Re: [spamdyke-users] modifying way that filters are shown in log files

Thu, 13 Mar 2014 13:08:02 -0700 

Hi,
        I disabled all whitelist options in spamdyke.conf and restarted 
spamdyke.  Confirmed no whitelist filters continued to be displayed in the 
maillog file and also confirmed that only FILTER_EARLYTALKER delay: 5 was found 
but still no DENIED_EARLYTALKER entries.  I even checked back in maillog files 
from 2012 and found the same result.  It just can't be an authenticated user 
from so many different IPs (100s) from such a long period of time as my server 
would certainly be listed in multiple DNS blacklists (it's currently not in 
any).  If anyone else has the same issue I would be curious if it has anything 
to do with Plesk being involved.  If there are no other recommendations maybe 
I'll try installing Spamdyke 5.0.0 unless anyone has had issues using it on a 
Plesk 10.4.4, CentoOS 6 server.  All comments are welcomed.

Regards,
Shane Bywater



----------------------------------------------------------------------

Message: 1
Date: Wed, 12 Mar 2014 17:28:58 -0500
From: Sam Clippinger <s...@silence.org>
Subject: Re: [spamdyke-users] modifying way that filters are shown in
        log     files
To: spamdyke users <spamdyke-users@spamdyke.org>
Message-ID: <a70266f0-2742-4c3b-9820-adc66fe9f...@silence.org>
Content-Type: text/plain; charset="us-ascii"

If the earlytalker filter actually blocks a connection, you should see a 
"DENIED_EARLYTALKER" message in the log.  Are you sure that connection isn't 
whitelisted or authenticating?  Either of those things would prevent the 
earlytalker filter from actually blocking the connection.

-- Sam Clippinger




On Mar 11, 2014, at 10:04 PM, Shane Bywater <sh...@apexia.ca> wrote:

> Hi,
>       I'm running Spamdyke 4.3.1 on a Centos 6 server.  I've been 
> successfully using spamdyke along with fail2ban to block IPs with the 
> following characteristics:
> Missing RNDS and RDNS containing IP address.
> 
> In the maillog files I see the following:
> Aug 24 04:14:42 server spamdyke[20879]: FILTER_IP_IN_CC_RDNS ip: 
> 186.52.196.7 rdns: r186-52-196-7.dialup.adsl.anteldata.net.uy
> Aug 24 04:14:42 server spamdyke[20879]: DENIED_IP_IN_CC_RDNS from: 
> birgitta.weh...@vll.ca to: u...@domain.com origin_ip: 186.52.196.7 
> origin_rdns: r186-52-196-7.dialup.adsl.an Aug 24 04:15:07 server 
> spamdyke[23813]: FILTER_RDNS_MISSING ip: 117.207.23.39 Aug 24 04:15:07 
> server spamdyke[23813]: DENIED_RDNS_MISSING from: 73a8...@enerdeco.nl 
> to: u...@domain.com origin_ip: 117.207.23.39 origin_rdns: (unknown) 
> auth: (unknown) Aug 24 04:21:33 apexia spamdyke[25574]: 
> FILTER_EARLYTALKER delay: 5 Aug 24 04:21:33 apexia 
> /var/qmail/bin/relaylock[25582]: /var/qmail/bin/relaylock: mail from 
> 101.208.35.161:51645 (not defined)
> 
> My fail2ban configuration file contains:
> [Definition]
> failregex = spamdyke.+: DENIED_RDNS_MISSING from:.+origin_ip: <HOST>
>            spamdyke.+: DENIED_IP_IN_CC_RDNS from:.+origin_ip: <HOST>
>            spamdyke.+: FILTER_EARLYTALKER delay: 5.+from <HOST>  
> <--not working ignoreregex =
> 
> My issue is I now want to start banning IPs that set off the 
> FILTER_EARLYTALKER filter but as there is no corresponding DENIED_EARLYTALKER 
> from: x...@yyy.com to u...@domain.com origin_ip: 111.222.333.444 I cannot 
> figure out the proper failregex expression to match the exising format for 
> FILTER_EARLYTALKER nor do I know how to change spamdyke to show a familiar 
> DENIED_EARLYTALKER ... heading in the maillog which I could determine the 
> proper failregex for.  If anyone can provide me with some suggestions that 
> would be appreciated.
> 
> Regards,
> Shane Bywater
> 
> _______________________________________________
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
http://www.spamdyke.org/mailman/private/spamdyke-users/attachments/20140312/af220ab8/attachment-0001.html
 

------------------------------

_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users


End of spamdyke-users Digest, Vol 82, Issue 9
*********************************************
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Reply via email to