 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Spam Help Plz

Hello, Eric and all list,

First thank u for the answer

My users receiving lots of spams dont have a specific sender 
domain, or

default spam type.

My spamdyke is running see:

spamdyke-stats /var/log/maillog
Allowed: 35619
Denied : 140729
Sum: 176348
% Spam : 79.80%

in logfile:
Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)

I`m using lots of Rbls to try reduce the spam numbers but not working
correctly.

Does anybody have some idea?


Thanks so much

Rafael

Eric Shubert escreveu:

Rafael Andrade wrote:

Hello all,

Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects
(spamassassin) or not.

What could I be making to get better?

Actually im using Qmailtoaster + Spamdyke with greylist.

Excuse for english.

My confs below:

cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=

192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R 


CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ


Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con 


trol/domainkeys/%/private,NOP0FCHECK=1


xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120 


,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE


UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domainke 


ys/%/private,NOP0FCHECK=1


:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WRO 


NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG

N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1

cat /var/qmail/control/simcontrol

:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.w 


mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p


l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr 


:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.

idw:.ipt

cat /etc/spamdyke/spamdyke.conf
# rbl
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=dnsbl.sorbs.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=ix.dnsbl.manitu.net
dns-blacklist-entry=cbl.abuseat.org
dns-blacklist-entry=dnsbl.njabl.org


# graylist
#graylist-dir=/etc/spamdyke/graylist.d
graylist-dir=/home/vpopmail/graylist.d
graylist-level=always
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=5


local-domains-file=/var/qmail/control/rcpthosts
#log-level=debug
log-level=info
log-target=syslog
#log-target=stderr
max-recipients=50
#policy-url=http://my.policy.explanation.url/
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-missing-sender-mx
reject-unresolvable-rdns
tls-certificate-file=/var/qmail/control/servercert.pem
# blacklist and whitelist ip
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-whitelist-file=/etc/spamdyke/whitelist_ip

# blacklist and whitelist keywords
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords

# blacklist and whitelist senders
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders

# blacklist and whitelist rdns
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns

# whitelist dns
dns-whitelist-file=/etc/spamdyke/whitelist_dns

# blacklist and whitelist recipients
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients


--- 


--


(Wow - that's a lot of RBLs)

Are you sure that spamdyke's running?
I like to use
log-target=stderr
so I can see spamdyke's messages in the smtp log along with the other
related messages. Make sure spamdyke is running.

Looks to me like you have the screws turned down pretty tight spam
wise.  I think the next step would be to look at a representative
sample of the spam you're receiving, to see why it's getting through.

Perhaps there is a workstation or server on your network that's been
compromised and is sending out the spam

[qmailtoaster] Re: Spam Help Plz

[Eric Shubert]

Kent Busbee wrote:
Did anyone else notice that he is missing spam_hits in his config file? 
Does it default to something without it?


Yes.
[r...@doris documentation]# rpm -qi simscan-toaster
Name: simscan-toaster  Relocations: (not relocatable)
Version : 1.4.0 Vendor: (none)
Release : 1.3.8 Build Date: Sat 03 Oct 2009 
09:50:36 AM MST

Install Date: Sat 03 Oct 2009 10:03:58 AM MST  Build Host: doris.shubes
Group   : Networking/Other  Source RPM: 
simscan-toaster-1.4.0-1.3.8.src.rpm

Size: 113364   License: GPL
Signature   : (none)
Packager: Jake Vickers j...@qmailtoaster.com
URL : http://www.inter7.com/vpopmail
Summary : Simscan for qmail-toaster
Description :

SimScan is a simplified scanner for qmail similar to qmail-scanner and 
qscand.

It uses clamav, trophie, and/or spamassassin.  It also supports attachment
blocking by extension.  Simscan is written entirely in C to ensure maximum
speed.  There are several options to allow simscan to scan per domain, and
reject spam mail.


Current settings
 ---
 user  = clamav
 qmail directory   = /var/qmail
 work directory= /var/qmail/simscan
 control directory = /var/qmail/control
 qmail queue program   = /var/qmail/bin/qmail-queue
 clamdscan program = /usr/bin/clamdscan
 clamav scan   = ON
 trophie scanning  = OFF
 attachement scan  = ON
 ripmime program   = /usr/bin/ripmime
 custom smtp reject= ON
 drop message  = OFF
 regex scanner = OFF
 quarantine processing = OFF
 domain based checking = ON
 add received header   = ON
 spam scanning = ON
 spamc program = /usr/bin/spamc
 spamc arguments   =
 spamc user= OFF
 authenticated users scanned = OFF
 spam passthru = OFF
 spam hits = 40

Current simcontrol config
 --
 :clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
[r...@doris documentation]#




HIS:
cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:.wmv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dwr:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.
idw:.ipt

MINE:
# cat /var/qmail/control/simcontrol
:clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd:.dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh


See response above; Michael Colvin wrote:

Like Eric mentioned, at this point, you need to take a look at the headers
of the spam e-mails that your users are getting.  You need to find
something
in the type of e-mails you're getting that you can filter on...

Or, as also mentioned, it might be an internal user that is bypassing some
of the filtering because they are authenticated...

At this point, you need to look at the specific spam, and use specific
techniques to filter it, not simply add more RBL's, or blacklists, etc.
It's likely that just making one small tweak will eliminate most of your
spam.

 
Michael J. Colvin

NorCal Internet Services
www.norcalisp.com
 





-Original Message-
From: Rafael Andrade [mailto:raf...@riosulense.com.br]
Sent: Tuesday, November 03, 2009 8:50 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Spam Help Plz

Hello, Eric and all list,

First thank u for the answer

My users receiving lots of spams dont have a specific sender domain, or
default spam type.

My spamdyke is running see:

spamdyke-stats /var/log/maillog
Allowed: 35619
Denied : 140729
Sum: 176348
% Spam : 79.80%

in logfile:
Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: (unknown)

I`m using lots of Rbls to try reduce the spam numbers but not working
correctly.

Does anybody have some idea?


Thanks so much

Rafael

Eric Shubert escreveu:

Rafael Andrade wrote:

Hello all,

Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects
(spamassassin) or not.

What could I be making to get better?

Actually im using Qmailtoaster + Spamdyke with greylist.

Excuse for english.

My confs below:

cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=


192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_R
CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ



Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/con
trol/domainkeys/%/private,NOP0FCHECK=1



xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=120

[qmailtoaster] Re: Spam Help Plz

[Eric Shubert]

It's disabled by default in the QMT install as a courtesy to 
international users. It is indeed effective in the USA, but impractical 
for international use.

http://www.spamdyke.org/documentation/README.html#RDNS

As an alternative, you might find the ip-in-rdns-keyword-blacklist-entry 
effective. IIRC there were some suggested uses of this on the spamdyke 
users list a while back. You might want to search the archive of that 
list for examples.


Rafael Andrade wrote:

I will enable this feature, i dont remember why this rule is disabled.
reject-ip-in-cc-rdns Enable Now.

Anyone have other ideia?

thanks so much again ;@

Andreas Galatis escreveu:

Hi Rafael,

Why do you have disabled the spamdyke- ip-in-cc-rdns?
 

#reject-ip-in-cc-rdns



This spamdyke-rule catches about 30% of incoming mails because coming 
from dynamic addresses.


Andreas
Am Tuesday 03 November 2009 18:44:15 schrieb Michael Colvin:
 

Did anyone else notice that he is missing spam_hits in his config file?
Does it default to something without it?
  

I believe it defaults to 5 or something similar.  It would only effect
SpamAssassin anyway, and I've come to not really rely on SpamAssassin to
block most of my spam.  SpamDyke catches nearly all of it.  If he's 
getting
a lot of spam through, SpamAssassin is likely not the answer, 
blocking it

with SpamDyke is.   :-)

 Mike

   

HIS:
cat /var/qmail/control/simcontrol

:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:. 


:w

mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dw 


r

:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam:.

idw:.ipt

MINE:
# cat /var/qmail/control/simcontrol

:clam=yes,spam=yes,spam_hits=7,attach=.mp3:.src:.bat:.pif:.exe:.com:.cmd: 


:.

dll:.msi:.msp:.reg:.vbe:.vbs:.vxd:.wsc:.wsf:.wsh

See response above; Michael Colvin wrote:
 

Like Eric mentioned, at this point, you need to take a look at the


headers

 

of the spam e-mails that your users are getting.  You need to find
something
in the type of e-mails you're getting that you can filter on...

Or, as also mentioned, it might be an internal user that is bypassing


some

 

of the filtering because they are authenticated...

At this point, you need to look at the specific spam, and use specific
techniques to filter it, not simply add more RBL's, or blacklists, 
etc.

It's likely that just making one small tweak will eliminate most of
your spam.


Michael J. Colvin
NorCal Internet Services
www.norcalisp.com

   

-Original Message-
From: Rafael Andrade [mailto:raf...@riosulense.com.br]
Sent: Tuesday, November 03, 2009 8:50 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] Re: Spam Help Plz

Hello, Eric and all list,

First thank u for the answer

My users receiving lots of spams dont have a specific sender domain,
or default spam type.

My spamdyke is running see:

spamdyke-stats /var/log/maillog
Allowed: 35619
Denied : 140729
Sum: 176348
% Spam : 79.80%

in logfile:
Nov  3 13:48:42 net spamdyke[20038]: DENIED_RBL_MATCH from:
misdirecti...@hamiltoncompany.com to: cristi...@domain.com origin_ip:
84.153.125.187 origin_rdns: p54997dbb.dip.t-dialin.net auth: 
(unknown)


I`m using lots of Rbls to try reduce the spam numbers but not working
correctly.

Does anybody have some idea?


Thanks so much

Rafael

Eric Shubert escreveu:
 

Rafael Andrade wrote:
   

Hello all,

Im using qmailtoaster two years a go, and i`m very satisfied...
some days a go my users receiving lots of spams, Tagged in subjects
(spamassassin) or not.

What could I be making to get better?

Actually im using Qmailtoaster + Spamdyke with greylist.

Excuse for english.

My confs below:

cat /etc/tcprules.d/tcp.smtp
127.:allow,RELAYCLIENT=
  
192.168.1.:allow,RELAYCLIENT=,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_ 


R

 

CPTLIMIT=120,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJ
  
Kfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/co 


n

 

trol/domainkeys/%/private,NOP0FCHECK=1
  
xxx.xx.xx.xx:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=12 


0

 

,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUE
  
UE=/var/qmail/bin/simscan,DKQUEUE=,DKSIGN=/var/qmail/control/domaink 


e

 

ys/%/private,NOP0FCHECK=1
  

:
:allow,BADMIMETYPE=,BADLOADERTYPE=M,CHKUSER_RCPTLIMIT=50,CHKUSER_WR 


:O
:
 

NGRCPTLIMIT=10,QMAILQUEUE=/var/qmail/bin/simscan,DKSIG

 

N=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1

cat /var/qmail/control/simcontrol
  

:
:clam=yes,spam=yes,attach=.zip:.rar:.com:.vbs:.bat:.lnk:.scr:.pif:.mpeg:. 


:w
:
 

mv:.reg:.asx:.mpg:.txt.scr:.pif.scr:.adb:.asp:.dbx:.php:.p
  
l:.scs:.sht:.tbb:.uin:.vbs:.wab:.txt.bat:.txt.scr:.mpe:.flv:.pps:.exe:.dw 


r

 

:.mp3:.wav:.cda:.iso:.avi:.mpeg:.mp4:.bak:.dwg:.ipj:.iam