[spamdyke-users] Timer for objects in blacklist
Is there a way we could get a configuration for a timer to be set on blacklist items in any blacklist? For instance when I configure firewall rules and use address lists I always use a timer on these list to be removed from the list after a certain amount of time but the rule is always there so if the address gets caught by the rule gets re added to the list again. I was thinking if there was an easier way to manage these list better and the timer came up. If I was able to place a timer on the items in the list say for 30days or less to be emptied out would be great. Something else to consider is dumping them into another list to be watched and if they show up again then re-add them back to the current list and drop the others in the old list after a few days. this may help with my pain of these list growing out of control. Thanks Dave attachment: dmilholen.vcf___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Fwd: Search for High Speed Internet options near you
Thats where I was headed with this one.. UGH! How annoying. We need a honeypot approach for these guys and then tarpit them into a blackhole. I will post a resolve on this once a I try a few things. thanks Dave On 06/03/2014 11:19 AM, Angus McIntyre wrote: On Jun 3, 2014, at 11:25 AM, David dmilho...@wletc.com wrote: How in the world do I stop these annoying emails. according to the headers they change the From: Subject: and the domains and ips change as well. It looks like an affiliate spammer. They typically rent a block of IP addresses from one or more hosting providers, then start pumping out spam with syndicated marketing links in it, and get paid when suckers click on the links. I don't recognize this particular one's style, but the bad news is that they tend to be really hard to filter. As you've found out, they constantly change domain names (they probably use domain-kiting to ensure that they never have to pay for names), they constantly change IPs (so-called snowshoe spamming, aided by compliant ISPs), they use hashbuster text in their messages to get past or poison statistical filters, and they constantly change their subjects, from lines, and in some cases even their URL formats. Unfortunately, Spamdyke isn't a lot of help against these guys. They are actually delivering from real mailservers (as opposed to botnet PCs), so graylisting won't help. They generally have their DNS set up correctly, so rDNS checks won't reject them. They change names and IPs so fast that RBLs struggle to keep up. They are among the hardest spammers to block. I suggest that you collect samples of the spam that you're receiving and then analyze them. It's possible that you may be able to identify a small number of IP blocks used by the spammer and block those, although they change IPs and hosting services continually to avoid that. A more productive approach may be to try to identify patterns in the URLs that they use and write a SpamAssassin rule to recognize them. The URL in the sample you sent is very long and complex, which means that you have quite a good chance of writing a regex that would recognize their spams but wouldn't generate false positives on legitimate emails. Angus ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Fwd: Search for High Speed Internet options near you
Just found out my spamassassin doesnt seem to be working.. Ill post logs soon On 06/03/2014 09:10 PM, Eric Shubert wrote: I haven't seen this sort of thing in quite some time (thankfully). Have you sent them through sa-learn so bayes can detect them? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Fwd: Search for High Speed Internet options near you
Ok, found the issue.. We use webmin to admin alot of servers and a few weeks ago we attempted to write a rule that would detect certain phrases within a body of the message and when it was applied all seemed fine but webmin did not know how to properly restart spamd. Anyways looking into webmin index to see what it was trying to restart. Thanks Dave On 06/03/2014 09:10 PM, Eric Shubert wrote: I haven't seen this sort of thing in quite some time (thankfully). Have you sent them through sa-learn so bayes can detect them? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Fwd: Search for High Speed Internet options near you
Yes, sorry, I posted resolution there. Fixed by cleaning all email accounts and correcting tcp.rules then adding a spam assassin rule to catch all email with a common phrase html tag Thanks Dave On 06/23/2014 03:12 PM, Eric Shubert wrote: You got this resolved on the QMT list, right? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Problem in v3.1.1 make it un-usable.
I have two server. One I install the latest spamdyke v3.1.1, let's call this server A and the other server B. Both have spamdyke v3.1.1, using plesk. But when I send email via webmail from server A to the server B email, some how the email cannot be delivered. When I check server B the log shows a lot of Broken pipe. How I know as all the email was trap in server A queue, so I force qmail to send and immediately check the server log in server B. Nov 13 22:19:52 manna spamdyke[19583]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19586]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19586]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19587]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19587]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe So I install v3.0.1 in server B (with the same configuration) and did the same thing by forcing qmail to send the trap queue. Now all the email is send through. At this point I have kept v3.1.1 on server A to see if there are other issue. Have to down grade to v3.0.1 as both email send via webmail cannot be transmitted. It seems like v3.1.1 need to resolve this critical issue. I hope some how this report will help to resolve the issue. Send instant messages to your online friends http://uk.messenger.yahoo.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
I would like to report that v3.1.0 also suffer from the same issue as described below. So now I am back to v3.0.1, I think many mail will be missing if I continue to test. I believei it should be able to resolve quickly. - Original Message From: david boh [EMAIL PROTECTED] To: spamdyke-users@spamdyke.org Sent: Tuesday, November 13, 2007 11:22:01 PM Subject: [spamdyke-users] Problem in v3.1.1 make it un-usable. I have two server. One I install the latest spamdyke v3.1.1, let's call this server A and the other server B. Both have spamdyke v3.1.1, using plesk. But when I send email via webmail from server A to the server B email, some how the email cannot be delivered. When I check server B the log shows a lot of Broken pipe. How I know as all the email was trap in server A queue, so I force qmail to send and immediately check the server log in server B. Nov 13 22:19:52 manna spamdyke[19583]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19586]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19586]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19587]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19587]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe So I install v3.0.1 in server B (with the same configuration) and did the same thing by forcing qmail to send the trap queue. Now all the email is send through. At this point I have kept v3.1.1 on server A to see if there are other issue. Have to down grade to v3.0.1 as both email send via webmail cannot be transmitted. It seems like v3.1.1 need to resolve this critical issue. I hope some how this report will help to resolve the issue. Send instant messages to your online friends http://uk.messenger.yahoo.com Send instant messages to your online friends http://uk.messenger.yahoo.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
Sure my friend.
Both server has the same smtp_psa and configure ( both server have 3.0.1 and
duplicate/mirror setting)
SMTP_PSA
{
socket_type = stream
protocol= tcp
wait= no
disable = no
user= root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /var/qmail/bin/relaylock /usr/local/bin/spamdyke
--config-file /var/qmail/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpd
/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw
/var/qmail/bin/true
}
SPAMDYKE.CONF
log-level=2
local-domains-file=/var/qmail/control/rcpthosts
max-recipients=30
idle-timeout-secs=300
graylist-dir=/var/qmail/spamdyke/graylist
graylist-min-secs=120
graylist-max-secs=1814400
#greeting-delay-secs = 1
sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders
recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients
# ip-in-rdns-keyword-file=/var/qmail/spamdyke/blacklist_keywords
ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip
# rdns-blacklist-dir=/var/qmail/spamdyke/blacklist_rdns.d
sender-whitelist-file=/var/qmail/spamdyke/whitelist_recipients
# reject-empty-rdns
# reject-unresolvable-rdns
# reject-ip-in-cc-rdns
# rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns
ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip
reject-missing-sender-mx
check-dnsrbl=dul.dnsbl.sorbs.net
#check-dnsrbl=sbl.spamhaus.org
- Original Message
From: Sam Clippinger [EMAIL PROTECTED]
To: spamdyke users spamdyke-users@spamdyke.org
Sent: Wednesday, November 14, 2007 12:13:44 AM
Subject: Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
Can you send more information about your setup? Could you send the
contents of your /etc/xinetd.d/smtp_psa file and your spamdyke
configuration file (if you have one)?
-- Sam Clippinger
david boh wrote:
I would like to report that v3.1.0 also suffer from the same issue as
described below.
So now I am back to v3.0.1, I think many mail will be missing if I
continue to test.
I believei it should be able to resolve quickly.
- Original Message
From: david boh [EMAIL PROTECTED]
To: spamdyke-users@spamdyke.org
Sent: Tuesday, November 13, 2007 11:22:01 PM
Subject: [spamdyke-users] Problem in v3.1.1 make it un-usable.
I have two server. One I install the latest spamdyke v3.1.1, let's
call
this server A and the other server B.
Both have spamdyke v3.1.1, using plesk. But when I send email via
webmail from server A to the server B email, some how the email
cannot
be delivered.
When I check server B the log shows a lot of Broken pipe. How I know
as
all the email was trap in server A queue, so I force qmail to send
and
immediately check the server log in server B.
Nov 13 22:19:52 manna spamdyke[19583]: ERROR: unable to write 36
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 1542
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 36
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write 1542
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write 36
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19586]: ERROR: unable to write 1542
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19586]: ERROR: unable to write 36
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19587]: ERROR: unable to write 1542
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19587]: ERROR: unable to write 36
bytes
to file descriptor 1: Broken pipe
So I install v3.0.1 in server B (with the same configuration) and did
the same thing by forcing qmail to send the trap queue. Now all the
email is send through.
At this point I have kept v3.1.1 on server A to see if there are
other
issue.
Have to down grade to v3.0.1 as both email send via webmail cannot be
transmitted.
It seems like v3.1.1 need to resolve this critical issue. I hope some
how this report will help to resolve the issue.
Send instant messages to your online friends
http://uk.messenger.yahoo.com
Send instant messages to your online friends
http://uk.messenger.yahoo.com
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Send instant messages to your online friends http://uk.messenger.yahoo.com ___
spamdyke-users
Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
Hi Sam,
Test Step:
1. Re-install spamdyke 3.1.1 in both server
2. Place the spamdyke before relaylock pipe in xinetd.d
3. Restart xinetd
4. Repeat 2 and 3 of the other server.
5. Did the test, using webmail and send from server A to server B. Did the same
on the other end.
Both email did not leave the server just hang in qmail queue.
So I revert both spamdyke to 3.0.1. (position of spamdyke still before
relaylock)
Force qmail to send qmail queue. All email goes without any problem.
So pipe spamdyke before relaylock works. But spamdyke 3.1.1 still have problem
with mail send via webmail.
Through-out this test no configuration change for spamdyke.conf, whitelist,
blacklist all configure file is the same.
- Original Message
From: Sam Clippinger [EMAIL PROTECTED]
To: spamdyke users spamdyke-users@spamdyke.org
Sent: Thursday, November 15, 2007 2:09:29 AM
Subject: Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
I got a tip a while back from another Plesk user that you have to run
spamdyke before relaylock to avoid these errors. So in your
/etc/xinetd.d/smtp_psa file, try changing the server_args line to:
server_args = -Rt0 /usr/local/bin/spamdyke --config-file
/var/qmail/spamdyke/spamdyke.conf /var/qmail/bin/relaylock
/var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true
/var/qmail/bin/cmd5checkpw /var/qmail/bin/true
I need to update the documentation to include this.
-- Sam Clippinger
david boh wrote:
Sure my friend.
Both server has the same smtp_psa and configure ( both server have
3.0.1
and duplicate/mirror setting)
SMTP_PSA
{
socket_type = stream
protocol= tcp
wait= no
disable = no
user= root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /var/qmail/bin/relaylock
/usr/local/bin/spamdyke --config-file
/var/qmail/spamdyke/spamdyke.conf
/var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth
/var/qmail/bin/true
/var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}
SPAMDYKE.CONF
log-level=2
local-domains-file=/var/qmail/control/rcpthosts
max-recipients=30
idle-timeout-secs=300
graylist-dir=/var/qmail/spamdyke/graylist
graylist-min-secs=120
graylist-max-secs=1814400
#greeting-delay-secs = 1
sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders
recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients
# ip-in-rdns-keyword-file=/var/qmail/spamdyke/blacklist_keywords
ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip
# rdns-blacklist-dir=/var/qmail/spamdyke/blacklist_rdns.d
sender-whitelist-file=/var/qmail/spamdyke/whitelist_recipients
# reject-empty-rdns
# reject-unresolvable-rdns
# reject-ip-in-cc-rdns
# rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns
ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip
reject-missing-sender-mx
check-dnsrbl=dul.dnsbl.sorbs.net
#check-dnsrbl=sbl.spamhaus.org
- Original Message
From: Sam Clippinger [EMAIL PROTECTED]
To: spamdyke users spamdyke-users@spamdyke.org
Sent: Wednesday, November 14, 2007 12:13:44 AM
Subject: Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
Can you send more information about your setup? Could you send the
contents of your /etc/xinetd.d/smtp_psa file and your spamdyke
configuration file (if you have one)?
-- Sam Clippinger
david boh wrote:
I would like to report that v3.1.0 also suffer from the same issue
as
described below.
So now I am back to v3.0.1, I think many mail will be missing if I
continue to test.
I believei it should be able to resolve quickly.
- Original Message
From: david boh [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
To: spamdyke-users@spamdyke.org
mailto:spamdyke-users@spamdyke.org
Sent: Tuesday, November 13, 2007 11:22:01 PM
Subject: [spamdyke-users] Problem in v3.1.1 make it un-usable.
I have two server. One I install the latest spamdyke v3.1.1, let's
call
this server A and the other server B.
Both have spamdyke v3.1.1, using plesk. But when I send email via
webmail from server A to the server B email, some how the email
cannot
be delivered.
When I check server B the log shows a lot of Broken pipe. How I
know as
all the email was trap in server A queue, so I force qmail to send
and
immediately check the server log in server B.
Nov 13 22:19:52 manna spamdyke[19583]: ERROR: unable to write 36
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 1542
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 36
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write 1542
bytes
to file descriptor 1: Broken pipe
Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write
Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
There is not error for maillog, using log level-2.
Will try the full log later thist week to confirm, if there is any issue.
- Original Message
From: Sam Clippinger [EMAIL PROTECTED]
To: spamdyke users spamdyke-users@spamdyke.org
Sent: Friday, November 16, 2007 4:09:54 AM
Subject: Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
This is very strange. When the messages remain in the queue, are you
seeing any errors in the qmail logs? Can you enable spamdyke's full
logging on the receiving server and send me a log of a failed delivery?
-- Sam Clippinger
david boh wrote:
Hi Sam,
Test Step:
1. Re-install spamdyke 3.1.1 in both server
2. Place the spamdyke before relaylock pipe in xinetd.d
3. Restart xinetd
4. Repeat 2 and 3 of the other server.
5. Did the test, using webmail and send from server A to server B.
Did
the same on the other end.
Both email did not leave the server just hang in qmail queue.
So I revert both spamdyke to 3.0.1. (position of spamdyke still
before
relaylock)
Force qmail to send qmail queue. All email goes without any problem.
So pipe spamdyke before relaylock works. But spamdyke 3.1.1 still
have
problem with mail send via webmail.
Through-out this test no configuration change for spamdyke.conf,
whitelist, blacklist all configure file is the same.
- Original Message
From: Sam Clippinger [EMAIL PROTECTED]
To: spamdyke users spamdyke-users@spamdyke.org
Sent: Thursday, November 15, 2007 2:09:29 AM
Subject: Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
I got a tip a while back from another Plesk user that you have to run
spamdyke before relaylock to avoid these errors. So in your
/etc/xinetd.d/smtp_psa file, try changing the server_args line to:
server_args= -Rt0 /usr/local/bin/spamdyke --config-file
/var/qmail/spamdyke/spamdyke.conf /var/qmail/bin/relaylock
/var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth
/var/qmail/bin/true
/var/qmail/bin/cmd5checkpw /var/qmail/bin/true
I need to update the documentation to include this.
-- Sam Clippinger
david boh wrote:
Sure my friend.
Both server has the same smtp_psa and configure ( both server have
3.0.1
and duplicate/mirror setting)
SMTP_PSA
{
socket_type= stream
protocol= tcp
wait= no
disable= no
user= root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args= -Rt0 /var/qmail/bin/relaylock
/usr/local/bin/spamdyke --config-file
/var/qmail/spamdyke/spamdyke.conf
/var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth
/var/qmail/bin/true
/var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}
SPAMDYKE.CONF
log-level=2
local-domains-file=/var/qmail/control/rcpthosts
max-recipients=30
idle-timeout-secs=300
graylist-dir=/var/qmail/spamdyke/graylist
graylist-min-secs=120
graylist-max-secs=1814400
#greeting-delay-secs = 1
sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders
recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients
# ip-in-rdns-keyword-file=/var/qmail/spamdyke/blacklist_keywords
ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip
# rdns-blacklist-dir=/var/qmail/spamdyke/blacklist_rdns.d
sender-whitelist-file=/var/qmail/spamdyke/whitelist_recipients
# reject-empty-rdns
# reject-unresolvable-rdns
# reject-ip-in-cc-rdns
# rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns
ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip
reject-missing-sender-mx
check-dnsrbl=dul.dnsbl.sorbs.net
#check-dnsrbl=sbl.spamhaus.org
- Original Message
From: Sam Clippinger [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
To: spamdyke users spamdyke-users@spamdyke.org
mailto:spamdyke-users@spamdyke.org
Sent: Wednesday, November 14, 2007 12:13:44 AM
Subject: Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
Can you send more information about your setup? Could you send
the
contents of your /etc/xinetd.d/smtp_psa file and your spamdyke
configuration file (if you have one)?
-- Sam Clippinger
david boh wrote:
I would like to report that v3.1.0 also suffer from the same
issue as
described below.
So now I am back to v3.0.1, I think many mail will be missing
if I
continue to test.
I believei it should be able to resolve quickly.
- Original Message
From: david boh [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
To: spamdyke-users@spamdyke.org
mailto:spamdyke-users@spamdyke.org
mailto:spamdyke-users@spamdyke.org
mailto:spamdyke-users@spamdyke.org
Sent: Tuesday, November 13, 2007 11:22:01 PM
Subject: [spamdyke-users] Problem in v3.1.1 make it un-usable.
I have two server. One I install the latest
Re: [spamdyke-users] Best dnsRBL?
Hi Marc, i can't say wich are best, but i can tell you wich we're using: check-dnsrbl=sbl-xbl.spamhaus.org check-dnsrbl=list.dsbl.org check-dnsrbl=zombie.dnsbl.sorbs.net check-dnsrbl=dul.dnsbl.sorbs.net check-dnsrbl=bogons.cymru.com And also don't forget to block the unresolvable reverse-lookups, like this: reject-unresolvable-rdns=true We don't get any false-positives up to now with this setup. If Spam increase again, i recommend to setup the greylist. - Dave Am 04.03.2008 um 13:54 schrieb Marc Van Houwelingen: Does anyone wish to share what they consider to be the best RBLs to use? I currently use: check-dnsrbl= dnsbl.sorbs.net check-dnsrbl= combined.njabl.org check-dnsrbl= bl.spamcop.net But my amount of spam getting through has increased quite a bit lately. -Marc ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Best dnsRBL?
Hi Marc, most RBL's block ICMP/PING-Packages, thats not necessary to use them. Turn on your log-level to a high priority, like let me say, log- level=4 and look wich RBL's are used actually. You'll see, most of them work. Don't forget to reduce the log-level after checking that, or your log blows your hdd. :-D Regards, David Am 05.03.2008 um 16:03 schrieb Marc Van Houwelingen: Arne, David - Thanks you both for your replies. Unfortunately *all* the hosts you sent me are either gone or down - not one of them resolves to an IP, with the exception of dnsbl.sorbs.net, which I'm already using. Does anyone else know of any good ones? Marc - Original Message - From: Arne Metzger [EMAIL PROTECTED] To: spamdyke users spamdyke-users@spamdyke.org Sent: Wednesday, March 05, 2008 3:58 AM Subject: Re: [spamdyke-users] Best dnsRBL? Hi, can't is they are the best - but i use these ones: Blackhole - ix.dnsbl.manitu.org http://ix.dnsbl.manitu.org, list.dsbl.org http://list.dsbl.org, zen.spamhaus.org http://zen.spamhaus.org, dsn.rfc-ignorant.org http://dsn.rfc-ignorant.org, dnsbl.sorbs.net http:// dnsbl.sorbs.net Whitehole - list.dnswl.org http://list.dnswl.orgreject-empty-rdns, reject-missing-sender-mx, reject-unresolvable-rdns Greylisting is active No false-positives and 96%-99,5% of all incoming smtp-connects are blocked as spam :) Regards, Arne Marc Van Houwelingen schrieb: Does anyone wish to share what they consider to be the best RBLs to use? I currently use: check-dnsrbl= dnsbl.sorbs.net check-dnsrbl= combined.njabl.org check-dnsrbl= bl.spamcop.net But my amount of spam getting through has increased quite a bit lately. -Marc ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] feature request spamdyke user interface
Hi, i made a full Programm for that incl. an overview for Plesk. If you're interested i would like to give it to you. I'm using PHP-CLI and a cron analyzing the logs. Regards, David Marcin Orlowski schrieb: Jake Briggs wrote: But seriously, getting simple rough stats from the logs really is a simple grep and a quick calculation in the head. or use of 'wc' It would be good to know how much spam got through, but that would require some sort of crystal ball Or a spam reporting mechanism and total user compliance in reporting all spam, all which is far far outside of the scope of spamdyke just grep your logs for spam filter entires. If it's SpamAssasin, just look for spamd: result: Y and you get some figures how many of ALLOWED was *probably* a spam. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Technischer Support BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20 E-Mail: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] feature request spamdyke user interface
Hi Nightduke, sure, just give me an hour (or two) to make a package from that, as it's not very general atm. I'll publish that on my private site later on and give you a link to check it out. Do you also want the stuff for plesk, or just analyzing the logs? David nightduke schrieb: David i think it will be a great idea to have a php client and also cron analyzing logs. Thanks a lot for your sugguestion, can you do that? Nightduke 2008/4/28, David Stiller [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: Hi, i made a full Programm for that incl. an overview for Plesk. If you're interested i would like to give it to you. I'm using PHP-CLI and a cron analyzing the logs. Regards, David Marcin Orlowski schrieb: Jake Briggs wrote: But seriously, getting simple rough stats from the logs really is a simple grep and a quick calculation in the head. or use of 'wc' It would be good to know how much spam got through, but that would require some sort of crystal ball Or a spam reporting mechanism and total user compliance in reporting all spam, all which is far far outside of the scope of spamdyke just grep your logs for spam filter entires. If it's SpamAssasin, just look for spamd: result: Y and you get some figures how many of ALLOWED was *probably* a spam. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Technischer Support BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20 E-Mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Technischer Support BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20 E-Mail: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DENIED_GREYLISTED never gets ACCEPTED
Hi Stefan, ich hatte mal ein ähnliches Problem, wo die Greylist-Files den falschen User hatten und Spamdyke diese nicht überschreiben konnte. Alle Greylist-Files sollten den passenden User haben. Bei mir ist das qmaild.nofiles. Gruß, David --- Hi Stefan, i had a similar Problem, where all greylist-files were owned by the wrong user and Spamdyke couldn't overwrite them. All greylist-files should be owned be the certain user. In my system it's qmaild.nofiles. Regards, David Stefan Pausch schrieb: I have following issue with spamdyke (3.1.7) on qmail 1.03: In my logs several DENIED_GRAYLISTED from the same ip, from the same email address, tot he same email adress appear which never gets ACCEPTED. For example, following times matches a DENIED_GREYLISTED: 2008-04-29 06:49:33 2008-04-29 01:44:29 2008-04-28 22:19:30 2008-04-28 19:59:32 2008-04-28 18:24:30 2008-04-28 17:19:29 2008-04-28 16:59:32 2008-04-28 16:39:29 2008-04-28 16:19:30 2008-04-28 15:59:29 2008-04-28 15:39:58 2008-04-28 15:19:39 2008-04-28 14:59:48 My /etc/spamdyke.conf: 1 log-level=4 2 log-target=1 3 local-domains-file=/var/qmail/control/rcpthosts 4 idle-timeout-secs=300 5 graylist-dir=/var/qmail/spamdyke/greylist 6 graylist-min-secs=300 7 graylist-max-secs=4814400 8 policy-url=http://stefanpausch.com/greylist.php 9 sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders 10 recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients 11 ip-in-rdns-keyword-file=/var/qmail/spamdyke/blacklist_keywords 12 ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip 13 rdns-blacklist-dir=/var/qmail/spamdyke/blacklist_rdns.d 14 rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns 15 ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip 16 sender-whitelist-file=/var/qmail/spamdyke/whitelist_sender 17 greeting-delay-secs=3 18 tls-certificate-file=/var/qmail/control/servercert.pem 19 local-domains-file=/var/qmail/control/rcpthosts 20 smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true 21 smtp-auth-command=/var/qmail/bin/cmd5checkpw /var/qmail/bin/true 22 check-dnsrbl=ix.dnsbl.manitu.net 23 check-dnsrbl=zen.spamhaus.org 24 check-dnsrbl=list.dsbl.org 25 check-dnsrbl=zombie.dnsbl.sorbs.net 26 check-dnsrbl=dul.dnsbl.sorbs.net 27 check-dnsrbl=bogons.cymru.com 28 reject-missing-sender-mx 29 reject-empty-rdns 30 reject-unresolvable-rdns 31 reject-ip-in-cc-rdns 32 tls-certificate-file=/var/qmail/control/servercert.pem 33 hostname-file=/var/qmail/control/me Is this an issue with my config? - In my oppinion the greylist-min-secs should be correct. Thanks alot and have a fine day --stefan __ Information from ESET NOD32 Antivirus, version of virus signature database 3062 (20080429) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Technischer Support BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20 E-Mail: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] feature request spamdyke user interface
So here you can see my first steps: http://www.php-schnippsel.de/archives/8 David Stiller schrieb: That's close to what i've made. ;) Stefan Pausch schrieb: I would love to get my hands on that package as well. I am working on a log analyzing script, too and would love to see how the scripts were built. My script uses bash+php for dumping to a database and a plesk frontend for filtering / analyzing. A editor for configuration files is planned … but i am busy with projects right now and won’t be able to work on those scripts for a few days. --Stefan *Von:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *Im Auftrag von *nightduke *Gesendet:* Dienstag, 29. April 2008 17:35 *An:* spamdyke users *Betreff:* Re: [spamdyke-users] feature request spamdyke user interface Well i prefer analyzing logs... Plesk is plesk, i mean some people use it and some don't use that. Thanks a lot. Nightduke 2008/4/29, David Stiller [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: Hi Nightduke, sure, just give me an hour (or two) to make a package from that, as it's not very general atm. I'll publish that on my private site later on and give you a link to check it out. Do you also want the stuff for plesk, or just analyzing the logs? David nightduke schrieb: David i think it will be a great idea to have a php client and also cron analyzing logs. Thanks a lot for your sugguestion, can you do that? Nightduke 2008/4/28, David Stiller [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: Hi, i made a full Programm for that incl. an overview for Plesk. If you're interested i would like to give it to you. I'm using PHP-CLI and a cron analyzing the logs. Regards, David Marcin Orlowski schrieb: Jake Briggs wrote: But seriously, getting simple rough stats from the logs really is a simple grep and a quick calculation in the head. or use of 'wc' It would be good to know how much spam got through, but that would require some sort of crystal ball Or a spam reporting mechanism and total user compliance in reporting all spam, all which is far far outside of the scope of spamdyke just grep your logs for spam filter entires. If it's SpamAssasin, just look for spamd: result: Y and you get some figures how many of ALLOWED was *probably* a spam. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Technischer Support BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20 E-Mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Technischer Support BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20 E-Mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Technischer Support BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20 E-Mail: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing
Re: [spamdyke-users] feature request spamdyke user interface
Another thing - did you figure out, how to implement an own programm into Plesk using the right template and check for logins? I think the way i did it, it may be a little insecure as it could be opened without any login by the direct url... David Stiller schrieb: That's close to what i've made. ;) Stefan Pausch schrieb: I would love to get my hands on that package as well. I am working on a log analyzing script, too and would love to see how the scripts were built. My script uses bash+php for dumping to a database and a plesk frontend for filtering / analyzing. A editor for configuration files is planned … but i am busy with projects right now and won’t be able to work on those scripts for a few days. --Stefan *Von:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *Im Auftrag von *nightduke *Gesendet:* Dienstag, 29. April 2008 17:35 *An:* spamdyke users *Betreff:* Re: [spamdyke-users] feature request spamdyke user interface Well i prefer analyzing logs... Plesk is plesk, i mean some people use it and some don't use that. Thanks a lot. Nightduke 2008/4/29, David Stiller [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: Hi Nightduke, sure, just give me an hour (or two) to make a package from that, as it's not very general atm. I'll publish that on my private site later on and give you a link to check it out. Do you also want the stuff for plesk, or just analyzing the logs? David nightduke schrieb: David i think it will be a great idea to have a php client and also cron analyzing logs. Thanks a lot for your sugguestion, can you do that? Nightduke 2008/4/28, David Stiller [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: Hi, i made a full Programm for that incl. an overview for Plesk. If you're interested i would like to give it to you. I'm using PHP-CLI and a cron analyzing the logs. Regards, David Marcin Orlowski schrieb: Jake Briggs wrote: But seriously, getting simple rough stats from the logs really is a simple grep and a quick calculation in the head. or use of 'wc' It would be good to know how much spam got through, but that would require some sort of crystal ball Or a spam reporting mechanism and total user compliance in reporting all spam, all which is far far outside of the scope of spamdyke just grep your logs for spam filter entires. If it's SpamAssasin, just look for spamd: result: Y and you get some figures how many of ALLOWED was *probably* a spam. Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Technischer Support BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20 E-Mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Technischer Support BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20 E-Mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Technischer Support BLACKBIT Neue Medien GmbH | BLACKBIT Neue Werbung GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel +49 [551] 506 75-0 Fax +49 [551] 506 75-20 E-Mail: [EMAIL PROTECTED] Klassische Werbung und
Re: [spamdyke-users] wishlist for RBL functions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Snow schrieb: Hi! I would have a wishlist for spamdyke, because it is a real gret software, and I plan to use it in all of my installations. 1. It would be nice if I can quarantine everykind of message. I'm thinking of the messages denied by RBL lists for example. It is very rare that there can be false positives, but this feature would be very nice. If someone is looking for a mail, I can consult the logfile of course, but I can't get the message back for the user, which can be a big problem. That would raise your needed space to quarantine every mail. For me it would be 97% of incoming.You should think again about _why_ rblstmp ist blocking the mail-delivery in the beginning. Keeping the mails again would be more load of CPU and RAM. If someone is sending legal mail, and it's would be denied by any reason, you'll have a log, and the sender could be informed. If someone is missing mails, he will tell you. 2. For the lowering of false-positive messages created by RBLs, it would be nice if I could tell spamdyke to only greylist those, who come from an RBL, and if it passes the greylist-test, then let them in for further investigation (spamassassin, clamav etc.). Greylist and RBL are two different things. You shouldn't mix them up. RBL blocks _known_ bad IP's. False Positives will only occure if the sender has an IP wich had been abused before. If you got more false-positives then i think, please tell us some examples. Maybe there's a security issue or something. Thank you very much! Daniel -- ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users - -- Technischer Support/ Hotline BLACKBIT neue Medien GmbH | BLACKBIT neue Werbung GmbH Ernst-Ruhstrat-Str. 6 - D-37079 Göttingen Geschäftsführer: Stefano Viani | Daniel Gerlach Registergericht: Amtsgericht Göttingen, HRB 3222 Umsatzsteueridentifikationsnummer (§ 27a UstG): DE 813 114 917 Tel: +49 [551] 50675-50 - Fax: +49 [551] 50675-20 Störungs-Hotline (mobil): +49 [171] 745-843-8 E-Mail: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software fuer Online-Marketing: http://www.go-community.de -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIROyCWFnhIgg1RRoRAsdhAKCw3j7duyWo2HveHEg2ZiTLN28SzgCffKhe F+ukin56R66fIZN74h6BlKM= =99tT -END PGP SIGNATURE- ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] IP Whitelist based on hostname/DNS-Name?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Stefan,
dynamic IP's need a dynamic whitelist. For exampe write a 30-min-cron,
looking for your
dyndns-hostname's IP and refresh spamdyke's whitelist. Something like
this should do the trick.
#!/bin/bash
WL=/var/qmail/spamdyke/whitelist_ip
IP=$(host dyndns.org | head -n1 | awk '{print $4}')
logger -t spamdyke Whitelisting $IP from $WL
#Fetch old entry using the comment (trick!)
OLD_IP=$(grep #mydyndns $WL | awk '{print $1}')
if [ ! -z $OLD_IP ]; then
logger -t spamdyke Removing $OLD_IP from $WL
fi
#Drop old entry from whitelist
grep -v #mydyndns $WL $WL.tmp
#Add new entry to whitelist
echo $IP #mydyndns $WL.tmp
#Activate new ip
mv $WL.tmp $WL
Stefan Pausch schrieb:
That doesn't work, because the Dyndns name is not the same as the rDNS one.
Log entry:
Jun 12 08:40:27 h868914 spamdyke[15841]: DENIED_RBL_MATCH from:
to: [EMAIL PROTECTED] origin_ip: 91.1.208.xxx
origin_rdns: p5b01dxxx.dip.t-dialin.net auth: (unknown)
91.1.208.xxx - my current dynamic ip
p5b01dxxx.dip.t-dialin.net - my current dynamic rDNS
xx.dyndns.org - static hostname which resolves to dynamic 91.1.208.xxx
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:spamdyke-users-
[EMAIL PROTECTED] Im Auftrag von Sam Clippinger
Gesendet: Donnerstag, 12. Juni 2008 01:08
An: spamdyke users
Betreff: Re: [spamdyke-users] IP Whitelist based on hostname/DNS-Name?
Yes. Use the rdns-whitelist-file option.
-- Sam Clippinger
Stefan Pausch wrote:
Hello,
is it possible to whitelist a hostname instead of an ip address (in
my case
it is a hostname for a dynamic IP)?
--Stefan
__ Information from ESET NOD32 Antivirus, version of virus
signature
database 3179 (20080611) __
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
- --
Technischer Support/ Hotline
BLACKBIT neue Medien GmbH | BLACKBIT neue Werbung GmbH
Ernst-Ruhstrat-Str. 6 - D-37079 Göttingen
Geschäftsführer: Stefano Viani | Daniel Gerlach
Registergericht: Amtsgericht Göttingen, HRB 3222
Umsatzsteueridentifikationsnummer (§ 27a UstG): DE 813 114 917
Tel: +49 [551] 50675-50 - Fax: +49 [551] 50675-20
Störungs-Hotline (mobil): +49 [171] 745-843-8
E-Mail: [EMAIL PROTECTED]
Klassische Werbung und Online-Marketing: http://www.blackbit.de
Software fuer Online-Marketing: http://www.go-community.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIUNnjWFnhIgg1RRoRAvcnAJ9T3mkmHpO5GsgQS99Hjb/VlUEmawCfcbeJ
eACLlDSonwj9y9YRKOMfcgo=
=f7qk
-END PGP SIGNATURE-
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Strage happend (time to time)
You could block origin_rdns: (unknown) with a config-option: reject- empty-rdns Am 10.07.2008 um 13:17 schrieb N.Novozhilov: Hi Sam! My users receive more and more spam last time. And I see (rarely) in headers and in logs the next picture: spamdyke[2918]: ALLOWED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 190.232.71.105 origin_rdns: (unknown) auth: (unknown) Sender IP isn't in whitelist (whitelist_ip), target name absent in whitelist (whitelist_recipients), this user can't log by smtp and this IP isn't in tcp.rules. Why mails like this are allowed time to time? ~~ Regards Nicholas A. Novozhilov, NAN6-RIPE NTR Lab System administrator ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users David Stiller Technischer Support Blackbit Neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen tel.: +49 [551] 50675-60 - fax.: +49 [551] 50675-20 email: [EMAIL PROTECTED] - hotline: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani Vertraulichkeit Diese Nachricht ist vertraulich. Falls Sie nicht der in dieser Nachricht bezeichnete Empfänger sind, informieren Sie uns bitte sobald wie möglich und bewahren Sie Stillschweigen über den Inhalt. Danke für Ihr Verständnis. Bitte beachten Sie, daß jede an uns gesandte E-Mail über das Sekretariat an den gewünschten Empfänger weitergeleitet wird. Vorsorglich weisen wir darauf hin, dass der Empfang von E-Mails aus technischen oder betrieblichen Gründen gestört sein kann. Dies gilt selbst dann, wenn Sie diese automatisch erzeugte E-Mail störungsfrei lesen können. Wegen des nicht kontrollierbaren Transportweges einer E-Mail ist auch nicht sichergestellt, dass ihr Inhalt nur berechtigten Personen bekannt wird. Bitte senden Sie Briefe, Mitteilungen oder sonstige Erklärungen, deren Inhalt vertraulich ist oder die rechtliche Wirkung entfalten sollen, nicht per E-Mail, sondern auf herkömmlichem Wege. Wir behalten uns vor, falls nicht im Einzelfall ausdrücklich etwas anderes vereinbart ist, E-Mail keine rechtliche Wirkung beizumessen, sofern diese nicht gegen unberechtigte (Ver-)Fälschung gesichert sind. Confidentiality This communication is confidential. If you are not the person or entity to whom it is addressed please notify the sender immediately; do not disclose the information or make any use of it. Thank you for your kind assistance. Please note that e-mails sent to us do not reach the addressee directly but are received and distributed by our secretariat. As a matter of precaution we would like to point out that problems may arise with the reception of e-mails as a result of technical or operational factors. This remains the case even if you are able to read this automatically generated e-mail correctly. Furthermore, as it is not possible to monitor the transmission route of an e-mail message, it cannot be guaranteed that its content will become known only to authorised persons. We therefore request you to send any communications, notifications or other correspondence with confidential content, or which are intended to give rise to a legally binding effect, not by e-mail, but by traditional means. We reserve the right, except as expressly otherwise agreed in any particular instance, not to recognise the legal effectiveness of any e-mail that is not protected against unauthorised alteration or falsification. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Strage happend (time to time)
Hi Carlo, yes probably that's a case, too. But what i expected was that the line: spamdyke[2918]: ALLOWED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 190.232.71.105 origin_rdns: (unknown) auth: (unknown) should have matched rdns_missing, like this from my server: Jul 10 14:36:00 plesk-mail spamdyke[13625]: DENIED_RDNS_MISSING from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 202.136.147.191 origin_rdns: (unknown) auth: (unknown) Am 10.07.2008 um 14:45 schrieb Carlo Blohm: Hi, I had the same configuration and i getting more and more spams in the last weeks, so i guess anybody has found new spam method or bots that are not listed in rbl's and have a good configured ip... I hope someone gets an idea to fight against this. Regards, carlo Maus Computer C. Jesse Dorfstr. 17 16356 Ahrensfelde Tel. : 030 666 480 30 Fax : 030 666 480 33 Mail : [EMAIL PROTECTED] -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:spamdyke-users- [EMAIL PROTECTED] Im Auftrag von N.Novozhilov Gesendet: Donnerstag, 10. Juli 2008 14:07 An: spamdyke-users@spamdyke.org Betreff: Re: [spamdyke-users] Strage happend (time to time) Here is a quote from my spamdyke.conf: reject-empty-rdns reject-unresolvable-rdns reject-ip-in-cc-rdns BTW - spamdyke works with file blacklist_keywords not so good as we need... On Thu, 10 Jul 2008 13:50:24 +0200 David Stiller [EMAIL PROTECTED] wrote: You could block origin_rdns: (unknown) with a config-option: reject- empty-rdns Am 10.07.2008 um 13:17 schrieb N.Novozhilov: Hi Sam! My users receive more and more spam last time. And I see (rarely) in headers and in logs the next picture: spamdyke[2918]: ALLOWED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 190.232.71.105 origin_rdns: (unknown) auth: (unknown) Sender IP isn't in whitelist (whitelist_ip), target name absent in whitelist (whitelist_recipients), this user can't log by smtp and this IP isn't in tcp.rules. Why mails like this are allowed time to time? ~~ Regards Nicholas A. Novozhilov, NAN6-RIPE NTR Lab System administrator ___ spamdyke-users mailing list spamdyke-users@spamdyke.org ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: 4.0.0
I agree. Great work! One thing i just noticed: Spamdyke gave me an error writing to the greylist. To a folder and file called _none. Maybe it's a config- issue? It tried to write to my graylist like this: /var/qmail/spamdyke/greylist-dir/domain/_none/_none Maybe it was an exception, but where did _none come from? Generally the greylist works on all domains, although the one where the error occured on. Regards, Blackbit Am 15.07.2008 um 03:09 schrieb BC: Bravo and Thank You!!! On 7/14/2008 [EMAIL PROTECTED] wrote: At long, long last, the moment we've all been waiting for! spamdyke version 4.0.0 is now available: http://www.spamdyke.org/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] 4.0.3 versioning 4.0.2
Hi all, do i see that right, that the package http://www.spamdyke.org/releases/spamdyke-4.0.3.tgz would compile as version 4.0.2? config.h: #define PACKAGE_VERSION 4.0.2 Makefile: install: spamdyke cp spamdyke /usr/local/bin/spamdyke-4.0.2 rm -f /usr/local/bin/spamdyke ln -s /usr/local/bin/spamdyke-4.0.2 /usr/local/bin/spamdyke Regards, David ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamassassin and spamdyke
Spamdyke already does that on my system, like this: Aug 19 14:18:59 plesk-mail spamdyke[29178]: ALLOWED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 84.132.147.168 origin_rdns: ***.dip0.t-ipconnect.de auth: w.viertel Or do you mean, you want to whitelist anyone that authenticates once? Why would we want to do that, as they always log in to send mails. nightduke schrieb: Hi i wish to know if can be done bypass spamdyke if spamdyke accepts smtp auth connection? I would like to trust on customer who sign on correctly at smtp and then starts the delivery... It's possible to do that? Thanks Nightduke ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Technischer Support/ Hotline BLACKBIT neue Medien GmbH | BLACKBIT neue Werbung GmbH Ernst-Ruhstrat-Str. 6 - D-37079 Göttingen Geschäftsführer: Stefano Viani Registergericht: Amtsgericht Göttingen, HRB 3222 Umsatzsteueridentifikationsnummer (§ 27a UstG): DE 813 114 917 Tel: +49-551-50675-50 - Fax: +49-551-50675-20 E-Mail: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software fuer Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Segmentation Faults on SuSE SLES 10.1
Hi all, does anyone else use spamdyke on a SuSE SLES 10.1-server? We have noticed, that it causes some segmentation faults daily. Sep 4 23:00:42 plesk-mail kernel: spamdyke[18838]: segfault at d3e314f8 rip 2b70d6f4279f rsp 7fffd3e2d418 error 4 Sep 4 23:55:12 plesk-mail kernel: spamdyke[29353]: segfault at rip 2b388cf8156b rsp 7fff1ddee3d8 error 4 Sep 6 18:11:23 plesk-mail kernel: spamdyke[21086]: segfault at rip 2b6396359585 rsp 7fff14a14008 error 4 Sep 8 18:22:03 plesk-mail kernel: spamdyke[23822]: segfault at rip 2b575212f5a7 rsp 7fff58c3e238 error 4 Sep 8 20:53:19 plesk-mail kernel: spamdyke[3303]: segfault at d8b33208 rip 2ae1d223e811 rsp 7fffd8b2f128 error 4 Sep 9 01:10:24 plesk-mail kernel: spamdyke[24766]: segfault at ca6e3da8 rip 2afce068d7c3 rsp 7fffca6dfcc8 error 4 Sep 9 06:38:15 plesk-mail kernel: spamdyke[22606]: segfault at fcec7598 rip 2ad8adeaa7e7 rsp 7cec34b8 error 4 Sep 9 10:53:09 plesk-mail kernel: spamdyke[24450]: segfault at fabc3418 rip 2b4db01ae7e7 rsp 7abbf338 error 4 Sep 9 14:51:47 plesk-mail kernel: spamdyke[5529]: segfault at rip 2b6d2e9765a7 rsp 7fff7c3f7378 error 4 Sep 9 16:58:19 plesk-mail kernel: spamdyke[19086]: segfault at 8d508568 rip 2b011d86b7c3 rsp 7fff8d504488 error 4 Sep 10 07:13:07 plesk-mail kernel: spamdyke[27878]: segfault at eab10b78 rip 2b5ac026179f rsp 7fffeab0ca98 error 4 Sep 10 12:25:54 plesk-mail kernel: spamdyke[12492]: segfault at rip 2b7a8453e56b rsp 7fff2682ee58 error 4 We're using spamdyke 4.0.3 in a productive system. We don't know if that causes any problems with outgoing mails. Regards, David ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Greylist Clean-Up-Script
Hi all!
I created a bash-script to analyze and clean up my greylist. Maybe
someone needs one which
reports what has been done or just check the greylist without deleting.
I use this one, because a simple find over 90 Domains and 2k
Mailaccounts caused high
server load, this step-by-step processing didn't - if there's not a
million entries in one
domain. ;-)
Greetz,
Blackbit
#!/bin/bash
#
# What's this:
# This script was created to keep the greylist of spamdyke
# up 2 date and remove old entries. On a server with 1k mailboxes
# it works fine and is in productive use.
#
# Note:
# As this script is removing files whithout any possibility to
# undo these deletions, we recommend to try out the script
# with set debug-flag below to see what will be purged.
#
#Location of your greylist
greylist=/var/qmail/spamdyke/greylist
#Number of days to keep greylist
daystodel=28
#Set this this to 1 to see the results without removing any file
debug=0
#Report summary in the end
report=1
#Everything is set up now, let it run!
#nothing needs to be modified below this line (i hope)
minstodel=$[$daystodel*1440]
for domain in `ls -1 $greylist`
do
if [ -d $greylist/$domain/. ];
then
greylisted=`find $greylist/$domain -type f | wc -l`
greysum=$[$greysum+$greylisted]
if [ $debug -eq 0 ]; then
find $greylist/$domain/ -mmin +$minstodel -size 0k
-exec rm {} \;
else
find $greylist/$domain/ -mmin +$minstodel -size 0k
-exec ls -l {} \;
fi
deleted=`find $greylist/$domain -type f | wc -l`
deleted=$[$greylisted-$deleted]
if [ $debug -gt 0 ]; then
if [ $deleted -gt 0 ]; then
echo Domain: $domain $greylisted entries,
$[$greylisted-$deleted] entries removed;
else
echo Domain: $domain, $greylisted entries
fi
fi
purged=$[$purged+$deleted]
fi
done
if [ $report -gt 0 ]; then
echo $greysum entries found
echo $purged entries removed
echo $[$greysum-$purged] entries remain greylisted
fi___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Segfault spamdyke
A little difference to my system is that he'd been told that the segfaults occur in libc-2.3.6.so, but also 0-Addresses. Do you think it's the same bug he hits, does it help us with my server? Looking forward to getting this bug! :-) Sam Clippinger schrieb: Without more information, I would guess that these errors are very likely caused by the same bugs that have been plaguing David Stiller on SLES 10.1 64-bit. I've been working with David for several weeks to identify the source of the crashes and I believe I've finally done it. The latest beta version (published on the spamdyke-dev mailing list today) contains the (latest) fix. If you are so inclined, you could install the latest beta version of spamdyke and see if it solves your issue. Otherwise, upgrade to 4.0.5 as soon as it is available (hopefully soon) and report back if you still see segmentation faults. If you want to collect more information with the version you're using, you can do this: 1) From the command line, run spamdyke -v and look for +EXCESSIVE after the version number. If it's not there, rerun spamdyke's configure script with the --with-excessive-output option, then rerun make. Install the resulting binary. 2) Add the full-log-dir option to your configuration file. 3) Wait for another segmentation fault 4) Find the log file(s) produced by the crashed spamdyke(s) and email them to me. I'll examine them to see if your crashes look different than the ones I've been chasing. -- Sam Clippinger Thiago Cesar wrote: Hi for all, Iam using Debian, with qmail and spamdyke and in my log I seen something like these: spamdyke[3729]: segfault at 9614a818 ip 7f8e8de792a6 sp 7fff96146728 error 4 in libc-2.3.6.so[7f8e8de05000+121000] spamdyke[26710]: segfault at 0 ip 7fa7f9a1c03b sp 7fff01cec2c8 error 4 in libc-2.3.6.so[7fa7f99a8000+121000] spamdyke[30603]: segfault at 0 ip 7f564d17d076 sp 7fff5544ca28 error 4 in libc-2.3.6.so[7f564d109000+121000] spamdyke[32070]: segfault at ff812ed8 ip 7f7ef753f2a6 sp 7f80ede8 error 4 in libc-2.3.6.so[7f7ef74cb000+121000] spamdyke[11483]: segfault at 0 ip 7fe0fa2b109e sp 7fff0257eb58 error 4 in libc-2.3.6.so[7fe0fa23d000+121000] spamdyke[7549]: segfault at 0 ip 7fa12cee403b sp 7fff351b3788 error 4 in libc-2.3.6.so[7fa12ce7+121000] spamdyke[8630]: segfault at 0 ip 7fa10f00b054 sp 7fff172da8b8 error 4 in libc-2.3.6.so[7fa10ef97000+121000] spamdyke[25503]: segfault at 0 ip 7f4eff92a09e sp 7fff07bfa1d8 error 4 in libc-2.3.6.so[7f4eff8b6000+121000] spamdyke[13349]: segfault at f272fdf8 ip 7fa5ea45e25f sp 7272bd08 error 4 in libc-2.3.6.so[7fa5ea3ea000+121000] if anybody can help me will be gracefull, the strange is the spamdyke continue working, but Iam see these on the log. Thanks for all, Thiago Cesar Diretor TI MSN: [EMAIL PROTECTED] Skype: thiago_ceor --- http://www.kionux.com.br Kionux Soluções em Internet LTDA. Rua Padre Montoya, 581 sala 02 CEP: 85850-000 Foz do Iguaçu - PR Telefone: +55 (45) 3025-5864 / 3027-5864 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Segfault spamdyke
4.0.5beta4 is now running on my system :) Sam Clippinger schrieb: The reference to libc-2.3.6.so just means that spamdyke is crashing while calling a library function. The segfault message would probably include the name of the function if libc had been compiled with debugging symbols included. Since those symbols are not available, the message can only give the address of the function within the library file. However, if my (latest) theory about these crashes is correct, the library function is memcpy(), which copies a block of data from one location to another in memory. Also, your server is crashing at address 0 as well, it just prints it in a different format (). I don't _know_ if this is the same bug, I just _hope_ that it is. :) -- Sam Clippinger David Stiller wrote: A little difference to my system is that he'd been told that the segfaults occur in libc-2.3.6.so, but also 0-Addresses. Do you think it's the same bug he hits, does it help us with my server? Looking forward to getting this bug! :-) Sam Clippinger schrieb: Without more information, I would guess that these errors are very likely caused by the same bugs that have been plaguing David Stiller on SLES 10.1 64-bit. I've been working with David for several weeks to identify the source of the crashes and I believe I've finally done it. The latest beta version (published on the spamdyke-dev mailing list today) contains the (latest) fix. If you are so inclined, you could install the latest beta version of spamdyke and see if it solves your issue. Otherwise, upgrade to 4.0.5 as soon as it is available (hopefully soon) and report back if you still see segmentation faults. If you want to collect more information with the version you're using, you can do this: 1) From the command line, run spamdyke -v and look for +EXCESSIVE after the version number. If it's not there, rerun spamdyke's configure script with the --with-excessive-output option, then rerun make. Install the resulting binary. 2) Add the full-log-dir option to your configuration file. 3) Wait for another segmentation fault 4) Find the log file(s) produced by the crashed spamdyke(s) and email them to me. I'll examine them to see if your crashes look different than the ones I've been chasing. -- Sam Clippinger Thiago Cesar wrote: Hi for all, Iam using Debian, with qmail and spamdyke and in my log I seen something like these: spamdyke[3729]: segfault at 9614a818 ip 7f8e8de792a6 sp 7fff96146728 error 4 in libc-2.3.6.so[7f8e8de05000+121000] spamdyke[26710]: segfault at 0 ip 7fa7f9a1c03b sp 7fff01cec2c8 error 4 in libc-2.3.6.so[7fa7f99a8000+121000] spamdyke[30603]: segfault at 0 ip 7f564d17d076 sp 7fff5544ca28 error 4 in libc-2.3.6.so[7f564d109000+121000] spamdyke[32070]: segfault at ff812ed8 ip 7f7ef753f2a6 sp 7f80ede8 error 4 in libc-2.3.6.so[7f7ef74cb000+121000] spamdyke[11483]: segfault at 0 ip 7fe0fa2b109e sp 7fff0257eb58 error 4 in libc-2.3.6.so[7fe0fa23d000+121000] spamdyke[7549]: segfault at 0 ip 7fa12cee403b sp 7fff351b3788 error 4 in libc-2.3.6.so[7fa12ce7+121000] spamdyke[8630]: segfault at 0 ip 7fa10f00b054 sp 7fff172da8b8 error 4 in libc-2.3.6.so[7fa10ef97000+121000] spamdyke[25503]: segfault at 0 ip 7f4eff92a09e sp 7fff07bfa1d8 error 4 in libc-2.3.6.so[7f4eff8b6000+121000] spamdyke[13349]: segfault at f272fdf8 ip 7fa5ea45e25f sp 7272bd08 error 4 in libc-2.3.6.so[7fa5ea3ea000+121000] if anybody can help me will be gracefull, the strange is the spamdyke continue working, but Iam see these on the log. Thanks for all, Thiago Cesar Diretor TI MSN: [EMAIL PROTECTED] Skype: thiago_ceor --- http://www.kionux.com.br Kionux Soluções em Internet LTDA. Rua Padre Montoya, 581 sala 02 CEP: 85850-000 Foz do Iguaçu - PR Telefone: +55 (45) 3025-5864 / 3027-5864 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 4.0.5
Wohoo great one! :-) Sam Clippinger schrieb: spamdyke version 4.0.5 is now available: http://www.spamdyke.org/ This version fixes a number of bugs: If the idle timeout is not configured, it is now set to 20 minutes after qmail exits to prevent never-ending spamdyke processing. Thanks to Matthew Kettlewell for reporting this one. Fixed the AUTH advertisements to display correctly when smtp-auth-level is always or always-encrypted. Thanks to Youri Kravatsky for reporting this one. Fixed a sequencing error that would cause qmail to exit prematurely, even if valid recipients could still possibly be given. Thanks to David Stiller for reporting this one. Fixed the handling of unencoded null characters in messages (technically not legal) so spamdyke does become confused and timeout. Thanks to Arthur Girardi for reporting this one. Fixed an issue in the DNS query code that was setting array indexes beyond the end of the array, resulting in garbage log messages and segmentation faults. Thanks to Arthur Girardi for reporting this one. Fixed verbose logging in the RHSBL filter to print the correct log message. Thanks to Arthur Girardi for reporting this one. Rewrote the address parser to correctly handle strange/invalid email addresses. Thanks to Erald Troja for reporting this one. Fixed a serious error in the code that loads array values from files that was returning pointers to unallocated memory, causing segmentation faults. Many, many thanks to David Stiller for reporting this one and providing tons of help to nail it down. Fixed a serious error that was attempting to move data by dereferencing the NULL address when the remote server disconnected unexpectedly, causing segmentation faults. Many, many thanks to David Stiller for reporting this one and providing tons of help to nail it down. Version 4.x is NOT backwards compatible with 3.x; be sure to read the documentation before upgrading. Version 4.0.5 is backwards-compatible with version 4.0.4; simply replacing the old binary with the new one should be safe. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke + ip-in-rdns-keyword-blacklist-entry option
Maybe it's just the particular order spamdyke is running the filters? I would try to set the blacklist-ip by IP-Range, if it catches before the Greylist. Look at the FAQ wich says the following: Does spamdyke run its filters in any particular order? Yes. spamdyke evaluates its filters in the following order (of course a filter is skipped if it's disabled): Check if mail is being accepted or filtered at all Check for an rDNS name Check for an IP address in a country code rDNS name Check for an rDNS whitelist entry Check for an rDNS blacklist entry Check for an IP whitelist entry Check for an IP blacklist entry *Check for an IP address and keyword in the rDNS name* Check if the rDNS name resolves Check DNS whitelists Check right-hand-side whitelists Check DNS RBLs Check right-hand-side blacklists Check for earlytalkers The intent is to order the filters from least-to-most expensive, so connections will be rejected as quickly as possible. In a typical setup, DNS queries are more expensive than file searches, pattern matching is more expensive than simply checking for a file's existence, etc. The remaining filters are all checked during the SMTP conversation. Limit the number of recipients Block unqualified recipient addresses Block relaying from unauthorized remote hosts Check for sender's domain MX record *Graylisting* Check sender whitelists Check sender blacklists Check right-hand-side whitelists for the sender's domain name Check right-hand-side blacklists for the sender's domain name Check recipient whitelists Check recipient blacklists Erald Troja schrieb: Davide, no go. Other host names containing 'cable' keyword such as 77-96-122-40.cable.ubr02.nmal.blueyonder.co.uk are properly being rejected with the right error message. Erald Troja Davide D'Amico wrote: Please try with: *.cable.* d. 2008/10/13 Erald Troja [EMAIL PROTECTED]: Sam/others, I've re-read the documentation for this feature over and over and as far as I can understand we've done all possible to stop the following. Here's an entry log from a SPAMMER's address we'd like to reject via the ip-in-rdns-keyword-blacklist-entry feature. Oct 13 12:45:21 mail02 spamdyke[12401]: DENIED_GRAYLISTED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 80.6.107.90 origin_rdns: cpc1-west2-0-0-cust857.brnt.cable.ntl.com auth: (unknown) our ip-in-rdns-keyword-blacklist-entry referenced file contains the following cable .cable.ntl.com .ntl.com cable .ntl.com Seems none of the 4 potential keyword entries we're providing is matching the above host name. The hostname should be rejected with DENIED_IP_IN_RDNS rather than DENIED_GRAYLISTED What are we doing wrong? Or is this a un-discovered bug? Thanks. Erald Troja Erald Troja wrote: Sam, I'm reading your reply again, and perhaps I misunderstood what you're saying. Here's the entry log for one of the rDNS's I'd like to reject the connection. Oct 13 11:05:41 mail02 spamdyke[29352]: DENIED_GRAYLISTED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 82.19.66.39 origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: (unknown) Oct 13 11:06:23 mail02 spamdyke[31397]: DENIED_GRAYLISTED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 82.19.66.39 origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: (unknown) As you will see, there is an IP address for their rDNS. Are you saying that the ip-in-rdns-keyword-blacklist-entry file should also contain the IP address of the originating connection, or as long as their IP resolves to a numeric address, all is necessary to have is the keyword in the ip-in-rdns-keyword-blacklist-entry ? Can anyone clarify this please? Erald Troja Sam Clippinger wrote: In order for the keyword filter to block connections, spamdyke must find the keyword and the entire IP address in the rDNS name. The two examples you gave don't appear to contain whole IP addresses. Also, the second example contains the keyword cablelink, not cable; spamdyke will not match keywords within other text. -- Sam Clippinger Erald Troja wrote: Hello Folks, We are slowly building up on the many swiss army knife features that Spamdyke offers. One of them is the ip-in-rdns-keyword-blacklist-entry feature http://spamdyke.org/documentation/README.html#RDNS In essence, we notice many, next to say almost all connections connecting to port 25 of our servers, with the keyword 'cable' are of SPAMMY nature and we'd like to stop them. So, we have Spamdyke configured with ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/ip-in-rdns-keyword-blacklist-file and have /etc/spamdyke/ip-in-rdns-keyword-blacklist-file with one line containing just the keyword cable We do notice logging of a handful of connections yet for
[spamdyke-users] Spamdyke GUI
Hi all, i've written a Spamdyke GUI for Plesk for my customers, so that they all have their own responsibility, if they want to use greylisting and are able to maintain their black-and whitelists. It's nice, as they all can see, what's really happening in the mailsystem and keep away spammers and welcome their customers... Rejecting mails without letting the customers know, is near the border to being illegal in Germany, because the customers can make me, or my company responsible for missing mails. But one problem i have is the logic of where i keep those lists. At the moment i just save them to the Plesk database and dump them regularly by cron-job to special files called customer_blacklist_ip, customer_blacklist_rdns, and so on, which are used by spamdyke. That's a good way to write them with root and keep all privileges healthy and i can let it send a report to me, what has been done. Do you think it's a good politic to activate them globally? I understand it in the way that every whitelisted entry should be a possible good sender for the others too. The critial point are the blacklists: Of course i avoided that they add known IP's, i.e. my mail server's network and local IP's and also created a button to check the reverse data. As far as i know, thats a way the big providers do it, i mean tagging mails manually as spam or ham. Am i right? Greetz, David ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke GUI
Hi Arthur, first of all - I won't beat anyone here, as i asked for others' opinions. :) If you ask me, i would prefer to let all go through, but my server wouldn't survive that high load then. Without spamdyke my server load goes up from a load average of 0.10 to over 30.0 and more. I tried that... unvolunteerly... You're right, if you say i allow my users a lot, but the way i did it, i always get reports, when the list updates are done. If something goes wrong, it's on me to fix it. Thats always 30 minutes for me to react (theoretically). I didn't figure out a way to configure spamdyke to use per-domain-lists, so i've chosen this one. I think i'll give it a month or two as testing period, to see what my customers kill or not, do or not. Another thought is just to let them maintain the whitelist. hehe. All in all it's not only my decision. My boss wanted that. :-) Thanks for your statements about this. Arthur Girardi schrieb: Heya, I can't say what you are trying to do is a good thing, giving this kind of power to your customers is in my humble opinion, as Sam use to say, a solution looking for a problem. I think that in your case you will likely run over two or more customers disagreeing in the choice of filters, sooner than it may seem. I think that it would require of spamdyke to work on a much more user-level kind of configuration than what it is capable of today. (I may be completely wrong in this matter, tho, as I haven't configured spamdyke to its deepest maximum usefulness). Anyway, letting spam go thru and putting the responsability of deciding what to block on the customer, that and considering most customers do not have a good technical knowledge, looks wrong to me. You said that blocking e-mails without the consent of the customer is borderline illegal in Germany, but what if a customer end up putting by mistake one of those big providers in a blacklist? That would affect other customers as well, and you would end up taking the blame the same way! My advice is that you should declare your anti-spam policy when a customer signs in, exempting yourself from criminal responsability in case of legitimate mail being rejected. I don't know if that is ever acceptable in Germany though, and most importantly, in the market you serve. But those are just my 2 cents. Please don't beat me. :) Cheers Arthur Hi all, i've written a Spamdyke GUI for Plesk for my customers, so that they all have their own responsibility, if they want to use greylisting and are able to maintain their black-and whitelists. It's nice, as they all can see, what's really happening in the mailsystem and keep away spammers and welcome their customers... Rejecting mails without letting the customers know, is near the border to being illegal in Germany, because the customers can make me, or my company responsible for missing mails. But one problem i have is the logic of where i keep those lists. At the moment i just save them to the Plesk database and dump them regularly by cron-job to special files called customer_blacklist_ip, customer_blacklist_rdns, and so on, which are used by spamdyke. That's a good way to write them with root and keep all privileges healthy and i can let it send a report to me, what has been done. Do you think it's a good politic to activate them globally? I understand it in the way that every whitelisted entry should be a possible good sender for the others too. The critial point are the blacklists: Of course i avoided that they add known IP's, i.e. my mail server's network and local IP's and also created a button to check the reverse data. As far as i know, thats a way the big providers do it, i mean tagging mails manually as spam or ham. Am i right? Greetz, David ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke GUI
Yes i looked at the sources and as far as i saw, that's very complex analysis, wich isn't necessary in my case. As my server is connecting to the internet, the module from Haggybear is rotating downloads of an update-script, ignoring that it should use a proxy and times out but doesn't recognize. I just need to know, who spammed, wich senders are important and black- or whitelist them. I'll modify my version to use the below mentioned config-dirs. As i'm always programming shell-scripts, it won't be hard to make it compatible to other systems, like QmailToaster. BTW, is http://www.shupp.org/toaster/; meant with that, or something else? Sam Clippinger schrieb: This sounds like a great project to me -- it's exactly what I had in mind when I added support for configuration directories. Specifically, if your tool updates the configuration file named _recipient_/domain.com, the changes will only affect recipients in domain.com. That way, your users can do anything they want (including completely disabling spamdyke's filters) and it will only affect their mail. This is a much better solution than allowing any user to edit the server's global configuration and affect everyone's mail. Not every filter can be activated or deactivated through configuration directories but most of them can (whitelists, blacklists, graylisting, rDNS filters and others). You should also check out the Plesk control panel that Haggybear is working on. That code may already include the features you're trying to build: http://www.haggybear.de/component/option,com_docman/task,doc_details/gid,21/Itemid,54/ BTW, if you build your tool to also work on non-Plesk servers, you'd probably find a large audience for it (especially on the QmailToaster mailing list). -- Sam Clippinger David Stiller wrote: Hi all, i've written a Spamdyke GUI for Plesk for my customers, so that they all have their own responsibility, if they want to use greylisting and are able to maintain their black-and whitelists. It's nice, as they all can see, what's really happening in the mailsystem and keep away spammers and welcome their customers... Rejecting mails without letting the customers know, is near the border to being illegal in Germany, because the customers can make me, or my company responsible for missing mails. But one problem i have is the logic of where i keep those lists. At the moment i just save them to the Plesk database and dump them regularly by cron-job to special files called customer_blacklist_ip, customer_blacklist_rdns, and so on, which are used by spamdyke. That's a good way to write them with root and keep all privileges healthy and i can let it send a report to me, what has been done. Do you think it's a good politic to activate them globally? I understand it in the way that every whitelisted entry should be a possible good sender for the others too. The critial point are the blacklists: Of course i avoided that they add known IP's, i.e. my mail server's network and local IP's and also created a button to check the reverse data. As far as i know, thats a way the big providers do it, i mean tagging mails manually as spam or ham. Am i right? Greetz, David ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] High load avg
Yes, me also. Looks like this is one of the reasons, why Linux-tools are mostly developped for specific systems, when making RPM's. So Spamdyke 4.0.5 seems to be good for SuSE's, and maybe not on others? Just quick shot from me^^ :) Arne Metzger schrieb: Hi, on my vm running Suse10.0 i can't reproduce this. Regards, Arne Sam Clippinger schrieb am 15.10.2008 03:17: I forgot to ask earlier -- when you activated full logging, were any log files actually produced? If I could see them, they would probably be very helpful in tracking this down. -- Sam Clippinger Arthur Girardi wrote: Hi I too noticed the high cpu usage by spamdyke in the 4.0.5 version. Like 6 or 7 spamdyke processes running at 100% cpu on a dual quad-core... Interesting enough, I noticed not all spamdyke did go 100%, only those that had some kind of attachment, a gif, jpg, a signature, whatever, encoded in base64. The message does finish successfully and life goes on, but I started having some slowdown complaints, and after this first post to the list, I saw I had the same issue. If you strace the process while it is hanging at high cpu, you'll see a lot of Timeouts mixed with reads and writes of what seems to be the content of the base64 attachment. Then I tried changing output from my normal verbose operation to excessive, and enabled full-log-dir, but just as I did that, cpu usage fell down, and clients started getting smtp error messages containing chunks of spamdyke's excessive output. I'm running spamdyke on a rhel5. Cheers Arthur Citando Paulo Henrique [EMAIL PROTECTED]: Hi... 2008/10/14 Sam Clippinger [EMAIL PROTECTED]: This is the first I've heard of this -- can you provide any more information about it? Did those spamdyke processes produce any log messages or errors? No errors. Did they begin eating the CPU before or after accepting/rejecting a message? Apparently once the message is accepted. Did you try turning on full logging to see exactly what was going on? Yet I did not. What OS are you running? Linux Slackware 12.1, kernel 2.6.24-5-smp tks. -- Sam Clippinger Erald Troja wrote: Hello, I second your findings. We reverted to 4.0.4 right away. Did not report it as we were unable to find a good explanation for it. The spamdyke processes were just lingering each consuming between 70% to 100% of CPU. Erald Troja Paulo Henrique wrote: Hi, since the spamdyke upgraded to 4.0.5, I noted that my servers working with a high load, the average of 0.65 and they were left to 3.5, someone noticed this problem? What may be happening? tks ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Muitos homens perdem a saúde para ganhar dinheiro, depois perdem o dinheiro para ganhar a saúde. - Confúcio Paulo Henrique Fonseca [EMAIL PROTECTED] ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- BLACKBIT neue Medien GmbH | BLACKBIT neue Werbung GmbH Technischer Support/ Hotline Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Geschäftsführer: Stefano Viani Registergericht: Amtsgericht Göttingen, HRB 3222 Umsatzsteueridentifikationsnummer (§ 27a UstG): DE 813 114 917 Tel: +49-551-50675-50 - Fax: +49-551-50675-20 E-Mail: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software fuer Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] config-dir
Hi Sam and users! Do you think this is a usable structure to be used for per-domain-config's? domain_setup/ |-- _recipient_ | `-- com | `-- testdomain `-- testdomain.com |-- customer_blacklist_ip |-- customer_blacklist_rdns |-- customer_blacklist_sender |-- customer_whitelist_ip `-- customer_whitelist_rdns In testdomain are the 5 black- and whitelistfiles. So _recipient_/com/testdomain is used as a per-domain control file. I've denied the whitelist of senders concerning the ease of faking them: #cat testdomain ip-blacklist-file=/var/qmail/spamdyke/domain_setup/testdomain.com/customer_blacklist_ip rdns-blacklist-file=/var/qmail/spamdyke/domain_setup/testdomain.com/customer_blacklist_rdns ip-whitelist-file=/var/qmail/spamdyke/domain_setup/testdomain.com/customer_whitelist_ip rdns-whitelist-file=/var/qmail/spamdyke/domain_setup/testdomain.com/customer_whitelist_rdns sender-blacklist-file=/var/qmail/spamdyke/domain_setup/testdomain.com/customer_blacklist_sender sender-whitelist-file=!!! In /etc/spamdyke.conf i've configured domain_setup to be used as my config-dir: config-dir=/var/qmail/spamdyke/domain_setup/ So the customer setups are kept out of the global spamdyke setup. Looks quite logical for me and should be easy to be maintained. - David ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke +ip-in-rdns - per domain basis
Hi Linto, the per-domain basis you can create by using the config-dir option, wich is well documented in the documentation: http://www.spamdyke.org/documentation/README.html#CONFIGURATION_DIR Nearly any combination of sender and recipient can be configured with this option. This way i configure black- and whitelists for my customers. My structure looks like the following. In /etc/spamdyke.conf i set: config-dir=/var/qmail/spamdyke/domain_setups The directories contain: domain_setups/ `-- _recipient_ |-- tld | `-- firstdomain (file) `-- tld2 `-- seconddomain (file) domain_configs/ |-- firstdomain.tld | |-- customer_blacklist_ip | |-- customer_blacklist_rdns | |-- customer_whitelist_ip | `-- customer_whitelist_rdns `-- seconddomain.tld2 |-- customer_blacklist_ip |-- customer_blacklist_rdns |-- customer_whitelist_ip `-- customer_whitelist_rdns In the file firstdomain you can setup the configuration for the domain and also the IP_IN_RDNS_KEYWORDS of course. In my case these are: ip-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_ip rdns-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_rdns ip-whitelist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_whitelist_ip rdns-whitelist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_whitelist_rdns sender-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_sender I hope this helps! ;) David Linto Paul schrieb: Greetings, Could please let me know if there is a way to whitelist a domain on the IP_IN_RDNS_KEYWORDS on a per domain basis. Say we get user complaining about a domain called example.com http://example.com, and they say, I am the owner of example.com http://example.com and want this feature not used onto our domain even though you host it for us. ~~~ Oct 21 11:46:44 mail01 spamdyke[24348]: DENIED_IP_IN_RDNS from: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] to: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] origin_ip: 66.49.15.190 http://66.49.15.190 origin_rdns: 66.49.15.190.nw.nuvox.net http://66.49.15.190.nw.nuvox.net auth: (unknown) We have the RDNS blocked in our server via keyword:- .nuvox.net http://nuvox.net Is it possible to just put a whitelist for example.com http://example.com and deny all others matching this keyword. Thanks, Linto Paul On Thu, Oct 16, 2008 at 10:30 PM, [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Send spamdyke-users mailing list submissions to spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org To subscribe or unsubscribe via the World Wide Web, visit http://www.spamdyke.org/mailman/listinfo/spamdyke-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of spamdyke-users digest... Today's Topics: 1. Regular-Expression Support (Felix Buenemann) 2. Re: spamdyke +ip-in-rdns-keyword-blacklist-entry option (Arthur Girardi) 3. Re: spamdyke +ip-in-rdns-keyword-blacklist-entry option (Felix Buenemann) 4. Re: spamdyke +ip-in-rdns-keyword-blacklist-entryoption (Tim Mancour) -- Message: 1 Date: Thu, 16 Oct 2008 17:07:56 +0200 From: Felix Buenemann [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Subject: [spamdyke-users] Regular-Expression Support To: spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org Message-ID: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-15 Hi Sam, I wonder wether there is a specific reason not to use regular expressions via the PCRE lib to match patterns in blacklist files etc. Has this been avoided for performance reasons? -- Felix Buenemann -- Message: 2 Date: Thu, 16 Oct 2008 12:12:58 -0300 From: Arthur Girardi [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Subject: Re: [spamdyke-users] spamdyke +ip-in-rdns-keyword-blacklist-entry option To: spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org Message-ID: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; DelSp=Yes; format=flowed For me it looks as if the message is being blocked because it contains the country code and ip in the rdns and his setup has reject-ip-in-cc-rdns enabled. In the FAQ it says it will check reject-ip-in-cc-rdns before looking at the rdns whitelist. I'm not sure
Re: [spamdyke-users] spamdyke +ip-in-rdns - per domain basis
As an answer to this: Is it possible to just put a whitelist for example.com http://example.com and deny all others matching this keyword. Sure. I would just whitelist 66.49.15.190 and blacklist .nuvox.net http://nuvox.net. Don't know wich one catches first. I would try. Regards, David http://66.49.15.190 David Stiller schrieb: Hi Linto, the per-domain basis you can create by using the config-dir option, wich is well documented in the documentation: http://www.spamdyke.org/documentation/README.html#CONFIGURATION_DIR Nearly any combination of sender and recipient can be configured with this option. This way i configure black- and whitelists for my customers. My structure looks like the following. In /etc/spamdyke.conf i set: config-dir=/var/qmail/spamdyke/domain_setups The directories contain: domain_setups/ `-- _recipient_ |-- tld | `-- firstdomain (file) `-- tld2 `-- seconddomain (file) domain_configs/ |-- firstdomain.tld | |-- customer_blacklist_ip | |-- customer_blacklist_rdns | |-- customer_whitelist_ip | `-- customer_whitelist_rdns `-- seconddomain.tld2 |-- customer_blacklist_ip |-- customer_blacklist_rdns |-- customer_whitelist_ip `-- customer_whitelist_rdns In the file firstdomain you can setup the configuration for the domain and also the IP_IN_RDNS_KEYWORDS of course. In my case these are: ip-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_ip rdns-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_rdns ip-whitelist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_whitelist_ip rdns-whitelist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_whitelist_rdns sender-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_sender I hope this helps! ;) David Linto Paul schrieb: Greetings, Could please let me know if there is a way to whitelist a domain on the IP_IN_RDNS_KEYWORDS on a per domain basis. Say we get user complaining about a domain called example.com http://example.com, and they say, I am the owner of example.com http://example.com and want this feature not used onto our domain even though you host it for us. ~~~ Oct 21 11:46:44 mail01 spamdyke[24348]: DENIED_IP_IN_RDNS from: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] to: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] origin_ip: 66.49.15.190 http://66.49.15.190 origin_rdns: 66.49.15.190.nw.nuvox.net http://66.49.15.190.nw.nuvox.net auth: (unknown) We have the RDNS blocked in our server via keyword:- .nuvox.net http://nuvox.net Is it possible to just put a whitelist for example.com http://example.com and deny all others matching this keyword. Thanks, Linto Paul On Thu, Oct 16, 2008 at 10:30 PM, [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Send spamdyke-users mailing list submissions to spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org To subscribe or unsubscribe via the World Wide Web, visit http://www.spamdyke.org/mailman/listinfo/spamdyke-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of spamdyke-users digest... Today's Topics: 1. Regular-Expression Support (Felix Buenemann) 2. Re: spamdyke +ip-in-rdns-keyword-blacklist-entry option (Arthur Girardi) 3. Re: spamdyke +ip-in-rdns-keyword-blacklist-entry option (Felix Buenemann) 4. Re: spamdyke +ip-in-rdns-keyword-blacklist-entryoption (Tim Mancour) -- Message: 1 Date: Thu, 16 Oct 2008 17:07:56 +0200 From: Felix Buenemann [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Subject: [spamdyke-users] Regular-Expression Support To: spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org Message-ID: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-15 Hi Sam, I wonder wether there is a specific reason not to use regular expressions via the PCRE lib to match patterns in blacklist files etc. Has this been avoided for performance reasons? -- Felix Buenemann -- Message: 2 Date: Thu, 16 Oct 2008 12:12:58 -0300 From: Arthur Girardi [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Subject: Re: [spamdyke-users] spamdyke +ip-in-rdns-keyword-blacklist-entry option To: spamdyke-users@spamdyke.org mailto:spamdyke-users
Re: [spamdyke-users] Block some words on mail
Hi Rafael, Rafael Andrade schrieb: How i can block emails, searching some Regex on ur body? Example: Searching Viagra, or Mercadolibre, Cialis, Xxx, Sex, whatever some words on email send or receive. It's not Spamdyke's Job to scan mails for contents. Spamdyke doesnt' see any word of the content itself. Spamdyke is watching only the connections. For your needs you should setup your Spamfilter like Spamassassin or use procmail to scan for keywords. and how i can block users to dont send mails to out of ur domain. Example: [EMAIL PROTECTED] only can send mails to others [EMAIL PROTECTED], never other. Looks like a negotiation trick you'd need here. Like blacklisting every and whitelist one domain. Maybe you could also set up qmail to handle this. I never needed such a hard rule... ;-) Thanks for all ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- BLACKBIT neue Medien GmbH | BLACKBIT neue Werbung GmbH Technischer Support/ Hotline Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Geschäftsführer: Stefano Viani Registergericht: Amtsgericht Göttingen, HRB 3222 Umsatzsteueridentifikationsnummer (§ 27a UstG): DE 813 114 917 Tel: +49-551-50675-50 - Fax: +49-551-50675-20 E-Mail: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software fuer Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DENIED_RDNS_RESOLVE with reverse dns
[EMAIL PROTECTED] schrieb: Hi David I had use [EMAIL PROTECTED] for example of mail, is not real mail. Yes, thats why i didn't use a dig on that and said i guess. Peter I check same too, 53-255-112-92.pool.ukrtel.net don't resolve to A entry. But I suppose rnds option only check ip to fqdn. Is there a way to check only this ? I had see some ips marked as DENIED_RDNS_RESOLVE with same results, and belongs to ISP's. More examples: dsl88-226-48720.ttnet.net.tr host249.159.31.78.cable.morena.jarsat.pl This hosts belongs to customers who open a connection to send mail. Maybe must i move my customers to submission port ? I using spamdyke with plesk. Here, my /etc/spamdyke.conf log-level=info local-domains-file=/var/qmail/control/rcpthosts max-recipients=100 idle-timeout-secs=60 graylist-level=always greeting-delay-secs=1 ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip graylist-dir=/var/qmail/greylist graylist-min-secs=300 graylist-max-secs=1814400 dns-blacklist-entry=sbl-xbl.spamhaus.org reject-missing-sender-mx tls-certificate-file=/var/qmail/control/servercert.pem smtp-auth-level=observe smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /bin/true reject-unresolvable-rdns reject-empty-rdns Maybe I had missconfigured something ? thanks ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- BLACKBIT neue Medien GmbH | BLACKBIT neue Werbung GmbH Technischer Support/ Hotline Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Geschäftsführer: Stefano Viani Registergericht: Amtsgericht Göttingen, HRB 3222 Umsatzsteueridentifikationsnummer (§ 27a UstG): DE 813 114 917 Tel: +49-551-50675-50 - Fax: +49-551-50675-20 E-Mail: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software fuer Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Updated Spamdyke Statistics Script
Yes, probably the log-file-format doesn't fit. That spamdyke-stats.pl parses the default-format of qmail. Plesk writes another. The qmail-SMTP-Logs normally begin with: @400048ee184815c9cc04 and Plesk write human-readables: Nov 3 16:08:07 plesk-mail [...] Peter schrieb: Hi folks! Does someone know, what I make wrong?: cat /opt/psa/var/log/maillog | /usr/bin/spamdyke-stats.pl spamdyke-stats build 2008102607 Summary Allowed:00.00% Timeout:00.00% Errors :00.00% Denied :00.00% Total :00.00% But in maillog are spamdyke entries: cat maillog | grep spamdyke| wc -l 294 Loglevel is set to: log-level=info Any ideas? Viele Grüße, Peter -- BLACKBIT neue Medien GmbH | BLACKBIT neue Werbung GmbH Technischer Support/ Hotline Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Geschäftsführer: Stefano Viani Registergericht: Amtsgericht Göttingen, HRB 3222 Umsatzsteueridentifikationsnummer (§ 27a UstG): DE 813 114 917 Tel: +49-551-50675-50 - Fax: +49-551-50675-20 E-Mail: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software fuer Online-Marketing: http://www.go-community.de ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Updated Spamdyke Statistics Script
I think you had another. ;-) If you want, i can look if i can find my old one. Peter schrieb: Am Montag, den 03.11.2008, 16:06 +0100 schrieb David Stiller: Yes, probably the log-file-format doesn't fit. That spamdyke-stats.pl parses the default-format of qmail. Plesk writes another. The qmail-SMTP-Logs normally begin with: @400048ee184815c9cc04 and Plesk write human-readables: Nov 3 16:08:07 plesk-mail [...] Sometime ago it had worked, but I am unshure what changed in past. :( It looks like: Nov 3 15:48:11 server spamdyke[26334]: ALLOWED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 217.72.192.242 origin_rdns: fmmailgate04.web.de auth: (unknown) - Peter ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Updated Spamdyke Statistics Script
Ok, if you can use PHP-CLI, try the attached scripts. Move arg_parse into /usr/lib/php-cli/ or change the path in the main-script. Then you can use it like this: ./spamdyke-domrep-cli -d example.com example.com - DENIED_RDNS_MISSING: 490 TRAFFIC: 1728 DENIED: 1498 DENIED_RBL_MATCH: 372 DENIED_RDNS_RESOLVE: 384 ALLOWED: 452 DENIED_GRAYLISTED: 236 TIMEOUT: 4 DENIED_OTHER: 12 DENIED_SENDER_NO_MX: 4 Or for all with paging: ./spamdyke-domrep-cli -a | less This is the analysis-routine used for my plesk-module. So probably will work for you. Greetz, David Peter schrieb: Am Montag, den 03.11.2008, 16:06 +0100 schrieb David Stiller: Yes, probably the log-file-format doesn't fit. That spamdyke-stats.pl parses the default-format of qmail. Plesk writes another. The qmail-SMTP-Logs normally begin with: @400048ee184815c9cc04 and Plesk write human-readables: Nov 3 16:08:07 plesk-mail [...] Sometime ago it had worked, but I am unshure what changed in past. :( It looks like: Nov 3 15:48:11 server spamdyke[26334]: ALLOWED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 217.72.192.242 origin_rdns: fmmailgate04.web.de auth: (unknown) - Peter ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Updated Spamdyke Statistics Script
no comment :-D
David Stiller schrieb:
Ok, if you can use PHP-CLI, try the attached scripts. Move arg_parse into
/usr/lib/php-cli/ or change the path in the main-script. Then you can
use it
like this:
./spamdyke-domrep-cli -d example.com
example.com
-
DENIED_RDNS_MISSING: 490
TRAFFIC: 1728
DENIED: 1498
DENIED_RBL_MATCH: 372
DENIED_RDNS_RESOLVE: 384
ALLOWED: 452
DENIED_GRAYLISTED: 236
TIMEOUT: 4
DENIED_OTHER: 12
DENIED_SENDER_NO_MX: 4
Or for all with paging:
./spamdyke-domrep-cli -a | less
This is the analysis-routine used for my plesk-module.
So probably will work for you.
Greetz,
David
Peter schrieb:
Am Montag, den 03.11.2008, 16:06 +0100 schrieb David Stiller:
Yes, probably the log-file-format doesn't fit. That
spamdyke-stats.pl parses
the default-format of qmail. Plesk writes another. The
qmail-SMTP-Logs normally
begin with:
@400048ee184815c9cc04
and Plesk write human-readables:
Nov 3 16:08:07 plesk-mail [...]
Sometime ago it had worked, but I am unshure what changed in past.
:(
It looks like:
Nov 3 15:48:11 server spamdyke[26334]: ALLOWED from: [EMAIL PROTECTED] to:
[EMAIL PROTECTED] origin_ip: 217.72.192.242 origin_rdns: fmmailgate04.web.de
auth: (unknown)
- Peter
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
--
BLACKBIT neue Medien GmbH | BLACKBIT neue Werbung GmbH
Technischer Support/ Hotline
Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
Geschäftsführer: Stefano Viani
Registergericht: Amtsgericht Göttingen, HRB 3222
Umsatzsteueridentifikationsnummer (§ 27a UstG): DE 813 114 917
Tel: +49-551-50675-50 - Fax: +49-551-50675-20
E-Mail: [EMAIL PROTECTED]
Klassische Werbung und Online-Marketing: http://www.blackbit.de
Software fuer Online-Marketing: http://www.go-community.de
argc = $argc;
$this->argv = $argv;
$this->parsed = array();
array_push($this->parsed,
array($this->argv[0]) );
if ( !empty($force_this) )
if ( is_array($force_this) )
$this->force_this = $force_this;
//Sending parameters to $parsed
if ( $this->argc > 1 ) {
for($i=1 ; $i< $this->argc ; $i++) {
//We only have passed -
if ( substr($this->argv[$i],0,1) == "-" ) {
//Se temos -
if ( $this->argc > ($i+1) ) {
if ( substr($this->argv[$i+1],0,1) != "-" ) {
array_push($this->parsed,
array($this->argv[$i],
$this->argv[$i+1]) );
$i++;
continue;
}
}
}
//We have passed -x1 x2
array_push($this->parsed,
array($this->argv[$i]) );
}
}
//Testing if all necessary parameters have been passed
$this->force();
}
//Testing if one parameter have benn passed
function passed($argumento) {
for($i=0 ; $i< $this->argc ; $i++)
if ( $this->parsed[$i][0] == $argumento )
return $i;
return 0;
}
//Testing if you have passed a estra argument, -1 x2
function full_passed($argumento) {
$findArg = $this->passed($argumento);
if ( $findArg )
if ( count($this->parsed[$findArg] ) > 1 )
return $findArg;
return 0;
}
//Returns x2 at a " -1 x2" call
function get_full_passed($argumento) {
$findArg = $this->full_passed($argumento);
if ( $findArg )
return $this->parsed[$findArg][1];
return;
}
//Necessary parameters to script
function force() {
if ( is_array( $this->force_this ) ) {
for($i=0 ; $i< count($this->force_this) ; $i++) {
if ( $this->force_this[$i][1] == "SIMPLE"
&& !$this->passed($this->force_this[$i][0])
)
// die("\n\nMissing " . $this->force_this[$i][0] . "\n\n");
if ( $this->force_this[$i][1] == "FULL"
&& !$this->full_passed($this->force_this[$i][0])
)
die("\n\nMissing " . $this->force_this[$i][0] ." \n\n");
}
}
}
}
/*
//Example
$forcar = array(
array("-name", &quo
Re: [spamdyke-users] DENIED_RDNS_RESOLVE another issue
Looks like a temporarily problem, the RDNS can be found now: # host -r 65.55.111.96 96.111.55.65.in-addr.arpa domain name pointer blu0-omc2-s21.blu0.hotmail.com. David Stiller schrieb: I think spamdyke doesn't find the origin_ip listed in the mx's of hotmail.com: # dig mx hotmail.com | grep 65.55.111.96 # host -r 65.55.111.96 96.111.55.65.in-addr.arpa has no PTR record [EMAIL PROTECTED] schrieb: Hi spamdyke is blocking emails like this: Nov 10 09:32:33 mail spamdyke[4015]: DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 65.55.111.96 origin_rdns: blu0-omc2-s21.blu0.hotmail.com auth: (unknown) In this case, rdns is ok in both ways. ¿ some help please ? thanks ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting domains
nightduke schrieb: Hi i wish to know if it's possible to add a domain at graylisting directory, if it's added every email from that domain will be automactly added and people start receiving emails from that domain. I hope people can understand what i'm saying. Nightduke ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users First of all, if you add a domain in the greylisting directory, the greylisting for the domain is just activated and every incoming mail will be denied temporarily. What do you mean by automatically adding emails to it? Spamdyke does it, as soon a mail comes in for that recipient. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke 4.05 whitelist
Really looks like a bug for me, if the adress just has to be the last part of the adress, and [EMAIL PROTECTED] is read as [EMAIL PROTECTED] Am 26.11.2008 um 14:50 schrieb John Devenport: Greetings, I'm using spamdyke 4.05 on FreeBSD 7.0 and I receive a lot of spam with recipients similar to the real users of the system, so I've blacklisted the whole virtual domain and withelisted only the real users. It works pretty good except for the following case: If the recipient is: [EMAIL PROTECTED] the recipient is accepted and I have a lot of useless emails in the queue. If the recipient is: [EMAIL PROTECTED] spamdyke rejects the connection as expected. Is this the normal behaviour or is this a bug? Thanks in advance for any help. -- Email.it, the professional e-mail, gratis per te: http:// www.email.it/f Sponsor: Gioca e vinci con Sheba! * Partecipa a concorso I sensi di un'intesa perfetta vinci fantastici premi per il tuo gatto! * Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=8433d=26-11 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users David Stiller Technischer Support Blackbit Neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen tel.: +49 [551] 50675-60 - fax.: +49 [551] 50675-20 email: [EMAIL PROTECTED] - hotline: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] blocking emails to a certain mailbox from all but 1 specified rDNS
Yes, as Sam mentionend in the referred post, the keyword is configuration directory. You can find the documentation about that on: http://www.spamdyke.org/documentation/README.html#CONFIGURATION_DIR For an example configuration check the config i published in this thread: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg01828.html Am 01.12.2008 um 16:38 schrieb Erald Troja: Howdy folks, a similar issue was brought up a while ago as posted on this thread http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg01883.html yet, I can't seem to find a work around for the following. I'd like to have a recipient mailbox be setup with it's own configuration file, in which I would like to allow only emails originating from rDNS mydomain.com be allowed in. All others should be rejected. Is there a method to manipulate SpamDyke's configuration parameters to allow for this? Thanks. -- Erald Troja ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users David Stiller Technischer Support Blackbit Neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen tel.: +49 [551] 50675-60 - fax.: +49 [551] 50675-20 email: [EMAIL PROTECTED] - hotline: [EMAIL PROTECTED] Klassische Werbung und Online-Marketing: http://www.blackbit.de Software für Online-Marketing: http://www.go-community.de Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani Vertraulichkeit Diese Nachricht ist vertraulich. Falls Sie nicht der in dieser Nachricht bezeichnete Empfänger sind, informieren Sie uns bitte sobald wie möglich und bewahren Sie Stillschweigen über den Inhalt. Danke für Ihr Verständnis. Bitte beachten Sie, daß jede an uns gesandte E-Mail über das Sekretariat an den gewünschten Empfänger weitergeleitet wird. Vorsorglich weisen wir darauf hin, dass der Empfang von E-Mails aus technischen oder betrieblichen Gründen gestört sein kann. Dies gilt selbst dann, wenn Sie diese automatisch erzeugte E-Mail störungsfrei lesen können. Wegen des nicht kontrollierbaren Transportweges einer E-Mail ist auch nicht sichergestellt, dass ihr Inhalt nur berechtigten Personen bekannt wird. Bitte senden Sie Briefe, Mitteilungen oder sonstige Erklärungen, deren Inhalt vertraulich ist oder die rechtliche Wirkung entfalten sollen, nicht per E-Mail, sondern auf herkömmlichem Wege. Wir behalten uns vor, falls nicht im Einzelfall ausdrücklich etwas anderes vereinbart ist, E-Mail keine rechtliche Wirkung beizumessen, sofern diese nicht gegen unberechtigte (Ver-)Fälschung gesichert sind. Confidentiality This communication is confidential. If you are not the person or entity to whom it is addressed please notify the sender immediately; do not disclose the information or make any use of it. Thank you for your kind assistance. Please note that e-mails sent to us do not reach the addressee directly but are received and distributed by our secretariat. As a matter of precaution we would like to point out that problems may arise with the reception of e-mails as a result of technical or operational factors. This remains the case even if you are able to read this automatically generated e-mail correctly. Furthermore, as it is not possible to monitor the transmission route of an e-mail message, it cannot be guaranteed that its content will become known only to authorised persons. We therefore request you to send any communications, notifications or other correspondence with confidential content, or which are intended to give rise to a legally binding effect, not by e-mail, but by traditional means. We reserve the right, except as expressly otherwise agreed in any particular instance, not to recognise the legal effectiveness of any e-mail that is not protected against unauthorised alteration or falsification. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DENIED_IP_IN_CC_RDNS
For me it looks loka a local delivery and you probably authenticated - so Spamdyke doesn't need to block mails from you, to you. SCP should show another field, like Auth, as my surface does. Am 24.03.2009 um 09:37 schrieb Ulrich C. Manns: As you can see in attached picture. Sometimes i found accepted E- Mails but they should dropped within the DENIED_IP_IN_CC_RDNS rule. The screenshot was taken from a special Plesk Tool (SCP = Spamdyke Control Panel). Regards, Ulrich msp informations technologie --.--..-.-.-..-.--.--.- AdresseOltmannsstr. 3 D-79100 Freiburg Telefon0761 / 456 26 23 –0 Direkt 0761 / 456 26 23 –21 Telefax0761 / 456 26 23 –99 Mobil 0151 / 174 33 239 ICQ21358399 E-Mail ulrich.ma...@msp-it.de Internet http://www.msp-it.de/ Inhaberin Aylin Koç USt-ID-Nr. DE243985099 Bild 1.jpg ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Posibility to blacklist messages where sender and recipient are exactly same
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ulrich C. Manns schrieb: @Sam Clippinger Hi Sam, my whishes: 1. A new parameter to reject emails if sender=recipient (because we?re hosting many domains an Eduard method won?t work for us) Hi Ulrich, isn't it a quite usual method to send mails to yourself, to keep a copy or something? If you really want to do this, check also if the sending mx is not local domain, regardings this i would think that spamdyke might deny such a mail anyway with the reverse dns lookup checks. 2. SPF (DENIED_SPF) 3. MySQL extension from haggybear.de Regards, Ulrich *Von: *Eduard Svarc esv...@intertech.cz *Antworten an: *spamd...@intertech.cz, spamdyke users spamdyke-users@spamdyke.org *Datum: *Wed, 6 May 2009 10:29:11 +0200 *An: *spamdyke users spamdyke-users@spamdyke.org *Betreff: *Re: [spamdyke-users] Posibility to blacklist messages where sender and recipient are exactly same Hi Ulrich, thanks for idea and it works. I did add into /etc/spamdyke.d/sender-blacklist-file all our local domain in form: @intertech.cz and now SPAMDYKE works as I do expecting: May 6 10:23:29 fw spamdyke[27819]: DENIED_SENDER_BLACKLISTED from: efrey...@intertech.cz to: efrey...@intertech.cz origin_ip: 89.189.3.74 origin_rdns: lissant.kis.ru auth: (unknown) Heureka! I hope it will helps someone else than me. But it is perfectly what I do expect to happens. Eduard spamdyke-users-boun...@spamdyke.org wrote on 06.05.2009 09:51:17: Dear Ulrich, I guess it couldn't be denied by DENIED_IP_IN_RDNS because s0106000625a2b407 is not hexadecimal representation of IP address. I pick may be wrong example there are partially regular reverse DNS too where sender and recipent are same like: May 6 09:35:03 fw spamdyke[27053]: ALLOWED from: @domain.cz to: @domain.cz origin_ip: 95.48.168.162 origin_rdns: jum162.internetdsl. tpnet.pl auth: (unknown) Thanks to your answer to another thread I got idea how to block these messages. I could put our domain in sender-blacklist-file and it will definetely stop all messages containing SPAM with fake sender from our domain. Users using another mail server for outgoing mail and that mail will never reach perimeter SMTP server where SPAMDYKE does run. Thnak you! Eduard Ulrich C. Manns ulrich.ma...@msp-it.de wrote on 06.05.2009 08:59:15: I think this should be a new parameter in the config for the next version? But this should be rejected with DENIED_IP_IN_RDNS with .net in the file ip-in-rdns-keyword-blacklist-file? Von: Eduard Svarc esv...@intertech.cz Antworten an: spamd...@intertech.cz, spamdyke users spamdyke- us...@spamdyke.org Datum: Wed, 6 May 2009 08:32:10 +0200 An: spamdyke users spamdyke-users@spamdyke.org Betreff: [spamdyke-users] Posibility to blacklist messages where sender and recipient are exactly same Dears, I'm looking for right place where I could reject messages containing with 100% probability SPAM. These messages I could easily indetify as SPAM because sender and recipient are exactly same. My server is perimeter SMTP relay only. In this case is not simply possible that he could deliver this kind of messages. In case when user of local domain acidentaly sending message to self it would be handled by main mail server not by perimeter SMTP server. I would like simply DENY all messages like these: May 6 06:57:48 fw spamdyke[23773]: ALLOWED from: u...@domain.cz to: u...@domain.cz origin_ip: 24.84.53.252 origin_rdns: s0106000625a2b407.vc.shawcable.net auth: (unknown) TIA Eduard ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkoCo/UACgkQWFnhIgg1RRqTNACbBNfHIJG1Yx/R/r6u+9jTUauu uU4Aniv3KM2exZi+j9NEgq4j345stnBO =E1gw -END PGP SIGNATURE- ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Posibility to blacklist messages where sender and recipient are exactly same
That looks even more strange to me. ;) If you're even authenticated, you're a legal user and should be able to send yourself a mail. I think i just didn't understand which case you want to block when a mail has sender=recipient? Ulrich C. Manns schrieb: Yes, but in this case i am authenticated. *Von: *David Stiller david.stil...@blackbit.de *Antworten an: *spamdyke users spamdyke-users@spamdyke.org *Datum: *Thu, 7 May 2009 11:03:49 +0200 *An: *spamdyke users spamdyke-users@spamdyke.org *Betreff: *Re: [spamdyke-users] Posibility to blacklist messages where sender and recipient are exactly same Ulrich C. Manns schrieb: @Sam Clippinger Hi Sam, my whishes: 1. A new parameter to reject emails if sender=recipient (because we?re hosting many domains an Eduard method won?t work for us) Hi Ulrich, isn't it a quite usual method to send mails to yourself, to keep a copy or something? If you really want to do this, check also if the sending mx is not local domain, regardings this i would think that spamdyke might deny such a mail anyway with the reverse dns lookup checks. 2. SPF (DENIED_SPF) 3. MySQL extension from haggybear.de Regards, Ulrich *Von: *Eduard Svarc esv...@intertech.cz *Antworten an: *spamd...@intertech.cz, spamdyke users spamdyke-users@spamdyke.org *Datum: *Wed, 6 May 2009 10:29:11 +0200 *An: *spamdyke users spamdyke-users@spamdyke.org *Betreff: *Re: [spamdyke-users] Posibility to blacklist messages where sender and recipient are exactly same Hi Ulrich, thanks for idea and it works. I did add into /etc/spamdyke.d/sender-blacklist-file all our local domain in form: @intertech.cz and now SPAMDYKE works as I do expecting: May 6 10:23:29 fw spamdyke[27819]: DENIED_SENDER_BLACKLISTED from: efrey...@intertech.cz to: efrey...@intertech.cz origin_ip: 89.189.3.74 origin_rdns: lissant.kis.ru auth: (unknown) Heureka! I hope it will helps someone else than me. But it is perfectly what I do expect to happens. Eduard spamdyke-users-boun...@spamdyke.org wrote on 06.05.2009 09:51:17: Dear Ulrich, I guess it couldn't be denied by DENIED_IP_IN_RDNS because s0106000625a2b407 is not hexadecimal representation of IP address. I pick may be wrong example there are partially regular reverse DNS too where sender and recipent are same like: May 6 09:35:03 fw spamdyke[27053]: ALLOWED from: @domain.cz to: @domain.cz origin_ip: 95.48.168.162 origin_rdns: jum162.internetdsl. tpnet.pl auth: (unknown) Thanks to your answer to another thread I got idea how to block these messages. I could put our domain in sender-blacklist-file and it will definetely stop all messages containing SPAM with fake sender from our domain. Users using another mail server for outgoing mail and that mail will never reach perimeter SMTP server where SPAMDYKE does run. Thnak you! Eduard Ulrich C. Manns ulrich.ma...@msp-it.de wrote on 06.05.2009 08:59:15: I think this should be a new parameter in the config for the next version? But this should be rejected with DENIED_IP_IN_RDNS with .net in the file ip-in-rdns-keyword-blacklist-file? Von: Eduard Svarc esv...@intertech.cz Antworten an: spamd...@intertech.cz, spamdyke users spamdyke- us...@spamdyke.org Datum: Wed, 6 May 2009 08:32:10 +0200 An: spamdyke users spamdyke-users@spamdyke.org Betreff: [spamdyke-users] Posibility to blacklist messages where sender and recipient are exactly same Dears, I'm looking for right place where I could reject messages containing with 100% probability SPAM. These messages I could easily indetify as SPAM because sender and recipient are exactly same. My server is perimeter SMTP relay only. In this case is not simply possible that he could deliver this kind of messages. In case when user of local domain acidentaly sending message to self it would be handled by main mail server not by perimeter SMTP server. I would like simply DENY all messages like these: May 6 06:57:48 fw spamdyke[23773]: ALLOWED from: u...@domain.cz to: u...@domain.cz origin_ip: 24.84.53.252 origin_rdns: s0106000625a2b407.vc.shawcable.net auth: (unknown) TIA Eduard ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Qmail writes with wrong user to the maildir
Hi Eric, check if the privileges of the files in /var/qmail/bin/ are set correctly. Plesk uses qmail-queue as the qmail-wrapper, wich needs the sticky-bit: -r-xr-xr-x 1 root qmail 24704 Aug 24 2008 qmail-lspawn [...] -r-s--x--x 1 drwebqmail 152436 Sep 17 2008 qmail-queue -r-s--x--x 1 drwebqmail 152436 Sep 17 2008 qmail-queue.drweb -r-s--x--x 1 qmailq qmail 20424 Aug 24 2008 qmail-queue.moved -r-x--x--x 1 qmailq qmail 30664 Sep 17 2008 qmail-queue.origin -r-s--x--x 1 root qmail 30664 Aug 24 2008 qmail-queue.plesk These are my binaries with drweb installed. Spamdyke would warn you, if it was running with root, at the config-check, so i guess the problem is not caused by spamdyke. qmail-lspawn is using deliverquota to deliver (http://www.qmail.org/man/man8/qmail-lspawn.html), maybe something is messed up with the above mentioned binaries. Eric Shubert schrieb: Stefan Pausch wrote: Hello, i know this is not a spamdyke issue, but since here are very smart heads i thought i give it a try and I hope you don’t mind. I posted already on 3 forums and contacted my provider and plesk support … with no solution at all. My system configuration: - Plesk 9.2.1 with QMail und Spamdyke (+Mysql) - Debian Sarge 64bit ( 2.6.18-6-amd84 ) - xinetd My .qmail configuration: | true | /usr/bin/deliverquota ./Maildir Maildir is: /var/qmail/mailnames/DOMAIN.tld/USER/Maildir/new My problem is that “deliverquota” writes new emails with the wrong username (root:popuser instead of popuser:popuser) into the maildirs (which causes issues). Does anybody here know where I can configure which user:group is used? … this drives me nuts for a few weeks (currently a 1min cronjob is running to correct this issue *sigh) Thanks a lot for any help. --Stefan I'm not familiar with Plesk, but I believe that if you set the sticky bit on the email folder (/var/qmail/mailnames/DOMAIN.tld/USER/Maildir/new), then the individual emails will be created with the owner of that folder instead of the owner of the process that runs deliverquota. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Qmail writes with wrong user to the maildir
Did you try to run /usr/local/psa/admin/sbin/mchk? Stefan Pausch schrieb: Hello, the /var/qmail/bin/ owner/rights are set correctly (compared to a fresh installation, which works 100% with correct username). The file-permissions or qmail-lspawn und qmail-queue are the same as yours, but the owner is different, because I don’t use drweb. It's either qmail-lspawn (which spawns qmailquota) or a qmail-queue issue, but everything I look up (config files, file permissions, logs etc) hasn’t point me to the cause of the problem. -Original Message- From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users-boun...@spamdyke.org] On Behalf Of David Stiller Sent: Thursday, June 04, 2009 7:23 PM To: spamdyke users Subject: Re: [spamdyke-users] Qmail writes with wrong user to the maildir Hi Eric, check if the privileges of the files in /var/qmail/bin/ are set correctly. Plesk uses qmail-queue as the qmail-wrapper, wich needs the sticky-bit: -r-xr-xr-x 1 root qmail 24704 Aug 24 2008 qmail-lspawn [...] -r-s--x--x 1 drwebqmail 152436 Sep 17 2008 qmail-queue -r-s--x--x 1 drwebqmail 152436 Sep 17 2008 qmail-queue.drweb -r-s--x--x 1 qmailq qmail 20424 Aug 24 2008 qmail-queue.moved -r-x--x--x 1 qmailq qmail 30664 Sep 17 2008 qmail-queue.origin -r-s--x--x 1 root qmail 30664 Aug 24 2008 qmail-queue.plesk These are my binaries with drweb installed. Spamdyke would warn you, if it was running with root, at the config-check, so i guess the problem is not caused by spamdyke. qmail-lspawn is using deliverquota to deliver (http://www.qmail.org/man/man8/qmail-lspawn.html), maybe something is messed up with the above mentioned binaries. __ Information from ESET NOD32 Antivirus, version of virus signature database 4131 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Qmail writes with wrong user to the maildir
Verdammt... Thought so. When i ran it, it crashed my whole system^^ So, i guess mchk corrupted your mailsystem. Ok, first run this - if you didn't ;-) strace -feopen /usr/local/psa/admin/bin/mail_auth_dump (using strace to see which files it writes to) Stefan Pausch schrieb: Did you try to run /usr/local/psa/admin/sbin/mchk? The thing is, that’s what (in my opinion) caused the problem in the first place (besides emptying a few configuration files and rewriting other config files with incorrect data :) ). -Original Message- From: David Stiller [mailto:david.stil...@blackbit.de] Sent: Thursday, June 04, 2009 8:17 PM To: ste...@stefanpausch.com; spamdyke users Subject: Re: [spamdyke-users] Qmail writes with wrong user to the maildir Did you try to run /usr/local/psa/admin/sbin/mchk? __ Information from ESET NOD32 Antivirus, version of virus signature database 4131 (20090604) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spam Stats
Just a suggestion, but I'm thinking that you could optimise this a bit. dial will already match dialin, dialpool and dialup, so there's no need to include those three, just dial. Same with a few of the others. Cheers, Dave Sam Clippinger wrote: Sure. Please keep in mind this list works for me, on my server, for my users. Your mileage may vary wildly. You have been warned... # Actual keywords cable client cm dhcp dial dialin dialpool dialup din dip dip0 dup dyn dynamic dynamicip ev1s in-addr modem ppp pool pools reverse user # Specific providers with lots of spammers adsl.totbb.net adsl.proxad.net fbx.proxad.net hinet-ip.hinet.net ip.secureserver.net onocable.ono.com res.rr.com rev.gaoland.net .telebecinternet.net bb.sky.net bb.sky.com ptr.us.xo.net .covad.net adsl dsl .sbcglobal.net adsl dsl .ameritech.net adsl dsl .pacbell.net adsl .bellsouth.net wsip .cox.net hsd1 .comcast.net -- Sam Clippinger Ronnie Tartar wrote: Sam, Can you share this list as I would love to make mine even better @ filtering. Regards, Ronnie - Original Message - From: Sam Clippinger s...@silence.org To: spamdyke users spamdyke-users@spamdyke.org Sent: Tuesday, September 01, 2009 4:20 PM Subject: Re: [spamdyke-users] Spam Stats I think you're misunderstanding the keywords feature. spamdyke does not examine message content, so it cannot stop messages that contain Viagra or any other specific words. When spamdyke searches for keywords, it looks for those keywords in the remote server's rDNS name. The purpose of the feature is to block messages from infected PCs on home cable modems. Most cable providers use a predictable naming scheme for their rDNS names, such as 11-22-33-44.dynamic.example.com. If spamdyke finds a configured keyword AND the IP address in the rDNS name, it will block the connection. That's all. On my server, 30%-50% of all connections are blocked by this filter every day. I use a short list of simple keywords like dynamic, cable, etc to great effect. -- Sam Clippinger Christoph Kuhle (Expat Email Ltd) wrote: It appears as if the blacklist_keywords can capture a lot of Spam. So far we have nothing in that file. We are worried about the refusal of emails which may be genuine. So while we might want to blacklist Viagra, we would not want to blacklist an email from a medical person, for example, which might refer to Viagra (I'm not even sure that this email will make it to the list having mentioned that word!). Do people have tried and tested contents of that file which they can advise on to prevent false positives - because we only show about 50-60% spam being caught. I think that is partly because we also have ASL installed which blocks lots before it even gets to the mail queue. If we can use the blacklist_keywords effectively, we would love to and look forward to any suggestions from seasoned users. Kind regards, Christoph -Original Message- From: spamdyke-users-boun...@spamdyke.org [mailto:spamdyke-users-boun...@spamdyke.org] On Behalf Of Mirko Buffoni Sent: 01 September 2009 14:27 To: spamdyke users Subject: Re: [spamdyke-users] Spam Stats Goods average between 500 and 2000 daily. Figures are however pretty standard. Spamdyke filters out about 60k attempts daily. Here are yesterday stats: Good : 1025 = 0.68 % Unsure :183 = 0.12 % Virus : 62 = 0.04 % BAD Sender: 5114 = 3.40 % BAD Rcpt :212 = 0.14 % Pure SPAM : 45997 = 30.56 % SPAMMER : 97940 = 65.06 % | \.BLACKLISTED_KEYWORD : 29608 = 30.23 % \..DENIED_EARLYTALKER : 3 = 0.00 % \...DENIED_IP_IN_RDNS : 30447 = 31.09 % \DENIED_RBL_MATCH : 23268 = 23.76 % \.DENIED_SENDER_NO_MX : 13070 = 13.34 % \..DENIED_TOO_MANY_RECIPIENTS : 1 = 0.00 % \DENIED_UNQUALIFIED_RECIPIENT : 1 = 0.00 % \.TIMEOUT : 1542 = 1.57 % -- Total : 150533 = 100.00 % ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Mail rejected then accepted
Christoph Kuhle (Expat Email Ltd) wrote: I also think that a lot of emails are getting through because they come from a secondary mail server and we have been told that Spammers often choose the lowest priority MX record and send to that. This then passes the checks which is frustrating (because the IP address that shows is that of the secondary mail server which clearly exists). I wonder whether there is any way to prevent this? Just make sure that your secondary MX servers have the same anti-spam protections as your primary. Or stop using them :) Cheers, Dave ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Configurable messages
Pretty sure these options are what you're looking for: http://www.spamdyke.org/documentation/README.html#SMTP_ERROR Cheers, Dave Marcin Orlowski wrote: Hi, I'd love to see a way to configure messages spamdyke emits, i.e.: 421 Refused. Your reverse DNS entry does not resolve. See: URL The reason is many of wannabe admins on other side got not clue about english (WTF?) and it even happened they quote such message asking for help even they got URL there in they native language. So I'd like to be able to tune these messages a bit file which in result would give me bi-lingual error messages w/o playing with sources as I do now. Regards, ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke configuration finetuneing
Hi Eduard, would you please explain me, why you add .com and .net to the /etc/spamdyke/blacklist_keywords file? They are valid tld's to send mails from, or do i just miss anything? Eduard Svarc schrieb: Hello, I see you have two things out. 1st you using RBLS, that could give you a lot positive false spam. 2nd you completely have commented out best thing in SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots and spams comming from Internet zombies. Here are my advices: 1 - comment out dns-blacklist-entry=zen.spamhaus.org 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, reject-missing-sender-mx and reject-unresolvable-rdns 3- into /etc/spamdyke/blacklist_recipients add your domain in format @your-domain (it will block all mails like to: n...@your-domain from: n...@your-domain) 4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these words : dsl .com .net broadband dynamic I could guarantee you will fall bellow 1% of SPAM with nearly zero false positives. Of course someone who can't follow certain guidelines for theirs servers will not be able to send you e-mails at all. But you can easily handle it by adding IP's in /etc/spamdyke/whitelist_ip or adding senders into /etc/spamdyke/whitelist_senders I stop using any RBLS services ages ago, they are way unreliable. Good luck, Eduard Švarc DATA Intertech s.r.o. Kladenská 46 160 00 Praha 6 Czech Republic tel. +420-235365267, fax +420-235361446 spamdyke-users-boun...@spamdyke.org wrote on 14.12.2009 07:24:03: Dear team Greetings to all who is doing/coding such a great application I am experiancing few issues, when i use spamdyke to block the spam's, most of the real time spam's are getting blocked, wherein the false positives ratio is alos significant. Can anyone of you please help me? my spamdyke.conf cat /etc/spamdyke/spamdyke.conf #dns-blacklist-entry=zombie.dnsbl.sorbs.net #dns-blacklist-entry=dul.dnsbl.sorbs.net #dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=zen.spamhaus.org #dns-blacklist-entry=bl.spamcop.net graylist-dir=/var/spamdyke/graylist graylist-exception-rdns-entry=/etc/spamdyke/graylist-exception-rdns-file #graylist-level=none graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 idle-timeout-secs=6000 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip access-file=/etc/spamdyke/access-file local-domains-file=/var/qmail/control/rcpthosts log-level=info log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients #reject-empty-rdns ##reject-ip-in-cc-rdns #reject-missing-sender-mx #reject-unresolvable-rdns sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem @40004b1df18e1c8961bc.s:@40004b1d283c1d694a0c spamdyke[23866]: DENIED_RBL_MATCH from: validemai...@pcisecurity_x.org mailto:enev...@pcisecuritystandards.org to: validusern...@mydomain.com origin_ip: 74.53.136.146 origin_rdns: ruby2.fastnix.com auth: (unknown) spamhaus lookup as follows IP Address Lookup *74.53.136.146 is not listed in the SBL* *74.53.136.146 is not listed in the PBL* *74.53.136.146 is not listed in the XBL* --Nic Windows 7: Find the right PC for you. Learn more. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users attachment: david_stiller.vcf___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Allow country domains
If you really want to whitelist a whole TLD you could try this: add in /etc/spamdyke.conf rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns add in var/qmail/spamdyke/whitelist_rdns *.es *.cat Whitelisting senders by their domain in the From-address is insane. ;-) Am 04.02.2010 um 10:30 schrieb Carlos Hernandez: Thanks for your answer. I'dont receive any spam from the domains *.es and *.cat, but i need to add this into my whitelist. Please, i need your suggestions. Thank you ;) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users David Stiller Technischer Support Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer Werbeagentur unter http://www.blackbit.de/tagebuch Blackbit neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 E-Mail: david.stil...@blackbit.de – Hotline: hi...@blackbit.de Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] whitelist_senders skipping smpt auth ?
On 21/05/2010 16:15, b.hinzer wrote: Strange thing here now. I blacklisted my complete domain by setting wildcard in whitelist_senders: @web-vision.de But still a spam email with a faked email address came through. Is it possible that it just skipped spamdykes tests by using a TLS connection somehow? What I see from logs is this: May 21 05:07:14 vps106 spamdyke[6043]: TLS_ENCRYPTED from: (unknown) to: (unknown) origin_ip: 190.255.81.46 origin_rdns: (unknown) auth: (unknown) This happens when your spamdyke has no TLS options set, so when it gets a connection trying to use TLS (via STARTTLS), it passes it straight off to qmail and a lot of the filters won't work. If you set: tls-level=smtp tls-certificate-file=/var/qmail/control/servercert.pem then spamdyke will handle the TLS decryption itself instead. Cheers, Dave ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] question
Can you post the origin-rdns of that connection please?
On 01.06.2010 12:20, David Stiller wrote:
Blacklist all, Whitelist \b[a-z0-9._%+...@[a-z0-9.-]+\.[a-z]{2,4}\b
:-D Don't use this! Was a joke ;-)
Am 01.06.2010 um 11:20 schrieb Arvydas:
Hello,
Jun 1 12:16:41 sun spamdyke[10110]: ALLOWED from: *vlgsham* to:
niwtonsilva1...@oi.com.br mailto:niwtonsilva1...@oi.com.br
is it possible to block non fully qualified senders ?
a
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
David Stiller
Technischer Support
Neues von Blackbit: aktuelle Projekte und Wissenswertes aus
unserer Werbeagentur unter _http://www.blackbit.de/tagebuch_
Blackbit neue Medien GmbH
Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
Tel.: +49-551-50675-60 - Fax: +49-551-50675-20
E-Mail: david.stil...@blackbit.de mailto:david.stil...@blackbit.de –
Hotline: _hi...@blackbit.de_ mailto:hi...@blackbit.de
Amtsgericht Göttingen: HRB 3222
USt-IdNr.: DE 813114917
Geschäftsführer: Herr Stefano Viani
This body part will be downloaded on demand.
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 4.1.0
Sehr geehrte Kundin! Sehr geehrter Kunde! Ich bin vom 05. Juli 2010 bis 16. Juli 2010 einschließlich im Urlaub. Bitte senden Sie Fehlermeldungen und Störungen an hi...@blackbit.de, dort wird Ihre Anfrage einem Mitarbeiter zugewiesen. Mit freundlichen Grüßen, David Stiller Technischer Support Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer Werbeagentur unter http://www.blackbit.de/tagebuch Blackbit neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 E-Mail: david.stil...@blackbit.de – Hotline: hi...@blackbit.de Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 4.1.0
Sehr geehrte Kundin! Sehr geehrter Kunde! Ich bin vom 05. Juli 2010 bis 16. Juli 2010 einschließlich im Urlaub. Bitte senden Sie Fehlermeldungen und Störungen an hi...@blackbit.de, dort wird Ihre Anfrage einem Mitarbeiter zugewiesen. Mit freundlichen Grüßen, David Stiller Technischer Support Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer Werbeagentur unter http://www.blackbit.de/tagebuch Blackbit neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 E-Mail: david.stil...@blackbit.de – Hotline: hi...@blackbit.de Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 4.1.0
Sehr geehrte Kundin! Sehr geehrter Kunde! Ich bin vom 05. Juli 2010 bis 16. Juli 2010 einschließlich im Urlaub. Bitte senden Sie Fehlermeldungen und Störungen an hi...@blackbit.de, dort wird Ihre Anfrage einem Mitarbeiter zugewiesen. Mit freundlichen Grüßen, David Stiller Technischer Support Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer Werbeagentur unter http://www.blackbit.de/tagebuch Blackbit neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 E-Mail: david.stil...@blackbit.de – Hotline: hi...@blackbit.de Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 4.1.0
Sehr geehrte Kundin! Sehr geehrter Kunde! Ich bin vom 05. Juli 2010 bis 16. Juli 2010 einschließlich im Urlaub. Bitte senden Sie Fehlermeldungen und Störungen an hi...@blackbit.de, dort wird Ihre Anfrage einem Mitarbeiter zugewiesen. Mit freundlichen Grüßen, David Stiller Technischer Support Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer Werbeagentur unter http://www.blackbit.de/tagebuch Blackbit neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 E-Mail: david.stil...@blackbit.de – Hotline: hi...@blackbit.de Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 4.1.0
Sehr geehrte Kundin! Sehr geehrter Kunde! Ich bin vom 05. Juli 2010 bis 16. Juli 2010 einschließlich im Urlaub. Bitte senden Sie Fehlermeldungen und Störungen an hi...@blackbit.de, dort wird Ihre Anfrage einem Mitarbeiter zugewiesen. Mit freundlichen Grüßen, David Stiller Technischer Support Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer Werbeagentur unter http://www.blackbit.de/tagebuch Blackbit neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 E-Mail: david.stil...@blackbit.de – Hotline: hi...@blackbit.de Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 4.1.0
Sehr geehrte Kundin! Sehr geehrter Kunde! Ich bin vom 05. Juli 2010 bis 16. Juli 2010 einschließlich im Urlaub. Bitte senden Sie Fehlermeldungen und Störungen an hi...@blackbit.de, dort wird Ihre Anfrage einem Mitarbeiter zugewiesen. Mit freundlichen Grüßen, David Stiller Technischer Support Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer Werbeagentur unter http://www.blackbit.de/tagebuch Blackbit neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 E-Mail: david.stil...@blackbit.de – Hotline: hi...@blackbit.de Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 4.1.0
Sehr geehrte Kundin! Sehr geehrter Kunde! Ich bin vom 05. Juli 2010 bis 16. Juli 2010 einschließlich im Urlaub. Bitte senden Sie Fehlermeldungen und Störungen an hi...@blackbit.de, dort wird Ihre Anfrage einem Mitarbeiter zugewiesen. Mit freundlichen Grüßen, David Stiller Technischer Support Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer Werbeagentur unter http://www.blackbit.de/tagebuch Blackbit neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 E-Mail: david.stil...@blackbit.de – Hotline: hi...@blackbit.de Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Clear values from options
Hi all! With Spamdyke v4.1 i think the three exclamation marks dont work anymore: Jul 21 11:13:32 plesk-mail spamdyke[18097]: ERROR: Bad or unparsable value for option reject-unresolvable-rdns: !!! Jul 21 11:13:32 plesk-mail spamdyke[18097]: ERROR: Bad or unparsable value for option reject-empty-rdns: !!! Jul 21 11:13:32 plesk-mail spamdyke[18097]: ERROR: Bad or unparsable value for option reject-ip-in-cc-rdns: !!! Jul 21 11:13:32 plesk-mail spamdyke[18097]: ERROR: Bad or unparsable value for option reject-missing-sender-mx: !!! The setup-file according to these errors is this: ip-blacklist-file=!!! rdns-blacklist-file=!!! ip-whitelist-file=!!! rdns-whitelist-file=!!! sender-blacklist-file=!!! sender-whitelist-file=!!! reject-unresolvable-rdns=!!! reject-empty-rdns=!!! reject-ip-in-cc-rdns=!!! reject-missing-sender-mx=!!! Regards, David___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Segfault with Spamdyke 4.1.0
I found a workaround how my server does not cause segmentation faults. I get them when i comment out the config-dir option wich i normally use. I commented it out, because i had problems with RBL false positives. Is it the same in your case Ken? Am 21.10.2010 21:36, schrieb Sam Clippinger: Another option, if you don't want to fill your logs with spamdyke debugging messages, is to enable full logging (full-log-dir). The full logs will always contain every log message from spamdyke's most verbose setting, even if log-level is set to a higher value. In other words, you can leave log-level set to info so your logs will stay the same, but the full logs will contain the debug messages. If you're willing, recompiling spamdyke to include excessive messages would be even more helpful, as it outputs data about number of bytes sent/received. You could then simply delete all of the full log files every day until you see a segfault appear in your logs. Thanks for doing this, I look forward to finding out where it's crashing. -- Sam Clipinger On 10/21/10 12:55 PM, Ken S. wrote: I've seen a couple of these segfaults over the past year or two, but never really thought much about them until today when I saw three of them trip in a little over an hour: [r...@mail smtpd]# grep segfault /var/log/messages Oct 21 12:10:17 mail kernel: spamdyke[12243]: segfault at 007fbffbfff8 rip 003da6e73013 rsp 007fbffe75a8 error 4 Oct 21 12:48:29 mail kernel: spamdyke[24247]: segfault at 007fbffbfff8 rip 003da6e73013 rsp 007fbffe75a8 error 4 Oct 21 13:32:40 rsmail kernel: spamdyke[5630]: segfault at 007fbffbfff8 rip 003da6e73013 rsp 007fbffe75a8 error 4 [r...@mail smtpd]# Unfortunately, I don't know enough about segfaults to be able to decipher what the output is. I thought maybe I would look through my qmail connection log (where all the spamdyke stuff logs) and find out what happened at/around the segfault happened. Sadly there is nothing in the logs at these times. I've just changed the log-level from info to debug in hopes that something pertinent will get logged. If there is anything else that I should do to help with this, please let me know. Here is some system info: [r...@mail smtpd]# /usr/local/bin/spamdyke --version spamdyke 4.1.0+TLS+CONFIGTEST+DEBUG (C)2010 Sam Clippinger, samc (at) silence (dot) org ... [r...@mail smtpd]# uname -a Linux mail.yyy.zzz 2.6.9-89.0.18.EL #1 Wed Nov 25 06:04:37 EST 2009 x86_64 x86_64 x86_64 GNU/Linux [r...@mail smtpd]# [r...@mail smtpd]# cat /etc/redhat-release Red Hat Enterprise Linux ES release 4 (Nahant Update 8) [r...@mail smtpd]# ... (and, yes, I'm not happy that it is a RHES4 box, but that's what I have to deal with right now) ... -ken ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Segfault with Spamdyke 4.1.0
Ok, so it's another reason. I've let spamdyke run overnight and i now i have 97 Segfaults again. I think it's more than my config-dir, thats just a workarounf for the mail-sending problem. So sending mail works, but stillt some spammers get disconnected. :-D Sam just send me your IP to access my server. -- Dave Am 25.10.2010 um 04:41 schrieb Ken S.: On Thu, Oct 21, 2010 at 3:36 PM, Sam Clippinger s...@silence.org wrote: Another option, if you don't want to fill your logs with spamdyke debugging messages, is to enable full logging (full-log-dir). The full logs will always contain every log message from spamdyke's most verbose setting, even if log-level is set to a higher value. In other words, you can leave log-level set to info so your logs will stay the same, but the full logs will contain the debug messages. If you're willing, recompiling spamdyke to include excessive messages would be even more helpful, as it outputs data about number of bytes sent/received. You could then simply delete all of the full log files every day until you see a segfault appear in your logs. Thanks for doing this, I look forward to finding out where it's crashing. -- Sam Clipinger Sam: I've just switched my logging level back to info and enable the 'full-log-dir' option to start dumping to a directory. I was going to recompile with the excessive option but when I looked at the output of one of the files in the directory I saw data sizes logged. Looks like this: 10/24/2010 22:29:26 FROM CHILD, FILTERED: 14 bytes 250-STARTTLS 10/24/2010 22:29:26 FROM CHILD TO REMOTE: 16 bytes 250-PIPELINING 10/24/2010 22:29:26 FROM CHILD TO REMOTE: 14 bytes 250-8BITMIME 10/24/2010 22:29:26 FROM CHILD TO REMOTE: 19 bytes 250-SIZE 2500 Spamdyke hasn't segfaulted since 22:40 EST last Thursday: Oct 21 22:40:43 mail kernel: spamdyke[2940]: segfault at 007fbffbfff8 rip 003da6e73013 rsp 007fbffe75a8 error 4 I'll keep watching the logs and if it faults again I'll check the files in the full-log-dir and post to this thread. Thx! -ken On 10/21/10 12:55 PM, Ken S. wrote: I've seen a couple of these segfaults over the past year or two, but never really thought much about them until today when I saw three of them trip in a little over an hour: [r...@mail smtpd]# grep segfault /var/log/messages Oct 21 12:10:17 mail kernel: spamdyke[12243]: segfault at 007fbffbfff8 rip 003da6e73013 rsp 007fbffe75a8 error 4 Oct 21 12:48:29 mail kernel: spamdyke[24247]: segfault at 007fbffbfff8 rip 003da6e73013 rsp 007fbffe75a8 error 4 Oct 21 13:32:40 rsmail kernel: spamdyke[5630]: segfault at 007fbffbfff8 rip 003da6e73013 rsp 007fbffe75a8 error 4 [r...@mail smtpd]# Unfortunately, I don't know enough about segfaults to be able to decipher what the output is. I thought maybe I would look through my qmail connection log (where all the spamdyke stuff logs) and find out what happened at/around the segfault happened. Sadly there is nothing in the logs at these times. I've just changed the log-level from info to debug in hopes that something pertinent will get logged. If there is anything else that I should do to help with this, please let me know. Here is some system info: [r...@mail smtpd]# /usr/local/bin/spamdyke --version spamdyke 4.1.0+TLS+CONFIGTEST+DEBUG (C)2010 Sam Clippinger, samc (at) silence (dot) org ... [r...@mail smtpd]# uname -a Linux mail.yyy.zzz 2.6.9-89.0.18.EL #1 Wed Nov 25 06:04:37 EST 2009 x86_64 x86_64 x86_64 GNU/Linux [r...@mail smtpd]# [r...@mail smtpd]# cat /etc/redhat-release Red Hat Enterprise Linux ES release 4 (Nahant Update 8) [r...@mail smtpd]# ... (and, yes, I'm not happy that it is a RHES4 box, but that's what I have to deal with right now) ... -ken ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Have a nice day ... unless you've made other plans. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Segfault with Spamdyke 4.1.0
It's more than i thought: [r...@plesk-mail 11:12:33:~] # grep segf /var/log/messages | grep Oct 25 | wc -l 6768 # dmesg | wc -l 2655 I think it got so high as there's someone sending a newsletter. Am 25.10.2010 um 09:38 schrieb David Stiller: Ok, so it's another reason. I've let spamdyke run overnight and i now i have 97 Segfaults again. I think it's more than my config-dir, thats just a workarounf for the mail-sending problem. So sending mail works, but stillt some spammers get disconnected. :-D Sam just send me your IP to access my server. -- Dave Am 25.10.2010 um 04:41 schrieb Ken S.: On Thu, Oct 21, 2010 at 3:36 PM, Sam Clippinger s...@silence.org wrote: Another option, if you don't want to fill your logs with spamdyke debugging messages, is to enable full logging (full-log-dir). The full logs will always contain every log message from spamdyke's most verbose setting, even if log-level is set to a higher value. In other words, you can leave log-level set to info so your logs will stay the same, but the full logs will contain the debug messages. If you're willing, recompiling spamdyke to include excessive messages would be even more helpful, as it outputs data about number of bytes sent/received. You could then simply delete all of the full log files every day until you see a segfault appear in your logs. Thanks for doing this, I look forward to finding out where it's crashing. -- Sam Clipinger Sam: I've just switched my logging level back to info and enable the 'full-log-dir' option to start dumping to a directory. I was going to recompile with the excessive option but when I looked at the output of one of the files in the directory I saw data sizes logged. Looks like this: 10/24/2010 22:29:26 FROM CHILD, FILTERED: 14 bytes 250-STARTTLS 10/24/2010 22:29:26 FROM CHILD TO REMOTE: 16 bytes 250-PIPELINING 10/24/2010 22:29:26 FROM CHILD TO REMOTE: 14 bytes 250-8BITMIME 10/24/2010 22:29:26 FROM CHILD TO REMOTE: 19 bytes 250-SIZE 2500 Spamdyke hasn't segfaulted since 22:40 EST last Thursday: Oct 21 22:40:43 mail kernel: spamdyke[2940]: segfault at 007fbffbfff8 rip 003da6e73013 rsp 007fbffe75a8 error 4 I'll keep watching the logs and if it faults again I'll check the files in the full-log-dir and post to this thread. Thx! -ken On 10/21/10 12:55 PM, Ken S. wrote: I've seen a couple of these segfaults over the past year or two, but never really thought much about them until today when I saw three of them trip in a little over an hour: [r...@mail smtpd]# grep segfault /var/log/messages Oct 21 12:10:17 mail kernel: spamdyke[12243]: segfault at 007fbffbfff8 rip 003da6e73013 rsp 007fbffe75a8 error 4 Oct 21 12:48:29 mail kernel: spamdyke[24247]: segfault at 007fbffbfff8 rip 003da6e73013 rsp 007fbffe75a8 error 4 Oct 21 13:32:40 rsmail kernel: spamdyke[5630]: segfault at 007fbffbfff8 rip 003da6e73013 rsp 007fbffe75a8 error 4 [r...@mail smtpd]# Unfortunately, I don't know enough about segfaults to be able to decipher what the output is. I thought maybe I would look through my qmail connection log (where all the spamdyke stuff logs) and find out what happened at/around the segfault happened. Sadly there is nothing in the logs at these times. I've just changed the log-level from info to debug in hopes that something pertinent will get logged. If there is anything else that I should do to help with this, please let me know. Here is some system info: [r...@mail smtpd]# /usr/local/bin/spamdyke --version spamdyke 4.1.0+TLS+CONFIGTEST+DEBUG (C)2010 Sam Clippinger, samc (at) silence (dot) org ... [r...@mail smtpd]# uname -a Linux mail.yyy.zzz 2.6.9-89.0.18.EL #1 Wed Nov 25 06:04:37 EST 2009 x86_64 x86_64 x86_64 GNU/Linux [r...@mail smtpd]# [r...@mail smtpd]# cat /etc/redhat-release Red Hat Enterprise Linux ES release 4 (Nahant Update 8) [r...@mail smtpd]# ... (and, yes, I'm not happy that it is a RHES4 box, but that's what I have to deal with right now) ... -ken ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Have a nice day ... unless you've made other plans. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Problem with RHSBL's
Hi all, by accident i have used the entry rhs-blacklist-entry=block.rhs.mailpolice.com in my config. That list is down sind June 2010, but spamdyke blocked all incoming mails. The list still responds to the subdomain rhs.mailpolice.com: ;; ANSWER SECTION: block.rhs.mailpolice.com. 80855 IN A 75.125.118.227 Spamdyke asked it for entries and blocked ALL incoming mails, instead of letting the mails through to the next filters, as the list told no domain name. So double-check your mail-log if you use any RHSBL's or RBL's. Regards, David ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] dns-blacklist-file and dns-blacklist-entry ignored
On 12/08/2011 23:55, Markus weber wrote: I'm still quite new to spandyke and have a problem I just cannot find the reason for. All dns-blacklist-file or dns-blacklist-entry are completely ignored by my spamdyke. *snip* The options are rdns-blacklist-entry and rdns-blacklist-file - you're missing the r :) Cheers, Dave ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Script You Mentioned on the Archive List
Very Clever, Where did this idea come from? Also, is there tick timer per IP so as not to load up the blacklist file? I like using the timers in router OS when performing firewall rule sets. Basically lists the bad ip or name for a time limit then drops it but it will get added again if it is still bad. Dave On 1/27/2013 4:00 PM, Sam Clippinger wrote: I've been asked for these scripts a few times and I've finally made the time to package them up. They can be downloaded here: http://www.spamdyke.org/releases/hunter_seeker/ http://www.spamdyke.org/releases/spamtrap/ Of the two, the hunter_seeker script is the most effective. My rDNS blacklist is up to 92500 entries and stops a significant number of incoming messages every day. -- Sam Clippinger On Jan 18, 2013, at 4:44 PM, Denny W. Jones wrote: Mr Clippinger, In this message: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg01162.html you refer to a script you wrote for scanning for IP's to blacklist. I was wondering if you were able to make this available for download. I'd be very interested in experimenting with it on my server. Thanks for your time. Denny ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- David Milholen Project Engineer P:501-318-1300 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Script You Mentioned on the Archive List
That is the ticket.. My turn contribute :) I have a secondary/backup server I will install your script on and allow some production traffic to pass through and I will get started on a time out script for this. Maybe Eric can include this as a whole on the QMT WIKI site. When I can, I will submit a follow up with results. Thanks Dave On 4/9/2013 9:15 AM, Sam Clippinger wrote: It came from pure desperation. IP filtering wasn't doing the trick for me, so I started paying attention to the rDNS names and checking out their websites. When I saw the same site again and again, I knew I had a way to stop them. Then I also noticed that a lot of identical sites were hosted on IPs in the same subnets, so I extended the script to search out neighboring IPs. It works pretty well. The script generates entries in a blacklist directory structure, not a file, so the number of blacklist entries shouldn't be a problem. Because each entry is a separate file, you could write a very simple script to automatically delete any files older than X days. That would make them automatically expire. -- Sam Clippinger On Apr 9, 2013, at 7:08 AM, David Milholen wrote: Very Clever, Where did this idea come from? Also, is there tick timer per IP so as not to load up the blacklist file? I like using the timers in router OS when performing firewall rule sets. Basically lists the bad ip or name for a time limit then drops it but it will get added again if it is still bad. Dave On 1/27/2013 4:00 PM, Sam Clippinger wrote: I've been asked for these scripts a few times and I've finally made the time to package them up. They can be downloaded here: http://www.spamdyke.org/releases/hunter_seeker/ http://www.spamdyke.org/releases/spamtrap/ Of the two, the hunter_seeker script is the most effective. My rDNS blacklist is up to 92500 entries and stops a significant number of incoming messages every day. -- Sam Clippinger On Jan 18, 2013, at 4:44 PM, Denny W. Jones wrote: Mr Clippinger, In this message: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg01162.html you refer to a script you wrote for scanning for IP's to blacklist. I was wondering if you were able to make this available for download. I'd be very interested in experimenting with it on my server. Thanks for your time. Denny ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- David Milholen Project Engineer P:501-318-1300 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- David Milholen Project Engineer P:501-318-1300 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Duplicate ALLOWED from log entries
Hello, Any progress with this issue? regards, David Davidov On 06/18/2013 06:47 PM, David Davidov wrote: Hi Sam, I am a colleague of Theodor. This is a simple way to trigger the problem: dave~$ telnet mx.example.com 25 Connected to mx.example.com Escape character is '^]'. 220 mx.example.com ESMTP mail from: test-sen...@mx.example.com 250 ok rcpt to: test-r...@mx.example.com 250 ok data 354 go ahead . 250 ok 1370523483 qp 26283 mail from: test-sen...@mx.example.com 250 ok rcpt to: test-r...@mx.example.com 250 ok data 354 go ahead . 250 ok 1370523502 qp 26625 The first message produces one log entry: Jun 18 15:58:03 mx spamdyke[26194]: ALLOWED from: test-sen...@mx.example.com to: test-r...@mx.example.com origin_ip: 213.145.98.39 origin_rdns: ws.example.com auth: (unknown) encryption: (none) reason: 250_ok_1370523483_qp_26283 But for the second message we have two entries: Jun 18 15:58:22 mx spamdyke[26194]: ALLOWED from: test-sen...@mx.example.com to: test-r...@mx.example.com origin_ip: 213.145.98.39 origin_rdns: ws.example.com auth: (unknown) encryption: (none) reason: 250_ok_1370523502_qp_26625 Jun 18 15:58:22 mx spamdyke[26194]: ALLOWED from: test-sen...@mx.example.com to: test-r...@mx.example.com origin_ip: 213.145.98.39 origin_rdns: ws.example.com auth: (unknown) encryption: (none) reason: 250_ok_1370523502_qp_26625 We use spamdyke ver. 4.3.1 locally compiled on Debian 6.0.7. No header filtering. Here is our spamdyke.conf --- greeting-delay-secs=0 reject-empty-rdns log-level=info idle-timeout-secs=300 ip-whitelist-file=/home/vpopmail/etc/spamdyke_whitelist.txt recipient-whitelist-file=/var/qmail/spamdyke_recipient_whitelist.txt dns-whitelist-entry=antirbl.example.com graylist-level=always graylist-dir=/var/qmail/graylist graylist-min-secs=60 tls-certificate-file=/var/qmail/control/servercert.pem tls-privatekey-file=/var/qmail/control/servercert.pem local-domains-file=/var/qmail/control/rcpthosts local-domains-file=/var/qmail/control/morercpthosts dns-timeout-secs=3 rejection-text-empty-rdns=Refused. You have no reverse DNS entry. Contact ab...@example.com for details. rejection-text-ip-in-cc-rdns=Refused. Your reverse DNS entry contains your IP address and a country code. Contact ab...@example.com for details. rejection-text-unresolvable-rdns=Refused. Your reverse DNS entry does not resolve. Contact ab...@example.com for details. --- BRs, David Davidov On 01/-10/-28163 09:59 PM, Sam Clippinger wrote: I'm very sorry it's taken so long to get back to you on this; I've been buried at work and haven't had any time to investigate. It definitely sounds like you've hit a bug. spamdyke does save the addresses of all the recipients in order to print them all out in a loop, but only when the header blacklist feature is enabled. It does this because the recipient names have already gone by before the message header is sent, so it must save the recipient addresses to print either ALLOWED or DENIED once the header is finished. But it should only do this once and I'm not seeing a way to trigger that code more than once, though it certainly looks like that's what's happening. So let me start with all the standard questions: what OS and version are you on? What version of spamdyke are you using? Could you please post your configuration file(s) (or send them to me directly)? Would you mind turning on spamdyke's full logging feature (the full-log-dir option) and capturing one of these sessions? Needless to say this behavior isn't by design and it's not happening on any of the servers I manage (and I use the header-blacklist feature on every one). After spending a little while testing and tracking through the code I can't reproduce this problem, so I suspect it's a combination of environment and a specific configuration you're using. I'd love to track this down and fix it! -- Sam Clippinger -- David Davidov | System Administrator | ICDSoft Ltd. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Duplicate ALLOWED from log entries
On 09/04/2013 04:18 AM, Sam Clippinger wrote: Found it! The bug is being triggered because multiple messages are being delivered in a single connection. spamdyke is caching the list of valid recipient addresses so it can print the log entries but isn't clearing them afterwards. So with each additional message, the list of addresses grows and duplicate messages are printed. I'll incorporate the fix in the next version, hopefully coming soon. -- Sam Clippinger Thanks a lot for your efforts! Waiting for the next version. best regards, -- David Davidov | System Administrator | ICDSoft Ltd. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Fwd: Search for High Speed Internet options near you
SA logs show nothing for scanning here is what I have qtp-whatami v0.3.8 Fri Jun 13 21:45:41 CDT 2014 REAL_DIST=CentOS DISTRO=CentOS OSVER=5.10 QTARCH=i686 QTKERN=2.6.18-371.3.1.el5 BUILD_DIST=cnt50 BUILD_DIR=/usr/src/redhat On 6/3/2014 9:10 PM, Eric Shubert wrote: I haven't seen this sort of thing in quite some time (thankfully). Have you sent them through sa-learn so bayes can detect them? -- ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Is there a way to populate the graylist database WITHOUT effectively doing graylisting
Hi list, I would like to test graylisting, and populate the database before putting in into production, so it doesn't delay a lot of e-mails and giving me time to create a nice whitelist to avoid a ton of user complaints about delays. Is there a way to accomplish this? Thank you! --- David Sanchez Martin Administrador de Sistemas dsanc...@e2000.es GPG Key ID: 0x37E7AC1F E2000 Nuevas Tecnologías Tel : +34 902 830500 smime.p7s Description: S/MIME cryptographic signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Is there a way to populate the graylist database WITHOUT effectively doing graylisting
Hi Sam, in the first place, thank you for time and for this great soft 1) You can create the graylist entries for the addresses in [...] 2) You can use a configuration folder to turn off graylisting for I don't know which address will be graylisted, that's why I want to populate the database. What I'm trying to say if there's a method to do the whole graylisting process, without effectively delaying email. Something like what intuitively setting graylist-min-secs=0 would do (BTW i've tested it and it doesn't do that. I mean, create the directory structure, and compare the timestamp with current time, and then letting the e-mail proceed, since the minimum delay time is 0 ). What i'm trying to do is activate spamdyke with this setting, and then, giving enough time to populate the graylist database, ( for example graylist-max-secs seconds ) effectively activating the graylisting. All this is just for ease transition. Thank you again! --- David Sanchez Martin Administrador de Sistemas dsanc...@e2000.es GPG Key ID: 0x37E7AC1F E2000 Nuevas Tecnologías Tel : +34 902 830500 smime.p7s Description: S/MIME cryptographic signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Is there a way to populate thegraylistdatabase WITHOUT effectively doing graylisting
Hi Michael, So Set it to 1 minute. Certainly your users can wait 1 minute... I think greylisting may loose some of its effectiveness this way... Set it to 10 minutes, don't tell them it's there, and they likely won't even notice. I know, but what I'm trying to do is, IMHO a reasonable approach. See what's happening, populate the database, do some research on the results (may be doing some whitelists with that results) and then do the graylist the way it's thought to be. It's just a matter of prudence. Regards. smime.p7s Description: S/MIME cryptographic signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Is there a way to populate thegraylistdatabase WITHOUT effectively doing graylisting
David, That sounds like a neat idea, but I don't think it'd work. If you simply allow the session to complete and create a greylist entry for everything, you will have effectively whitelisted every incoming message, including the bad ones. Greylisting works because some spammers don't retry when a session fails. If everything passes, you've no way of knowing which ones would or would not have retried. The greylist database would be useless. Let me think about it. If greylisting is enabled as usual: When a foreign user sends a message to a local user is greylisted, then: 1.- It's created an entry in the greylisting database. 2.- It's blocked and each retry is blocked also at least for graylist-min-secs seconds. 3.- No further tests are passed. Session is closed. When graylist-min-secs time passes: 1.- The message passes greylist filter and touches the file. 2.- The message is tested against other filters. Ok, What i'm trying to accomplish: When a user foreign a message to a local then: 1.- The message passes greylist filter and touches the file. 2.- The message is tested against other filters. That will populate the database, that is what i want before putting graylist at work. Sorry, perhaps I'm missing something. Best regards. smime.p7s Description: S/MIME cryptographic signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Is there a way to populate thegraylistdatabase WITHOUT effectively doing graylisting
That will populate the database for all email. Including spammers. Any spammers who send messages during the period in which the database is being populated will get a free pass, even after greylisting is activated. Perhaps you can live with that. That will populate the database with all the addresses who send email to my users. Just like the graylisting do, no more no less. The entry will survive _as_long_as_it_will_with_graylisting_fully_enabled_, NO MORE and no less. It will NOT whitelist the address. After graylisting been enabled, It won't block addresses already on the database AND that its time is lesser than graylist-max-secs. No more and no less. smime.p7s Description: S/MIME cryptographic signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Is there a way to populate thegraylistdatabase WITHOUT effectively doing graylisting
Given that your primary objective seems to be to eliminate any delays from existing emailers, I suppose this would work for you. Spammers who hit sporadically will eventually expire. I just intend to point out that persistent spammers who send more often than graylist-max-secs will continue to pass. Again, this might be livable. I've no idea how persistent spam generally is. That's correct, and it's true for the whole graylisting process. There's no difference, to this extend, of enabling it in full at the very beginning or not. Persistent spammers will hit, in any case, but that wasn't what I was trying to solve (as you said, this is something I should consider if it's acceptable or not, but this is another matter, graylisting is what it is, you can take it or leave it as is). Best regards :-) --- David Sanchez Martin Administrador de Sistemas dsanc...@e2000.es GPG Key ID: 0x37E7AC1F E2000 Nuevas Tecnologías Tel : +34 902 830500 smime.p7s Description: S/MIME cryptographic signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] I can hardly make a SMTPS connection
It seems to be a client (I am using Outlook express) issue changing the port to 465 and removing unlinit somewhat solved the issue. But in I have grep spamdyke /var/log/mail.info Sep 22 07:46:17 server spamdyke[4311]: ALLOWED from: d...@elektronik.dk to: d...@vip.cybercity.dk origin_ip: 127.0.0.1 origin_rdns: (unknown) auth: (unknown) It doesn't ask for authentication 127.0.0.1 is enveloped in the ssl protocol. In fact in many cases users will be able to use my server as open relay. That is not what intended - Original Message - From: Sam Clippinger s...@silence.org To: spamdyke users spamdyke-users@spamdyke.org Sent: Tuesday, September 22, 2009 5:55 AM Subject: Re: [spamdyke-users] I can hardly make a SMTPS connection Well I can't say with 100% certainty that I understand what's happening here, but two things jump out at me right away. Both of them are in your /etc/init.d/qmail file. First, your spamdyke configuration file specifies that spamdyke should expect SMTPS on every incoming connection, but your /etc/init.d/qmail file instructs tcpserver to listen on the SMTP port (25). This is possible but very unusual -- SMTPS connections are typically expected on port 465. If I had to guess, I'd guess this is the problem; incoming connections are using plaintext SMTP but spamdyke is expecting SMTPS (SMTP over SSL). Second, your /etc/init.d/qmail file uses the ulimit command to limit each spawned process to a maximum of 16 MB of memory. This is pretty low, especially when the OpenSSL libraries are in use. On my server, I allow incoming connections to use 80 MB of memory. I suggest either increasing or removing the limit to see if the behavior changes. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] I do not get ALLOWED_AUTHENTICATED
I only get ALLOWED I have server:/var/log# cat /etc/spamdyke.conf access-file=/etc/spamdyke-relay smtp-auth-level=always smtp-auth-command=/usr/bin/checkpassword /bin/true relay-level=normal server:/etc# cat spamdyke-relay 192.168.1.:deny 127.0.0.1:allow :deny It should deny everything unless then sender authenticates. But clients on 192.168.1. seem able to send mails which only prints ALLOWED in the logfile and not ALLOWED_AUTHENTICATED. log-level is info ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] I can hardly make a SMTPS connection
/tcpserver_smtpsd.pid --exec /usr/bin/tcpserver
# Uncomment the following line if you have enabled the pop3
server
start-stop-daemon --user root --stop --quiet --oknodo --pidfile
/var/run/tcpserver_pop3d.pid --exec /usr/bin/tcpserver
start-stop-daemon --user root --stop --quiet --oknodo --pidfile
/var/run/tcpserver_pop3sd.pid --exec /usr/bin/tcpserver
# Wait until the timeout for qmail processes to die.
count=120
numdots=0
while ([ $count != 0 ]) do
let count=$count-1
if [ `pidof /usr/sbin/qmail-send` ] ; then
echo -n .
let numdots=$numdots+1
sleep 1
else
count=0
fi
done
# If it's not dead yet, kill it.
# if [ `pidof /usr/sbin/qmail-send` ] ; then
# echo -n TIMEOUT!
# kill -KILL `pidof /usr/sbin/qmail-send`
# else
case $numdots in
0) echo . ;;
1) echo ;;
*) echo done. ;;
esac
# fi
else
echo not running.;
fi
;;
restart)
$0 stop
$0 start
;;
cdb)
echo Rebuilding tcp.smtp.cdb.
cd /etc
tcprules tcp.smtp.cdb tcp.smtp.temp tcp.smtp
;;
flush)
/usr/sbin/qmail-tcpok
start-stop-daemon --stop --quiet --oknodo --signal ALRM --exec
/usr/sbin/qmail-send
echo Queue flushed.
;;
stat)
/usr/sbin/qmail-qread
/usr/sbin/qmail-qstat
;;
reload|force-reload)
echo Reloading 'locals' and 'virtualdomains' control files.
start-stop-daemon --stop --quiet --oknodo --signal HUP --exec
/usr/sbin/qmail-send
;;
*)
echo 'Usage: /etc/init.d/qmail {start|stop|stat|cdb|restart|reload}'
exit 1
esac
exit 0
- Original Message -
From: Sam Clippinger s...@silence.org
To: spamdyke users spamdyke-users@spamdyke.org
Sent: Friday, September 25, 2009 5:34 AM
Subject: Re: [spamdyke-users] I can hardly make a SMTPS connection
I don't think I understand enough about your setup to answer this
question. Could you post your full startup script and full spamdyke
configuration file? Also, what operating system and version are you
using? Have you tried running spamdyke's config-test feature? Is
spamdyke logging any errors?
-- Sam Clippinger
David Bo Jensen wrote:
It seems to be a client (I am using Outlook express) issue changing the
port
to 465 and removing unlinit somewhat solved the issue.
But in I have
grep spamdyke /var/log/mail.info
Sep 22 07:46:17 server spamdyke[4311]: ALLOWED from: d...@elektronik.dk
to:
d...@vip.cybercity.dk origin_ip: 127.0.0.1 origin_rdns: (unknown) auth:
(unknown)
It doesn't ask for authentication 127.0.0.1 is enveloped in the ssl
protocol. In fact in many cases users will be able to use my server as
open
relay. That is not what intended
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] I can hardly make a SMTPS connection
Running the config test gave me some ERRORS. I added access-file and local-domains-file to my config file in order to remove some of them. Here is my result but remember I was root. :/etc# /usr/local/bin/spamdyke -l -f /etc/spamdyke-smtps.conf --config-test-smtpauth-username user --config-test-smtpauth-password password --config-test /usr/sbin/qmail-smtpd 21 spamdyke 4.0.10+TLS+CONFIGTEST+DEBUG (C)2008 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ Use -h for an option summary or see README.html for complete option details. Testing configuration... WARNING: Running tests as superuser root(0), group root(0). These test results may not be valid if the mail server runs as another user. SUCCESS: spamdyke binary (/usr/local/bin/spamdyke) is not owned by root and/or is not marked setuid. INFO: Running command to test capabilities: /usr/sbin/qmail-smtpd SUCCESS: /usr/sbin/qmail-smtpd does not appear to offer TLS support. spamdyke will offer, intercept and decrypt TLS traffic. SUCCESS: /usr/sbin/qmail-smtpd does not appear to offer SMTP AUTH support. spamdyke will offer and process authentication. INFO(access-file): Testing file read: /etc/spam-relays SUCCESS(access-file): Opened for reading: /etc/spam-relays INFO(config-file): Testing file read: /etc/spamdyke-smtps.conf SUCCESS(config-file): Opened for reading: /etc/spamdyke-smtps.conf INFO(local-domains-file): Testing file read: /etc/qmail/rcpthosts SUCCESS(local-domains-file): Opened for reading: /etc/qmail/rcpthosts INFO(smtp-auth-level): Examining authentication command: /usr/bin/chkpw.sh /bin/true ERROR(smtp-auth-level): File is not executable: /usr/bin/chkpw.sh: Owner permissions apply but owner executable bit is not set Is this not good enough? -rwSr-x--- 1 root qmaild38 2009-09-24 21:26 chkpw.sh INFO(smtp-auth-level): Running authentication command with unencrypted input: /usr/bin/chkpw.sh /bin/true SUCCESS(smtp-auth-level): Authentication succeeded with unencrypted input: /usr/bin/chkpw.sh /bin/true INFO(smtp-auth-level): Running authentication command with encrypted input: /usr/bin/chkpw.sh /bin/true ERROR: authentication failure (bad username/password, vchkpw uses this to indicate SMTP access is not allowed): user ERROR(smtp-auth-level): Authentication failed with encrypted input: /usr/bin/chkpw.sh /bin/true Is that a problem? I am using unencrypted login INFO(tls-certificate-file): Testing TLS by initializing SSL/TLS library with certificate and key SUCCESS(tls-certificate-file): Opened for reading: /etc/ssl/certs/stunnel.pem SUCCESS(tls-certificate-file): Certificate and key loaded; SSL/TLS library successfully initialized ERROR: Tests complete. Errors detected. When spamdyke runs as qmaild, my mail client tells me that the connection was closed and in /var/log/mail.info I get Sep 25 17:36:01 alleservices spamdyke[12289]: ERROR: unable to load SSL/TLS certificate from file: /etc/ssl/certs/stunnel.pem : The operation failed due to an I/O error, Unexpected EOF found, error:0200100D:lib(2):func(1):reason(13), error:20074002:lib(32):func(116):reason(2), error:140DC002:lib(20):func(220):reason(2) Sep 25 17:36:01 alleservices spamdyke[12289]: ERROR: incorrect SSL/TLS private key password or SSL/TLS certificate/privatekey mismatch/etc/ssl/certs/stunnel.pem : A protocol or library failure occurred, error:140A80B1:lib(20):func(168):reason(177) Sep 25 17:36:01 alleservices spamdyke[12289]: ERROR: unable to initialize SSL/TLS library Sep 25 17:36:01 alleservices spamdyke[12289]: ERROR: unable to start SMTPS because TLS support is not available or an SSL/TLS certificate is not available; closing connection This is very much the same errors I get if stunnel.pem is wrongly generated. (ex. missing certificate) - Original Message - From: Sam Clippinger s...@silence.org To: spamdyke users spamdyke-users@spamdyke.org Sent: Friday, September 25, 2009 5:54 PM Subject: Re: [spamdyke-users] I can hardly make a SMTPS connection OK, I guess I'll bite... why can't you replace `id -u root` with `id -u qmaild`? Do you get errors? Does it crash? Does it malfunction? I really want to help, but you're not giving enough information to work with. Have you tried running spamdyke's config-test feature to look for problems? -- Sam Clippinger David Bo Jensen wrote: I solved the problem with server:/# cat /etc/spamdyke-smtps.conf log-level=verbose tls-level=smtps tls-certificate-file=/etc/ssl/certs/stunnel.pem filter-level=require-auth smtp-auth-level=ondemand smtp-auth-command=/usr/bin/chkpw.sh /bin/true relay-level=normal please notice the filter-level, further more I have server:/etc# cat tcp.smtps :allow,RELAYCLIENT= However I have another issue. First look at server:/etc/ssl/certs# ls -la stunnel.pem -rw-r- 1 root qmaild 2402 2009-09-23 10:03 stunnel.pem and /usr/bin -rwxr-xr-x 1 root root 12360 2007-06-30 11:52 checkpassword -rwSr-x--- 1 root
Re: [spamdyke-users] I do not get ALLOWED_AUTHENTICATED
All right, but I think I don't see any authentication failure notification either when the password is incorrect. It would be nice to see if somebody on my local network repeatingly tries to login. only appear in full log files you mean only when the full-log-dir is set? - Original Message - From: Sam Clippinger s...@silence.org To: spamdyke users spamdyke-users@spamdyke.org Sent: Friday, September 25, 2009 6:00 PM Subject: Re: [spamdyke-users] I do not get ALLOWED_AUTHENTICATED The ALLOWED_AUTHENTICATED message will only appear in full log files, not in the syslog messages. When an authenticated connection is allowed, you will see ALLOWED in the syslog and the auth: field will contain the username. I should probably reword the documentation to make this more clear. -- Sam Clippinger David Bo Jensen wrote: I only get ALLOWED I have server:/var/log# cat /etc/spamdyke.conf access-file=/etc/spamdyke-relay smtp-auth-level=always smtp-auth-command=/usr/bin/checkpassword /bin/true relay-level=normal server:/etc# cat spamdyke-relay 192.168.1.:deny 127.0.0.1:allow :deny It should deny everything unless then sender authenticates. But clients on 192.168.1. seem able to send mails which only prints ALLOWED in the logfile and not ALLOWED_AUTHENTICATED. log-level is info ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] I do not get ALLOWED_AUTHENTICATED
I'll bite (What ever that means). Now for smtps, it works I get Sep 25 17:58:35 server spamdyke[12357]: DENIED_ACCESS_DENIED from: u...@mydomain.com to: k...@vip.cybercity.dk origin_ip: 81.27.49.150 origin_rdns: 0x535b3196.boanxx12.dynamic.dsl.tele.dk auth: (unknown) Sep 25 18:00:48 server spamdyke[12361]: ERROR: authentication failure (bad username/password, vchkpw uses this to indicate SMTP access is not allowed): user But I think I have a problem with ordinary SMTP connection from the local network but I can not test it now I will return to the issue later. - Original Message - From: Sam Clippinger s...@silence.org To: spamdyke users spamdyke-users@spamdyke.org Sent: Friday, September 25, 2009 6:00 PM Subject: Re: [spamdyke-users] I do not get ALLOWED_AUTHENTICATED The ALLOWED_AUTHENTICATED message will only appear in full log files, not in the syslog messages. When an authenticated connection is allowed, you will see ALLOWED in the syslog and the auth: field will contain the username. I should probably reword the documentation to make this more clear. -- Sam Clippinger David Bo Jensen wrote: I only get ALLOWED I have server:/var/log# cat /etc/spamdyke.conf access-file=/etc/spamdyke-relay smtp-auth-level=always smtp-auth-command=/usr/bin/checkpassword /bin/true relay-level=normal server:/etc# cat spamdyke-relay 192.168.1.:deny 127.0.0.1:allow :deny It should deny everything unless then sender authenticates. But clients on 192.168.1. seem able to send mails which only prints ALLOWED in the logfile and not ALLOWED_AUTHENTICATED. log-level is info ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] smtp auth
What is ls -la /home/vpopmail/bin/vchkpw and what is the user for the tcpserver? What do you mean with preferring pop-before-smtp over smtp-auth ? You have no configuration file for spamdyke, and I have learned that access-file and local-domains-file must be present. these two option are not specified in your case. - Original Message - From: Kulkarni Shantanu djbw...@shantanukulkarni.org To: spamdyke-users@spamdyke.org Sent: Friday, September 25, 2009 6:54 PM Subject: [spamdyke-users] smtp auth hello, i am trying smtp auth with spamdyke first time. previously i had used dr. hoffman's smtp auth patch on few other servers, but frankly i am a bit old-fashioned, preferring pop-before-smtp over smtp-auth. i have netqmail-1.05 (lwq style) install with john simpson's validrcptto.cdb path and vpopmail. my run file contains, tcpserver ... \ /var/qmail/bin/spamdyke408 --log-target stderr -lverbose -a 20 \ --smtp-auth-level always --smtp-auth-command /home/vpopmail/bin/vchkpw /bin/true \ /var/qmail/bin/qmail-smtpd but when i try, $ telnet XX.XXX.XX.XXX 465 Trying XX.XXX.XX.XXX... Connected to XX.XXX.XX.XXX Escape character is '^]'. Connection closed by foreign host. smtp log show, @40004abcef43191735cc tcpserver: pid 31631 from 59.95.6.138 @40004abcef4319174954 tcpserver: ok 31631 mail.xxx.xxx:XX.XXX.XX.XXX:465 :59.95.6.138::55002 @40004abcef431dbd848c tcpserver: end 31631 status 0 @40004abcef431dbd9fe4 tcpserver: status: 0/40 i have re-read the smtp auth part in the README, but not getting what i am missing in the run file. some help will be great. thanks in advance. Shantanu -- ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] smtp auth
* David Bo Jensen d...@elektronik.dk [090926 08:12]: What is ls -la /home/vpopmail/bin/vchkpw -rwx--x--x 1 vpopmail vchkpw 190656 Nov 24 2007 /home/vpopmail/bin/vchkpw and what is the user for the tcpserver? qmaild I don't know /home/vpopmail/bin/vchkpw. But it is possible that you must do chmod 4711 /home/vpopmail/bin/vchkpw to make it work You have no configuration file for spamdyke, and I have learned that access-file and local-domains-file must be present. these two option are not specified in your case. do you or anyone have working sample (no tls required) file or command-line switches? Sure you can see my qmail script in one of the other threads (I can hardly make a SMTPS connection). In that script I use smtp as well as smtps (TLS) I use only 2 command-line switches /usr/local/bin/spamdyke -l -f /etc/spamdyke.conf I recommend that you use a configuration file. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] I can hardly make a SMTPS connection
The executable error is occurring because the script is marked setuid instead of just executable. The message is incorrect -- I'll fix it in the next version. However (IIRC), I don't believe the setuid bit has any effect on scripts in Linux environments. You are right but instead of a script I used a copy of checkpassword and got a similiar result. Please se my new thread. The encrypted authentication failure is not a problem, as long as your spamdyke configuration doesn't specify encryption in the smtp-auth-level option. spamdyke's config-test didn't find any problems with your TLS certificate but you're getting TLS errors when spamdyke actually runs... this looks like a permission problem to me. Try running spamdyke's config-test feature again with the run-as-user flag to force spamdyke to use the qmaild user instead. spamdyke will likely report it can't access the certificate file. Please see my new thread -- Sam Clippinger David Bo Jensen wrote: Running the config test gave me some ERRORS. I added access-file and local-domains-file to my config file in order to remove some of them. Here is my result but remember I was root. :/etc# /usr/local/bin/spamdyke -l -f /etc/spamdyke-smtps.conf --config-test-smtpauth-username user --config-test-smtpauth-password password --config-test /usr/sbin/qmail-smtpd 21 spamdyke 4.0.10+TLS+CONFIGTEST+DEBUG (C)2008 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ Use -h for an option summary or see README.html for complete option details. Testing configuration... WARNING: Running tests as superuser root(0), group root(0). These test results may not be valid if the mail server runs as another user. SUCCESS: spamdyke binary (/usr/local/bin/spamdyke) is not owned by root and/or is not marked setuid. INFO: Running command to test capabilities: /usr/sbin/qmail-smtpd SUCCESS: /usr/sbin/qmail-smtpd does not appear to offer TLS support. spamdyke will offer, intercept and decrypt TLS traffic. SUCCESS: /usr/sbin/qmail-smtpd does not appear to offer SMTP AUTH support. spamdyke will offer and process authentication. INFO(access-file): Testing file read: /etc/spam-relays SUCCESS(access-file): Opened for reading: /etc/spam-relays INFO(config-file): Testing file read: /etc/spamdyke-smtps.conf SUCCESS(config-file): Opened for reading: /etc/spamdyke-smtps.conf INFO(local-domains-file): Testing file read: /etc/qmail/rcpthosts SUCCESS(local-domains-file): Opened for reading: /etc/qmail/rcpthosts INFO(smtp-auth-level): Examining authentication command: /usr/bin/chkpw.sh /bin/true ERROR(smtp-auth-level): File is not executable: /usr/bin/chkpw.sh: Owner permissions apply but owner executable bit is not set Is this not good enough? -rwSr-x--- 1 root qmaild38 2009-09-24 21:26 chkpw.sh INFO(smtp-auth-level): Running authentication command with unencrypted input: /usr/bin/chkpw.sh /bin/true SUCCESS(smtp-auth-level): Authentication succeeded with unencrypted input: /usr/bin/chkpw.sh /bin/true INFO(smtp-auth-level): Running authentication command with encrypted input: /usr/bin/chkpw.sh /bin/true ERROR: authentication failure (bad username/password, vchkpw uses this to indicate SMTP access is not allowed): user ERROR(smtp-auth-level): Authentication failed with encrypted input: /usr/bin/chkpw.sh /bin/true Is that a problem? I am using unencrypted login INFO(tls-certificate-file): Testing TLS by initializing SSL/TLS library with certificate and key SUCCESS(tls-certificate-file): Opened for reading: /etc/ssl/certs/stunnel.pem SUCCESS(tls-certificate-file): Certificate and key loaded; SSL/TLS library successfully initialized ERROR: Tests complete. Errors detected. When spamdyke runs as qmaild, my mail client tells me that the connection was closed and in /var/log/mail.info I get Sep 25 17:36:01 alleservices spamdyke[12289]: ERROR: unable to load SSL/TLS certificate from file: /etc/ssl/certs/stunnel.pem : The operation failed due to an I/O error, Unexpected EOF found, error:0200100D:lib(2):func(1):reason(13), error:20074002:lib(32):func(116):reason(2), error:140DC002:lib(20):func(220):reason(2) Sep 25 17:36:01 alleservices spamdyke[12289]: ERROR: incorrect SSL/TLS private key password or SSL/TLS certificate/privatekey mismatch/etc/ssl/certs/stunnel.pem : A protocol or library failure occurred, error:140A80B1:lib(20):func(168):reason(177) Sep 25 17:36:01 alleservices spamdyke[12289]: ERROR: unable to initialize SSL/TLS library Sep 25 17:36:01 alleservices spamdyke[12289]: ERROR: unable to start SMTPS because TLS support is not available or an SSL/TLS certificate is not available; closing connection This is very much the same errors I get if stunnel.pem is wrongly generated. (ex. missing certificate) - Original Message - From: Sam Clippinger s...@silence.org To: spamdyke users spamdyke-users@spamdyke.org Sent: Friday, September 25, 2009 5:54 PM
Re: [spamdyke-users] SMTP auth. and access right to certificates for SMTPS (maybe bugs, but a workaround is found)
The group permissions on your TLS certificate aren't working because your script explicitly sets the group to nobody when tcpserver starts. Entries in /etc/groups only affects interactive logins, not daemon processes like tcpserver. Try changing your script from this: -g `id -g nobody` To this: -g `id -g qmaild` You should then be able to change the file permissions back to their original settings. NO it is not possible to change the permissions back to their original settings -- Sam Clippinger David Bo Jensen wrote: In my /etc/init.d/qmail I have ... rblsmtpd2=/usr/local/bin/spamdyke -l -f /etc/spamdyke-smtps.conf ... sh -c start-stop-daemon --start --quiet --user qmaild \ --pidfile /var/run/tcpserver_smtpsd.pid --make-pidfile \ --exec /usr/bin/tcpserver -- -R -H \ -u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtps.cdb 0 smtps \ $rblsmtpd2 /usr/sbin/qmail-smtpd 21 \ | $logger If I understand that rightfully it means that spamdyke will run as qmaild. Next we take a look /etc/spamdyke-smtps.conf log-level=verbose tls-level=smtps tls-certificate-file=/etc/ssl/certs/stunnel.pem filter-level=require-auth smtp-auth-level=ondemand smtp-auth-command=/usr/bin/chkpw /bin/true access-file=/etc/spam-relays local-domains-file=/etc/qmail/rcpthosts relay-level=normal Clearly qmaild must have read access to /etc/ssl/certs/stunnel.pem . First I thought I could ensure that with server:/etc/ssl/certs# ls -la stunnel.pem -rw-r- 1 root qmaild 2402 2009-09-23 10:03 stunnel.pem server:/# grep qmaild /etc/group qmaild:x:1005:qmaild Where qmaild is a group with qmaild as member, but for one strange reason this doen't work. First when I changed it to: s# ls -la stunnel.pem -rw-r- 1 qmaild qmaild 2402 2009-09-23 10:03 stunnel.pem It started to work. I think it is a bug because these keys and certificates could be used by sveral programs ex. pop3 running as another user where group access could be handy.. Next for authentication /usr/bin/chkpw (chkpw is just a copy of checkpassword) must at least have suid set like this rwSr-x--- 1 root qmaild38 2009-09-24 21:26 chkpw However it turned out that it would not work before I changed it to -rwsr-xr-x 1 root qmaild 12360 2009-09-26 20:47 /usr/bin/chkpw I don't understand why it is so, and I think it is abug ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] SMTP auth. and access right to certificates for SMTPS (maybe bugs, but a workaround is found)
Sam Clippinger, you are right, but I think some clarification is needed. It would be wonderfull if `id -g name` gave the id of the group with the name 'name', but that is not how id works. name is a user and 'id -g' will always give the id of the principal group associated with name. Usually when qmail first is installed that group will be 'nobody'. That group is not supposed to be used with any access rights to files. I solved the problem by replacing `id -g qmaild` with the number found in /etc/group server:/# grep qmaild /etc/group qmaild:x:1005:qmaild which is 1005 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] getprotobyname()
I have the famous problem with a newly installed debian lenny AMD64 unable to find protocol number with getprotobyname() Yes I know it has something (I have read) to do with UDP. grep UDP /etc/protocols udp17UDP#user datagram protocol However I can successfully, send and receive mails. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] getprotobyname()
The code in spamdyke is very simple it just call getprotobyname(udp), and if the returned pointer is null it logs the error message. My guess is that getprotobyname for some reason hasn't been able to read the /etc/protocols. I have made a small testprogram using getprotobyname and it works fine. I even let start-stop-daemon start my test program. The testprogram was build with the same settings as spamdyke. Afterwards I made a clean and make spamdyke, and a reinstallation but it changed nothing. I have server1:~# dpkg -l | grep ucspi ii ucspi-tcp 1:0.88-2 command-line tools for building TCP client-server applications ucspi was installed twice first 0.88-15 then the above. I tried to run tcpserver from the command line ie. not as a daemon and suddenly I got no getprotobyname error In other words tcpserver likes my console enviroment, but not when it is invoked by something else. I must add that I have used the above configuration on an etch without problems. It is possible that it is caused by two different errors, but I think it is start-stop-daemon/tcpserver/lenny conflict. Maybe I should add that I use AMD64 and have a raid filesystem. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] getprotobyname() -
I have posted this mail before but somehow it didn't end on the top of the mailling list, so I try again. I have the famous problem with a newly installed debian lenny AMD64 unable to find protocol number with getprotobyname() Yes I know it has something (I have read) to do with UDP. grep UDP /etc/protocols udp17UDP#user datagram protocol However I can successfully, send and receive mails. The code in spamdyke is very simple it just call getprotobyname(udp), and if the returned pointer is null it logs the error message. My guess is that getprotobyname for some reason hasn't been able to read the /etc/protocols. I have made a small testprogram using getprotobyname and it works fine. I even let start-stop-daemon start my test program. The testprogram was build with the same settings as spamdyke. Afterwards I made a clean and make spamdyke, and a reinstallation but it changed nothing. I did ./configure and it indeed gave me some errors. For instance: conftest.c:8:28: error: ac_nonexistent.h: No such file or directory configure:2524: $? = 1 Am I missing some packages ? I have added the config.log because I don't understand all the configure errors However I could build spamdyke. debian lenny (5.0.3) AMD64 config.log Description: Binary data ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] getprotobyname() -
Problem solved. ulimit in my qmail script was simply too low ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
