[spamdyke-users] Best way to deal with returned emails not sent by user

[Shane Bywater]

Hi,
I'm wondering what the best way is (hopefully by using Spamdyke)  to 
deal with the thousands of mailer-daemon messages that are sometimes 
received by a user who was unfortunate to have a spammer use their email 
address in the From: line to send out SPAM.  Of course any undeliverable 
messages are returned to this innocent user.
The solution would need to be domain specific as there are multiple 
domains are using Spamdyke on the mail server in question.

Thanks for your assistance,
Shane Bywater

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] spamdyke 4.0.3 logging

[Sam Clippinger]

Seems to be a bug.  When log-target=stderr is given on the command 
line, it works correctly.  When it is given in a configuration file, it 
sends output to both stderr and syslog.  My test scripts don't check for 
that particular problem, apparently.

I'll get on it.  Thanks for reporting this!

-- Sam Clippinger

Eric Shubert wrote:
 I think I've taken splogger out of the picture. I have qmail-send messages
 going to the (proper) /var/log/qmail/send/current file via multilog.

 The qmail logs look ok now. However, the spamdyke messages are still going
 to both the smtpd/current log, as well as /var/log/maillog. Any idea how
 that could be happening?

 Sam Clippinger wrote:
   
 I'm not that familiar with splogger but a quick search gave me several 
 pages that all say it sends its messages to syslog in addition to 
 passing them through stdout/stderr.
 http://www.ezmlm.org/man/man8/splogger.8.html

 Of course it's possible this is a spamdyke bug but the way you've 
 described your setup, it sounds like splogger is functioning correctly.

 -- Sam Clippinger

 Eric Shubert wrote:
 
 Eric Shubert wrote:
   
   
 I've just installed spamdyke 4.0.3 on a somewhat convoluted qmail host, and
 am seeing some wierdness with logging.

 The server has logging for qmail-smtp set up in the typical qmail fashion,
 with logging going to stderr and on to /var/log/qmail/smtpd/current. I have
 spamdyke configured with log-target=stderr. Logging looks fine in the 
 smtpd log.

 Now for the weirdness. The qmail-start (and thus qmail-send) is configured
 to use splogger to send messages to /var/log/maillog. Why, I have no idea.
 The weird thing is that spamdyke's messages are appearing in
 /var/log/maillog as well as /var/log/qmail/smtp/current. Any idea how/why
 this is happening? Could be something in the (mis)configuration that I'm 
 not
 seeing, but I'm a bit befuddled.

 
 
 So I've moved qmail-send's logging to where it's usually found, at
 /var/log/qmail/send/current. Spamdyke's log messages are still showing up in
 /var/log/maillog though, in addition to /var/log/qmail/smtpd/current (where
 they're supposed to go). I double checked configuration, and I have
 log-target=stderr.

 Looking like a bug to me, Sam. ;)

   
   

   
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] spamdyke 4.0.3 not allowing?

[Eric Shubert]

That's pretty much what I figured. I've kept a little closer eye on it this
morning (just visual monitoring), and it seems to be rejecting nearly
everything properly. Maybe a couple instances where the session ends with
status 0 and no message from spamdyke.

Would it be possible to add a 'sender disconnect' or some such message, so
that there will always be a message from spamdyke for every smtp session
that's initiated? Not a big deal, but it'd be nice to be able to account for
every connection (if someone were to write a log summary report of some kind).

Sam Clippinger wrote:
 spamdyke won't log anything if a remote client disconnects without 
 identifying a sender or recipient.  Prior to version 4.0, it wouldn't 
 log anything if a message was delivered with TLS but that's been fixed.  
 I can't think of any other situation where a delivery (or rejection) 
 would not create a log entry.
 
 -- Sam Clippinger
 
 Eric Shubert wrote:
 Sam Clippinger wrote:
   
 Good to hear it's working... I guess there just weren't any good 
 messages being delivered while you were testing filter-level?
 
 That's what I'm thinking.

 I'm still seeing something a little peculiar though. I would expect every
 smtp session to generate a spamdyke message of one form or another, either a
 rejection or an allow. This particular server's pretty, so it's sometimes
 hard to tell. Is this the case, or are there situations where a session
 might not have a spamdyke message?

 FWIW, this server is simply a relay for specific domains, and has/does no
 authentication other than checking rcpthosts and morercpthosts, then
 forwards the mail based on the .qmail-default record for each domain. Kinda
 goofy, I know.

   
 By the way, setting the filter-level option in the global config file 
 is not really what I had in mind when I created that flag.  Since it 
 overrides all other flags, including blacklists, it was really intended 
 for use in configuration directories.  Specifically, some of my users 
 have become tired of repeatedly asking me to whitelist their 
 correspondents.  Several have asked me to just turn off spam filtering 
 for their accounts.  With configuration directories, I can create a file 
 for their address that includes the command filter-level=allow-all 
 (they typically begin to see the wisdom of filtering after a few days).  
 Without that command, their file would have to explicitly disable all 
 enabled filters and would be a pain to create/maintain.

 By the same token, I wanted to provide an easy way for administrators to 
 require authentication for senders/recipients within specific domains.  
 That is now very easy to accomplish using a configuration directory and 
 filter-level=require-auth.
 
 Nice.

 FWIW, I just found it to be an easy way to turn spamdyke off temporarily, as
 opposed to changing run files back and forth. :)

   
 -- Sam Clippinger

 Eric Shubert wrote:
 
 Eric Shubert wrote:
   
   
 Eric Shubert wrote:
 
 
 I've probably hosed up something in my new .conf file.

 What I'm seeing is that with filter-level=normal, I'm seeing some 
 rejections
 (not as many as I'd expect), and NO allow messages. I can confirm that
 nothing is being allowed from looking at the send queue.

 With filter-level=allow-all, it's indeed allowing everything. Not exactly
 what I had in mind though. :(

 Here's my spamdyke.conf file:
 filter-level=allow-all
 max-recipients=50
 reject-empty-rdns
 reject-ip-in-cc-rdns
 reject-missing-sender-mx
 reject-unresolvable-rdns
 log-level=info
 log-target=stderr
 idle-timeout-secs=300
 ip-blacklist-file=/etc/spamdyke/blacklist_ip
 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
 recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
 sender-blacklist-file=/etc/spamdyke/blacklist_senders
 ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
 ip-whitelist-file=/etc/spamdyke/whitelist_ip
 rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
 recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
 sender-whitelist-file=/etc/spamdyke/whitelist_senders
 ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
 dns-blacklist-entry=zen.spamhaus.org
 dns-blacklist-entry=bl.spamcop.net
 graylist-level=always-create-dir
 graylist-dir=/var/spamdyke/graylist
 graylist-max-secs=1814400
 graylist-min-secs=180
 local-domains-file=/var/qmail/control/rcpthosts
 local-domains-file=/var/qmail/control/morercpthosts

 Note, in the cases where the parameter references a file, the file exists
 and is empty.

 Thoughts / suggestions?

   
   
 Ok, so I removed all of the blacklist and whilelist file references, and
 graylisting, and I'm seeing an allow or 2 coming through. That's good!

 I'll try adding parameters back in and see if I can pinpoint the culprit.

 
 
 Ok, so there doesn't appear to be a problem any more. After some careful
 testing, everything appears to be working as it should.

 As Rosanna