[spamdyke-users] Implementation issue with Spamdyke 3.1.8, Plesk 8.0.1, FreeBSD 6.0
I searched the archives and found what I thought I needed to determine how to properly setup Spamdyke 3.1.8 on a Plesk 8.0.1 server running FreeBSD6.0. What I found was that I needed to run Spamdyke before relaylock and if my current smtp entry in inetd.conf contained a rblsmtpd entry that I could simply replace that with a call to spamdyke. I did those things and I also successfully executed Spamdyke with the --confi-test and --config-test-user options. Upon inspection of /usr/local/psa/var/log/maillog I see every minute or two the following error: spamdyke[44404]: ERROR: unable to write 30 bytes to file descriptor 1: Broken pipe I don't know if this means email is not being delivered correctly or if it means that Spamdyke can't modify a file that may not be created or has incorrect permissions. I didn't find anything in the Spamdyke archives which would help me fix this issue so I'm hoping someone on the list can. My inetd.conf is shown below (contained on one line on server): smtp stream tcp nowait root /usr/local/psa/qmail/bin/tcp-env tcp-env /usr/local/bin/spamdyke -f /etc/spamdyke.conf /usr/local/psa/qmail/bin/relaylock /usr/local/psa/qmail/bin/qmail-smtpd /usr/local/psa/qmail/bin/smtp_auth /usr/local/psa/qmail/bin/true /usr/local/psa/qmail/bin/cmd5checkpw /usr/local/psa/qmail/bin/true My /etc/spamdyke.conf is: log-level=3 local-domains-file=/usr/local/psa/qmail/control/rcpthosts max-recipients=5 idle-timeout-secs=60 graylist-dir=/var/spamdyke/graylist-dir graylist-min-secs=300 graylist-max-secs=1814400 #policy-url=http://my.policy.explanation.url/ sender-blacklist-file=/var/spamdyke/sender-blacklist-file recipient-blacklist-file=/var/spamdyke/recipient-blacklist-file ip-in-rdns-keyword-file=/var/spamdyke/ip-in-rdns-keyword-file ip-blacklist-file=/var/spamdyke/ip-blacklist-file #rdns-blacklist-dir=/home/vpopmail/blacklist_rdns.d reject-empty-rdns reject-unresolvable-rdns #reject-ip-in-cc-rdns #rdns-whitelist-file=/home/vpopmail/whitelist_rdns ip-whitelist-file=/var/spamdyke/ip-whitelist-file greeting-delay-secs=5 #check-dnsrbl=zombie.dnsbl.sorbs.net #check-dnsrbl=dul.dnsbl.sorbs.net #check-dnsrbl=bogons.cymru.com reject-missing-sender-mx tls-certificate-file=/usr/local/psa/qmail/control/servercert.pem #access-file=/var/spamdyke/access-file recipient-whitelist-file=/var/spamdyke/recipient-whitelist-file Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DENIED_SENDER_NO_MX issue?
I hope I'm replying to this post correctly. Ken I am using BIND but ancochemicals.com isn't a domain in my control. It looks like I just have to wait another 7700 seconds and then I'm hoping this zone should be updated correctly. server1# dig mx ancochemicals.com ; DiG 9.3.1 mx ancochemicals.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 43887 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;ancochemicals.com. IN MX ;; ANSWER SECTION: ancochemicals.com. 7700IN MX 10 sf1.capris.net.ancochemicals.com. ;; AUTHORITY SECTION: ancochemicals.com. 7700IN NS dns1.capris.net. ancochemicals.com. 7700IN NS dns2.capris.net. ancochemicals.com. 7700IN NS dns3.capris.net. ;; ADDITIONAL SECTION: dns1.capris.net.18525 IN A 204.10.240.130 dns2.capris.net.18525 IN A 204.10.240.131 dns3.capris.net.18525 IN A 204.10.240.133 Regards, Shane -- Message: 1 Date: Tue, 10 Jun 2008 16:06:46 -0400 From: Ken Schweigert [EMAIL PROTECTED] Subject: Re: [spamdyke-users] DENIED_SENDER_NO_MX issue? To: spamdyke users spamdyke-users@spamdyke.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1 On Tue, Jun 10, 2008 at 11:09 AM, Shane Bywater [EMAIL PROTECTED] wrote: Hi, I have just recently started using spamdyke and am finding it very useful but have a concern with some of the DENIED_SENDER_NO_MX entries in the logs. I'm thinking sometimes spamdyke incorrectly determines that there is no MX for a particular domain when in fact there is. Below is one such example. Jun 10 04:47:37 server1 spamdyke[30647]: DENIED_SENDER_NO_MX from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 209.226.175.35 origin_rdns: tomts14-srv.bellnexxia.net auth: (unknown) but when I execute dig mx ancochemicals.com on the same server as spamdyke is running I get the following: server1# dig mx ancochemicals.com ; DiG 9.3.1 mx ancochemicals.com ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 27206 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;ancochemicals.com. IN MX ;; ANSWER SECTION: ancochemicals.com. 107910 IN MX 10 sf1.capris.net.ancochemicals.com. ;; AUTHORITY SECTION: ancochemicals.com. 107910 IN NS dns2.capris.net. ancochemicals.com. 107910 IN NS dns3.capris.net. ancochemicals.com. 107910 IN NS dns1.capris.net. Shane: Are you by chance using 'bind' for your DNS server? If so, check to make sure you have the trailing dot at the end of your MX record entry in your zone. Without this dot the server appends the name of the zone to the entry resulting in something like sf1.capris.net.ancochemicals.com. instead of sf1.capris.net. Hope this helps! -ken ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Illegal value for multiple options and rejecting all SMTP connections
Hi, I'm attempting to run Spamdyke 4.0.2 on FreeBSD 4.7 and I'm experiencing problems such as the following errors: ERROR: Illegal value for option greeting-delay-secs: 5 (must be between 0 and 2147483647) ERROR: Illegal value for option idle-timeout-secs: 60 (must be between 0 and 2147483647) ERROR: Illegal value for option graylist-max-secs: 1814400 (must be between 0 and 2147483647) ERROR: Illegal value for option graylist-min-secs: 300 (must be between 0 and 2147483647) I'm no mathematician but I think 5 is between 0 and 2147483647 and the other values should be fine as well. Any idea why I'm getting these errors? Also, when I actually try using Spamdyke my mail server rejects all SMTP connections even when I have filter-level=allow-all in /etc/spamdyke.conf Here's the first part of /etc/spamdyke.conf showing how I assigned the values. # Sets spamdyke's overall filter behavior. # Available values: allow-all, normal, require-auth, reject-all # Default: normal filter-level=allow-all # Delays the SMTP greeting banner for SECS seconds. A value of 0 disables this # feature. # Default: 0 greeting-delay-secs=5 # Limit incoming messages to NUM recipients. A value of 0 disables this # feature. # Default: 0 #max-recipients=NUM # Drop superuser privileges and run as USER instead. # Default: none #run-as-user=qmaild Here's the important half of my /var/qmail/supervise/qmail-smtpd file: exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -h -p -R -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 25 \ /usr/local/bin/spamdyke -f /etc/spamdyke.conf \ /var/qmail/bin/tcp-env /usr/local/bin/properplop \ /var/qmail/bin/qmail-smtpd 21 Any suggestions on how to get Spamdyke running correctly would be greatly appreciated. Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Illegal value for multiple options and rejecting all SMTP connections
Hi, I tried increasing my qmail's softlimit to 8000 as per Sam's recommendation but that didn't help. Same errors are reported and all SMTP connections are rejected. I'm guessing I may be the only one running Spamdyke 4.0.2 on a FreeBSD 4.7 server so this is why no one else has this issue but if anyone can offer some suggestions on what to try next that would be appreciated. Would a older version of libgnugetopt package, which was necessary to install for the configure script to complete correctly, create this issue? I just used version 1.2 which was found in the ports directory. Regards, Shane Bywater [EMAIL PROTECTED] wrote: Message: 1 Date: Fri, 08 Aug 2008 16:24:52 -0400 From: Shane Bywater [EMAIL PROTECTED] Subject: [spamdyke-users] Illegal value for multiple options and rejecting all SMTP connections To: spamdyke-users@spamdyke.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi, I'm attempting to run Spamdyke 4.0.2 on FreeBSD 4.7 and I'm experiencing problems such as the following errors: ERROR: Illegal value for option greeting-delay-secs: 5 (must be between 0 and 2147483647) ERROR: Illegal value for option idle-timeout-secs: 60 (must be between 0 and 2147483647) ERROR: Illegal value for option graylist-max-secs: 1814400 (must be between 0 and 2147483647) ERROR: Illegal value for option graylist-min-secs: 300 (must be between 0 and 2147483647) I'm no mathematician but I think 5 is between 0 and 2147483647 and the other values should be fine as well. Any idea why I'm getting these errors? Also, when I actually try using Spamdyke my mail server rejects all SMTP connections even when I have filter-level=allow-all in /etc/spamdyke.conf Here's the first part of /etc/spamdyke.conf showing how I assigned the values. # Sets spamdyke's overall filter behavior. # Available values: allow-all, normal, require-auth, reject-all # Default: normal filter-level=allow-all # Delays the SMTP greeting banner for SECS seconds. A value of 0 disables this # feature. # Default: 0 greeting-delay-secs=5 # Limit incoming messages to NUM recipients. A value of 0 disables this # feature. # Default: 0 #max-recipients=NUM # Drop superuser privileges and run as USER instead. # Default: none #run-as-user=qmaild Here's the important half of my /var/qmail/supervise/qmail-smtpd file: exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -h -p -R -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 25 \ /usr/local/bin/spamdyke -f /etc/spamdyke.conf \ /var/qmail/bin/tcp-env /usr/local/bin/properplop \ /var/qmail/bin/qmail-smtpd 21 Any suggestions on how to get Spamdyke running correctly would be greatly appreciated. Regards, Shane Bywater Message: 3 Date: Fri, 08 Aug 2008 16:42:20 -0500 From: Sam Clippinger [EMAIL PROTECTED] Subject: Re: [spamdyke-users] Illegal value for multiple options and rejecting all SMTP connections To: spamdyke users spamdyke-users@spamdyke.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed My first thought is that your memory limit for spamdyke/qmail is probably too low. For some reason, instead of causing out of memory errors, low memory seems to cause very strange malfunctions. Try editing your run file to increase the value for softlimit to something much higher (e.g. 8000), then restart qmail. -- Sam Clippinger Shane Bywater wrote: Hi, I'm attempting to run Spamdyke 4.0.2 on FreeBSD 4.7 and I'm experiencing problems such as the following errors: ERROR: Illegal value for option greeting-delay-secs: 5 (must be between 0 and 2147483647) ERROR: Illegal value for option idle-timeout-secs: 60 (must be between 0 and 2147483647) ERROR: Illegal value for option graylist-max-secs: 1814400 (must be between 0 and 2147483647) ERROR: Illegal value for option graylist-min-secs: 300 (must be between 0 and 2147483647) I'm no mathematician but I think 5 is between 0 and 2147483647 and the other values should be fine as well. Any idea why I'm getting these errors? Also, when I actually try using Spamdyke my mail server rejects all SMTP connections even when I have filter-level=allow-all in /etc/spamdyke.conf Here's the first part of /etc/spamdyke.conf showing how I assigned the values. # Sets spamdyke's overall filter behavior. # Available values: allow-all, normal, require-auth, reject-all # Default: normal filter-level=allow-all # Delays the SMTP greeting banner for SECS seconds. A value of 0 disables this # feature. # Default: 0 greeting-delay-secs=5 # Limit incoming messages to NUM recipients. A value of 0 disables this # feature. # Default: 0 #max
Re: [spamdyke-users] Illegal value for multiple options and rejecting all SMTP connections
Just thought I would verify that Spamdyke 4.0.3 does not have the illegal value issues that I experienced on FreeBSD 4.7. Thanks Sam I appreciate your quick assistance, Shane Bywater Message: 4 Date: Tue, 12 Aug 2008 23:13:57 -0500 From: Sam Clippinger [EMAIL PROTECTED] Subject: Re: [spamdyke-users] Illegal value for multiple options and rejecting all SMTP connections To: spamdyke users spamdyke-users@spamdyke.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed I found the problem. gcc on FreeBSD (at least versions 4.7 and 2.2.2) doesn't seem to use the same format specifiers for parsing 64 bit integers that every other Unix uses. Everything compiles without errors, but when spamdyke loads the integer values from the configuration file and tries to evaluate them, it ends up with mostly-uninitialized values. The final values are random (depending on the values left in memory by the operating system when spamdyke started) but they typically fall well outside the acceptable ranges. I've updated the configure script to detect this situation and work around it. I'm testing the changes now and I'll release a new version tomorrow morning if the scripts don't reveal any errors. -- Sam Clippinger Sam Clippinger wrote: Actually, I have a FreeBSD 4.7 machine that I built for testing, so I'll check this out tonight and let you know if I can reproduce it. -- Sam Clippinger Shane Bywater wrote: Hi, I tried increasing my qmail's softlimit to 8000 as per Sam's recommendation but that didn't help. Same errors are reported and all SMTP connections are rejected. I'm guessing I may be the only one running Spamdyke 4.0.2 on a FreeBSD 4.7 server so this is why no one else has this issue but if anyone can offer some suggestions on what to try next that would be appreciated. Would a older version of libgnugetopt package, which was necessary to install for the configure script to complete correctly, create this issue? I just used version 1.2 which was found in the ports directory. Regards, Shane Bywater [EMAIL PROTECTED] wrote: Message: 1 Date: Fri, 08 Aug 2008 16:24:52 -0400 From: Shane Bywater [EMAIL PROTECTED] Subject: [spamdyke-users] Illegal value for multiple options and rejecting all SMTP connections To: spamdyke-users@spamdyke.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi, I'm attempting to run Spamdyke 4.0.2 on FreeBSD 4.7 and I'm experiencing problems such as the following errors: ERROR: Illegal value for option greeting-delay-secs: 5 (must be between 0 and 2147483647) ERROR: Illegal value for option idle-timeout-secs: 60 (must be between 0 and 2147483647) ERROR: Illegal value for option graylist-max-secs: 1814400 (must be between 0 and 2147483647) ERROR: Illegal value for option graylist-min-secs: 300 (must be between 0 and 2147483647) I'm no mathematician but I think 5 is between 0 and 2147483647 and the other values should be fine as well. Any idea why I'm getting these errors? Also, when I actually try using Spamdyke my mail server rejects all SMTP connections even when I have filter-level=allow-all in /etc/spamdyke.conf Here's the first part of /etc/spamdyke.conf showing how I assigned the values. # Sets spamdyke's overall filter behavior. # Available values: allow-all, normal, require-auth, reject-all # Default: normal filter-level=allow-all # Delays the SMTP greeting banner for SECS seconds. A value of 0 disables this # feature. # Default: 0 greeting-delay-secs=5 # Limit incoming messages to NUM recipients. A value of 0 disables this # feature. # Default: 0 #max-recipients=NUM # Drop superuser privileges and run as USER instead. # Default: none #run-as-user=qmaild Here's the important half of my /var/qmail/supervise/qmail-smtpd file: exec /usr/local/bin/softlimit -m 1000 \ /usr/local/bin/tcpserver -v -h -p -R -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 25 \ /usr/local/bin/spamdyke -f /etc/spamdyke.conf \ /var/qmail/bin/tcp-env /usr/local/bin/properplop \ /var/qmail/bin/qmail-smtpd 21 Any suggestions on how to get Spamdyke running correctly would be greatly appreciated. Regards, Shane Bywater Message: 3 Date: Fri, 08 Aug 2008 16:42:20 -0500 From: Sam Clippinger [EMAIL PROTECTED] Subject: Re: [spamdyke-users] Illegal value for multiple options and rejecting all SMTP connections To: spamdyke users spamdyke-users@spamdyke.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed My first thought is that your memory limit for spamdyke/qmail is probably too low. For some reason, instead of causing out of memory errors, low memory
[spamdyke-users] Best way to deal with returned emails not sent by user
Hi, I'm wondering what the best way is (hopefully by using Spamdyke) to deal with the thousands of mailer-daemon messages that are sometimes received by a user who was unfortunate to have a spammer use their email address in the From: line to send out SPAM. Of course any undeliverable messages are returned to this innocent user. The solution would need to be domain specific as there are multiple domains are using Spamdyke on the mail server in question. Thanks for your assistance, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Blacklisting all IPs except two
Hi, I'm wondering if Spamdyke can be used to prevent a mail server from receiving emails from all IPs (or domains) except two specified IP addresses (or domains)? Thanks for your assistance, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] configure can't find OpenSSL libraries
Hi, I'm trying to install Spamdyke 4.2 with TLS support but the configure script shows: checking if openssl/ssl.h will include without additional include directories... no checking Checking if openssl/ssl.h will include correctly... no configure: Unable to include openssl/ssl.h (required by OpenSSL), TLS support disabled and therefore TLS support isn't added. OpenSSL is installed: I think it's version 0.9.8e-rhel5 (found by running man openssl) on Linux version 2.6.18-164.6.1.el5 (mockbu...@builder16.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) What do I have to do to get the configure script to find whatever it is it is looking for? Thanks for your assistance, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] False DENIED_SENDER_NO_MX error?
On 2/26/2011 1:00 PM, spamdyke-users-requ...@spamdyke.org wrote: I have noticed the same issue now that you made me check things out. Same issue appears on spamdyke 4.0.9 and after upgrading to 4.2.0 (CentOS5.2) DENIED_SENDER_NO_MX from: javier_9...@exalumnos.com # host exalumnos.com exalumnos.com has address 216.69.165.94 exalumnos.com mail is handled by 10 mail2.exalumnos.com. DENIED_SENDER_NO_MX from: learningtree...@wdclnxmail1.learningtree.com # host learningtree.com learningtree.com has address 208.254.55.141 learningtree.com mail is handled by 30 learningtree.com.s5b1.psmtp.com. learningtree.com mail is handled by 40 learningtree.com.s5b2.psmtp.com. learningtree.com mail is handled by 10 learningtree.com.s5a1.psmtp.com. learningtree.com mail is handled by 20 learningtree.com.s5a2.psmtp.com. Regards, Shane Bywater P.S. Thanks Eric for the # yum install openssl-devel. That did it. Message: 1 Date: Fri, 25 Feb 2011 14:05:55 -0700 From: Eric Shuberte...@shubes.net Subject: [spamdyke-users] False DENIED_SENDER_NO_MX error? To: spamdyke-users@spamdyke.org Message-ID:ik95jj$bjt$1...@dough.gmane.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Running the latest spamdyke 4.2.0+TLS+CONFIGTEST+DEBUG on CentOS5.4 x86, Using caching-nameserver on localhost, and I'm not seeing any named errors in the system log. I just happened to notice this in my smtp log: 02-25 13:54:30 spamdyke[32582]: DENIED_SENDER_NO_MX from: ntf-330906_53-9098559-ticketmaster_=_shubes@reply.ticketmaster.com to: ticketmas...@shubes.net origin_ip: 209.104.37.138 origin_rdns: vg138.ntf.els4.ticketmaster.com auth: (unknown) encryption: TLS Seemed odd, so I checked: # host ticketmaster.com ticketmaster.com has address 209.104.34.32 ticketmaster.com has address 209.104.41.32 ticketmaster.com has address 209.104.45.32 ticketmaster.com has address 209.104.56.26 ticketmaster.com has address 209.104.58.151 ticketmaster.com has address 209.104.59.96 ticketmaster.com mail is handled by 10 mx.chi.ticketmaster.com. ticketmaster.com mail is handled by 10 mx.els.ticketmaster.com. Am I missing something, or is there a bug? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Blocking emails with multiple From: addresses
Hi, Can Spamdyke be used to block emails that are received that have more than one email address in the From: field? Lately I've been receiving emails with headers such as the following: From: dtow...@domain.com, ida...@domain.com, i...@domain.com, icx...@domain.com, ta...@domain.com, bi...@domain.com, b...@domain.com, echo...@domain.com, js...@domain.com, lavojul...@domain.com, es...@domain.com, jall...@domain.com, ncl...@domain.com To: u...@domain.com I know there is a |max-recipients option but didn't see a max-sender option. Any other way I can block such emails?| Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Correct way to disable a domain from using Spamdyke filtering
Hi, I just want to thank Sam for the great piece of software he has provided with clearly written documentation and a helpful FAQ. Following such I was easily able to install Spamdyke on my new Centos 6.2 using Plesk 10.4.4 control panel server. What I am wanting to know is the correct way of disabling Spamdyke filtering for multiple domains on the server by listing them in the recipient-whitelist-file file? Or do you need to use configuration directories? Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] more efficient way of blocking IPs without rDNS
Hi, Can any recommend the most efficient way (ie. minimum human interaction and system resources) to deal with a SPAM situation as shown below where multiple IPs are using multiple domain names to send SPAM to the same email addresses repeatedly (for over 14 days so far)? I've changed the real domain name to domain.com and most of the email addresses being used are no longer are active on our server. Spamdyke is doing a great job of blocking such SPAM but the load on the server is getting too high to be able to use the Plesk Control Panel properly. I'm wondering if someone had a script that would scan the maillog file for FILTER_RDNS_MISSING ip: 59.95.80.11 and either creates a file which contained such IPs that the system administrator could then use to add to the iptables (I think that is what would be used in Centos6) or modifies the iptables automatically. My server is running Centos6 with Parallels Plesk 10.4.4. Any advice would be appreciated. Jan 29 04:13:06 apexia spamdyke[21825]: FILTER_RDNS_MISSING ip: 119.195.138.22 Jan 29 04:13:06 apexia spamdyke[21825]: DENIED_RDNS_MISSING from: barb...@seaking.net to: b...@domain.com origin_ip: 119.195.138.22 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) Jan 29 04:13:06 apexia spamdyke[21825]: DENIED_RDNS_MISSING from: barb...@seaking.net to: t...@domain.com origin_ip: 119.195.138.22 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) Jan 29 04:13:06 apexia spamdyke[21825]: DENIED_RDNS_MISSING from: barb...@seaking.net to: thy...@domain.com origin_ip: 119.195.138.22 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) Jan 29 04:13:06 apexia spamdyke[21825]: DENIED_RDNS_MISSING from: barb...@seaking.net to: t...@domain.com origin_ip: 119.195.138.22 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) ... Jan 29 04:16:38 apexia spamdyke[23081]: FILTER_RDNS_MISSING ip: 59.95.80.11 Jan 29 04:16:38 apexia spamdyke[23081]: DENIED_RDNS_MISSING from: bsoelb...@sunmountaindoors.com to: b...@domain.com origin_ip: 59.95.80.113 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) Jan 29 04:16:38 apexia spamdyke[23081]: DENIED_RDNS_MISSING from: bsoelb...@sunmountaindoors.com to: t...@domain.com origin_ip: 59.95.80.113 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) Jan 29 04:16:38 apexia spamdyke[23081]: DENIED_RDNS_MISSING from: bsoelb...@sunmountaindoors.com to: thy...@domain.com origin_ip: 59.95.80.113 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) Jan 29 04:16:38 apexia spamdyke[23081]: DENIED_RDNS_MISSING from: bsoelb...@sunmountaindoors.com to: t...@domain.com origin_ip: 59.95.80.113 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) Thanks for your time and Sam thanks very much for creating Spamdyke. Looking forward to the next version which hopefully addresses the whitelisting/relaying issue. Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] more efficient way of blocking IPs without rDNS
Thanks Sam. I'll give fail2ban a try. Don't know what I'll do after the tables reach 1000 entries as I don't think I can install a hardware based firewall in front of my shared VPS ;) I'll worry about a solution to that later. Thanks again, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] modifying way that filters are shown in log files
Hi, I disabled all whitelist options in spamdyke.conf and restarted spamdyke. Confirmed no whitelist filters continued to be displayed in the maillog file and also confirmed that only FILTER_EARLYTALKER delay: 5 was found but still no DENIED_EARLYTALKER entries. I even checked back in maillog files from 2012 and found the same result. It just can't be an authenticated user from so many different IPs (100s) from such a long period of time as my server would certainly be listed in multiple DNS blacklists (it's currently not in any). If anyone else has the same issue I would be curious if it has anything to do with Plesk being involved. If there are no other recommendations maybe I'll try installing Spamdyke 5.0.0 unless anyone has had issues using it on a Plesk 10.4.4, CentoOS 6 server. All comments are welcomed. Regards, Shane Bywater -- Message: 1 Date: Wed, 12 Mar 2014 17:28:58 -0500 From: Sam Clippinger s...@silence.org Subject: Re: [spamdyke-users] modifying way that filters are shown in log files To: spamdyke users spamdyke-users@spamdyke.org Message-ID: a70266f0-2742-4c3b-9820-adc66fe9f...@silence.org Content-Type: text/plain; charset=us-ascii If the earlytalker filter actually blocks a connection, you should see a DENIED_EARLYTALKER message in the log. Are you sure that connection isn't whitelisted or authenticating? Either of those things would prevent the earlytalker filter from actually blocking the connection. -- Sam Clippinger On Mar 11, 2014, at 10:04 PM, Shane Bywater sh...@apexia.ca wrote: Hi, I'm running Spamdyke 4.3.1 on a Centos 6 server. I've been successfully using spamdyke along with fail2ban to block IPs with the following characteristics: Missing RNDS and RDNS containing IP address. In the maillog files I see the following: Aug 24 04:14:42 server spamdyke[20879]: FILTER_IP_IN_CC_RDNS ip: 186.52.196.7 rdns: r186-52-196-7.dialup.adsl.anteldata.net.uy Aug 24 04:14:42 server spamdyke[20879]: DENIED_IP_IN_CC_RDNS from: birgitta.weh...@vll.ca to: u...@domain.com origin_ip: 186.52.196.7 origin_rdns: r186-52-196-7.dialup.adsl.an Aug 24 04:15:07 server spamdyke[23813]: FILTER_RDNS_MISSING ip: 117.207.23.39 Aug 24 04:15:07 server spamdyke[23813]: DENIED_RDNS_MISSING from: 73a8...@enerdeco.nl to: u...@domain.com origin_ip: 117.207.23.39 origin_rdns: (unknown) auth: (unknown) Aug 24 04:21:33 apexia spamdyke[25574]: FILTER_EARLYTALKER delay: 5 Aug 24 04:21:33 apexia /var/qmail/bin/relaylock[25582]: /var/qmail/bin/relaylock: mail from 101.208.35.161:51645 (not defined) My fail2ban configuration file contains: [Definition] failregex = spamdyke.+: DENIED_RDNS_MISSING from:.+origin_ip: HOST spamdyke.+: DENIED_IP_IN_CC_RDNS from:.+origin_ip: HOST spamdyke.+: FILTER_EARLYTALKER delay: 5.+from HOST --not working ignoreregex = My issue is I now want to start banning IPs that set off the FILTER_EARLYTALKER filter but as there is no corresponding DENIED_EARLYTALKER from: x...@yyy.com to u...@domain.com origin_ip: 111.222.333.444 I cannot figure out the proper failregex expression to match the exising format for FILTER_EARLYTALKER nor do I know how to change spamdyke to show a familiar DENIED_EARLYTALKER ... heading in the maillog which I could determine the proper failregex for. If anyone can provide me with some suggestions that would be appreciated. Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- next part -- An HTML attachment was scrubbed... URL: http://www.spamdyke.org/mailman/private/spamdyke-users/attachments/20140312/af220ab8/attachment-0001.html -- ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users End of spamdyke-users Digest, Vol 82, Issue 9 * ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] modifying way that filters are shown in log files
Hi, As requested here is my configuration file. Note: My ip-whitelist-file is empty and I continue to see 100s of FILTER_EARLYTALKER delay: 5 entries but no DENIED_EARLYTALKER in my maillog files. # spamdyke configuration file for spamdyke version 4.3.1. # Note: All other lines not shown below are commented out on the server greeting-delay-secs=5 reject-empty-rdns reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns log-level=verbose config-dir=/var/spamdyke/domain_setups connection-timeout-secs=0 idle-timeout-secs=60 reject-identical-sender-recipient ip-blacklist-file=/var/spamdyke/ip-blacklist-file recipient-blacklist-file=/var/spamdyke/recipient-blacklist-file sender-blacklist-file=/var/spamdyke/sender-blacklist-file ip-whitelist-file=/var/spamdyke/ip-whitelist-file recipient-whitelist-file=/var/spamdyke/recipient-whitelist-file sender-whitelist-file=/var/spamdyke/sender-whitelist-file dns-blacklist-file=/var/spamdyke/dns-blacklist-file smtp-auth-level=ondemand smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true smtp-auth-command=/var/qmail/bin/cmd5checkpw /var/qmail/bin/true tls-certificate-file=/var/qmail/control/servercert.pem local-domains-file=/var/qmail/control/rcpthosts Thanks for looking into this Sam. Regards, Shane Bywater Message: 1 Date: Tue, 1 Apr 2014 18:31:15 -0500 From: Sam Clippinger s...@silence.org Subject: Re: [spamdyke-users] modifying way that filters are shown in log files To: spamdyke users spamdyke-users@spamdyke.org Message-ID: 4c442bbf-7e36-46d4-adc0-e8544a199...@silence.org Content-Type: text/plain; charset=us-ascii I'm really sorry I haven't been able to get to spamdyke issues lately, let me see if I can catch up... When I test the earlytalker filter by itself from the command line, it appears to work: root@patched:/usr/local/src/spamdyke-5.0.0/spamdyke# ./spamdyke --log-target stderr -linfo -e 10 ../tests/smtpdummy/smtpdummy helo me 220 smtpdummy ESMTP 250 HELO received mail from:f...@bar.com 250 Refused. You are not following the SMTP protocol. rcpt to:b...@foo.com 554 Refused. You are not following the SMTP protocol. spamdyke[4199]: DENIED_EARLYTALKER from: f...@bar.com to: b...@foo.com origin_ip: 0.0.0.0 origin_rdns: (unknown) auth: (unknown) encryption: (none) reason: (empty) quit 221 Refused. You are not following the SMTP protocol. So if your connections aren't being whitelisted, there may be a bug where the earlytalker filter is failing when combined with some other option(s). Could you send me your spamdyke configuration file so I can try to reproduce your setup and nail it down? -- Sam Clippinger On Mar 13, 2014, at 3:03 PM, Shane Bywater sh...@apexia.ca wrote: Hi, I disabled all whitelist options in spamdyke.conf and restarted spamdyke. Confirmed no whitelist filters continued to be displayed in the maillog file and also confirmed that only FILTER_EARLYTALKER delay: 5 was found but still no DENIED_EARLYTALKER entries. I even checked back in maillog files from 2012 and found the same result. It just can't be an authenticated user from so many different IPs (100s) from such a long period of time as my server would certainly be listed in multiple DNS blacklists (it's currently not in any). If anyone else has the same issue I would be curious if it has anything to do with Plesk being involved. If there are no other recommendations maybe I'll try installing Spamdyke 5.0.0 unless anyone has had issues using it on a Plesk 10.4.4, CentoOS 6 server. All comments are welcomed. Regards, Shane Bywater -- Message: 1 Date: Wed, 12 Mar 2014 17:28:58 -0500 From: Sam Clippinger s...@silence.org Subject: Re: [spamdyke-users] modifying way that filters are shown in log files To: spamdyke users spamdyke-users@spamdyke.org Message-ID: a70266f0-2742-4c3b-9820-adc66fe9f...@silence.org Content-Type: text/plain; charset=us-ascii If the earlytalker filter actually blocks a connection, you should see a DENIED_EARLYTALKER message in the log. Are you sure that connection isn't whitelisted or authenticating? Either of those things would prevent the earlytalker filter from actually blocking the connection. -- Sam Clippinger On Mar 11, 2014, at 10:04 PM, Shane Bywater sh...@apexia.ca wrote: Hi, I'm running Spamdyke 4.3.1 on a Centos 6 server. I've been successfully using spamdyke along with fail2ban to block IPs with the following characteristics: Missing RNDS and RDNS containing IP address. In the maillog files I see the following: Aug 24 04:14:42 server spamdyke[20879]: FILTER_IP_IN_CC_RDNS ip: 186.52.196.7 rdns: r186-52-196-7.dialup.adsl.anteldata.net.uy Aug 24 04:14:42 server spamdyke[20879]: DENIED_IP_IN_CC_RDNS from: birgitta.weh...@vll.ca to: u...@domain.com origin_ip: 186.52.196.7 origin_rdns: r186-52-196-7.dialup.adsl.an
[spamdyke-users] spamdyke with Parallels Plesk 12
Hi, I'm currently debating whether or not to upgrade my Plesk 10.4.4 to Plesk 12.0.18. I currently use spamdyke 4.3.1 and the server is using qmail, of course, and Courier IMAP. The release notes for Plesk 12 state I have a choice of Postfix and Qmail which I know I will need to use Qmail in order to continue using spamdyke but a new option is whether to use Courier IMAP or Dovecot for POP3 delivery. I'm assumming spamdyke doesn't care whether Courier IMAP or Dovecot is used as spamdyke is called before such a program but I would like verification on this. Also, is anyone successfully using spamdyke 5.0.0 with Plesk 12.0.18? Did you have to make any undocumented changes to spamdyke or Plesk's configuration scripts? Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke with Parallels Plesk 12
1. spamdyke with Parallels Plesk 12 (Shane Bywater) 2. Re: spamdyke with Parallels Plesk 12 (Haggy) -- Message: 1 Date: Tue, 23 Sep 2014 15:56:48 + From: Shane Bywater sh...@apexia.ca To: spamdyke-users@spamdyke.org spamdyke-users@spamdyke.org Subject: [spamdyke-users] spamdyke with Parallels Plesk 12 Message-ID: c2615c1606841d429fe282c972131c7b01669...@s11maild020n2.sh11.lan Content-Type: text/plain; charset=us-ascii Hi, I'm currently debating whether or not to upgrade my Plesk 10.4.4 to Plesk 12.0.18. I currently use spamdyke 4.3.1 and the server is using qmail, of course, and Courier IMAP. The release notes for Plesk 12 state I have a choice of Postfix and Qmail which I know I will need to use Qmail in order to continue using spamdyke but a new option is whether to use Courier IMAP or Dovecot for POP3 delivery. I'm assumming spamdyke doesn't care whether Courier IMAP or Dovecot is used as spamdyke is called before such a program but I would like verification on this. Also, is anyone successfully using spamdyke 5.0.0 with Plesk 12.0.18? Did you have to make any undocumented changes to spamdyke or Plesk's configuration scripts? Regards, Shane Bywater -- Message: 2 Date: Tue, 23 Sep 2014 18:25:13 +0200 (CEST) From: Haggy i...@haggybear.de To: spamdyke users spamdyke-users@spamdyke.org Subject: Re: [spamdyke-users] spamdyke with Parallels Plesk 12 Message-ID: 1939158962.110.1411489513869.javamail.tomc...@host1.haggybear.com Content-Type: text/plain; charset=iso-8859-1 Hi Shane,have a look at here: http://haggybear.com/en/spamdyke-control-panel Regards Haggy - Original-Nachricht - Von: Shane Bywater sh...@apexia.ca An: spamdyke-users@spamdyke.org spamdyke-users@spamdyke.org Cc: Datum: Di, 23 Sep 2014 17:58 Betreff: [spamdyke-users] spamdyke with Parallels Plesk 12 Hi, I'm currently debating whether or not to upgrade my Plesk 10.4.4 to Plesk 12.0.18. I currently use spamdyke 4.3.1 and the server is using qmail, of course, and Courier IMAP. The release notes for Plesk 12 state I have a choice of Postfix and Qmail which I know I will need to use Qmail in order to continue using spamdyke but a new option is whether to use Courier IMAP or Dovecot for POP3 delivery. I'm assumming spamdyke doesn't care whether Courier IMAP or Dovecot is used as spamdyke is called before such a program but I would like verification on this. Also, is anyone successfully using spamdyke 5.0.0 with Plesk 12.0.18? Did you have to make any undocumented changes to spamdyke or Plesk's configuration scripts? Regards, Shane Bywater ___ Thanks Haggy. I'll follow your instructions when I decide to make the change to Plesk 12. Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] can spamdyke reject emails with improper from and to fields?
Hi, Does anyone know if spamdyke can reject an email if it contains improper from and to fields (for example no from address)? I get hundreds of entries daily in the maillog file as shown below and would rather qmail not even try to send a bounce message to such emails. Jun 24 11:31:15 qmail-queue-handlers[20290]: Handlers Filter before-queue for qmail started ... Jun 24 11:31:15 qmail-queue-handlers[20290]: from= Jun 24 11:31:15 qmail-queue-handlers[20290]: to=%from_email Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by sender mailname Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by sender mailname Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by sender mailname Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by sender mailname Jun 24 11:31:15 qmail-queue-handlers[20290]: Incorrect recipient mailname : %from_email Jun 24 11:31:15 qmail: 1435159875.553019 warning: trouble injecting bounce message, will try later Note: I'm using spamdyke 5.0.1 on a Plesk 10.4 CentOS 6 server. BTW thanks to Sam for continuing to develop and improve spamdyke. Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] can spamdyke reject emails with improper from and to fields?
-- Message: 1 Date: Wed, 24 Jun 2015 15:40:10 + From: Shane Bywater sh...@apexia.ca To: spamdyke-users@spamdyke.org spamdyke-users@spamdyke.org Subject: [spamdyke-users] can spamdyke reject emails with improper from andto fields? Message-ID: c2615c1606841d429fe282c972131c7b31f1e...@s11maild020n2.sh11.lan Content-Type: text/plain; charset=us-ascii Hi, Does anyone know if spamdyke can reject an email if it contains improper from and to fields (for example no from address)? I get hundreds of entries daily in the maillog file as shown below and would rather qmail not even try to send a bounce message to such emails. Jun 24 11:31:15 qmail-queue-handlers[20290]: Handlers Filter before-queue for qmail started ... Jun 24 11:31:15 qmail-queue-handlers[20290]: from= Jun 24 11:31:15 qmail-queue-handlers[20290]: to=%from_email Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by sender mailname Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by sender mailname Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by sender mailname Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by sender mailname Jun 24 11:31:15 qmail-queue-handlers[20290]: Incorrect recipient mailname : %from_email Jun 24 11:31:15 qmail: 1435159875.553019 warning: trouble injecting bounce message, will try later Note: I'm using spamdyke 5.0.1 on a Plesk 10.4 CentOS 6 server. BTW thanks to Sam for continuing to develop and improve spamdyke. Regards, Shane Bywater -- Message: 2 Date: Wed, 24 Jun 2015 11:24:47 -0500 From: Sam Clippinger s...@silence.org To: spamdyke users spamdyke-users@spamdyke.org Subject: Re: [spamdyke-users] can spamdyke reject emails with improper fromand to fields? Message-ID: b47b331a-febc-4a20-9b7a-af7c99945...@silence.org Content-Type: text/plain; charset=us-ascii It can do this in a limited fashion right now. If the improper To field is always To: %from_email (or something from a known set of bad values), you could use the header blacklist filter to block it. But at present, there's no way to block a message with a missing header line. -- Sam Clippinger Hi, Is there a way to use spamdyke (header blacklist?) to block emails with no domain in the email address (ie. tksofxpwfhc@). Also, it doesn't seem like the header-blacklist file is even being used by Spamdyke as I have setup my /var/spamdyke/header-blacklist-file to contain Subject: hhh (minus the quotes) and when I send myself an email from an external email address with such the subject line containing hhh it passes through without Spamdyke blocking it. In my spamdyke.conf file I have header-blacklist-file=/var/spamdyke/header-blacklist-file and it has the same permissions as the other spamdyke files in such a directory. I also tried entering header-blacklist-entry=Subject: hhh in my spamdyke.conf file but that email was allowed through as well. My sending email address is not whitelisted and there is no spamdyke messages appearing in the maillog file. What could I be doing wrong? Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke-qrv not executing
Hi, Upon further investigation what I'm seeing is if an email is sent to a non-existent address which includes the complete mail server host's name (ie. ns3.domain.com) spamdyke-qrv correctly rejects the email but if the same email is sent just to the domain name (ie. domain.com) spamdyke accepts the email and passes it on to qmail for delivery. See below for details: Email sent to non-existent email address at host.domain.com Jul 2 14:39:38 ns3 spamdyke[5875]: FILTER_INVALID_RECIPIENT recipient: nob...@ns3.domain.com Jul 2 14:39:38 ns3 spamdyke[5875]: DENIED_INVALID_RECIPIENT from: u...@gmail.com to: nob...@ns3.domain.com origin_ip: 209.85.213.178 origin_rdns: mail-yb0-f178.google.com auth: (unknown) encryption: TLS reason: (empty) Jul 2 14:39:38 ns3 spamdyke[5875]: ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found Email sent to non-existent email address at domain.com Jul 2 14:43:02 ns3 spamdyke[5952]: ALLOWED from: u...@gmail.com to: nob...@domain.com origin_ip: 209.85.161.177 origin_rdns: mail-yw0-f177.google.com auth: (unknown) encryption: TLS reason: 250_ok_1499020982_qp_5956 Jul 2 14:43:03 ns3 qmail: 1499020983.002267 starting delivery 2116: msg 8127566 to local domain.com-nob...@domain.com Jul 2 14:43:03 ns3 qmail: 1499020983.002313 status: local 1/10 remote 0/20 Jul 2 14:43:03 ns3 qmail-local-handlers[5961]: Handlers Filter before-local for qmail started ... Jul 2 14:43:03 ns3 qmail-local-handlers[5961]: from=u...@gmail.com Jul 2 14:43:03 ns3 qmail-local-handlers[5961]: to=domain.com-nob...@domain.com Jul 2 14:43:03 ns3 qmail-local-handlers[5961]: mailbox: /var/qmail/mailnames/domain.com Jul 2 14:43:03 ns3 qmail-queue-handlers[5962]: Handlers Filter before-queue for qmail started ... Jul 2 14:43:03 ns3 qmail-queue-handlers[5962]: from=u...@gmail.com Jul 2 14:43:03 ns3 qmail-queue-handlers[5962]: to=nonexist...@domain.com Jul 2 14:43:03 ns3 spamdyke[5952]: ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found Note: Currently, as Plesk with qmail cannot reject such emails, I've setup Plesk to forward invalid emails to go to an a specific address (nonexist...@domain.com) to prevent backscatter spam issues. /var/qmail/control/me contains ns3.domain.com /var/qmail/control/rcpthosts contains ns3.domain.com domain.com Also, as Plesk does not use: /var/qmail/control/morercpthosts.cdb so there is no such file on my server Thanks for any assistance, Shane Bywater -- Message: 1 Date: Sat, 17 Jun 2017 18:13:33 + From: Shane Bywater <sh...@apexia.ca> To: "spamdyke-users@spamdyke.org" <spamdyke-users@spamdyke.org> Subject: [spamdyke-users] spamdyke-qrv not executing Message-ID: <f479ae129dda4902bd0b6bc0a56a6...@e15madag-d03n04.sh11.lan> Content-Type: text/plain; charset="utf-8" Hi, I'm setting up a new Plesk 17.5.3 Centos 7.3 server with spamdyke 5.0.1. Now I know from the installation notes that if you are using Plesk spamdyke-qrv is not supposed to be required as Plesk "already does recipient validation for you". I have found this statement to be false when using Plesk with qmail. Please see post at https://talk.plesk.com/threads/rejecting-email-for-unknown-addresses.339204/ Basically even though Plesk is configured to reject invalid email addresses qmail accepts the email attempt and sends a "550 sorry, no mailbox here by that name. (#5.7.17)" back to the sender. Maybe Plesk with Postfix rejects invalid email addresses but I'm not going to try that as I want to continue using spamdyke. I have spamdyke-qrv compiled/installed correctly as I can run it successfully from the command line: #spamdyke-qrv -v domain.com invalid returns no output but -vv shows UNAVAILABLE RECIPIENT #spamdyke-qrv -v domain.com valid QRV-ALLOWED(main@spamdyke-qrv.c:60): VALID ADDRESS My issue is when my server receives an email I don't see spamdyke-qrv being executed (from looking at the /var/log/maillog file). I only see spamdyke entries but no spamdyke-qrv entries so I'm assuming that is why the rejecting of invalid email addresses is still not working. My /etc/spamdyke.conf file contains among other things: reject-recipient=invalid recipient-validation-command=/usr/local/bin/spamdyke-qrv My /etc/xinetd.d/smtp_psa contains: server_args = -Rt0 /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true I'm guessing I'm missing something simple but can't see it currently. If anyone can offer a suggestion on what I'm doing wrong and what I need to do to fix this I would appreciate it. Thanks, Shane Bywat
[spamdyke-users] spamdyke-qrv not executing
Hi, I'm setting up a new Plesk 17.5.3 Centos 7.3 server with spamdyke 5.0.1. Now I know from the installation notes that if you are using Plesk spamdyke-qrv is not supposed to be required as Plesk "already does recipient validation for you". I have found this statement to be false when using Plesk with qmail. Please see post at https://talk.plesk.com/threads/rejecting-email-for-unknown-addresses.339204/ Basically even though Plesk is configured to reject invalid email addresses qmail accepts the email attempt and sends a "550 sorry, no mailbox here by that name. (#5.7.17)" back to the sender. Maybe Plesk with Postfix rejects invalid email addresses but I'm not going to try that as I want to continue using spamdyke. I have spamdyke-qrv compiled/installed correctly as I can run it successfully from the command line: #spamdyke-qrv -v domain.com invalid returns no output but -vv shows UNAVAILABLE RECIPIENT #spamdyke-qrv -v domain.com valid QRV-ALLOWED(main@spamdyke-qrv.c:60): VALID ADDRESS My issue is when my server receives an email I don't see spamdyke-qrv being executed (from looking at the /var/log/maillog file). I only see spamdyke entries but no spamdyke-qrv entries so I'm assuming that is why the rejecting of invalid email addresses is still not working. My /etc/spamdyke.conf file contains among other things: reject-recipient=invalid recipient-validation-command=/usr/local/bin/spamdyke-qrv My /etc/xinetd.d/smtp_psa contains: server_args = -Rt0 /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true I'm guessing I'm missing something simple but can't see it currently. If anyone can offer a suggestion on what I'm doing wrong and what I need to do to fix this I would appreciate it. Thanks, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] double free or corruption (fasttop) error
Hi, I just recently started seeing the following error "*** Error in `/usr/local/bin/spamdyke': double free or corruption (fasttop): 0x02008910 ***" in my maillog file: Aug 13 03:49:56 ns3 spamdyke[29333]: FILTER_EARLYTALKER delay: 5 Aug 13 03:49:56 ns3 /var/qmail/bin/relaylock[29349]: /var/qmail/bin/relaylock: mail from 182.108.26.113:58901 (not defined) Aug 13 03:49:58 ns3 spamdyke[29333]: *** Error in `/usr/local/bin/spamdyke': double free or corruption (fasttop): 0x02008910 *** Aug 13 04:18:45 ns3 spamdyke[12359]: FILTER_EARLYTALKER delay: 5 Aug 13 04:18:45 ns3 /var/qmail/bin/relaylock[12363]: /var/qmail/bin/relaylock: mail from 123.180.44.123:65419 (not defined) Aug 13 04:18:45 ns3 spamdyke[12359]: ERROR(output_writeln()@log.c:104): unable to write 26 bytes to file descriptor 1: Connection reset by pe$ Aug 13 04:18:45 ns3 spamdyke[12359]: *** Error in `/usr/local/bin/spamdyke': double free or corruption (fasttop): 0x00d42910 *** Aug 13 09:34:40 ns3 spamdyke[23746]: FILTER_EARLYTALKER delay: 5 Aug 13 09:34:40 ns3 /var/qmail/bin/relaylock[23747]: /var/qmail/bin/relaylock: mail from 182.108.26.110:49171 (not defined) Aug 13 09:34:40 ns3 spamdyke[23745]: FILTER_EARLYTALKER delay: 5 Aug 13 09:34:40 ns3 /var/qmail/bin/relaylock[23748]: /var/qmail/bin/relaylock: mail from 182.108.26.110:65523 (not defined) Aug 13 09:34:40 ns3 spamdyke[23745]: ERROR(output_writeln()@log.c:104): unable to write 26 bytes to file descriptor 1: Connection reset by pe$ Aug 13 09:34:40 ns3 spamdyke[23745]: *** Error in `/usr/local/bin/spamdyke': double free or corruption (fasttop): 0x01100910 *** Aug 13 09:34:40 ns3 spamdyke[23746]: *** Error in `/usr/local/bin/spamdyke': double free or corruption (fasttop): 0x008d0910 *** Aug 13 11:12:08 ns3 spamdyke[15964]: FILTER_EARLYTALKER delay: 5 Aug 13 11:12:08 ns3 /var/qmail/bin/relaylock[15965]: /var/qmail/bin/relaylock: mail from 123.180.44.123:65372 (not defined) Aug 13 11:12:08 ns3 /var/qmail/bin/relaylock[15966]: /var/qmail/bin/relaylock: mail from 147.253.212.241:49927 (mta-212-241.sparkpostmail.com) Aug 13 11:12:09 ns3 spamdyke[15962]: FILTER_EARLYTALKER delay: 5 Aug 13 11:12:09 ns3 spamdyke[15964]: *** Error in `/usr/local/bin/spamdyke': double free or corruption (fasttop): 0x010f7910 *** Aug 13 11:12:09 ns3 /var/qmail/bin/relaylock[15967]: /var/qmail/bin/relaylock: mail from 123.180.44.123:65348 (not defined) Aug 13 11:12:09 ns3 spamdyke[15962]: ERROR(output_writeln()@log.c:104): unable to write 26 bytes to file descriptor 1: Connection reset by pe$ Aug 13 11:12:09 ns3 spamdyke[15962]: *** Error in `/usr/local/bin/spamdyke': double free or corruption (fasttop): 0x01913910 *** I saw a previous post from 2015 on this subject but it didn't seem to have a solution. It appears this error only occurs when FILTER-EARLYTALKER delay is executed. OS: CentOS Linux 7.6.1810 (Core) Product: Plesk Onyx Version 17.8.11 Update #64, last updated on Aug 13, 2019 01:14 PM Spamdyke version: spamdyke 5.0.1+TLS+CONFIGTEST+DEBUG Can anyone offer a solution to eliminating this error? Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org https://spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] how to block from= empty address
Hi, Recently I started receiving spam from addresses that show up in Outlook mail client as info.qogo...@nwnsoyuqem.sicotti.nl or some other subdomain of sicotti.nl. I thought I could block these messages by adding @.sicotti.nl to the sender-blacklist-file but that didn't work. Upon further investigation in my server logs I see that the "from=" parameter shows nothing (ie. blank) as can be seen below. I'm guessing that is why my blocking attempt is failing. How do I block emails with no "from=" information? Feb 13 16:42:12 ns3 /var/qmail/bin/relaylock[2062]: /var/qmail/bin/relaylock: mail from 52.252.134.30:43487 (adsfsdf-i25p.northcentralus.cloudapp.azure.com) Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: Handlers Filter before-queue for qmail started ... Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: from= Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: to=u...@domain.ca Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: handlers_stderr: INFO:__main__:No SMTP AUTH and not running in sendmail context (incoming or unrestricted outgoing mail). SKIP message. Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: handlers_stderr: SKIP Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: SKIP during call 'limit-out' handler Feb 13 16:42:13 ns3 check-quota[2071]: Starting the check-quota filter... Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: handlers_stderr: SKIP Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: SKIP during call 'check-quota' handler Feb 13 16:42:13 ns3 spf[2072]: Starting the spf filter... Feb 13 16:42:13 ns3 spf[2072]: SPF status: PASS Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: handlers_stderr: PASS Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: PASS during call 'spf' handler Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: starter: submitter[2073] exited normally Feb 13 16:42:13 ns3 qmail: 1613252533.502273 new msg 8150512 Feb 13 16:42:13 ns3 qmail: 1613252533.502305 info msg 8150512: bytes 1852 from <> qp 2073 uid 2020 Feb 13 16:42:13 ns3 spamdyke[2053]: ALLOWED from: (unknown) to: u...@domain.ca origin_ip: 52.252.134.30 origin_rdns: adsfsdf-i25p.northcentralus.cloudapp.azure.com auth: (unknown) encryption: (none) reason: $ Regards, Shane Bywater ___ spamdyke-users mailing list spamdyke-users@spamdyke.org https://spamdyke.org/mailman/listinfo/spamdyke-users
