Re: [spamdyke-users] can't block envelope sender

2016-07-21 Thread Faris Raouf via spamdyke-users 
Thanks Sam. That's brilliant and hugely helpful.

 

I'll try to do this this evening, and failing that over the weekend.

 

I will also check the whitelists again in case I missed something.

 

Yes, ms2 is the edge server and that's where the sender is backlisted,
although I've just added it to the ip147 one as well for good measure :)

 

 

 

From: spamdyke-users [mailto:spamdyke-users-boun...@spamdyke.org] On Behalf
Of Sam Clippinger via spamdyke-users
Sent: 21 July 2016 14:14
To: spamdyke users 
Subject: Re: [spamdyke-users] can't block envelope sender

 

>From what I can see, spamdyke should be blocking those messages.  This could
be a bug, but first I'd suggest carefully checking your whitelists.  In
almost every case I've seen like this where a blacklist simply will not
work, it turns out to be a whitelist entry that's overriding it.  You
mentioned your email flows through several different servers before it
reaches the user's mailbox... from the message headers, it looks like ms2 is
your edge server, is that where the blacklist entry is set?

 

If you can login to ms2 at the command line, you could also try running
spamdyke by hand so you can see more verbose output without flooding your
logs.  You don't need to stop your mail server for this; it won't interfere
with any normal operations.  First, set an environment variable so spamdyke
will think it's getting a connection from a remote server:

  export TCPREMOTEIP=94.143.105.188

Next create a very small spamdyke config file (can be anywhere, doesn't have
to be in /etc) with two options:

  log-target=stderr

  log-level=excessive

Then find the command line spamdyke is started with (in your "run" file) and
run it the same way, but add another "-f" for the new config file AFTER your
real config file.  (If you're curious why, it's because config options are
applied in the order they are read.  We want to override those two options
for this run, so they need to be read last.)  For example, on my server I
would run this:

  spamdyke -f /etc/spamdyke.d/spamdyke.conf -f /tmp/testing.conf --
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true

You should see the SMTP greeting banner just like a mail client does
(possibly delayed a few seconds by spamdyke) plus debug messages that would
normally go in the logs.  Type in these SMTP commands to imitate a client
and test the blacklist:

  EHLO cloudtengroup1.mta.dotmailer.com
 

  MAIL FROM: >

  RCPT TO: >

At that point, you should see either a 250 response if the message is
accepted or a 500 response if it is blocked, plus tons of debugging output
from spamdyke to show what it's thinking.  You can type QUIT or ctrl-C to
exit.

 

Hopefully that'll show what's happening.  If you can't spot the issue or
have trouble deciphering the output, feel free to email it to me privately
and I'll take a look.





 

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] can't block envelope sender

2016-07-21 Thread Sam Clippinger via spamdyke-users 
nown)
> encryption: TLS reason: 250_ok_1469093577_qp_25272
> 
> **
> 
> 
> **
> Spamdyke config file:
> 
> log-level=verbose
> idle-timeout-secs=60
> greeting-delay-secs=11
> policy-url=http://www.redacted.tld/email.html
> 
> graylist-dir=/var/qmail/graylist
> graylist-level=none
> graylist-min-secs=300
> graylist-max-secs=1814400
> 
> ip-blacklist-file=/etc/spamdyke.d/blacklist_ip
> sender-blacklist-file=/etc/spamdyke.d/blacklist_sender
> rdns-blacklist-file=/etc/spamdyke.d/blacklist_rdns
> recipient-blacklist-file=/etc/spamdyke.d/blacklist_recipient
> 
> ip-whitelist-file=/etc/spamdyke.d/whitelist_ip
> rdns-whitelist-file=/etc/spamdyke.d/whitelist_rdns
> recipient-whitelist-file=/etc/spamdyke.d/whitelist_recipient
> sender-whitelist-file=/etc/spamdyke.d/whitelist_sender
> 
> tls-certificate-file=/ssl/c1org1516.pem
> tls-level=smtp-no-passthrough
> 
> #(Blacklists redacted)
> 
> reject-empty-rdns
> 
> **
> 
> 
> 
> **
> 
> /etc/spamdyke.d/blacklist_sender contains:
> 
> @tooplemail.com
> 
> **
> 
> 
> 
> **
> EXAMPLE EMAIL HEADER 
> (Slightly complicated because it goes through two qmail-scanner/spamdyke
> servers, 
> ms2.redacted.tld and 147.redacted.tld,
> each with different spamassassin configs (hence the odd subject
> modification!), 
> to get to the mailbox)
> 
> 
> Received: (qmail 25508 invoked by uid 2523); 21 Jul 2016 10:33:11 +0100
> X-Qmail-Scanner-Diagnostics: from ms2.redacted.tld by ip147.redacted.tld
> (envelope-from <bo-3ueb-2dqy-yto27-c0...@tooplemail.com>, uid 2020) with
> qmail-scanner-2.10st 
> (clamdscan: 0.99.2/21940. mhr: 1.0. spamassassin: 3.3.2. perlscan: 2.10st.
> 
> Clear:RC:0(178.62.199.136):SA:1(3.6/3.0):. 
> Processed in 2.510301 secs); 21 Jul 2016 09:33:11 -
> X-Spam-Status: Yes, hits=3.6 required=3.0
> X-Spam-Level: +++
> Received: from ms2.redacted.tld (redacted)
>  by ip147.redacted.tld with SMTP; 21 Jul 2016 10:33:08 +0100
> Received: (qmail 25293 invoked by uid 500); 21 Jul 2016 09:32:57 -
> X-Qmail-Scanner-Diagnostics: from cloudtengroup1.mta.dotmailer.com by
> ms2.redacted.tld (envelope-from <bo-3ueb-2dqy-yto27-c0...@tooplemail.com>,
> uid 496) with qmail-scanner-2.10st 
> (clamdscan: 0.99.2/21940. mhr: 1.0. spamassassin: 3.3.2. perlscan: 2.10st.
> 
> Clear:RC:0(94.143.105.188):SA:1(4.3/3.0):. 
> Processed in 2.094403 secs); 21 Jul 2016 09:32:57 -
> X-Qmail-Scanner-MOVED-X-Spam-Status: Yes, hits=4.3 required=3.0
> X-Qmail-Scanner-MOVED-X-Spam-Level: 
> Received: from cloudtengroup1.mta.dotmailer.com (94.143.105.188)
>  by ms2.redacted.tld with SMTP; 21 Jul 2016 09:32:54 -
> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim1024;
> d=tooplemail.com;
> 
> h=From:To:Subject:MIME-Version:Content-Type:Date:List-Unsubscribe:Reply-To:M
> essage-ID; i=daniel.clem...@tooplemail.com;
> bh=l80qAnWoe07RouX288jDc7eGwnI=;
> 
> b=eKFZ6Hdnf2Y6CSyjmyGiZVhZ0sLTRBhdvTW6lTPSBXcSi4sN1cOahISl7yHYH+6e3C5BVWZhZR
> Ac
> 
> I8K4/ou8t07mvwjo5l/aHP2GCUZ1+tIw/ApSNwsjep7ZHL2FGV9M/uJKEY+yx/pzIB3QSnJ1cj4v
>   RttFGlwSie1pPu7twYA=
> From: "Welcome To Toople.com Newsletter" <daniel.clem...@tooplemail.com> 
> To: "redac...@redacted.tld" <redac...@redacted.tld>
> Subject: SPAM LOW *  SPAM MEDIUM *  Why is Toople.com
> different to the rest?
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>   boundary="87YTO274C:20160721093145243"
> X-Mailer: dmDroid
> Date: Thu, 21 Jul 2016 10:31:45 +0100
> X-CampaignID: GIKG
> X-dmid: 3UEB-2DQY-YTO27
> Feedback-ID: 3UEB:2DQY:20160721:DDGESP
> List-Unsubscribe: <http://tooplemail.com/3UEB-2DQY-87YTO274C/uauto.aspx>
> Bounces-to: bo-3ueb-2dqy-yto27-c0...@tooplemail.com
> Return-Path: bo-3ueb-2dqy-yto27-c0...@tooplemail.com
> Reply-To: "Welcome To Toople.com Newsletter"
> <re-3ueb-2dqy-yto27-c0...@tooplemail.com>
> Message-ID: <2dqy.87yto274c.20160721093145...@tooplemail.com>
> 
> **
> 
> 
> **
> Config test (run as root, but should be valid enough):
> 
> # /usr/local/bin/spamdyke --config-test -f /etc/spamdyke.d/spamdyke.conf
> /var/qmail/bin/qmail-smtpd
> spamdyke 5.0.1+TLS+CONFIGTEST+DEBUG (C)2015 Sam Clippinger, samc (at)
> silence (dot) org
> http://www.spamdyke.org/
> 
> Use --help for an option summary, --more-help for option details or see
> README.html for complete documentation.
> 
> Testing configuration...
> WARNING: Running tests as superuser root(0), group root(0). These test
> results may not be valid if the mail serv

[spamdyke-users] can't block envelope sender

2016-07-21 Thread Faris Raouf via spamdyke-users 
HYH+6e3C5BVWZhZR
Ac
 
I8K4/ou8t07mvwjo5l/aHP2GCUZ1+tIw/ApSNwsjep7ZHL2FGV9M/uJKEY+yx/pzIB3QSnJ1cj4v
   RttFGlwSie1pPu7twYA=
From: "Welcome To Toople.com Newsletter" <daniel.clem...@tooplemail.com> 
To: "redac...@redacted.tld" <redac...@redacted.tld>
Subject: SPAM LOW *  SPAM MEDIUM *  Why is Toople.com
different to the rest?
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="87YTO274C:20160721093145243"
X-Mailer: dmDroid
Date: Thu, 21 Jul 2016 10:31:45 +0100
X-CampaignID: GIKG
X-dmid: 3UEB-2DQY-YTO27
Feedback-ID: 3UEB:2DQY:20160721:DDGESP
List-Unsubscribe: <http://tooplemail.com/3UEB-2DQY-87YTO274C/uauto.aspx>
Bounces-to: bo-3ueb-2dqy-yto27-c0...@tooplemail.com
Return-Path: bo-3ueb-2dqy-yto27-c0...@tooplemail.com
Reply-To: "Welcome To Toople.com Newsletter"
<re-3ueb-2dqy-yto27-c0...@tooplemail.com>
Message-ID: <2dqy.87yto274c.20160721093145...@tooplemail.com>

**


**
Config test (run as root, but should be valid enough):

# /usr/local/bin/spamdyke --config-test -f /etc/spamdyke.d/spamdyke.conf
/var/qmail/bin/qmail-smtpd
spamdyke 5.0.1+TLS+CONFIGTEST+DEBUG (C)2015 Sam Clippinger, samc (at)
silence (dot) org
http://www.spamdyke.org/

Use --help for an option summary, --more-help for option details or see
README.html for complete documentation.

Testing configuration...
WARNING: Running tests as superuser root(0), group root(0). These test
results may not be valid if the mail server runs as another user.
SUCCESS: spamdyke binary (/usr/local/bin/spamdyke) is not owned by root
and/or is not marked setuid.
INFO: Running command to test capabilities: /var/qmail/bin/qmail-smtpd
SUCCESS: /var/qmail/bin/qmail-smtpd does not appear to offer TLS support.
spamdyke will offer, intercept and decrypt TLS traffic.
SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer SMTP AUTH support.
spamdyke will observe any authentication and trust its response.
INFO(config-dir): Testing configuration directory: /etc/spamdyke.d/configdir
SUCCESS(config-dir): Configuration directory tests succeeded:
/etc/spamdyke.d/configdir
INFO(config-dir): Testing configuration directory:
/etc/spamdyke.d/individuals
SUCCESS(config-dir): Configuration directory tests succeeded:
/etc/spamdyke.d/individuals
INFO(config_test_file_read): Testing file read: config_test.c
SUCCESS(config-file): Opened for reading: /etc/spamdyke.d/spamdyke.conf
INFO(config_test_file_read): Testing file read: config_test.c
SUCCESS(dns-resolv-conf): Opened for reading: /etc/resolv.conf
ERROR(graylist-level): The "graylist-level" option is "none" but other
graylist options were given. They will all be ignored.
INFO(config_test_file_read): Testing file read: config_test.c
SUCCESS(ip-blacklist-file): Opened for reading: /etc/spamdyke.d/blacklist_ip
INFO(config_test_file_read): Testing file read: config_test.c
SUCCESS(ip-whitelist-file): Opened for reading: /etc/spamdyke.d/whitelist_ip
SUCCESS(qmail-rcpthosts-file): Opened for reading:
/var/qmail/control/rcpthosts
INFO(config_test_file_read): Testing file read: config_test.c
SUCCESS(rdns-blacklist-file): Opened for reading:
/etc/spamdyke.d/blacklist_rdns
INFO(config_test_file_read): Testing file read: config_test.c
SUCCESS(rdns-whitelist-file): Opened for reading:
/etc/spamdyke.d/whitelist_rdns
INFO(config_test_file_read): Testing file read: config_test.c
SUCCESS(recipient-blacklist-file): Opened for reading:
/etc/spamdyke.d/blacklist_recipient
INFO(config_test_file_read): Testing file read: config_test.c
SUCCESS(recipient-whitelist-file): Opened for reading:
/etc/spamdyke.d/whitelist_recipient
INFO(config_test_file_read): Testing file read: config_test.c
SUCCESS(sender-blacklist-file): Opened for reading:
/etc/spamdyke.d/blacklist_sender
INFO(config_test_file_read): Testing file read: config_test.c
SUCCESS(sender-whitelist-file): Opened for reading:
/etc/spamdyke.d/whitelist_sender
INFO(tls-certificate-file): Testing TLS by initializing SSL/TLS library with
certificate and key
SUCCESS(tls-certificate-file): Opened for reading: /ssl/c1org1516.pem
SUCCESS(tls-certificate-file): Certificate and key loaded; SSL/TLS library
successfully initialized
ERROR: Tests complete. Errors detected.


***

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users