Re: [spamdyke-users] Error unable to write to SSL/TLS stream

[Sam Clippinger via spamdyke-users]

The timing in those log messages looks very suspicious to me -- it looks like 
the error occurs after exactly 5 minutes of inactivity.  If spamdyke's timeout 
features are disabled, there must be some other link in your setup enforcing a 
5 minute timeout.  Just spitballing here, maybe it's a firewall or a load 
balancer?  Is your qmail patched to invoke an external spam scanner or anything?

-- Sam Clippinger




> On Mar 3, 2021, at 11:22 AM, Alessio Cecchi via spamdyke-users 
>  wrote:
> 
> Hi,
> 
> when a specific company send an email to us we receive the messages many 
> times, but only if they insert into recipients about 50 email address of the 
> same domain, if they sent the same email to only one recipients all works 
> fine.
> After some investigation, with "full-log-dir" enabled, we discovered that our 
> qmail send a "421 timeout" to remote server but when the email is already 
> accepted, so the remote server try again and so on.
> 
> Debug log, please note the delay from the last . and the error, five minutes 
> and note that "421 timeout" error was sent before of "250 ok" from qmail:
> 
> 
> 
> [...]
> 03/02/2021 12:03:00 FROM REMOTE TO CHILD: 3 bytes TLS
> .
> 
> 03/02/2021 12:08:01 LOG OUTPUT TLS
> ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The 
> operation failed due to an I/O error, Connection reset by peer
> ERROR(output_writeln()@log.c:104): unable to write 37 bytes to file 
> descriptor 1: Connection reset by peer
> 
> 03/02/2021 12:08:01 FROM SPAMDYKE TO REMOTE: 37 bytes TLS
> 421 Timeout. Talk faster next time.
> 
> 03/02/2021 12:08:01 LOG OUTPUT TLS
> TIMEOUT from: u...@company.biz  to: 
> u...@partnercompany.biz  origin_ip: 
> 40.107.3.43 origin_rdns: mail-eopbgr30043.outbound.protection.outlook.com 
> auth: (unknown) encryption: TLS reason: TIMEOUT
> 
> 03/02/2021 12:10:06 FROM CHILD, FILTERED: 28 bytes TLS
> 250 ok 1614683406 qp 12548
> 
> 03/02/2021 12:10:06 - TLS ended and closed
> 
> 03/02/2021 12:10:06 CLOSED
> 
> 
> So I set the timeout from 600 to 1200 in qmail-smtpd, remove "idle-timeout" 
> from spamdyke, and disable the softlimit, the error change but the problem is 
> still present:
> 
> 
> 
> 
> 03/02/2021 13:59:27 FROM REMOTE TO CHILD: 3 bytes TLS
> .
> 
> 03/02/2021 14:06:34 LOG OUTPUT TLS
> ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The 
> operation failed due to an I/O error, Connection reset by peer
> ERROR(output_writeln()@log.c:104): unable to write 26 bytes to file 
> descriptor 1: Connection reset by peer
> 
> 03/02/2021 14:06:34 FROM CHILD TO REMOTE: 26 bytes TLS
> 250 ok 1614690394 qp 765
> 
> 03/02/2021 14:06:34 LOG OUTPUT TLS
> ALLOWED from: u...@company.biz  to: 
> u...@partnercompany.biz  origin_ip: 
> 40.107.0.68 origin_rdns: mail-eopbgr00068.outbound.protect
> ion.outlook.com auth: (unknown) encryption: TLS reason: 
> 250_ok_1614690394_qp_765
> [...]
> ALLOWED from: us...@company.biz  to: 
> us...@partnercompany.biz  origin_ip: 
> 40.107.0.68 origin_rdns: mail-eopbgr00068.outbound.protection.outlook.com 
> auth: (unknown) encryption: TLS reason: 250_ok_1614690394_qp_765
> ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The 
> operation failed due to an I/O error, Unexpected EOF found
> 
> 03/02/2021 14:06:34 - TLS ended and closed
> 
> 03/02/2021 14:06:34 CLOSED
> 
> 
> Any suggestions?
> 
> Thanks
> -- 
> Alessio Cecchi
> Postmaster @ http://www.qboxmail.it 
> https://www.linkedin.com/in/alessice 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] how to block from= empty address

[Sam Clippinger via spamdyke-users]

I'm sure this has been discussed before, but I don't think spamdyke will block 
empty senders (I haven't dug through the code to verify this though).  Empty 
sender addresses are used by many mail servers to send bounce messages; 
blocking them would likely have some bad side effects.

For what you're trying to do, take a look at the header blacklist feature.  You 
should be able to block those spam messages with: From:*.sicotti.nl*

-- Sam Clippinger




> On Feb 13, 2021, at 4:28 PM, Shane Bywater via spamdyke-users 
>  wrote:
> 
> Hi,
> 
> Recently I started receiving spam from addresses that show up in Outlook mail 
> client as info.qogo...@nwnsoyuqem.sicotti.nl or some other subdomain of 
> sicotti.nl.  I thought I could block these messages by adding @.sicotti.nl to 
> the sender-blacklist-file but that didn't work.  Upon further investigation 
> in my server logs I see that the "from=" parameter shows nothing (ie. blank) 
> as can be seen below.  I'm guessing that is why my blocking attempt is 
> failing.  How do I block emails with no "from=" information?
> 
> Feb 13 16:42:12 ns3 /var/qmail/bin/relaylock[2062]: /var/qmail/bin/relaylock: 
> mail from 52.252.134.30:43487 (adsfsdf-i25p.northcentralus.cloudapp.azure.com)
> Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: Handlers Filter before-queue 
> for qmail started ...
> Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: from=
> Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: to=u...@domain.ca
> Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: handlers_stderr: 
> INFO:__main__:No SMTP AUTH and not running in sendmail context (incoming or 
> unrestricted outgoing mail). SKIP message.
> Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: handlers_stderr: SKIP
> Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: SKIP during call 'limit-out' 
> handler
> Feb 13 16:42:13 ns3 check-quota[2071]: Starting the check-quota filter...
> Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: handlers_stderr: SKIP
> Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: SKIP during call 
> 'check-quota' handler
> Feb 13 16:42:13 ns3 spf[2072]: Starting the spf filter...
> Feb 13 16:42:13 ns3 spf[2072]: SPF status: PASS
> Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: handlers_stderr: PASS
> Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: PASS during call 'spf' handler
> Feb 13 16:42:13 ns3 qmail-queue-handlers[2065]: starter: submitter[2073] 
> exited normally
> Feb 13 16:42:13 ns3 qmail: 1613252533.502273 new msg 8150512
> Feb 13 16:42:13 ns3 qmail: 1613252533.502305 info msg 8150512: bytes 1852 
> from <> qp 2073 uid 2020
> Feb 13 16:42:13 ns3 spamdyke[2053]: ALLOWED from: (unknown) to: 
> u...@domain.ca origin_ip: 52.252.134.30 origin_rdns: 
> adsfsdf-i25p.northcentralus.cloudapp.azure.com auth: (unknown) encryption: 
> (none) reason: $
> 
> Regards,
> Shane Bywater
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] How to hide RBL name in responses

[Sam Clippinger via spamdyke-users]

Unfortunately there's no option to hide the RBL name, but you could update the 
code to hide it.  The log message is generated by filter.c on line 1692.  If 
you change the 7th parameter to set_rejection() from this:
(tmp_buf[0] != '\0') ? tmp_buf : name_array[rbl_index]
to:
NULL
That should do it.

-- Sam Clippinger




> On Oct 12, 2020, at 3:57 AM, Alessio Cecchi via spamdyke-users 
>  wrote:
> 
> Hi,
> 
> since many commercial DNSBL are providing access to their RBL with a "key" 
> (es. 1234abcd.zen.dq.spamhaus.net.) we need to hide the RBL name in the 
> response in order to not divulgate our secret key.
> 
> Can we customize the text response for IP in RBL with spamdyke and omitting 
> the specific RBL name?
> 
> I tried with "rejection-text-dns-blacklist" but the RBL is always shown.
> 
> Thanks
> -- 
> Alessio Cecchi
> https://www.linkedin.com/in/alessice 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] FreeBSD 12.1 problems compiling with TLS

[Sam Clippinger via spamdyke-users]

The configure script is trying to find the library that contains 
SSL_library_init() so it'll know what flags to use with gcc.  It tries libssl 
and libcrypto, but obviously that isn't working on your new OS.  The source 
code for the test program is in the config.log file along with the gcc commands 
it tested.  If you could figure out the correct command to compile, we should 
be able to update the configure script to use it.  It might just be a case of 
libcrypto.so being in an unexpected folder; it's possible just adding the -L 
flag or setting LIBRARY_PATH might fix it.

-- Sam Clippinger




> On Oct 22, 2020, at 3:10 PM, Pablo Murillo (rednet) via spamdyke-users 
>  wrote:
> 
> Hi
> 
> I'm upgrading few server from FreeBSD 11.4 to 12.1 and I found that the port 
> fot SpamDyke is broken, so I compile "manually" and I found a problem with 
> OpenSSL
> Spamdyke is not finding openssl, and openssl is installed
> 
> ./configure --enable-tls --without-debug-output
> checking for gcc... gcc
> checking whether the C compiler works... yes
> ...
> checking if openssl/ssl.h will include without additional include 
> directories... yes
> checking for library containing RSA_sign... -lcrypto
> checking for library containing SSL_library_init... no
> configure: error: in `/root/spamdyke-5.0.1/spamdyke':
> configure: error: --enable-tls was given but OpenSSL was not found
> 
> I'm sending the config.log attached
> 
> Pablo Murillo
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Infinite loop of logged errors: unable to read from SSL/TLS stream

[Sam Clippinger via spamdyke-users]

2.8M lines in 34 seconds?  Yikes!  Sounds like an infinite loop.

It's been a while since I've looked at that code (and I apologize I don't have 
time to go through it in detail), but that error message is only printed from 
one place in spamdyke's code.  It runs when a TLS/SSL session is active and 
data is waiting to be read from the network connection.  If tls_read() 
encountered an error in the OpenSSL library and didn't actually read any data, 
spamdyke's main loop would see data waiting and call tls_read() again.  That 
could cause an infinite loop.

If I'm reading the error message correctly, SSL_get_error() must have returned 
SSL_ERROR_SSL, which is the catch-all code for a protocol or library failure.  
I think reason 255 is SSL_R_UNKNOWN_STATE, another catch-all error code.

There are a few things you could try.  As Bucky Carr pointed out, the softlimit 
program causes all kinds of problems and leads to very strange errors and 
crashes.  If you can remove it, you should.  If not, you could try increasing 
the memory limit (try doubling it) and see if that changes anything.  Choosing 
a memory limit for softlimit is just a guessing game anyway; maybe you need to 
guess higher?

You could also try upgrading OpenSSL.  Your version is very old and this 
spamdyke error may be caused by a bug OpenSSL has already fixed.  (Plus, 
OpenSSL 1.0.1e contains a huge number of serious CVEs which upgrading would 
fix.)

And also you could try upgrading spamdyke.  Between versions 4 and 5, I made a 
lot of changes and the changelog mentions tls_read() specifically.  This could 
be a bug I've already fixed.

I hope that helps, good luck!

-- Sam Clippinger




> On Jun 24, 2020, at 11:36 PM, Quinn Comendant via spamdyke-users 
>  wrote:
> 
> Hello all,
> 
> Recently, I checked the smtp log files of my qmailtoaster server, and found 
> millions of the following error message written to the smtp log:
> 
>  spamdyke[4875]: ERROR: unable to read from SSL/TLS stream: A protocol or 
> library failure occurred, error:140800FF:lib(20):func(128):reason(255)
> 
> I restarted the mail-related services (qmailctl stop && qmailctl start), and 
> the errors stopped. I thought it was a fluke, since I had never seen this in 
> the decade+ I've been managing this server. However, a few days later, I 
> found the same thing. Again, I restarted and the errors stopped.
> 
> The really weird thing is that all the errors that were logged (~ 2.8 million 
> lines) occurred over 34 seconds (from 2020-06-25 03:47:58 to 2020-06-25 
> 03:48:36)! I'd guess that only *one* error occurred (memory error? 
> buffer-overrun?) which somehow caused an infinite loop of logging. 
> 
> Although the last logged error was at 2020-06-25 03:48:36, I didn't discover 
> the issue until 2020-06-25 04:10, which means there was at least a 20 minute 
> delay between when the log line was time-stamped and when the line was 
> finally added to the log, perhaps caused by IO constraints).
> 
> So there's a couple issues I'm worried about:
> 
> 1. why did spamdyke get stuck in an infinite loop?
> 2. what caused this error in the first place?
> 
> Versions:
> 
>  OpenSSL 1.0.1e-fips 11 Feb 2013
>  spamdyke 4.3.1+TLS+CONFIGTEST+DEBUG+EXCESSIVE
> 
> Spamdyke is executed via the /var/qmail/supervise/smtp/run file:
> 
>  QMAILDUID=`id -u vpopmail`
>  NOFILESGID=`id -g vpopmail`
>  MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
>  SPAMDYKE="/usr/bin/spamdyke"
>  SPAMDYKE_CONF="/etc/spamdyke.conf"
>  SMTPD="/var/qmail/bin/qmail-smtpd"
>  TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
>  HOSTNAME=`hostname`
>  VCHKPW="/home/vpopmail/bin/vchkpw"
>  REQUIRE_AUTH=0
> 
>  exec /usr/bin/softlimit -m 9900 \
>   /usr/bin/tcpserver -R -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
>   -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
>   $SPAMDYKE --config-file $SPAMDYKE_CONF \
>   $SMTPD $VCHKPW /bin/true 2>&1
> 
> Thanks!
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Segfault in spamdyke (libc-2.14.1.so) since use of version 5 | *** glibc detected *** /usr/local/bin/spamdyke: double free or corruption (fasttop):

[Sam Clippinger via spamdyke-users]

H looks like a bug, but because spamdyke is compiled C, there's almost 
no way to tell how it happened.  If you updated your OS but didn't update 
spamdyke, I'd suggest making sure you're on the latest version of spamdyke and 
recompiling it on your updated OS.  If you still see crashes, the best way to 
troubleshoot them would be to find a reliable way to reproduce them -- using 
spamdyke's "full-log-dir" option to capture the input, for example.  Failing 
that, I could send you some updates for your Makefile to recompile spamdyke 
with an address sanitizer that will produce must larger (and much more 
informative) crash messages.

-- Sam Clippinger




> On Mar 30, 2020, at 7:51 PM, Webtao via spamdyke-users 
>  wrote:
> 
> Hi Sam,
> 
> First of all, thank you for managing spamdyke :-)
> 
> Lately, I updated my Centos 6.5 and suddenly got this error :
> 
> *** glibc detected *** /usr/bin/spamdyke: double free or corruption 
> (fasttop): 0x0127afe0 ***
> === Backtrace: =
> /lib64/libc.so.6(+0x75e5e)[0x7fad8a556e5e]
> /lib64/libc.so.6(+0x78cad)[0x7fad8a559cad]
> /usr/bin/spamdyke[0x41e7f7]
> /usr/bin/spamdyke[0x41797e]
> /lib64/libc.so.6(__libc_start_main+0x100)[0x7fad8a4ffd20]
> /usr/bin/spamdyke[0x402849]
> 
> Do you have any idea to resolve this?
> 
> Thank you for your help, Lenawaii
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Can I get SD going with IndiMail

[Sam Clippinger via spamdyke-users]

Yikes!  I don't think that's going to be possible.  spamdyke was written 
specifically for qmail and makes a lot of assumptions about how qmail works.  
For example, the way it controls relaying is by setting an environment variable 
that qmail checks, tt reads lots of files from /var/qmail that must be in 
qmail's peculiar formats, etc.  It's very unlikely any other mail software is 
going to work the same way (I would hope not!).

As for running spamdyke in a non-proxying mode that can just evaluate the input 
and return a code, it doesn't currently do that either.  I'm not sure how well 
that would work anyway -- most of spamdyke's filters rely on intercepting the 
SMTP protocol before the message actually begins, only one or two filters 
examine the message content itself.

I've long wanted to restructure spamdyke to work as a more basic SMTP proxy -- 
accept an incoming TCP connection and open an outgoing TCP connection, then 
forward everything along and cut it off if a filter is tripped.  That would let 
it work seamlessly with any email server, not just qmail.  That would also 
provide a chance to rework spamdyke's configuration and remove its dependence 
on qmail-specific files.  It might even be time to reimplement spamdyke in a 
different language (probably Go).  Unfortunately my life has changed 
dramatically over the last few years and my free time now is measured in (a 
small number of) minutes per week and spamdyke development is off the table.  
If anyone else is interested in picking up the torch, I'd be happy to help 
migrate the project to Github (or similar) and consult if desired.

-- Sam Clippinger




> On Mar 29, 2020, at 2:32 AM, Philip Rhoades via spamdyke-users 
>  wrote:
> 
> Sam,
> 
> I am gradually getting organised to change my netqmail installation over to 
> IndiMail:
> 
>  http://www.indimail.org
> 
> but have struck problems with getting SD working with it.  It looks like SD 
> is hard-coded to expect stuff to be in:
> 
>  /var/qmail
> 
> What files does SD need from qmail?
> 
> Is there a non-SMTP invocation which just takes mail on stdin and outputs the 
> same on stdout and exists with a return value depending on whether the mail 
> was spam or not spam? ie exits with some return value?
> 
> Thanks,
> 
> Phil.
> -- 
> Philip Rhoades
> 
> PO Box 896
> Cowra  NSW  2794
> Australia
> E-mail:  p...@pricom.com.au
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] SERVFAIL on dns-server-ip-primary does not fail-over

[Sam Clippinger via spamdyke-users]

Sorry, I missed your earlier email.  I'll try to answer both questions here.

Unless you're setting spamdyke's dns-level option, it should be using the 
primary servers in order, followed by the secondary servers in order, every 
time it runs.  If you're just setting the three DNS servers and not using any 
other dns-* options, the logic should look like this:
Total DNS query time is 30 seconds (override with dns-timeout-secs)
Max number of DNS queries to primary servers before using secondaries 
is 1 (override with dns-max-retries-primary)
Max number of DNS queries total is 3 (override with 
dns-max-retries-total)
Send query packet to 127.0.0.1, wait 10 seconds for a response (total 
query time divided by max number of queries)
If a response is received, use it and stop.
Send query packet to 10.128.0.9, wait 10 seconds for a response
If a response is received, use it and stop.
The number of queries to primary servers is greater than 1, start using 
secondaries as well
Send query packet to 169.254.169.254, wait 10 seconds for a response
If a response is received, use it.  Otherwise exit with no response.
Randomizing the order of the servers would probably be a good idea (or 
option) I think I didn't do that because I was trying to imitate the 
behavior of the system resolver library, which uses the servers in 
/etc/resolv.conf in order every time.

Looking at the code in dns.c, spamdyke treats an empty response as "not found" 
and doesn't check whether it was due to SERVFAIL or NXDOMAIN.  If memory 
serves, I did this because there's no real difference between them as far as 
spamdyke is concerned.  In other words, NXDOMAIN means the domain doesn't exist 
at all while SERVFAIL means the domain exists but no records can be found 
(usually because the authoritative servers aren't responding).  Either way, the 
mail should be rejected with a temporary code so the sender will try again 
later (hoping the problem will resolve itself in the meantime).  If the problem 
persists long enough, the message(s) may bounce.  Unfortunately there's no DNS 
code to indicate the server is malfunctioning and shouldn't be used -- spamdyke 
expects it to stop sending responses when that happens.


-- Sam Clippinger




> On Mar 11, 2019, at 6:58 PM, Quinn Comendant via spamdyke-users 
>  wrote:
> 
> We had an incident where both our local caching name servers stopped working. 
> They returned SERVFAIL (see example below). They were set as the 
> "dns-server-ip-primary" and our host-provided DNS server was set as the 
> "dns-server-ip". Because the primaries were failing, I would expect spamdyke 
> to automatically switch to resolve via the server set under "dns-server-ip". 
> Instead, spamdyke just rejected all our mail for a few hours with 
> DENIED_RDNS_MISSING. The host-provide name server was functioning fine.
> 
> This is the config:
> 
>dns-server-ip-primary=127.0.0.1# Local caching name server
>dns-server-ip-primary=10.128.0.9 # Another local caching name server
>dns-server-ip=169.254.169.254# Host-provided name server
> 
> This is an example response from a query to either of the primary DNS servers:
> 
>{q@oak3~} dig @10.128.0.9 apple.com mx
> 
>; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.68.rc1.el6_10.1 <<>> @10.128.0.9 
> apple.com mx
>; (1 server found)
>;; global options: +cmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52266
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
>;; QUESTION SECTION:
>;apple.com. IN  MX
> 
>;; Query time: 15 msec
>;; SERVER: 10.128.0.9#53(10.128.0.9)
>;; WHEN: Mon Mar 11 05:10:32 2019
>;; MSG SIZE  rcvd: 27
> 
> Am I wrong to expect spamdyke to fail over to the non-primary server on a 
> SERVFAIL?
> 
> Quinn
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] TLS and LibreSSL

[Sam Clippinger via spamdyke-users]

I have no idea -- I've never used LibreSSL.  As long as they've only updated 
the internal library code and not changed the API, it'll probably work fine.

-- Sam Clippinger




On May 26, 2018, at 2:42 PM, BC via spamdyke-users 
 wrote:

> 
> Will spamdyke compile with TLS using the LibreSSL libraries?
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] ip-whitelist-entry Not Working

[Sam Clippinger via spamdyke-users]

Yes and no -- comment delimiters are only allowed at the start of a line, not 
in the middle (allowing mid-line comments would have required making the config 
file parser much smarter).  However, because the parser is expecting to find an 
IP address on each line and the line begins with an IP address, it matches.  
Technically that's a bug... but it's helpful in this case.

If the message "FILTER_WHITELIST_IP" is appearing, the IP is matching the entry 
and the connection is being whitelisted; the message should be getting 
delivered.  What other log messages are you seeing from spamdyke?  Are there 
any DENIED log entries?  If you aren't seeing either ALLOWED or DENIED, the 
client isn't completing the SMTP transaction for some reason.  Sometimes this 
happens when spamdyke injects its output into the SMTP transaction and a client 
is written to expect a very specific response.  I suggest using the 
full-log-dir option to capture the entire transaction to a file so you can see 
exactly what each side is sending and where the connection is being broken.

-- Sam Clippinger




On Jun 3, 2018, at 1:41 PM, Eric Broch via spamdyke-users 
 wrote:

> can you have a comment (# philsdiscourse) on your IP whitelist entry line? 
> maybe, remove '#philsdiscourse'  and see what happens.
> 
> 
> On 6/3/2018 12:05 PM, Philip Rhoades via spamdyke-users wrote:
>> People,
>> 
>> I am trying to use my host qmail server as a relay for a docker container 
>> that is running on the host but mails are not being accepted - I have this 
>> in spamdyke.conf:
>> 
>>   ip-whitelist-entry=172.17.0.6 # philsdiscourse
>> 
>> and I see this in the logs:
>> 
>>   Jun  4 03:53:59 prix spamdyke[28801]: FILTER_RDNS_MISSING ip: 172.17.0.6
>>   Jun  4 03:53:59 prix spamdyke[28801]: FILTER_WHITELIST_IP ip: 172.17.0.6 
>> entry: 172.17.0.6 # philsdiscourse
>> 
>> but there is no ALLOW line that follows and the mail fails to be delivered - 
>> what am I missing?  If I use swaks from the container, mail does get 
>> delivered OK but that is because spamdyke is being bypassed . .
>> 
>> Thanks,
>> 
>> Phil.
> 
> -- 
> Eric Broch
> White Horse Technical Consulting (WHTC)
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> https://spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
https://spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Block senders based on username

[Sam Clippinger via spamdyke-users]

Unfortunately no, spamdyke can't block messages based only on the username.  It 
has a wildcard format to block any username at a given domain name but no 
wildcard to block a given username at any domain.

However, if the sender also puts the username in the "From" line of the 
message, the header blacklist filter could block it.  Hopefully that would work 
for you.

-- Sam Clippinger




On Oct 15, 2017, at 3:26 PM, mohaa via spamdyke-users 
 wrote:

> Marcin, of course i did and both do not match my situation
> If you mean "it is not described, so it doesn't work" - then you are right.
> 
> Regards,
> Arne
> 
>> mohaa via spamdyke-users wrote on 15.10.2017 22:02:
>>> ist is possible to block senders based on the unsername in their sender 
>>> address?
>>> Like block all sales@
>> RTFM? :)
>> https://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
>> +
>> https://www.spamdyke.org/documentation/README.html#HEADERS
>> Regards,
> 
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Question about headers

[Sam Clippinger via spamdyke-users]

Keep in mind that "Received" lines are written in reverse order, so the top 
line always the newest.  Also, "Received" lines are trivial to fake and 
spammers often do insert fake lines to throw off scanners.

But assuming all the lines you sent are genuine, it looks like user 3048 
invoked a qmail command somehow (e.g. command line, webmail, spambot) and 
created a message (line 6), which then connected to a qmail daemon over a 
network socket and delivered it (line 5).  Line 4 shows it arriving at 
mx2.serversur.net from 204.58.254.207.  That IP is not smtp.wpac.com, even 
though its reverse DNS claims it is.  Also, connecting to 204.58.254.207 on 
port 465 shows a Sendmail greeting banner, not qmail, so it's unlikely lines 5 
and 6 were generated by that server.  Line 3 shows the message arriving at 
smtp.wpac.com from 188.33.156.68.  The rest of this line seems to match the 
Sendmail version in the greeting banner on 204.58.254.207.  Line 2 shows the 
message arriving on rng031.serversur.net from 192.168.0.103 -- I'm guessing 
this is where your edge server delivered to your internal server.  Line 1 shows 
qmail on the internal server accepting the message.

Personally, I think lines 3-6 are bogus.  The timestamps don't make sense (the 
message seems to travel forwards and backwards in time), the order of 
deliveries don't make sense and the DNS records don't match up.  If line 4 is 
correct and the message really passed through mx2.serversur.net twice, the logs 
on that server should show it.  I'd trust your logs, not the message headers.

-- Sam Clippinger




On Aug 22, 2017, at 2:00 PM, Pablo Murillo  wrote:

> Hi
> 
> I´m a little confuse
> We have 4 MXs, the names are mx1.serversur.net to mx4, every one has the same 
> spamdyke.conf and deliver the valid emails using the internal network to the 
> correspondig server
> So ... I have these headers of an email that is SPAM, and now, I´m lost
> 
> For what I see in the 1st Received, the email is generated for the UID of the 
> user assigned to the domain (this is right, the UID belong to the user we 
> assigned to the domain)
> The 3rd Received is for 204.58.254.207 receiving an email from my MX2 server ?
> Is this right ? or  I'm misreading the headers ?
> 
> -
> Received: (qmail 5105 invoked from network); 22 Aug 2017 13:18:28 -
> Received: from unknown (HELO mx2.serversur.net) (192.168.0.103)
> by rng031.serversur.net with SMTP; 22 Aug 2017 13:22:18 -
> Received: from 10.0.0.40 (user-188-33-156-68.play-internet.pl [188.33.156.68])
> (authenticated bits=0)
> by smtp.wpac.com (8.14.4/8.14.4) with ESMTP id v7MDVVfi011904
> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)
> for ; Tue, 22 Aug 2017 06:32:22 -0700
> Received: from unknown (HELO smtp.wpac.com) (204.58.254.207)
> by mx2.serversur.net with SMTP; 22 Aug 2017 13:18:28 -
> Received: (qmail 60824 invoked from network); 22 Aug 2017 13:22:18 -
> Received: (qmail 60837 invoked by uid 3048); 22 Aug 2017 13:22:18 -
> From: 
> To: 
> Date: Tue, 22 Aug 2017 11:32:24 -0300
> Message-ID: 198706278.2017822133...@.com.ar
> - 

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Rejecting Messages by Header Content question

[Sam Clippinger via spamdyke-users]

Any message headers can be filtered.  On my own server, most of my filters are 
for "From" and "Subject", but one very persistent spammer recently forced me to 
add a "To" filter as well.  I try to add as few header filters as possible, but 
it just depends what the incoming spam looks like.

-- Sam Clippinger




On Aug 18, 2017, at 12:02 PM, Pablo Murillo (rednet) via spamdyke-users 
 wrote:

> Hi
> 
> Which are the valid headers to filter ?
> 
> I think, the obviuos ones are: FROM SUBJECT
> REPLY-TO
> 
> But..
> 
> Return-Path:
> Message-ID:
> Received:
> List-*
> 
> Are allowed ?
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Graylisting delivery failure notifications

[Sam Clippinger via spamdyke-users]

That's very unusual, it sounds like a setting on their server.  It's been a 
long time, but I remember a setting on old sendmail servers that would send an 
"advisory message" if an email had been sitting in the queue too long.  It was 
just a "by the way" notice (and it always confused every user who received it), 
saying the server had failed to deliver the message so far but it would 
continue trying for X hours.  Maybe something like that is happening here -- 
the message is being stopped by graylisting but the remote server doesn't retry 
it very often, so it sits in the queue long enough to send a warning to the 
user?  I suppose you could fix it by either reducing the overall graylisting 
time on your server or by turning off graylisting for messages from their 
domain (using a configuration directory).

-- Sam Clippinger




On Aug 18, 2017, at 11:24 AM, Quinn Comendant via spamdyke-users 
 wrote:

> A client using our Spamdyke-enabled mail server has reported someone sending 
> them an email received a "bounce" message notifying the sender that the 
> messages has been graylisted (see the delivery failure notification below). 
> They did receive the message (graylisting works well for us).
> 
> This is the first time I've heard of a soft failure resulting in a 
> notification returning to the sender. If graylisting is a common practice, 
> these notifications must be terribly annoying, however the sender (from the 
> cdph.ca.gov network) seems surprised by the message. So either: A) 
> graylisting is not very common, or B) cdph.ca.gov has an uncommon setup that 
> sends annoying bounce messages.
> 
> If graylisting will result in annoying senders with delivery failure 
> notifications, I'd prefer to avoid that by disabling graylisting (doesn't 
> matter who is to blame, what the RFCs say, etc).
> 
> What do y'all think? 
> 
> Regards,
> Quinn
> 
> The delivery failure notification received:
> 
>> Hi Barb and Steph - 
>> 
>> When the email below went out yesterday, the following message was received:
>> 
>> redac...@clientdomain.org...
>> Deferred: 421 Your address has been graylisted. Try again later.
>> 
>> redac...@clientdomain.org...
>> Deferred: 421 Your address has been graylisted. Try again later.
>> 
>> Patricia 
>> Care Operations Advisor
>> Office of AIDS
>> California Department of Public Health
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] for some recipients, skip graylisting

[Sam Clippinger via spamdyke-users]

Unfortunately, there really isn't a more elegant way.  You could either add 
them to a recipient whitelist file, which would bypass all filters, or you 
could use the addresses to create files in a config-dir folder to just turn off 
graylisting for those addresses.  But neither of those options will match a 
glob pattern, they'll only match a list of specific addresses.

Sorry!

-- Sam Clippinger




On May 19, 2017, at 3:30 PM, Amitai Schleier via spamdyke-users 
 wrote:

> I use spamdyke's graylisting feature for all incoming mail. I still generally 
> find it helpful. (Thanks!)
> 
> I have a set of addresses that are purpose-specific and unpublicized, and I'd 
> like to skip graylisting for messages addressed to these recipients.
> 
> [Spammers, please stop reading here ;-)]
> 
> The recipient addresses I'd like to whitelist match the glob 
> "schmonz-web-*@schmonz.com". Most of them don't have their own .qmail 
> instructions, so I can't generate a list of addresses from .qmail files. They 
> mostly all deliver via a matching .qmail-default (specifically, 
> .qmail-com-schmonz-web-default).
> 
> I _do_ want to continue graylisting everything else @schmonz.com.
> 
> Do I need to scan my email archive, build up a list of every schmonz-web-foo 
> recipient I want to whitelist, put them all in a recipient-whitelist-file, 
> and keep that file up-to-date as I invent new addresses? Or is there a more 
> elegant way to do what I want?
> 
> Thanks,
> 
> - Amitai
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] reject-sender - Looking for a new feature

[Sam Clippinger via spamdyke-users]

That would be pretty challenging to add.  spamdyke can already require the 
sender address to match the domain of the authentication username 
(reject-sender=authentication-domain-mismatch) but it doesn't read qmail's 
"assign" file at all.

In the long term, the best way to add something like this would probably be to 
allow spamdyke to run custom commands/scripts that perform additional checks.  
That would make it much easier to add one-off filters.

-- Sam Clippinger




On May 9, 2017, at 3:33 PM, Pablo Murillo (rednet) via spamdyke-users 
 wrote:

> Hi
> 
> I'm  looking for an option where the user login with u...@domain.com and
> write emails with u...@domain.com.ar , this is beacuse we have many domains
> with aliases (Vpopmail aliases)
> 
> The reject-sender=not-local solve part of the problem, but not all
> 
> Is there a chance to have a new option where the same user but with
> different domain can be accepted only if the domain is an alias of the login
> domain ?
> 
> Vpopmail use the file [QMAIL-DIR]/users/assign to "create" the aliases
> domains
> 
> Is too complex ?
> 
> Pablo Murillo
> 
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] reject-sender=none in spamdyke/_ip_/ directory not working

[Sam Clippinger via spamdyke-users]

Ah, I should have asked.  Yes, that option should work.

-- Sam Clippinger




On May 5, 2017, at 8:57 AM, Quinn Comendant via spamdyke-users 
 wrote:

> Update: I added `reject-sender=none` to /etc/spamdyke.conf and these errors 
> started appearing in the log:
> 
>2017-05-05 06:33:46.873563500 ERROR: Unknown configuration file option in 
> file /etc/spamdyke.conf on line 33: reject-sender
> 
> I realize now this config option is only for spamdyke 5. I'm currently using 
> spamdyke 4.3.1+TLS+CONFIGTEST+DEBUG+EXCESSIVE.
> 
> So I presume the corresponding config option for version 4 is 
> `reject-missing-sender-mx`. Would the correct syntax for disabling this in a 
> spamdyke/_ip_/… directory be like this:
> 
>   reject-missing-sender-mx=0
> 
> ?
> 
> Quinn
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] reject-sender=none in spamdyke/_ip_/ directory not working

[Sam Clippinger via spamdyke-users]

That should do it, assuming you also have a line in your main configuration 
file that says:
config-dir=/var/qmail/spamdyke
However, from the rDNS name, it looks like that sender could come from a huge 
list of IPs.  You might consider turning off the filter for the domain instead, 
like this:
/var/qmail/spamdyke/_sender_/com/changeyourflight/tz

And it's always possible you found a bug.  If you still can't make it work with 
the _sender_ folder, let me know and I'll do some testing too.

For what it's worth -- tz.changeyourflight.com doesn't just have no MX records, 
it has no DNS records at all.  I don't see any way that return address could 
work.

https://mxtoolbox.com/SuperTool.aspx?action=a%3atz.changeyourflight.com=toolpage

-- Sam Clippinger




On May 5, 2017, at 3:24 AM, Quinn Comendant via spamdyke-users 
 wrote:

> I've gotten this error:
> 
> 2017-05-05 03:16:52.533029500 spamdyke[30324]: DENIED_SENDER_NO_MX from: 
> bounces+1818979-7ef3-quinn=strangecode[.]c...@tz.changeyourflight.com to: 
> quinn[@]strangecode[.]com origin_ip: 167.89.72.110 origin_rdns: 
> o1678972x110.outbound-mail.sendgrid.net auth: (unknown) encryption: TLS 
> reason: (empty)
> 
> Indeed, "tz.changeyourflight.com" has no MX records.
> 
> I have tried to apply a custom setting for this sender's IP address by adding 
> a config file at:
> 
>   /var/qmail/spamdyke/_ip_/167/89/72/110
> 
> Containing:
> 
>   reject-sender=none
> 
> Then restarting qmail smtp with `qmailctl restart`.
> 
> I've used this method successfully in the past for `reject-empty-rdns=0` and 
> `reject-unresolvable-rdns=0`. However, it's not working for the 
> DENIED_SENDER_NO_MX error. The sending error continues to occur.
> 
> Have I set this up wrong?
> 
> Regards,
> Quinn
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] SD Stats Report #3 - more spam getting through

[Sam Clippinger via spamdyke-users]

Nice spreadsheet!  I don't have all the data you do, but just looking at my 
mail logs going back 1 month (excluding mailing list traffic), I gathered these 
reject/accept stats.  I apologize if the formatting is messed up:
Count   Percent
DENIED_RDNS_RESOLVE 72413   58.29
DENIED_RDNS_MISSING 26924   21.67
ALLOWED 67665.45
DENIED_SENDER_NO_MX 47303.81
DENIED_BLACKLIST_NAME   46303.73
DENIED_GRAYLISTED   33112.67
DENIED_RBL_MATCH20591.66
DENIED_IP_IN_CC_RDNS19361.56
TIMEOUT 776 0.62
DENIED_INVALID_RECIPIENT457 0.37
DENIED_OTHER127 0.10
DENIED_IP_IN_RDNS   71  0.06
DENIED_HEADER_BLACKLISTED   32  0.03
DENIED_SENDER_BLACKLISTED   6   0.00
DENIED_RECIPIENT_BLACKLISTED1   0.00
Total   124239  

Clearly I don't run a high traffic server, but:
- Numerically, the missing/unresolvable rDNS tests appear to be the 
most effective, though I haven't checked to see how many of those rejections 
were for valid email addresses.
- For my own peace of mind, blocking subject lines with the header 
blacklist has been the only way to stop persistent spammers from reaching me 
via outlook.com and gmail.com, which I'm not willing to block outright.
- The rDNS blacklist percentage appears to be very low but it's 
continually populated by my auto-blacklisting scripts and it's been very 
effective against organized groups (i.e. not botnets).  Even though I rarely 
add to those scripts, I'm still amazed at how many new domains it catches every 
day.
- I also use another set of scripts to automatically unsubscribe my 
users from "legitimate" mailing lists when they junk the messages (Gmail does 
this too).  Since my users usually can't tell the difference between "real" 
spam and "legitimate" spam (and they don't care), those scripts cut down their 
junk mail without blocking constantcontact.com and exacttarget.com (and others 
like them).

To answer your questions, you can block "To: undisclosed-recipients" with the 
header blacklist filter, if that's really how it appears in the message 
headers.  Blocking emails with no "To" line in the header isn't something 
spamdyke can do right now, sorry!


-- Sam Clippinger




On Apr 18, 2017, at 9:36 PM, Philip Rhoades via spamdyke-users 
 wrote:

> People,
> 
> It has been almost a year since the last report - here is the updated GD 
> Spreadsheet:
> 
>  
> https://docs.google.com/spreadsheets/d/1GqinPR2mA0Jz-uTZ2zVJgutpiDl62HNbn2gWGNpd7Tk/pubhtml
> 
> Unfortunately the amount of spam getting through the SD filtering, then seen 
> by me and being moved to the spam folder has gone up almost five times since 
> last year . . from the information I have now put more stuff in the black 
> From and To lists . .
> 
> I think the main problem is that my main email address is finding its way on 
> to more and more spam lists . .
> 
> How can I:
> 
> - reject mails with no "To:" address
> 
> - reject mails with a "To:" address of: "undisclosed-recipients"
> 
> Thanks,
> 
> Phil.
> -- 
> Philip Rhoades
> 
> PO Box 896
> Cowra  NSW  2794
> Australia
> E-mail:  p...@pricom.com.au
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Custom timeout for IP in DNS RBL

[Sam Clippinger via spamdyke-users]

I'm very sorry it's taken me so long to get back to you about this!

If you're willing to edit the code, I suggest changing spamdyke.c.  Change line 
1615 (the first line of an if statement) to this:
if (
And change line 1644 (the call to filter_dns_rbl()) to this:
if (filter_dns_rbl(current_settings, 
_settings->current_options->filter_action, 
_settings->current_options->filter_action_locked, 
_settings->current_options->rejection, 
_settings->current_options->rejection_buf, 
current_settings->current_options->reject_message_buf, MAX_BUF, 
current_settings->current_options->reject_reason_buf, MAX_BUF) == 
FILTER_DECISION_DO_FILTER) return_value = FILTER_FLAG_QUIT;
And change line 1668 (setting return_value) to this:
return_value = (return_value != FILTER_FLAG_QUIT) ? 
FILTER_FLAG_INTERCEPT : FILTER_FLAG_QUIT;
And change line 3400 (an if statement) to this:
if (0)
Then recompile with "make" and install the new spamdyke binary.

With those changes on lines 1615 and 3400, spamdyke will wait until the client 
sends the recipient addresses to check its filters (including DNS RBLs), the 
same way it does when a configuration directory is given.  However, the changes 
on lines 1644 and 1668 will make it quit when an RBL is matched, the same way 
it does when the client sends "QUIT", even if a sender or recipient whitelist 
is matched.  All other rejections should behave normally.

Caveat emptor: I haven't tested these suggestions or even attempted to compile 
them.  Good luck!

-- Sam Clippinger




On Mar 24, 2017, at 10:19 AM, Alessio Cecchi via spamdyke-users 
<spamdyke-users@spamdyke.org> wrote:

> Thanks Sam for your answer,
> 
> anyway it is crucial for us to avoid letting the timeout expire after "RCTP 
> TO" message in case of RBL check. So, even developing a custom patch, we need 
> something to prevent clients keeping the connection open after "554 Refused. 
> Your IP address is listed in the RBL at..." message.
> 
> We tried adding a simple exit(0) around line 1695 of filter.c just to test 
> the behavior but doing that the client is not able to connect anymore.
> 
> Can you suggest a (even dirty) way to workaround it or point me to the proper 
> direction to investigate it further?
> 
> This is an extract of the handshake message at the end of which we need to 
> close the communication
> 
> 220 popmx-staging.cloud.net ESMTP
> helo example.com
> 250 popmx-staging.cloud.net
> MAIL FROM: exam...@example.com
> 250 Refused. Your IP address is listed in the RBL at cidr.bl
> RCPT TO: t...@test.com
> 554 Refused. Your IP address is listed in the RBL at cidr.bl
> 
> < we need to close the connection in this moment (when we receive 554 
> Refused) instead of waiting for DATA and then waiting the default timeout.
> 
> Thanks for your time.
> 
> Alessio Cecchi
> 
> Il 19/03/2017 20:05, Sam Clippinger via spamdyke-users ha scritto:
>> Unfortunately no, spamdyke isn't designed with the idea of different 
>> timeouts for different reasons.  It will always keep the connection open as 
>> long as there is any chance the message could be allowed.  For example, if 
>> your configuration includes a recipient whitelist and the remote IP is 
>> blacklisted, spamdyke won't close the connection until the recipients are 
>> given, just in case one of them is on the whitelist.  Even when it's no 
>> longer possible to match a whitelist, spamdyke still won't close the 
>> connection because the remote client could sent a RSET command and begin a 
>> new session.
>> 
>> Your only option is to set a lower idle timeout, anything else would require 
>> a major refactoring of spamdyke's code.  Sorry!
>> 
>> -- Sam Clippinger
>> 
>> 
>> 
>> 
>> On Mar 10, 2017, at 4:11 AM, Alessio Cecchi via spamdyke-users 
>> <spamdyke-users@spamdyke.org> wrote:
>> 
>>> Hi,
>>> 
>>> some months ago we switch from rblsmtpd to spamdyke in order to have more 
>>> info in the log about blocked IP. But after switch to spamdyke the number 
>>> of concurrency incoming SMTP sessions was increased about 10 time.
>>> 
>>> This because with rblsmtpd we set a timeout of 10 seconds and spamdyke have 
>>> a global timeout that we set at 180 seconds (idle-timeout-secs). So when an 
>>> IP in blacklist connects to our MX it grabs a qmail-smtpd process for 180 
>>> seconds instead of 10.
>>> 
>>> Increasing the number of /var/qmail/control/concurrencyincoming is not a 
>>> solution because we expose our cluster to receive a number of sessions that 
>>> we could be unable to manage.
>&

Re: [spamdyke-users] Custom timeout for IP in DNS RBL

[Sam Clippinger via spamdyke-users]

Unfortunately no, spamdyke isn't designed with the idea of different timeouts 
for different reasons.  It will always keep the connection open as long as 
there is any chance the message could be allowed.  For example, if your 
configuration includes a recipient whitelist and the remote IP is blacklisted, 
spamdyke won't close the connection until the recipients are given, just in 
case one of them is on the whitelist.  Even when it's no longer possible to 
match a whitelist, spamdyke still won't close the connection because the remote 
client could sent a RSET command and begin a new session.

Your only option is to set a lower idle timeout, anything else would require a 
major refactoring of spamdyke's code.  Sorry!

-- Sam Clippinger




On Mar 10, 2017, at 4:11 AM, Alessio Cecchi via spamdyke-users 
 wrote:

> Hi,
> 
> some months ago we switch from rblsmtpd to spamdyke in order to have more 
> info in the log about blocked IP. But after switch to spamdyke the number of 
> concurrency incoming SMTP sessions was increased about 10 time.
> 
> This because with rblsmtpd we set a timeout of 10 seconds and spamdyke have a 
> global timeout that we set at 180 seconds (idle-timeout-secs). So when an IP 
> in blacklist connects to our MX it grabs a qmail-smtpd process for 180 
> seconds instead of 10.
> 
> Increasing the number of /var/qmail/control/concurrencyincoming is not a 
> solution because we expose our cluster to receive a number of sessions that 
> we could be unable to manage.
> 
> Can spamdyke close a connections with IP in blacklist after a time shorter 
> than idle-timeout-secs?
> 
> Here an example of timeout:
> 
> with spamdyke
> 
> $ time telnet mx01.mail.net 25
> Trying 192.168.1.135...
> Connected to mx01.mail.net.
> Escape character is '^]'.
> 220 mx01.mail.net ESMTP
> helo ciao.com
> 250 mx01.mail.net
> MAIL FROM: ales...@ciao.it
> 250 Refused. Your IP address is listed in the RBL at www.spamhaus.org: 
> http://www.spamhaus.org/query/bl?ip=19.9.131.86
> RCPT TO: ales...@ciao.com
> 554 Refused. Your IP address is listed in the RBL at www.spamhaus.org: 
> http://www.spamhaus.org/query/bl?ip=19.9.131.86
> 
> [ here we should close the connection ]
> 
> DATA
> 554 Refused. Your IP address is listed in the RBL at www.spamhaus.org: 
> http://www.spamhaus.org/query/bl?ip=19.9.131.86
> 421 Timeout. Talk faster next time.
> Connection closed by foreign host.
> 
> real3m46.105s
> user0m0.000s
> sys0m0.000s
> 
> with rblsmtpd:
> 
> $ time telnet mx01.mail.net 25
> Trying 192.168.1.135...
> Connected to mx01.mail.net.
> Escape character is '^]'.
> 220 rblsmtpd.local
> Connection closed by foreign host.
> 
> real0m10.389s
> user0m0.000s
> sys0m0.000s
> 
> Thanks
> 
> -- 
> Alessio Cecchi
> Postmaster @ http://www.qboxmail.it
> https://www.linkedin.com/in/alessice
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Problem with PLESK Horde Webmail

[Sam Clippinger via spamdyke-users]

I assume the users are seeing that error when they try to send emails, not when 
they're trying to login or read messages?  My first guess is that you haven't 
whitelisted connections from localhost (127.0.0.1), so spamdyke is blocking 
Horde's attempts to deliver messages.  But that's just a guess -- are there any 
errors in any of the logs that might provide more information?

-- Sam Clippinger




On Mar 6, 2017, at 1:58 PM, turgut kalfaoğlu via spamdyke-users 
 wrote:

> Hi there. I recently enabled spamdyke, but when someone uses the horde 
> webmail, they get an SMTP error 554..
> 
> Any ideas what to do?
> 
> Many thanks, -turgut
> 
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] no logging

[Sam Clippinger via spamdyke-users]

It looks like your /usr/local/psa/var/log/maillog file is just a symlink to 
/var/log/maillog (not /var/log/messages).  Are spamdyke's log messages 
appearing there?

-- Sam Clippinger




On Mar 5, 2017, at 11:43 PM, turgut kalfaoğlu via spamdyke-users 
 wrote:

> Hi there.. I recently noticed in horror that a GUI change that I made via 
> PLESK 12 had removed my spamdyke from /etc/xinetd.d/smtp_psa
> Upon reinstating:
> 
>server_args = -Rt0 /usr/local/bin/spamdyke /var/qmail/bin/relaylock 
> /usr/sbin/rblsmtpd -r bl.spamcop.net /var/qmail/bin/qmail-smtpd /v
> ar/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw 
> /var/qmail/bin/true
> 
> ... and restarting the machine, I noticed that there is nothing in the logs 
> about spamdyke... neither in /var/log/messages nor in 
> /usr/local/psa/var/log/maillog..
> 
> My spamdyke is fairly default:
> #run-as-user=USER[:GROUP]
> log-level=verbose
> log-target=syslog
> #full-log-dir=DIR
> 
> other stuff:
> 
> # ls -ld /var/log/messages
> -rw--- 1 root root 6.0M Mar  6 08:40 /var/log/messages
> 
> # ls -ld /usr/local/psa/var/log/maillog
> lrwxrwxrwx 1 root root 16 Aug  1  2015 /usr/local/psa/var/log/maillog -> 
> /var/log/maillog
> 
> # /usr/local/bin/spamdyke -v
> spamdyke 5.0.1+TLS+CONFIGTEST+DEBUG (C)2015 Sam Clippinger, samc (at) silence 
> (dot) org
> http://www.spamdyke.org/
> 
> Use --help for an option summary, --more-help for option details or see 
> README.html for complete documentation.
> 
> 
> Any ideas?
> Many thanks, -t
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] How can I force users to USE the right SMTPserver ?

[Sam Clippinger via spamdyke-users]

A bug!  The "not-local" value for "reject-sender" is being bypassed by 
authentication, which was not the intent.  I've created a patch to fix it:

http://spamdyke.org/beta/5.0.2/spamdyke-5.0.2-beta1-reject_sender_not_local.patch
You can apply it like this:
cd /path/to/src/spamdyke-5.0.1
patch -p0 < 
/path/to/patch/spamdyke-5.0.2-beta1-reject_sender_not_local.patch
make
Then copy the new binary into place.

Thank you very much for reporting this!

-- Sam Clippinger




On Nov 4, 2016, at 7:24 AM, Sam Clippinger via spamdyke-users 
<spamdyke-users@spamdyke.org> wrote:

> I'm not sure I completely understand your setup, so yes, I think the full log 
> might be helpful.  You can send it to me directly if you don't want to post 
> it to the list.
> 
> -- Sam Clippinger
> 
> 
> 
> 
> On Nov 1, 2016, at 9:33 AM, Pablo Murillo <p...@rednet.com.ar> wrote:
> 
>> Yes,  I hace rcpthosts and morercpthosts for each jail with only the local
>> domains
>> 
>> The " reject-sender= not-local "  works fine with domains bypassing de MXs
>> and sent directly to the server
>> 
>> I activated " log-level=debug " and  " full-log-dir " to have more
>> information
>> 
>> I noticed that rcpthosts and morercpthosts are not appearing in the "current
>> config"
>> 
>> Do you want to see the full-log ?
>> 
>> 
>> 
>> - Original Message - From: "Sam Clippinger via spamdyke-users" 
>> <spamdyke-users@spamdyke.org>
>> To: "spamdyke users" <spamdyke-users@spamdyke.org>
>> Sent: Tuesday, November 01, 2016 9:14 AM
>> Subject: Re: [spamdyke-users] How can I force users to USE the right
>> SMTPserver ?
>> 
>> 
>> It sounds like "reject-sender" is the right option... if it's not working, I
>> would look at qmail's configuration.  spamdyke uses qmail's rcpthosts and
>> morercpthosts files to decide what addresses are "local" -- is there a
>> separate copy of qmail for each server/jail with different configurations?
>> 
>> -- Sam Clippinger
>> 
>> 
>> 
>> 
>> On Oct 31, 2016, at 6:07 PM, Pablo Murillo via spamdyke-users
>> <spamdyke-users@spamdyke.org> wrote:
>> 
>>> Hi
>>> 
>>> I will try to explain the subject
>>> We use Qmail, VpopMail and Spamdyke
>>> We have multiple servers with jails with multiple domains, we have smtp
>>> servers configured in all the jails, in all the servers
>>> Every jail has an smtp server running with auth over spamdyke, and today
>>> (after a lot of years) we find that everyone can send mail using the
>>> rights
>>> credential to any of our servers
>>> I know, they are using valid credentials, but if a password is hacked, the
>>> spamers can login in every server to send mail using this credential
>>> So, the questions is: How can I force the users to use ONLY his smtp to
>>> send
>>> mails ?
>>> 
>>> I think that " reject-sender =  not-local " will work, but, no, only work
>>> if
>>> the user don't authenticate
>>> 
>>> May be is a filter order ?
>>> I asked something similar to this and the solution was that I have to
>>> manually change the order in the source code
>>> 
>>> Is there other way ?
>>> May be, if the filter order can be altered without changing the source
>>> code
>>> ?
>>> 
>>> It´s a challenge ? :D
>>> 
>>> 
>>> Pablo Murillo
>>> 
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>> 
>> 
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] How can I force users to USE the right SMTPserver ?

[Sam Clippinger via spamdyke-users]

I'm not sure I completely understand your setup, so yes, I think the full log 
might be helpful.  You can send it to me directly if you don't want to post it 
to the list.

-- Sam Clippinger




On Nov 1, 2016, at 9:33 AM, Pablo Murillo <p...@rednet.com.ar> wrote:

> Yes,  I hace rcpthosts and morercpthosts for each jail with only the local
> domains
> 
> The " reject-sender= not-local "  works fine with domains bypassing de MXs
> and sent directly to the server
> 
> I activated " log-level=debug " and  " full-log-dir " to have more
> information
> 
> I noticed that rcpthosts and morercpthosts are not appearing in the "current
> config"
> 
> Do you want to see the full-log ?
> 
> 
> 
> - Original Message - From: "Sam Clippinger via spamdyke-users" 
> <spamdyke-users@spamdyke.org>
> To: "spamdyke users" <spamdyke-users@spamdyke.org>
> Sent: Tuesday, November 01, 2016 9:14 AM
> Subject: Re: [spamdyke-users] How can I force users to USE the right
> SMTPserver ?
> 
> 
> It sounds like "reject-sender" is the right option... if it's not working, I
> would look at qmail's configuration.  spamdyke uses qmail's rcpthosts and
> morercpthosts files to decide what addresses are "local" -- is there a
> separate copy of qmail for each server/jail with different configurations?
> 
> -- Sam Clippinger
> 
> 
> 
> 
> On Oct 31, 2016, at 6:07 PM, Pablo Murillo via spamdyke-users
> <spamdyke-users@spamdyke.org> wrote:
> 
>> Hi
>> 
>> I will try to explain the subject
>> We use Qmail, VpopMail and Spamdyke
>> We have multiple servers with jails with multiple domains, we have smtp
>> servers configured in all the jails, in all the servers
>> Every jail has an smtp server running with auth over spamdyke, and today
>> (after a lot of years) we find that everyone can send mail using the
>> rights
>> credential to any of our servers
>> I know, they are using valid credentials, but if a password is hacked, the
>> spamers can login in every server to send mail using this credential
>> So, the questions is: How can I force the users to use ONLY his smtp to
>> send
>> mails ?
>> 
>> I think that " reject-sender =  not-local " will work, but, no, only work
>> if
>> the user don't authenticate
>> 
>> May be is a filter order ?
>> I asked something similar to this and the solution was that I have to
>> manually change the order in the source code
>> 
>> Is there other way ?
>> May be, if the filter order can be altered without changing the source
>> code
>> ?
>> 
>> It´s a challenge ? :D
>> 
>> 
>> Pablo Murillo
>> 
>> ___
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> 
> 
> 
> 
> 
> 
> 
>> ___
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>> 
> 

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] How can I force users to USE the right SMTP server ?

[Sam Clippinger via spamdyke-users]

It sounds like "reject-sender" is the right option... if it's not working, I 
would look at qmail's configuration.  spamdyke uses qmail's rcpthosts and 
morercpthosts files to decide what addresses are "local" -- is there a separate 
copy of qmail for each server/jail with different configurations?

-- Sam Clippinger




On Oct 31, 2016, at 6:07 PM, Pablo Murillo via spamdyke-users 
 wrote:

> Hi
> 
> I will try to explain the subject
> We use Qmail, VpopMail and Spamdyke
> We have multiple servers with jails with multiple domains, we have smtp
> servers configured in all the jails, in all the servers
> Every jail has an smtp server running with auth over spamdyke, and today
> (after a lot of years) we find that everyone can send mail using the rights
> credential to any of our servers
> I know, they are using valid credentials, but if a password is hacked, the
> spamers can login in every server to send mail using this credential
> So, the questions is: How can I force the users to use ONLY his smtp to send
> mails ?
> 
> I think that " reject-sender =  not-local " will work, but, no, only work if
> the user don't authenticate
> 
> May be is a filter order ?
> I asked something similar to this and the solution was that I have to
> manually change the order in the source code
> 
> Is there other way ?
> May be, if the filter order can be altered without changing the source code
> ?
> 
> It´s a challenge ? :D
> 
> 
> Pablo Murillo
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] TLS reason: TIMEOUT

[Sam Clippinger via spamdyke-users]

Looking at those log messages, I don't think TLS has anything to do with this.  
spamdyke's log message shows "encryption: (none)", which means TLS is not in 
use.

When spamdyke logs TIMEOUT, it means the remote server held the connection open 
too long without sending any data at all.  Usually that means the software on 
the remote server is badly written and it's expecting a very specific message 
before proceeding.  Since it isn't getting that message, it just waits until it 
the connection times out.  There's an FAQ about this too:
http://www.spamdyke.org/documentation/FAQ.html#TROUBLE3
Documentation on how to adjust spamdyke's timeouts is here:
http://www.spamdyke.org/documentation/README.html#TIMEOUTS
By default, spamdyke doesn't enforce any timeouts, so another line in your 
config file must be enabling them.  Perhaps simply increasing those values will 
solve this?

If that doesn't help, I'd suggest using spamdyke's full logging feature to 
capture one of these failed connections.  That will show exactly what's data is 
being sent and how long it's taking.

-- Sam Clippinger




On Oct 12, 2016, at 2:31 PM, marek--- via spamdyke-users 
 wrote:

> I read an old thread on this problem, but did not see a solution.
> # spamdyke -v
> spamdyke 5.0.1+TLS+CONFIGTEST+DEBUG+EXCESSIVE (C)2015 Sam Clippinger, samc 
> (at) silence (dot) org
> # uname -a
> Linux mail.x.xx 2.6.18-308.13.1.el5 #1 SMP Tue Aug 21 17:10:06 EDT 2012 
> i686 i686 i386 GNU/Linux
>  
> In spamdyke.config
>  
> tls-level=smtp
> tls-certificate-file=/var/qmail/control/servercert.pem
>  
> The problem is TLS TIMEOUT
> 2016-10-08 21:04:50.283975500 CHKUSER accepted sender: from 
>  remote  
> rcpt <> : sender accepted
> 2016-10-08 21:05:51.280337500 spamdyke[13676]: TIMEOUT from: 
> xx...@ergohestia.pl to: (unknown) origin_ip: 91.198.179.205 origin_rdns: 
> smtp1.hestia.pl auth: (unknown) encryption: (none) reason: TIMEOUT
>  
> Add adress to whitelist_senders nothing change :(
>  
> I try also on spamdyke 4.3 before upgrade to 5.1 it’s the same.
> I don’t any idea how to make to allow this mail.
>  
> Any help will be appreciated
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Localhost relaying denied

[Sam Clippinger via spamdyke-users]

You're right that whitelisting and authentication have no effect on the relay 
filter.  spamdyke allows relaying in three situations: when the RELAYCLIENT 
environment variable is set, when /etc/tcp.smtp has a matching rule that sets 
RELAYCLIENT or when a spamdyke option allows relaying.  So... have you compared 
the /etc/tcp.smtp file on the two servers?  I'd bet there's a line on the "can 
send" server that sets RELAYCLIENT for localhost connections and the "can't 
send" server doesn't have it (note spamdyke does not read this file itself; its 
CDB version is probably being read by tcp-env).

It's been quite a while since I've worked with Plesk but I seem to remember 
that option is set within the Plesk admin interface.  It'd be a good idea to 
change it there -- otherwise if you change it on disk, it'll probably just get 
overwritten the next time Plesk saves a change.

-- Sam Clippinger




On Oct 3, 2016, at 7:58 AM, Faris Raouf via spamdyke-users 
 wrote:

> Dear all,
>  
> I’m absolutely confounded by a problem I’m having after upgrading five 
> systems from Spamdyke 4.3.1 to 5.0.1
>  
> On two of them, webmail (running locally, connecting from 127.0.0.1 to 
> 127.0.0.1 port 25 via smtp, no authentication) works fine and can send 
> messages.
>  
> On the other three, spamdyke spits out a RELAYING_DENIED and blocks the 
> connection from 127.0.0.1 when trying to send messages.
>  
> --
> Oct  3 12:07:38 hostnameredacted spamdyke[4927]: FILTER_RDNS_MISSING ip: 
> 127.0.0.1 
>   
> 
> Oct  3 12:07:38 hostnameredacted spamdyke[4927]: FILTER_WHITELIST_IP ip: 
> 127.0.0.1 file: /etc/spamdyke.d/whitelist_ip(6)   
>   
> 
> Oct  3 12:07:38 hostnameredacted spamdyke[4927]: FILTER_RELAYING  
>   
>   
>
> Oct  3 12:07:38 hostnameredacted spamdyke[4927]: DENIED_RELAYING from: (the 
> rest redacted)
> 
>  
>  
> All four systems use Plesk, which has 127.0.0.1 whitelisted for email – no 
> authentication is required for connections from that IP.
>  
> I have read the upgrade notes, which explain that IPs that are whitelisted in 
> the ip whitelist (or whatever) file are no longer automatically also allowed 
> to relay, and obviously that’s at the heart of the problem in some way.
>  
> What I cannot fathom is why two would work, and three would not. They are all 
> pretty much identical in every way that I can think of. Same Centos 6, same 
> versions of pretty much everything, very little differences anywhere.
>  
> None of them have any form of relay or smtp auth settings in spamdyke.conf. 
> All of them do have 127.0.0.1 whitelisted in the ip whitelist file – not that 
> it makes any difference in 5.0.1 of course.
>  
> Everything is controlled via smtp_psa file via xinetd
>  
> (stuff)
> server  = /var/qmail/bin/tcp-env
> server_args = -Rt0 /usr/local/bin/spamdyke -f 
> /etc/spamdyke.d/spamdyke.conf /var/qmail/bin/relaylock  
> /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true 
> /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
>  
>  
> So, to resolve the problem, in theory all I have to do is add 
> ip-relay-entry=127.0.0.1 and indeed that does solve the problem.
>  
> I presume that’s safe enough, given that we do want anything in localhost to 
> be able to send email without authenticating?
>  
> Is this a common setting?
>  
> But I feel I must get to the bottom of why some work, and some don’t, out of 
> the box. It seems bonkers, and indicative of something else that might be 
> wrong.
> None of the boxes are accidental open relays. Authentication is most 
> definitely required to send to non-local addresses.
>  
> At one point I suspected it might have something to do with the webmail 
> configuration, but I can’t find any differences at all. They are all set to 
> use smtp to connect to port 25 with no authentication.
>  
>  
> In the hope that someone may spot an error in my config files, here is one 
> from a server where webmail can send, and another from a server where webmail 
> cannot send.
>  
> (--config-tests throws no errors on either of them)
> (I do not know what I have qmail-rcpthosts / qmail-morescpthosts.cdb set but 
> they had been set when using 4.3.1 using the old syntax so I thought I’d 
> bring them over since I knew that configuration worked)
>  
> *
>  
> CAN SEND:
>  
> log-level=info
> qmail-rcpthosts-file=/var/qmail/control/rcpthosts
>  
> max-recipients=5
> idle-timeout-secs=60
> 

Re: [spamdyke-users] spam with rDNS resolving to "localhost"

[Sam Clippinger via spamdyke-users]

Adding "localhost" to your rDNS blacklist should work exactly as you expect -- 
*any* connection that resolves to "localhost" will be blocked.  To allow 
connections from the real local host, you could either whitelist 127.0.0.1 or, 
if you wanted other filters to remain active for local connections, use a 
config-dir to remove "localhost" from the blacklist for 127.0.0.1.

Incidentally, are you using the reject-unresolvable-rdns filter?  That filter 
has a special exception for "localhost" to allow that name for 127.0.0.1 but 
block it for all other IPs.

-- Sam Clippinger




On Aug 9, 2016, at 5:02 AM, Faris Raouf via spamdyke-users 
 wrote:

> Dear all,
>  
> We’re having problems with spam being allowed in from IPs with rDNS resolving 
> to “localhost”.
> This gets past the reject-empty-rdns filter.
>  
> Initially I thought these IPs has no rDNS – using dnsstuff, I get no result 
> (normally meaning no rDNS). But using host or dig I see the IPs really do 
> reverse resolve to localhost.
>  
> **
> Example log entry:
>  
> spamdyke[24468]: ALLOWED from: sqozt...@vnnic.net.vn to: 
> redac...@redacted.tld origin_ip: 113.168.188.219 origin_rdns: localhost auth: 
> (unknown) encryption: (none) reason: 250_ok_1470423419_qp_24501
>  
>  
> ***
> Check rDNS:
>  
> # host 113.168.188.219
> 219.188.168.113.in-addr.arpa domain name pointer localhost.
>  
>  
> # dig -x 113.168.188.219
>  
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6 <<>> -x 113.168.188.219
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15578
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>  
> ;; QUESTION SECTION:
> ;219.188.168.113.in-addr.arpa.  IN  PTR
>  
> ;; ANSWER SECTION:
> 219.188.168.113.in-addr.arpa. 21599 IN  PTR localhost.
>  
> ;; Query time: 325 msec
> ;; SERVER: 8.8.8.8#53(8.8.8.8)
> ;; WHEN: Tue Aug  9 10:41:58 2016
> ;; MSG SIZE  rcvd: 69
>  
> ***
>  
>  
> Is figure that it is not safe to add “localhost” in our rdns blacklist file. 
> Wouldn’t our real, local, localhost 127.0.0.1 potentially get blacklisted?
>  
> Any suggestions as to what to do about this would be much appreciated!
>  
> Errmm.. in the back of my head there is a dim bell ringing about this issue 
> and so it might have been discussed before. Sorry if I’m asking something 
> that’s already been covered at some point. Google hasn’t helped in this case.
>  
>  
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Fail2ban integration

[Sam Clippinger via spamdyke-users]

spamdyke won't log the IP in its current version, but it wouldn't be hard to 
add.  If you want a quick'n'dirty solution right away, you can add it very 
easily... just edit exec.c and change line 206 to this:
SPAMDYKE_LOG_VERBOSE(current_settings, LOG_VERBOSE_AUTH_FAILURE "%s 
%s", username, current_settings->server_ip);
Then recompile and replace the spamdyke binary with the new copy.  Once it's in 
place, the "authentication failure" messages should show the IP address right 
after the username, separated by a space.  (NOTE: I haven't compiled or tested 
this change, proceed with caution...)

-- Sam Clippinger




On Jul 22, 2016, at 6:17 PM, Gary Gendel via spamdyke-users 
 wrote:

> Sam,
> 
> Is there a way to get spamdyke to log invalid authorizations in a manner that 
> fail2ban can use?  My host has been hit continuously with brute-force 
> attacks.  Unfortunately, the logs only have:
> 
> Jul 22 18:54:43 tardis spamdyke[26727]: [ID 702911 mail.info] 
> FILTER_AUTH_REQUIRED
> Jul 22 18:54:50 tardis spamdyke[26727]: [ID 702911 mail.info] 
> ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad 
> username/password, vchkpw uses this to indicate SMTP access is not allowed): 
> verizon
> Jul 22 18:56:01 tardis spamdyke[26727]: [ID 702911 mail.info] 
> ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The 
> operation failed due to an I/O error, Unexpected EOF found
> Jul 22 18:57:16 tardis spamdyke[26736]: [ID 702911 mail.info] 
> FILTER_AUTH_REQUIRED
> Jul 22 18:57:23 tardis spamdyke[26736]: [ID 702911 mail.info] 
> ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad 
> username/password, vchkpw uses this to indicate SMTP access is not allowed): 
> verizon
> Jul 22 18:58:37 tardis spamdyke[26736]: [ID 702911 mail.info] 
> ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The 
> operation failed due to an I/O error, Unexpected EOF found
> Jul 22 18:59:59 tardis spamdyke[26743]: [ID 702911 mail.info] 
> FILTER_AUTH_REQUIRED
> Jul 22 19:00:10 tardis spamdyke[26743]: [ID 702911 mail.info] 
> ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad 
> username/password, vchkpw uses this to indicate SMTP access is not allowed): 
> verizon
> Jul 22 19:01:21 tardis spamdyke[26743]: [ID 702911 mail.info] 
> ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The 
> operation failed due to an I/O error, Unexpected EOF found
> Jul 22 19:02:32 tardis spamdyke[26876]: [ID 702911 mail.info] 
> FILTER_AUTH_REQUIRED
> Jul 22 19:02:38 tardis spamdyke[26876]: [ID 702911 mail.info] 
> ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad 
> username/password, vchkpw uses this to indicate SMTP access is not allowed): 
> verizon
> Jul 22 19:03:50 tardis spamdyke[26876]: [ID 702911 mail.info] 
> ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The 
> operation failed due to an I/O error, Unexpected EOF found
> \Jul 22 19:05:11 tardis spamdyke[26891]: [ID 702911 mail.info] 
> FILTER_AUTH_REQUIRED
> Jul 22 19:05:16 tardis spamdyke[26891]: [ID 702911 mail.info] 
> ERROR(exec_checkpassword_argv()@exec.c:206): authentication failure (bad 
> username/password, vchkpw uses this to indicate SMTP access is not allowed): 
> verizon
> 
> They seem to have a huge list of account names to try and I've got thousands 
> of attempts just for today.  Unfortunately, without any IP address in the 
> message I can't have fail2ban automatically block these.
> 
> Gary
> 
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] can't block envelope sender

[Sam Clippinger via spamdyke-users]

Could probably do that.  Or maybe print the matching file/line in the "reason" 
field, the same way it already does for blacklist matches?

-- Sam Clippinger




On Jul 22, 2016, at 11:37 AM, Faris Raouf  wrote:

> Hi Sam,
>  
> I just had a chance to have a go with the tests, and just as you expected it 
> was down to the rDNS of the sender being whitelisted.
> I don’t know how many times I’d checked, and missed seeing it J
>  
> Unfortunately I can’t remember why I whitelisted it L It belongs to an ESP. 
> If they are sending stuff that can’t pass SD’s filters, it doesn’t belong in 
> anybody’s mailbox. But obviously I needed to whitelist it for some reason at 
> some point. I will have to have a think about this.
>  
> But this situation inspires me to ask you to consider adding something to the 
> wishlist:
>  
> When a messages is allowed to pass as a result of being whitelisted, could 
> there be an option to change the logging so that instead of just ALLOWED it 
> shows ALLOWED_WL_[type] or maybe WHITELIST_[type] or something along those 
> lines?
>  
>  
>  
> If you can login to ms2 at the command line, you could also try running 
> spamdyke by hand so you can see more verbose output without flooding your 
> logs.
>  

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] can't block envelope sender

[Sam Clippinger via spamdyke-users]

From what I can see, spamdyke should be blocking those messages.  This could be 
a bug, but first I'd suggest carefully checking your whitelists.  In almost 
every case I've seen like this where a blacklist simply will not work, it turns 
out to be a whitelist entry that's overriding it.  You mentioned your email 
flows through several different servers before it reaches the user's mailbox... 
from the message headers, it looks like ms2 is your edge server, is that where 
the blacklist entry is set?

If you can login to ms2 at the command line, you could also try running 
spamdyke by hand so you can see more verbose output without flooding your logs. 
 You don't need to stop your mail server for this; it won't interfere with any 
normal operations.  First, set an environment variable so spamdyke will think 
it's getting a connection from a remote server:
export TCPREMOTEIP=94.143.105.188
Next create a very small spamdyke config file (can be anywhere, doesn't have to 
be in /etc) with two options:
log-target=stderr
log-level=excessive
Then find the command line spamdyke is started with (in your "run" file) and 
run it the same way, but add another "-f" for the new config file AFTER your 
real config file.  (If you're curious why, it's because config options are 
applied in the order they are read.  We want to override those two options for 
this run, so they need to be read last.)  For example, on my server I would run 
this:
spamdyke -f /etc/spamdyke.d/spamdyke.conf -f /tmp/testing.conf -- 
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
You should see the SMTP greeting banner just like a mail client does (possibly 
delayed a few seconds by spamdyke) plus debug messages that would normally go 
in the logs.  Type in these SMTP commands to imitate a client and test the 
blacklist:
EHLO cloudtengroup1.mta.dotmailer.com
MAIL FROM:
RCPT TO:
At that point, you should see either a 250 response if the message is accepted 
or a 500 response if it is blocked, plus tons of debugging output from spamdyke 
to show what it's thinking.  You can type QUIT or ctrl-C to exit.

Hopefully that'll show what's happening.  If you can't spot the issue or have 
trouble deciphering the output, feel free to email it to me privately and I'll 
take a look.

-- Sam Clippinger




On Jul 21, 2016, at 6:39 AM, Faris Raouf via spamdyke-users 
 wrote:

> Dear all,
> 
> I'm having a bit of an issue trying to block messages based on the envelope
> sender. Basically it doesn't seem to work at all, so I'm obviously doing
> something wrong.
> 
> All the other types of blacklists and whitelists seem to work just fine.
> 
> I understand the difference between the "From" and the envelope sender, and
> that TLS can be an issue.
> 
> But as far as I'm aware it is the envelope sender that I'm targeting, and in
> this case my qmail installation doesn't support TLS so spamdyke is set to
> handle the TLS and should be able to read the contents of the message.
> 
> I'm using SpamDyke 5.01
> 
> Please could someone kindly take a quick look at my log/config/header of an
> example email, to see what I'm doing wrong?
> 
> In the example below, the envelope sender I'm trying to block has
> (some-reference-or-other)@tooplemail.com as the envelope sender so I'm using
> @tooplemail.com in my blacklist_sender file.
> 
> 
> ***
> 
> Maillog extract:
> 
> Jul 21 10:32:55 ms2 spamd[30006]: spamd: checking message
> <2dqy.87yto274c.20160721093145...@tooplemail.com> for qscand:500
> 
> Jul 21 10:32:57 ms2 spamd[30006]: spamd: result: Y 4 -
> BAYES_00,DIGEST_MULTIPLE,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREE_QUOTE_INS
> TANT,HTML_MESSAGE,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_1
> 00,RAZOR2_CHECK,RCVD_IN_DNSWL_NONE,SPF_PASS
> scantime=1.9,size=55241,user=qscand,uid=500,required_score=3.0,rhost=localho
> st,raddr=127.0.0.1,rport=53794,mid=<2DQY.87YTO274C.20160721093145243@tooplem
> ail.com>,bayes=0.00,autolearn=no
> 
> Jul 21 10:32:57 ms2 qmail-scanner-queue.pl: qmail-scanner[25272]:
> Clear:RC:0(94.143.105.188):SA:1(4.3/3.0): 2.092064 55184
> bo-3ueb-2dqy-yto27-c0...@tooplemail.com redac...@redacted.tld
> Why_is_Toople.com_different_to_the_rest?
> <2dqy.87yto274c.20160721093145...@tooplemail.com>
> 1469093575.25274-0.ms2.redac...@redacted.tld:3611
> orig-ms2.redacted.tld146909357479725272:55184
> 1469093575.25274-1.ms2.redacted.tld:46150
> 
> Jul 21 10:32:57 ms2 spamdyke[25257]: ALLOWED from:
> bo-3ueb-2dqy-yto27-c0...@tooplemail.com to: redac...@redacted.tld origin_ip:
> 94.143.105.188 origin_rdns: cloudtengroup1.mta.dotmailer.com auth: (unknown)
> encryption: TLS reason: 250_ok_1469093577_qp_25272
> 
> **
> 
> 
> **
> Spamdyke config file:
> 
> log-level=verbose
> idle-timeout-secs=60
> greeting-delay-secs=11
> 

Re: [spamdyke-users] Bug: ./configure doesn't respect --prefix

[Sam Clippinger via spamdyke-users]

I'll get that added to the next release, thanks!

-- Sam Clippinger




On May 10, 2016, at 5:37 AM, Jonas Pasche via spamdyke-users 
 wrote:

> Hey there,
> 
> while the configure script of the current version tells that it would be
> able to handle an installation prefix ...
> 
> $ ./configure --help | grep prefix | head -1
>  --prefix=PREFIX install architecture-independent files in PREFIX
> 
> ... this simply doesn't work, as the install paths in Makefile.in are
> hardcoded. I'd suggest the attached patch against the current version of
> spamdyke which replaces the hardcoded paths with the variable. Sam,
> could you possibly include this in future versions?
> 
> Thanks,
> Jonas
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] softlimit error

[Sam Clippinger via spamdyke-users]

You're correct that those messages are related to limits, but not the ones 
softlimit can set.  Those messages are about "hard" limits, which are set using 
the "ulimit" command.  I'd guess either BSD has a default hard limit or 
something on your system is setting them before spamdyke runs.  Those limits 
are extremely high, so there's very little chance they're going to cause any 
problems, but spamdyke will keep complaining about them as long as log-level is 
"verbose" or higher.

-- Sam Clippinger




On May 4, 2016, at 3:04 PM, BC via spamdyke-users  
wrote:

> 
> Now that I've set log-level=excessive, I can see these two errors that 
> spamdyke is spitting out a lot:
> 
> May  4 13:54:52 Xeon_Right spamdyke[18726]: 
> ERROR(undo_softlimit()@spamdyke.c:3226): data segment hard limit is less than 
> infinity, could lead to unexplainable crashes: 34359738368
> May  4 13:54:52 Xeon_Right spamdyke[18726]: 
> ERROR(undo_softlimit()@spamdyke.c:3244): stack size hard limit is less than 
> infinity, could lead to unexplainable crashes: 536870912
> 
> Seems to be a harmless error report.
> 
> Per Sam's suggestion quite some time ago, I quit using the 'softlimit' option 
> in the tcpserver startup "run" files.  Available memory >5GiB free all the 
> time.  Very fast CPU.  The email part of the server is very lightly used as 
> the box is primarily an NAS and for me to play and experiment with 
> intellectually.
> 
> Had no crashes that I know of - been up for 41+ days since my last 
> intentional reboot.
> 
> Thoughts?
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] IPv6 Question

[Sam Clippinger via spamdyke-users]

Right now, spamdyke has no support for IPv6 at all, so it can't understand that 
nameserver line.  However, the only consequence should be that error message -- 
it shouldn't have any trouble skipping that line and using the IPv4 nameserver.

-- Sam Clippinger




On May 4, 2016, at 2:54 PM, BC via spamdyke-users  
wrote:

> 
> Using FreeBSD here.
> 
> In addition to my normal IPv4 connection, I have an IPv6 tunnel set up via 
> Hurricane Electric.  Also use unbound as my local DNS cache resolver for 
> resolving both IPv4 & IPv6 addresses and it has been doing both for over a 
> year now.
> 
> spamdyke doesn't seem to like the IPv6 resolver.  /var/log/maillog showing 
> LOTS of lines like this (log-level=info):
> 
> May  4 13:08:56 Xeon_Right spamdyke[18382]: 
> ERROR(load_resolver_file()@search_fs.c:753): invalid/unparsable nameserver 
> found: fd00::1
> 
> My /etc/resolv.conf file contains these two lines:
> 
> nameserver 10.0.0.1
> nameserver fd00::1
> 
> I didn't think that spamdyke is IPv6 aware?  Shouldn't it ignore the second 
> nameserver line above?
> 
> In hopes of getting some more info about this, I've set log-level=excessive.
> 
> Thoughts?
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Second SD Stats report

[Sam Clippinger via spamdyke-users]

Very impressive numbers, thanks for sharing those!  Out of curiosity, of the 
messages that were delivered, how did you judge if they were spam?

It sounds like the problem is that spamdyke-qrv is accepting messages to 
invalid addresses?  You can try running spamdyke-qrv manually with the "-v" 
flag (possibly twice) to see why it's deciding to allow the recipient.  
Something like this:
spamdyke-qrv -v pricom.com.au jackspratt

-- Sam Clippinger




On May 4, 2016, at 4:39 AM, Philip Rhoades via spamdyke-users 
 wrote:

> People,
> 
> Last year I reported some stats after I had been using SD for about a month 
> and now I have a second set - unfortunately I forgot to increase the number 
> of backlogs for logrotate and I lost a few months of data to compare 
> delivered spam to but the latest stats are from 100 days of data:
> 
>  
> https://docs.google.com/spreadsheets/d/1GqinPR2mA0Jz-uTZ2zVJgutpiDl62HNbn2gWGNpd7Tk/pubhtml
> 
> There were some changes to the conf file between sets of data but I didn't 
> keep notes about changes and dates etc however it seems that the proportion 
> of ALLOWED lines went down a little which suggests more spam was stopped - 
> but conversely, the proportion of delivered spams compared to SD lines went 
> up a little - which I don't quite understand . .
> 
> Now I want to try and stop the delivered spams that have invalid email 
> addresses - I have compiled and installed spamdyke-qrv OK and set 
> "reject-recipient" to "invalid" but these spams are still getting through and 
> then being bounced and since the return address is bogus I get a postmaster 
> message that the bounce has failed eg for the address:
> 
>  jackspr...@pricom.com.au
> 
> - suggestions?
> 
> Thanks,
> 
> Phil.
> -- 
> Philip Rhoades
> 
> PO Box 896
> Cowra  NSW  2794
> Australia
> E-mail:  p...@pricom.com.au
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Cannot block sender with header-blacklist-entry or sender-blacklist-entry

[Sam Clippinger via spamdyke-users]

Assuming the "ALLOWED" log message you provided is accurate, it looks like the 
problem is authentication -- all filters are disabled after authentication 
succeeds.  Your log message shows the same username in both the "from" and 
"auth" fields, which makes me suspect either the user's password has been 
compromised or the user's PC has been infected with malware.

I'd suggest changing the account password so authentication will fail -- 
spamdyke's filters should work fine after that.

-- Sam Clippinger




On Mar 23, 2016, at 5:00 AM, Stephen Provis via spamdyke-users 
 wrote:

> Hi, I'm having trouble blacklisting specific sending email addresses and 
> would appreciate some advice please. I am using Spamdyke 5.0.1 on Ubuntu 
> 10.04 and qmail.
> 
> I have tried all of the following rules to block email from a specific email 
> (for security lets say the email address is j...@smith.fake) but each time 
> Spamdyke allows the emails through.
> 
> My config file looks like this:
> 
> header-blacklist-entry=From: *<*smith.fake>*
> header-blacklist-entry=from:*smith.fake*
> header-blacklist-entry=From:*j...@smith.fake*
> 
> sender-blacklist-entry=@smith.fake
> sender-blacklist-entry=j...@smith.fake
> 
> #sender-blacklist-file=/tmp/spamdyke.txt
> 
> dns-server-ip=208.67.222.222:53
> log-level=excessive
> max-recipients=5
> idle-timeout-secs=300
> reject-empty-rdns
> reject-unresolvable-rdns
> reject-ip-in-cc-rdns
> reject-sender=no-mx
> dns-blacklist-entry=b.barracudacentral.org
> dns-blacklist-entry=zen.spamhaus.org
> rhs-blacklist-entry=fresh.spameatingmonkey.com
> 
> 
> 
> # SET THE FILENAME BELOW AND ENABLE BOTH OF THESE OPTIONS
> 
> # Controls the way spamdyke offers and supports TLS or SMTPS.
> tls-level=smtp
> 
> # Read SSL certificate from FILE.
> tls-certificate-file=/var/qmail/control/servercert.pem
> 
> And the syslog reports the following:
> 
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: 
> from=j...@smith.fake
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: 
> to=some...@somewhere.fake
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: hook_dir = 
> '/opt/psa/handlers/before-queue'
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: recipient[3] = 
> 'some...@somewhere.fake'
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: handlers dir = 
> '/opt/psa/handlers/before-queue/recipient/some...@somewhere.fake'
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: starter: 
> submitter[6899] exited normally
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail: 1458726477.792849 new msg 32933026
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail: 1458726477.792929 info msg 32933026: 
> bytes 1269 from  qp 6899 uid 2020
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx spamdyke[6822]: ALLOWED from: 
> j...@smith.fake to: some...@somewhere.fake origin_ip: xxx.xxx.xxx.xxx 
> origin_rdns: .xxx.net auth: j...@smith.fake encryption: TLS reason: 
> 250_ok_1458726477_qp_6890
> 
> Any assistance would be greatly appreciated.
> 
> Regards,
> Stephen
> 
> 
> 
> Stephen Provis
> Website Developer
> Stephen Provis and Co
> 
> t: 07922 195703
> w: www.stephenprovis.com
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

[Sam Clippinger via spamdyke-users]

Ah... you're confusing the "sender" address with the "From" address.  The 
sender address is what appears in the logs.  The From address is what appears 
in the message headers and is also what you see in your mail client.  The two 
are completely separate and spammers usually supply different (bogus) values 
for them.

To block both of the examples you gave, add these lines to your 
sender-blacklist-file (not your header-blacklist-file):
@brewster.com
@nice.com

That should do it!  More info here:
http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS

-- Sam Clippinger




On Dec 29, 2015, at 11:54 PM, Philip Rhoades via spamdyke-users 
<spamdyke-users@spamdyke.org> wrote:

> People,
> 
> I thought of starting a new thread but the question relates to this 
> discussion so I thought I would revive it - see inline comments:
> 
> 
> On 2015-06-21 04:57, Philip Rhoades via spamdyke-users wrote:
>> Sam,
>> On 2015-06-21 03:12, Sam Clippinger via spamdyke-users wrote:
>>> Regex support is on the (rather lengthy) to-do list, but frankly it's
>>> not a very high priority -- there's a lot of low-hanging fruit that
>>> would be of much more benefit right now. Plus, since I'm not one of
>>> the 10 people in the world who completely understands regexes, I doubt
>>> I would actually use them myself; I'd rather add globbing support,
>>> which I do understand. :)
>> OK, no worries - SD is going well so far so I may not need some of the
>> mechanisms that I used in my own setup - we'll see how things go.
>>> spamdyke's header filter runs at connection time, as all of its
>>> filters do. If a header line matches a blacklisted pattern, the entire
>>> message is rejected (the sending server receives an error code, qmail
>>> never sees the message).
>> Right - thanks for the clarification.
> 
> 
> One annoying spammer continues to get their mail through but I don't 
> understand why - my header-blacklist-file includes these two lines in it:
> 
>  [FR][re][op][ml]*:*brewster.com*
>  [FR][re][op][ml]*:*nice.com*
> 
> but the first one works and the second one doesn't!:
> 
> /var/log/maillog-20151230:Dec 29 17:08:43 prix spamdyke[15684]: 
> DENIED_HEADER_BLACKLISTED from: smartdel...@brewster.com to: 
> p...@pricom.com.au origin_ip: 23.253.183.234 origin_rdns: 
> mail-183-234.mailgun.info auth: (unknown) encryption: (none) reason: 
> /usr/local/bin/srejector2/spamdyke_blacklist_header.txt:11
> 
> /var/log/maillog-20151230:Dec 29 17:08:00 prix spamdyke[15609]: ALLOWED from: 
> support.a...@nice.com to: mailer-dae...@pricom.com.au origin_ip: 
> 192.114.148.4 origin_rdns: mailil.nice.com auth: (unknown) encryption: (none) 
> reason: 250_ok_1451369280_qp_15628
> 
> I have even saved the file in vim a couple of times and restarted qmail a 
> couple of times but no change in the behaviour - what could the explanation 
> be?
> 
> Thanks,
> 
> Phil.
> 
> 
>>> On Jun 19, 2015, at 9:09 PM, Philip Rhoades via spamdyke-users
>>> <spamdyke-users@spamdyke.org> wrote:
>>>> Sam,
>>>> See inline comments:
>>>> On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote:
>>>>> You're correct spamdyke does not support regexes for any of its
>>>>> options, but you can use a wildcard in a sender or recipient
>>>>> white/blacklist file to match entire domains by prefixing the line
>>>>> with an @ symbol. For example:
>>>>> @example.com [1] [1]
>>>> Yep, saw that - is it possible to support regexes in the future?
>>>>> Full documentation here:
>>> http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS
>>>>> [2]
>>>>> [2]
>>>>> BUT! Be careful -- the "To" and "From" lines in the message header
>>>>> are
>>>>> not the same as the "sender" and "recipient". The sender and
>>>>> recipient
>>>>> are part of SMTP, the To and From lines are part of the message
>>>>> data
>>>>> and are completely unrelated. Think of it this way: when a letter
>>>>> is
>>>>> sent through the post office, the name on the outside of the
>>>>> envelope
>>>>> tells the postman which mailbox gets the envelope (or where to
>>>>> send it
>>>>> back to) but top of the letter inside may have a completely
>>>>> unrelated
>>>>> letterhead and salutation. Whenever spamdyke's
>>>>> options/documentation
&g

Re: [spamdyke-users] Progress Report

[Sam Clippinger via spamdyke-users]

Unfortunately I haven't spent any time on either of those things yet.  I've 
spent a significant amount of time trying to get the recipient validation 
feature working but kinda lost steam a month or two ago.  I'm gonna get back on 
the horse here soon.

Can I just say again for the record that I'm still amazed people still use 
Solaris at all, much less OpenIndiana? :)

-- Sam Clippinger




On Dec 15, 2015, at 7:10 PM, Gary Gendel via spamdyke-users 
 wrote:

> Sam,
> 
> I've started a discussion on the OpenIndiana developer's mailing list about 
> Spamdyke and generated a lot of interest.  I know you're working on divorcing 
> Spamdyke from Qmail and also supporting IPv6. How is this work progressing?  
> It seems that IPv6 seems to be a sticky point for deployment.
> 
> Gary
> 
> 
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Receiving from other Mailservers with StartTLS on port 25 failed

[Sam Clippinger via spamdyke-users]

I don't see anything in your config file that looks like a problem.  Since it's 
working for some connections and not others, I'd guess it's something about 
those mailservers -- they're expecting some response (or something) that 
spamdyke isn't sending, so the connection stalls.  Can you try enabling the 
"full-log-option" to capture the data from one of these failed connections?

-- Sam Clippinger




On Dec 14, 2015, at 8:29 AM, Arne Metzger <mo...@foni.net> wrote:

> Hi Sam,
> 
> sorry for the delayed reply.
> 
> My config files are attached below. But i can't provide any log file data - 
> the only hint i see in /var/log/maillog is an entry "relaylock: ..." any 
> nothing more. Spamdyke doesn't seem to notice the connection.
> 
> # cat /etc/spamdyke5.conf
> log-level=verbose
> log-target=syslog
> dns-level=normal
> filter-level=normal
> smtp-auth-level=ondemand-encrypted
> smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true 
> /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
> relay-level=normal
> tls-certificate-file=/var/qmail/control/servercert.pem
> idle-timeout-secs=300
> greeting-delay-secs=0
> tls-level=smtp
> max-recipients=20
> policy-url=http://www.shjjv.de/home/spamfilter
> 
> reject-empty-rdns
> reject-ip-in-cc-rdns
> reject-unresolvable-rdns
> ip-in-rdns-keyword-blacklist-file=/var/qmail/spamdyke/rdns-keyword-blacklist
> ip-in-rdns-keyword-whitelist-file=/var/qmail/spamdyke/rdns-keyword-whitelist
> 
> ip-blacklist-file=/var/qmail/spamdyke/ip-blacklist
> rdns-blacklist-file=/var/qmail/spamdyke/rdns-blacklist
> ip-whitelist-file=/var/qmail/spamdyke/ip-whitelist
> rdns-whitelist-file=/var/qmail/spamdyke/rdns-whitelist
> 
> dns-blacklist-entry=zen.spamhaus.org
> dns-blacklist-entry=dnsbl.inps.de
> dns-blacklist-entry=ix.dnsbl.manitu.net
> dns-blacklist-entry=bl.spamcannibal.org
> rhs-blacklist-entry=fresh.spameatingmonkey.com
> #dns-whitelist-entry=list.dnswl.org
> 
> header-blacklist-file=/var/qmail/spamdyke/header-blacklist
> 
> reject-sender=no-mx
> reject-recipient=same-as-sender
> 
> sender-whitelist-file=/var/qmail/spamdyke/sender-whitelist
> sender-blacklist-file=/var/qmail/spamdyke/sender-blacklist
> 
> graylist-dir=/var/qmail/spamdyke/graylist
> graylist-level=always-create-dir
> graylist-min-secs=300
> graylist-max-secs=1814400
> qmail-rcpthosts-file=/var/qmail/control/rcpthosts
> 
> # cat /etc/spamdyke5_smtps.conf
> log-level=verbose
> log-target=syslog
> dns-level=normal
> filter-level=normal
> smtp-auth-level=ondemand-encrypted
> smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true 
> /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
> relay-level=normal
> tls-certificate-file=/var/qmail/control/servercert.pem
> idle-timeout-secs=300
> greeting-delay-secs=0
> #151117he
> tls-level=smtps
> tls-certificate-file=/var/qmail/control/servercert.pem
> max-recipients=20
> policy-url=http://www.shjjv.de/home/spamfilter
> 
> reject-empty-rdns
> reject-ip-in-cc-rdns
> reject-unresolvable-rdns
> ip-in-rdns-keyword-blacklist-file=/var/qmail/spamdyke/rdns-keyword-blacklist
> ip-in-rdns-keyword-whitelist-file=/var/qmail/spamdyke/rdns-keyword-whitelist
> 
> ip-blacklist-file=/var/qmail/spamdyke/ip-blacklist
> rdns-blacklist-file=/var/qmail/spamdyke/rdns-blacklist
> ip-whitelist-file=/var/qmail/spamdyke/ip-whitelist
> rdns-whitelist-file=/var/qmail/spamdyke/rdns-whitelist
> 
> dns-blacklist-entry=zen.spamhaus.org
> dns-blacklist-entry=dnsbl.inps.de
> dns-blacklist-entry=ix.dnsbl.manitu.net
> dns-blacklist-entry=bl.spamcannibal.org
> rhs-blacklist-entry=fresh.spameatingmonkey.com
> #dns-whitelist-entry=list.dnswl.org
> 
> header-blacklist-file=/var/qmail/spamdyke/header-blacklist
> 
> reject-sender=no-mx
> reject-recipient=same-as-sender
> 
> sender-whitelist-file=/var/qmail/spamdyke/sender-whitelist
> sender-blacklist-file=/var/qmail/spamdyke/sender-blacklist
> 
> graylist-dir=/var/qmail/spamdyke/graylist
> graylist-level=always-create-dir
> graylist-min-secs=300
> graylist-max-secs=1814400
> qmail-rcpthosts-file=/var/qmail/control/rcpthosts
> 
> Best regards,
> Arne
> 
> Am 25.11.2015 um 02:51 schrieb Sam Clippinger via spamdyke-users:
>> It's hard to say what the problem might be without more information.  Could 
>> you post your spamdyke config file?  Also, if you use the full-log-dir 
>> option, spamdyke will capture everything that happens into a log file for 
>> each connection, which should show exactly what's going on.
>> 
>> -- Sam Clippinger
>> 
>> 
>> 
>> 
>> On Nov 19, 2015, at 2:41 AM, Arne Metzger via spamdyke-users 
>> <spamdyke-users@spa

Re: [spamdyke-users] Receiving from other Mailservers with StartTLS on port 25 failed

[Sam Clippinger via spamdyke-users]

It's hard to say what the problem might be without more information.  Could you 
post your spamdyke config file?  Also, if you use the full-log-dir option, 
spamdyke will capture everything that happens into a log file for each 
connection, which should show exactly what's going on.

-- Sam Clippinger




On Nov 19, 2015, at 2:41 AM, Arne Metzger via spamdyke-users 
 wrote:

> Hi,
> 
> i am using tls-level = smtp for standard smtp connections (for smtps on port 
> 465 i use a seperate configugartion file with tls-level = smtps)
> 
> Some mails from specific mailservers were not handled by spamdyke, there was 
> just an relaylock entry in maillog, nothing more.
> 
> My hosters support staff also tried to send mail with StartTLS on port 25 and 
> got the same result: relaylock entry and nothing more.
> 
> Spamdyke seems not to offer StartTLS on port 25, thus delivering fails and 
> the sending server does not try to deliver without encryption. So the email 
> ist not delivered at all.
> 
> Has anyone heard about that? Any hints? Or more information needed?
> Using spamdyke 5.0.1 on ubuntu 14.04
> 
> Best regards,
> Arne
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Blocking "Reply-To:" addresses

[Sam Clippinger via spamdyke-users]

I guess so, but remember the wildcarding uses globbing, not regexes.  What I 
mean is: using "?*" is equivalent to just "*".  Also, the line has to contain 
at least one colon or spamdyke won't use it (message headers always use a colon 
to separate the field name from the value).

Why not just use multiple entries in the file?  If either one matches, the 
message will be blocked and it'd be easier to understand:
From: *@skysoft.com
Reply-To: *@skysoft.com

-- Sam Clippinger




On Oct 2, 2015, at 4:34 AM, Philip Rhoades via spamdyke-users 
<spamdyke-users@spamdyke.org> wrote:

> On 2015-10-02 15:42, Philip Rhoades via spamdyke-users wrote:
>> Sam,
>> On 2015-09-26 01:12, Sam Clippinger via spamdyke-users wrote:
>>> The header blacklist file has a different format from the sender
>>> blacklist file, so just copying entries from one to the other won't
>>> work. You need to provide a pattern that matches the line(s) in the
>>> message header -- in your mail client, you should have an option to
>>> "view message source" or "view raw headers" that will show you what it
>>> looks like. In this specific case, you probably want this:
>>> Reply-To: *@skysoft.com [3]*
>>> The format is case insensitive and uses globbing for wildcards, so *
>>> will match multiple characters and [] will match a set or range of
>>> characters, just like the bash command prompt. The filter will ignore
>>> any lines in the file that don't contain a colon. Full details here:
>>> http://www.spamdyke.org/documentation/README.html#HEADERS [4]
>> So if I wanted to block the same address for both From: and Reply-To:
>> I could use:
>>  [fr][re][op][ml].*@skysoft.com
> 
> 
>  [fr][re][op][ml]?*@skysoft.com
> 
> so "*" doesn't repeat only "[ml]" ?
> 
> 
>> ?
>> Thanks,
>> Phil.
>>> For testing, you certainly can use telnet -- I do it all the time.
>>> Just make sure the host you telnet from isn't blocked or whitelisted
>>> for some other reason (most folks whitelist localhost, for example).
>>> -- Sam Clippinger
>>> On Sep 25, 2015, at 1:31 AM, Philip Rhoades via spamdyke-users
>>> <spamdyke-users@spamdyke.org> wrote:
>>>> Sam,
>>>> On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote:
>>>>> Actually, no. The sender-blacklist-* and recipient-blacklist-*
>>>>> filters
>>>>> operate on different data from the header-blacklist-* filters. The
>>>>> reason is because the sender and recipient addresses are given
>>>>> during
>>>>> the SMTP protocol and aren't part of the message itself -- the
>>>>> addresses you see in your mail client are the From and To entries
>>>>> from
>>>>> the message header. The first paragraph here explains in a little
>>>>> more
>>>>> detail:
>>>> http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
>>>>> [1]
>>>>> [1]
>>>> Yes, sorry, I should have realised that . .
>>>>> Put another way, the sender address doesn't have to match the
>>>>> "From"
>>>>> address visible in the mail client -- well-behaved mail clients
>>>>> make
>>>>> them the same, but that's a courtesy and not a requirement. The
>>>>> Reply-To address is part of the message header and, again, is only
>>>>> a
>>>>> convention used by well-behaved clients. If you've ever been Bcc'd
>>>>> on
>>>>> a message, you've seen this in action -- the sender's mail client
>>>>> gave
>>>>> your address as a recipient but didn't put your address on the
>>>>> "To"
>>>>> line in the message header.
>>>> Right, so, some follow up questions: I moved the following from the
>>>> sender-blacklist to the header-blacklist:
>>>> @iskysoft.com [2]
>>>> - first in the conf file then later into a separate
>>>> header-blacklist-file with all the massaged addresses from my old
>>>> setup - but the sender above still seems to be getting through. I
>>>> thought the "@" was supposed to act like a wild card? Am I still
>>>> doing something wrong?
>>>> When I add addresses etc to blacklists etc, is there any way of
>>>> doing a test myself to see that the block is working? Using a telnet
>>>> to port 25 on my qmail server and manually pasting

Re: [spamdyke-users] Blocking "Reply-To:" addresses

[Sam Clippinger via spamdyke-users]

The header blacklist file has a different format from the sender blacklist 
file, so just copying entries from one to the other won't work.  You need to 
provide a pattern that matches the line(s) in the message header -- in your 
mail client, you should have an option to "view message source" or "view raw 
headers" that will show you what it looks like.  In this specific case, you 
probably want this:
Reply-To: *@skysoft.com*
The format is case insensitive and uses globbing for wildcards, so * will match 
multiple characters and [] will match a set or range of characters, just like 
the bash command prompt.  The filter will ignore any lines in the file that 
don't contain a colon.  Full details here:
http://www.spamdyke.org/documentation/README.html#HEADERS

For testing, you certainly can use telnet -- I do it all the time.  Just make 
sure the host you telnet from isn't blocked or whitelisted for some other 
reason (most folks whitelist localhost, for example).

-- Sam Clippinger




On Sep 25, 2015, at 1:31 AM, Philip Rhoades via spamdyke-users 
<spamdyke-users@spamdyke.org> wrote:

> Sam,
> 
> 
> On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote:
>> Actually, no. The sender-blacklist-* and recipient-blacklist-* filters
>> operate on different data from the header-blacklist-* filters. The
>> reason is because the sender and recipient addresses are given during
>> the SMTP protocol and aren't part of the message itself -- the
>> addresses you see in your mail client are the From and To entries from
>> the message header. The first paragraph here explains in a little more
>> detail:
>> http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS
>> [1]
> 
> 
> Yes, sorry, I should have realised that . .
> 
> 
>> Put another way, the sender address doesn't have to match the "From"
>> address visible in the mail client -- well-behaved mail clients make
>> them the same, but that's a courtesy and not a requirement. The
>> Reply-To address is part of the message header and, again, is only a
>> convention used by well-behaved clients. If you've ever been Bcc'd on
>> a message, you've seen this in action -- the sender's mail client gave
>> your address as a recipient but didn't put your address on the "To"
>> line in the message header.
> 
> 
> Right, so, some follow up questions:  I moved the following from the 
> sender-blacklist to the header-blacklist:
> 
>  @iskysoft.com
> 
> - first in the conf file then later into a separate header-blacklist-file 
> with all the massaged addresses from my old setup - but the sender above 
> still seems to be getting through.  I thought the "@" was supposed to act 
> like a wild card?  Am I still doing something wrong?
> 
> When I add addresses etc to blacklists etc, is there any way of doing a test 
> myself to see that the block is working?  Using a telnet to port 25 on my 
> qmail server and manually pasting header lines is not a real test is it?
> 
> Thanks,
> 
> Phil.
> 
> 
>> -- Sam Clippinger
>> On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users
>> <spamdyke-users@spamdyke.org> wrote:
>>> Sam,
>>> On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:
>>>> I'm not entirely sure I understand your question... if the
>>>> Reply-To
>>>> address is always the same, you should be able to block it using
>>>> the
>>>> header blacklist filter.
>>> Ah . . OK - I will try that but doesn't that mean that:
>>> sender-blacklist-entry
>>> is redundant - ie:
>>> header-blacklist-entry
>>> should cover everything?
>>> Thanks,
>>> Phil.
>>>> If you're wanting to compare the Reply-To
>>>> address to the From address or the sender address, spamdyke
>>>> doesn't
>>>> have that ability.
>>> -- Sam Clippinger
>>> On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users
>>> <spamdyke-users@spamdyke.org> wrote:
>>> People,
>>> One variety of spam that is successfully delivered to me has a
>>> different "From:" addresses but the same "Reply-To:" address - I
>>> can't see a way of blocking these mails in the conf file via the
>>> "Reply-To:" address - is it possible?
>>> Thanks,
>>> Phil.
>>> --
>>> Philip Rhoades
>>> PO Box 896
>>> Cowra NSW 2794
>>> Australia
>>> E-mail: p...@pricom.com.au
>>> ___
>>> sp

Re: [spamdyke-users] Blocking "Reply-To:" addresses

[Sam Clippinger via spamdyke-users]

Actually, no.  The sender-blacklist-* and recipient-blacklist-* filters operate 
on different data from the header-blacklist-* filters.  The reason is because 
the sender and recipient addresses are given during the SMTP protocol and 
aren't part of the message itself -- the addresses you see in your mail client 
are the From and To entries from the message header.  The first paragraph here 
explains in a little more detail:
http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS

Put another way, the sender address doesn't have to match the "From" address 
visible in the mail client -- well-behaved mail clients make them the same, but 
that's a courtesy and not a requirement.  The Reply-To address is part of the 
message header and, again, is only a convention used by well-behaved clients.  
If you've ever been Bcc'd on a message, you've seen this in action -- the 
sender's mail client gave your address as a recipient but didn't put your 
address on the "To" line in the message header.

-- Sam Clippinger




On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users 
<spamdyke-users@spamdyke.org> wrote:

> Sam,
> 
> 
> On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote:
>> I'm not entirely sure I understand your question... if the Reply-To
>> address is always the same, you should be able to block it using the
>> header blacklist filter.
> 
> 
> Ah . . OK - I will try that but doesn't that mean that:
> 
>  sender-blacklist-entry
> 
> is redundant - ie:
> 
>  header-blacklist-entry
> 
> should cover everything?
> 
> Thanks,
> 
> Phil.
> 
> 
>> If you're wanting to compare the Reply-To
>> address to the From address or the sender address, spamdyke doesn't
>> have that ability.
> 
> 
>> -- Sam Clippinger
>> On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users
>> <spamdyke-users@spamdyke.org> wrote:
>>> People,
>>> One variety of spam that is successfully delivered to me has a
>>> different "From:" addresses but the same "Reply-To:" address - I
>>> can't see a way of blocking these mails in the conf file via the
>>> "Reply-To:" address - is it possible?
>>> Thanks,
>>> Phil.
>>> --
>>> Philip Rhoades
>>> PO Box 896
>>> Cowra NSW 2794
>>> Australia
>>> E-mail: p...@pricom.com.au
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>> ___
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> 
> -- 
> Philip Rhoades
> 
> PO Box 896
> Cowra  NSW  2794
> Australia
> E-mail:  p...@pricom.com.au
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Blocking "Reply-To:" addresses

[Sam Clippinger via spamdyke-users]

I'm not entirely sure I understand your question... if the Reply-To address is 
always the same, you should be able to block it using the header blacklist 
filter.  If you're wanting to compare the Reply-To address to the From address 
or the sender address, spamdyke doesn't have that ability.

-- Sam Clippinger




On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users 
 wrote:

> People,
> 
> One variety of spam that is successfully delivered to me has a different 
> "From:" addresses but the same "Reply-To:" address - I can't see a way of 
> blocking these mails in the conf file via the "Reply-To:" address - is it 
> possible?
> 
> Thanks,
> 
> Phil.
> -- 
> Philip Rhoades
> 
> PO Box 896
> Cowra  NSW  2794
> Australia
> E-mail:  p...@pricom.com.au
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Weird behavior with TLS and auth-level=always

[Sam Clippinger via spamdyke-users]

I'm having trouble reproducing this problem.  I've tried running spamdyke with 
this config against both patched qmail and my own smtpdummy (in the tests 
folder) and both of them show the AUTH lines in every case.

How did you install qmail?  Is this netqmail or Plesk or QTP or?

-- Sam Clippinger




On Aug 24, 2015, at 11:42 AM, Gary Gendel via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Sam,
 
 Yes I'm on 5.0.1.
 
 I've paired the configuration file down to:
 
 qmail-rcpthosts-file=/var/qmail/control/rcpthosts
 recipient-validation-command=/usr/local/bin/spamdyke-qrv
 reject-recipient=invalid
 max-recipients=5
 idle-timeout-secs=300
 tls-level=smtp-no-passthrough
 tls-certificate-file=/usr/local/etc/ssl/certs/dovecot.pem
 tls-privatekey-file=/usr/local/etc/ssl/private/dovecot.pem
 filter-level=require-auth
 smtp-auth-level=always
 smtp-auth-command=/usr/local/bin/checkpassword-pam -s smtp /bin/true
 
 If I comment out the smpt-auth-level so it uses qmail, I get the STARTTLS, 
 this way I don't.
 
 I'm still trying to figure out the qmail auth failure.  This one is a real 
 head-stratcher.  It's timing out so it looks like the pipe isn't connecting 
 to checkpasswd-pam.  I tried hard-coding the string that was sent (and works 
 fine on external checkpasswd-pam tests) but it still times out.  However, 
 spamdyke's auth works fine which is how I discovered the above problem.
 
 Gary
 
 On 08/24/2015 12:26 PM, Sam Clippinger via spamdyke-users wrote:
 What version of spamdyke are you using?  I fixed a bug related to this in 
 5.0.1... that doesn't mean there isn't another bug, I just want to make sure 
 you're on that version before I spend time chasing a bug that's already 
 fixed. :)
 
 If you are on 5.0.1, could you post your configuration file that shows how 
 to reproduce this?  That'll probably save me quite a bit of time.
 
 -- Sam Clippinger
 
 
 
 
 On Aug 21, 2015, at 1:54 PM, Gary Gendel via spamdyke-users 
 spamdyke-users@spamdyke.org wrote:
 
 Sam,
 
 If I use qmail with smtp auth, then spamdyke announces STARTTLS 
 capabilities, but if I have spamdyke do it then it doesn't.  It's there and 
 works, but it isn't announced in the ehlo response.
 
 gary@abby ~ openssl s_client -starttls smtp -crlf -connect 
 tardis.genashor.com:587 -starttls smtp
 CONNECTED(0003)
 didn't found starttls in server response, try anyway...
 depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, 
 CN = StartCom Certification Authority
 verify return:1
 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, 
 CN = StartCom Class 1 Primary Intermediate Server CA
 
 I'm trying to use spamdyke for auth because qmail auth doesn't seem to work 
 for me.  If I test checkpassword-pam outside it works, but from qmail it 
 just hangs for a few seconds than then fails.  I'll figure it out but I 
 wanted to report this quirk.
 
 Gary
 
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users
 
 
 
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users
 
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Weird behavior with TLS and auth-level=always

[Sam Clippinger via spamdyke-users]

What version of spamdyke are you using?  I fixed a bug related to this in 
5.0.1... that doesn't mean there isn't another bug, I just want to make sure 
you're on that version before I spend time chasing a bug that's already fixed. 
:)

If you are on 5.0.1, could you post your configuration file that shows how to 
reproduce this?  That'll probably save me quite a bit of time.

-- Sam Clippinger




On Aug 21, 2015, at 1:54 PM, Gary Gendel via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Sam,
 
 If I use qmail with smtp auth, then spamdyke announces STARTTLS capabilities, 
 but if I have spamdyke do it then it doesn't.  It's there and works, but it 
 isn't announced in the ehlo response.
 
 gary@abby ~ openssl s_client -starttls smtp -crlf -connect 
 tardis.genashor.com:587 -starttls smtp
 CONNECTED(0003)
 didn't found starttls in server response, try anyway...
 depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, 
 CN = StartCom Certification Authority
 verify return:1
 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, 
 CN = StartCom Class 1 Primary Intermediate Server CA
 
 I'm trying to use spamdyke for auth because qmail auth doesn't seem to work 
 for me.  If I test checkpassword-pam outside it works, but from qmail it just 
 hangs for a few seconds than then fails.  I'll figure it out but I wanted to 
 report this quirk.
 
 Gary
 
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Some stats after a couple of months; NotInFromWhiteList; Calling External Program

[Sam Clippinger via spamdyke-users]

Pretty cool, thanks for reporting that!

At this point, spamdyke doesn't support hooking in external scripts during 
processing.  I very much want to make that happen however, since it would make 
it possible to invoke SpamAssassin or ClamAV within the delivery process.  
That's probably a couple of versions away unfortunately.

-- Sam Clippinger




On Aug 22, 2015, at 5:40 AM, Philip Rhoades via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 People,
 
 Here are some stats after a couple of months of happy Spamdyke usage - 
 thanks!  If I had remembered to set the logrotate number higher I would have 
 had more data but I think the last 31 days is sufficient to illustrate some 
 things:
 
 Total spamdyke lines in maillog files for the last 31 days:   54838
 Total spamdyke ALLOWED lines in maillog files for the last 31 days:   12278 
 (22.4%)
 
 Total spam / phishing messages that were delivered:  165  100%
 Valid To email address:  105   64%
 No To email address:  19   12%
 Undisclosed Recipients:   159%
 Mailer Daemon bounces:138%
 Invalid To email address: 127%
 Valid To email address but NO Subject and NO From: 11%
 
 I could stop the 64% Valid To email address spams if I had a 
 NotInFromWhiteList facility - at the expense of annoying people sometimes 
 with failed messages and them receiving a If you are a real mailer . . note 
 - like my previous Qmail + GreyLite + Ruby script (that was called via 
 qmail-qfilter) setup.
 
 Except for Mailer Daemon bounces ands Valid To email address but NO 
 SUBJECT and NO FROM, I don't even know how the other mails actually get 
 delivered at all . .
 
 I notice the processing that spamdyke does is slower for me to send mail 
 compared to my previous setup - but I guess it is doing more work too . .
 
 Is there any way for me to call a modified version of my old Ruby script from 
 spamdyke as the last bit of processing before allowing an email through?
 
 Thanks again!
 
 Phil.
 -- 
 Philip Rhoades
 
 PO Box 896
 Cowra  NSW  2794
 Australia
 E-mail:  p...@pricom.com.au
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Disable SSLv3 in spamdyke

[Sam Clippinger via spamdyke-users]

I think you can test it by using the openssl client from the command line:
openssl s_client -ssl3 -connect SERVERNAME:PORT
If it connects and you see Protocol: SSLv3, it's not disabled.  If you see 
sslv3 alert handshake failure and it doesn't connect, you're done!

-- Sam Clippinger




On Aug 20, 2015, at 7:28 AM, Alessio Cecchi via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Hi,
 
 I'm running spadyke 5 in front of a Qmail without TLS patch. My Qmail acts 
 only as MX so I'm not interesting into smtp authentication via TLS, but I 
 need TLS to send e receiv encrypted email from others servers.
 
 But my MX also accept SSLv3 and I would like to disable it.
 
 So I inset in spamdyke.conf:
 
 tls-cipher-list=ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL
 
 but I'm not sure if the list of cipher is correct.
 
 Can somebody help me?
 Thanks
 -- 
 Alessio Cecchi
 http://www.linkedin.com/in/alessice
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] deprecation of qmail

[Sam Clippinger via spamdyke-users]

Yep, that sounds familiar.  If you need more reasons, I've also been seeing the 
big DNS packet problem on my own server (but haven't fixed it yet):

https://productforums.google.com/forum/#!msg/apps/mIGTQVZiFxo/ULesU7hOo6wJ
The patch is available here:
http://www.memoryhole.net/qmail/#oversize-dns

-- Sam Clippinger




On Aug 20, 2015, at 8:18 AM, Gary Gendel via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Sam,
 
 I'm convinced  I just spent a day trying to get the qmail package from 
 netbsd-pkgsrc running on OmniOS.  There were messed up dependencies and the 
 installation mixed up the qmail users and group permissions royally.  It 
 ended up being netqmail which wasn't what I expected.  The installation 
 didn't set up the queue properly and it tool me hours to work through most of 
 the issues with this package. Bottom line is that I've decided to remove that 
 package and just take a tarball from my OpenIndiana installation.  If I run 
 into problems it will be easier to build replacement binaries from source.
 
 If you provide spamdyke as a smtp proxy I have no objections.
 
 Gary
 
 
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] 5.0.1 - make warning fscanf on Ubuntu 14.04 LTS

[Sam Clippinger via spamdyke-users]

They're just warnings that I'm not checking the return value of a call to 
fscanf().  fscanf() reads data from a file into one or more variables; its 
return value shows how many variables were assigned.  In the case of those 
lines, I'm using fscanf() to simply skip over any carriage return or newline 
characters at the end of a line and not assigning anything to any variables.  
That's why I'm not checking the return value -- I don't care about the actual 
data, I just want to move forward to the start of the next line.  So the 
warnings are completely harmless.

But I don't like my code to generate warnings, so I'll get it fixed in the next 
version and add Ubuntu 14.04 to my list of test systems.  Thanks for reporting 
this!

-- Sam Clippinger




On Aug 19, 2015, at 5:42 AM, Arne Metzger via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Hi,
 
 i am trying to make spamdyke on ubuntu 14.04. Make show several warnings
 
 ~/spamdyke-5.0.1/spamdyke# ./configure
 checking for gcc... gcc
 checking whether the C compiler works... yes
 checking for C compiler default output file name... a.out
 checking for suffix of executables...
 checking whether we are cross compiling... no
 checking for suffix of object files... o
 checking whether we are using the GNU C compiler... yes
 checking whether gcc accepts -g... yes
 checking for gcc option to accept ISO C89... none needed
 checking how to run the C preprocessor... gcc -E
 checking for grep that handles long lines and -e... /bin/grep
 checking for egrep... /bin/grep -E
 checking for ANSI C header files... yes
 checking for sys/types.h... yes
 checking for sys/stat.h... yes
 checking for stdlib.h... yes
 checking for string.h... yes
 checking for memory.h... yes
 checking for strings.h... yes
 checking for inttypes.h... yes
 checking for stdint.h... yes
 checking for unistd.h... yes
 checking for stdint.h... (cached) yes
 checking sys/inttypes.h usability... no
 checking sys/inttypes.h presence... no
 checking for sys/inttypes.h... no
 checking for sys/types.h... (cached) yes
 checking for stdint.h... (cached) yes
 checking for sys/inttypes.h... (cached) no
 checking whether time.h and sys/time.h may both be included... yes
 checking for int16_t... no
 checking for int32_t... no
 checking for int64_t... no
 checking for uint16_t... no
 checking for uint32_t... no
 checking for uint64_t... no
 checking for dirent.h that defines DIR... yes
 checking for library containing opendir... none required
 checking for struct dirent.d_type... yes
 checking whether DT_WHT is declared... yes
 checking whether S_IFWHT is declared... no
 checking whether INADDR_LOOPBACK is declared... yes
 checking whether to include debugging symbols (for gdb)... no
 checking for strip... strip spamdyke
 checking whether to include excessive debugging output... no
 checking whether to include some debugging output... yes
 checking whether to compile with address sanitizer... no
 checking whether to include configuration tests... yes
 checking if openssl/ssl.h will include without additional include 
 directories... yes
 checking for library containing RSA_sign... -lcrypto
 checking for library containing SSL_library_init... -lssl
 checking for OpenSSL libraries (for TLS support)... yes
 checking for library containing inet_aton... none required
 checking for library containing bind... none required
 checking for library containing inet_ntoa... none required
 checking for library containing getopt_long... none required
 checking whether anonymous inner functions are supported by default... yes
 checking whether struct option is defined in getopt.h... yes
 checking whether GCC diagnostic pragma directives are supported... yes
 checking whether pid_t is an unsigned int or an unsigned long... unsigned int
 checking whether uid_t is an unsigned int or an unsigned long... unsigned int
 checking whether gid_t is an unsigned int or an unsigned long... unsigned int
 checking whether time_t is an int or a long... long
 checking whether int64_ts are supported in a test program... yes
 checking whether printf()/scanf() uses %ld for 64-bit integers... yes
 checking whether __func__ is available... yes
 checking whether socklen_t is available... yes
 checking whether RLIMIT_AS is available... yes
 configure: creating ./config.status
 config.status: creating Makefile
 config.status: creating config.h
 config.status: config.h is unchanged
 
 ~/spamdyke-5.0.1/spamdyke# make
 gcc -Wall -O2 -funsigned-char   -c spamdyke.c
 gcc -E -Wall -O2 -funsigned-char   configuration.c | gcc -Wall -O2 
 -funsigned-char   -x c -c -o configuration.o -
 gcc -Wall -O2 -funsigned-char   -c dns.c
 gcc -Wall -O2 -funsigned-char   -c environment.c
 gcc -Wall -O2 -funsigned-char   -c usage.c
 gcc -Wall -O2 -funsigned-char   -c search_fs.c
 search_fs.c: In function 'search_file':
 search_fs.c:347:15: warning: ignoring return value of 'fscanf', declared with 
 attribute warn_unused_result [-Wunused-result]
 

Re: [spamdyke-users] Spamdyke auth problems resolved

[Sam Clippinger via spamdyke-users]

That's good to know, thanks for posting that info.  I'm always amazed to hear 
people still use Solaris any more... I endured it a few years ago because ZFS 
was worth the pain, but finally had to abandon it because it was impossible to 
get security updates without an enterprise contract.

spamdyke's next version is nearly ready but I'm still running tests.  It fixes 
the recipient validation code in spamdyke-qrv when vpopmail is being used, 
which has increased the number of test scripts to 4-6 million (from about 
200K-300K).  So it's taking a lot longer to test (about 2 weeks straight on 20 
EC2 instances).  They say familiarity breeds contempt, and lately I've become 
very familiar with vpopmail's code, so it's very hard to regard it with 
anything but contempt.  I'll write up a complete rant about it later; for now 
I'll just say I will never install it on a new server again and I'm giving 
serious thought to deleting it from my current server.  If anyone out there has 
vpopmail running on a server where users can edit their own .qmail files inside 
their mail folders, be very very afraid.  Crashes and fork bombs are easy to do 
and cooking up a denial of service attack would probably be simple.  I haven't 
been looking for exploitable holes, but I'm positive they're in there.

Anyway, sadly spamdyke's next version doesn't include any earth-shattering 
features but it does add one small thing -- the ability to block authorization 
attempts unless SSL/TLS is active.  IPv6 is certainly on my radar, but frankly 
I'm far more interested in adding a real proxy mode to spamdyke so it will 
work with other mail servers beyond qmail.  Qmail has become an anachronism and 
I'm convinced it's time to let it go.  If spamdyke can forward connections from 
port 25 to port X while doing all the filtering it does now, it should work 
nicely with just about any other mail server.

-- Sam Clippinger




On Aug 18, 2015, at 12:03 PM, Gary Gendel via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 I use port 22 for non-auth mail and 587 for TLS with auth mail.  On 587 I 
 ended up using postfix because I could never get spamdyke working.  It always 
 failed valid authorizations.
 
 I was putting together a new server and I decided to take another look.  The 
 problem ended up in the checkpassword-pam module on Illumos (Solaris).  
 Illumos (and possibly other Unix derivatives) require that pam has PAM_TTY 
 set before starting a session.  The checkpassword-pam module doesn't do this. 
  I posted a bug report but my solution was to add the following code just 
 before opening the pam session (in pam-support.c).
 
 retval = pam_set_item(pamh, PAM_TTY, /dev/null);
 if (retval != PAM_SUCCESS) {
fatal(Setting PAM_TTY failed: %s, pam_strerror(pamh, retval));
return 1;
 }
 
 I just thought I'd send this information along in case anyone else was having 
 issues with spamdyke authorization.
 
 Sam,
 
 How's the next gen version coming?  Will it support IPv6?
 
 Gary
 
 
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] sorry, that domain isn't in my list of allowed rcpthosts

[Sam Clippinger via spamdyke-users]

I agree.  qmail is rejecting your recipient address because it's not a local 
address and you don't have permission to relay.  If you authenticate first, 
qmail should accept the message.

-- Sam Clippinger




On Aug 9, 2015, at 11:42 AM, Galatis via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Hi,
 You're Not trying to senden local Mail Butter remote mail. 
 Ort Do you expect yoursite.com Server should handle hotmail.com?
 Andreas  
 
 
 
 Wer Rechtschreibfehler findet kann sie behalten.
 
 
  Ursprüngliche Nachricht 
 Von: turgut kalfaoğlu via spamdyke-users spamdyke-users@spamdyke.org 
 Datum: 08.08.2015 9:19 AM (GMT+01:00) 
 An: spamdyke-users@spamdyke.org 
 Betreff: [spamdyke-users] sorry, that domain isn't in my list of allowed 
 rcpthosts 
 
 Hello. On my new PLESK 12 server I'm having no luck either with qmail or
 spamdyke accepting local mail.
 
 Basically TELNET to port 25, or 587, and when I paste  something like:
 
 220 pluto.kalfaoglu.net ESMTP
 HELO  mail.kalfaoglu.net
 MAIL FROM: x...@kalfaoglu.net
 RCPT TO: a...@hotmail.com
 DATA
 From:  x...@kalfaoglu.net
 To: a...@hotmail.com
 Data:  2/2/2016
 Subject: hi..
 
 bla blabla.
 
 250 pluto.kalfaoglu.net
 250 ok
 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
 
 /var/qmail/control/me  contains  pluto.kalfaoglu.net
 rcpthosts  contains pluto.kalfaoglu.net , and kalfaoglu.net
 virtualdomains contains entries like (which I added manually to see if
 they help):
   pluto.kalfaoglu.net:pluto.kalfaoglu.net
   kalfaoglu.net:kalfaoglu.net
   kalfaoglu.com:kalfaoglu.com
 hostname is  pluto.kalfaoglu.com -- tested.
 
 hosts file contains:
 127.0.0.1 localhost
 176.9.64.42pluto.kalfaoglu.netpluto   
 #
 # IPv6
 ::1 ip6-localhost ip6-loopback
 fe00::0 ip6-localnet
 ff00::0 ip6-mcastprefix
 ff02::1 ip6-allnodes
 ff02::2 ip6-allrouters
 ff02::3 ip6-allhosts
 #2a01:4f8:150:822f::2pluto.kalfaoglu.netpluto   
 
 
 Finally /etc/xinetd.d/smtp_psa looks like:
 service smtp
 {
 socket_type = stream
 protocol= tcp
 wait= no
 disable= no
 user= root
 flags= IPv6
 per_source= 4
 cps= 20 5
 instances   = 50
 env = SMTPAUTH=1 POPAUTH=1 SHORTNAMES=1
 server  = /var/qmail/bin/tcp-env
 server_args = -Rt0 /usr/local/bin/spamdyke -f /etc/spamdyke.conf
 /var/qmail/bin/relayloc
 k /usr/sbin/rblsmtpd -r bl.spamcop.net /var/qmail/bin/qmail-smtpd
 /var/qmail/bin/smtp_auth /var/qmai
 l/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
 
 
 And it still won't work..   What else can I try? I'm at my wits end..
 
 Many thanks,
   -turgut
 
 
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Whitelist an IP for the DENIED_RDNS_MISSING error?

[Sam Clippinger via spamdyke-users]

Actually, spamdyke is correct -- that IP does not have a valid reverse DNS 
name.  When I look up 10.221.34.64.in-addr.arpa, no PTR records are returned, 
only one CNAME record: mail.lassosoft.com.  Queries for mail.lassosoft.com also 
return no PTR records, only A records.  This setup is not valid; the best way 
to fix it would be to change the record for 10.221.34.64.in-addr.arpa from a 
CNAME to a PTR with the same value.  I'm guessing whoever created the existing 
record didn't really understand how rDNS works and created a record that seemed 
close enough.

But to answer your question, yes!  It is possible to turn off the rDNS filters 
for just that one IP.  The feature you need is a configuration directory.  
Create a folder structure on the server like this:
/some/path/_ip_/64/34/221
Then create a file in the deepest folder named 10:
/some/path/_ip_/64/34/221/10
In that file, add the lines to turn off the rDNS filters:
reject-empty-rdns=0
reject-unresolvable-rdns=0
Last, add a line to your main spamdyke config file to use the configuration 
directory:
config-dir=/some/path
That should do it!

Full documentation of the configuration directory feature is here:
http://spamdyke.org/documentation/README.html#CONFIGURATION_DIR

-- Sam Clippinger




On Aug 5, 2015, at 7:16 PM, Quinn Comendant via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 We're experiencing blocked email due to a DENIED_RDNS_MISSING error, although 
 the domain PTR records do resolve:
 
  $ dig -x 64.34.221.10 +short
  mail.lassosoft.com.
 
 Error:
 
  2015-08-05 18:56:56.452648500 spamdyke[5681]: DENIED_RDNS_MISSING from: 
 donotre...@lassosoft.com to: u...@example.com origin_ip: 64.34.221.10 
 origin_rdns: (unknown) auth: (unknown) encryption: TLS reason: (empty)
 
 I've seen the recent thread on this where Sam explains that it could be DNS 
 issues 
 (https://www.mail-archive.com/spamdyke-users@spamdyke.org/msg02009.html). 
 
 My question is, can we whitelist an IP for the DENIED_RDNS_MISSING error?
 
 Quinn
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] can spamdyke reject emails with improper from and to fields?

[Sam Clippinger via spamdyke-users]

spamdyke should already be blocking messages to recipients with no domain name 
-- that particular feature is not configurable.  But it doesn't check the To 
line in the message headers by default.  You should be able to block them using 
the header blacklist filter, something like this:
To: *@

As for why the header blacklist filter isn't working for you, it's hard to say 
without more information.  Could you post your configuration file?  Have you 
tried running the config-test feature to look for errors in your configuration? 
 If you could capture a full log (full-log-dir) from one of the connections 
that should be blocked, it would show exactly what spamdyke is doing (or not 
doing) at every step.

-- Sam Clippinger




On Jun 27, 2015, at 11:55 AM, Shane Bywater via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 
 
 --
 
 Message: 1
 Date: Wed, 24 Jun 2015 15:40:10 +
 From: Shane Bywater sh...@apexia.ca
 To: spamdyke-users@spamdyke.org spamdyke-users@spamdyke.org
 Subject: [spamdyke-users] can spamdyke reject emails with improper
   from andto fields?
 Message-ID:
   c2615c1606841d429fe282c972131c7b31f1e...@s11maild020n2.sh11.lan
 Content-Type: text/plain; charset=us-ascii
 
 Hi,
   Does anyone know if spamdyke can reject an email if it contains 
 improper from and to fields (for example no from address)?  I get 
 hundreds of entries daily in the maillog file as shown below and would rather 
 qmail not even try to send a bounce message to such emails.
 
 Jun 24 11:31:15 qmail-queue-handlers[20290]: Handlers Filter before-queue for 
 qmail started ...
 Jun 24 11:31:15 qmail-queue-handlers[20290]: from= Jun 24 11:31:15 
 qmail-queue-handlers[20290]: to=%from_email Jun 24 11:31:15 
 qmail-queue-handlers[20290]: Unable to get sender domain by sender mailname 
 Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by 
 sender mailname Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get 
 sender domain by sender mailname Jun 24 11:31:15 qmail-queue-handlers[20290]: 
 Unable to get sender domain by sender mailname Jun 24 11:31:15 
 qmail-queue-handlers[20290]: Incorrect recipient mailname : %from_email Jun 
 24 11:31:15 qmail: 1435159875.553019 warning: trouble injecting bounce 
 message, will try later
 
   Note:  I'm using spamdyke 5.0.1 on a Plesk 10.4 CentOS 6 server.  BTW 
 thanks to Sam for continuing to develop and improve spamdyke.
 
 Regards,
 Shane Bywater
 
 
 --
 
 Message: 2
 Date: Wed, 24 Jun 2015 11:24:47 -0500
 From: Sam Clippinger s...@silence.org
 To: spamdyke users spamdyke-users@spamdyke.org
 Subject: Re: [spamdyke-users] can spamdyke reject emails with improper
   fromand to fields?
 Message-ID: b47b331a-febc-4a20-9b7a-af7c99945...@silence.org
 Content-Type: text/plain; charset=us-ascii
 
 It can do this in a limited fashion right now.  If the improper To field is 
 always To: %from_email (or something from a known set of bad values), you 
 could use the header blacklist filter to block it.  But at present, there's 
 no way to block a message with a missing header line.
 
 -- Sam Clippinger
 
 
 Hi,
Is there a way to use spamdyke (header blacklist?) to block emails 
 with no domain in the email address (ie. tksofxpwfhc@).  Also, it doesn't 
 seem like the header-blacklist file is even being used by Spamdyke as I have 
 setup my /var/spamdyke/header-blacklist-file to contain Subject: hhh (minus 
 the quotes) and when I send myself an email from an external email address 
 with such the subject line containing hhh it passes through without Spamdyke 
 blocking it.  In my spamdyke.conf file I have 
 header-blacklist-file=/var/spamdyke/header-blacklist-file and it has the same 
 permissions as the other spamdyke files in such a directory.  I also tried 
 entering header-blacklist-entry=Subject: hhh in my spamdyke.conf file but 
 that email was allowed through as well. 
   My sending email address is not whitelisted and there is no spamdyke 
 messages appearing in the maillog file.  What could I be doing wrong?
 
 Regards,
 Shane Bywater
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] can spamdyke reject emails with improper from and to fields?

[Sam Clippinger via spamdyke-users]

It can do this in a limited fashion right now.  If the improper To field is 
always To: %from_email (or something from a known set of bad values), you 
could use the header blacklist filter to block it.  But at present, there's no 
way to block a message with a missing header line.

-- Sam Clippinger




On Jun 24, 2015, at 10:40 AM, Shane Bywater via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Hi,
   Does anyone know if spamdyke can reject an email if it contains 
 improper from and to fields (for example no from address)?  I get 
 hundreds of entries daily in the maillog file as shown below and would rather 
 qmail not even try to send a bounce message to such emails.
 
 Jun 24 11:31:15 qmail-queue-handlers[20290]: Handlers Filter before-queue for 
 qmail started ...
 Jun 24 11:31:15 qmail-queue-handlers[20290]: from=
 Jun 24 11:31:15 qmail-queue-handlers[20290]: to=%from_email
 Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by 
 sender mailname
 Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by 
 sender mailname
 Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by 
 sender mailname
 Jun 24 11:31:15 qmail-queue-handlers[20290]: Unable to get sender domain by 
 sender mailname
 Jun 24 11:31:15 qmail-queue-handlers[20290]: Incorrect recipient mailname : 
 %from_email
 Jun 24 11:31:15 qmail: 1435159875.553019 warning: trouble injecting bounce 
 message, will try later
 
   Note:  I'm using spamdyke 5.0.1 on a Plesk 10.4 CentOS 6 server.  BTW 
 thanks to Sam for continuing to develop and improve spamdyke.
 
 Regards,
 Shane Bywater
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Help me to understand 503 MAIL first

[Sam Clippinger via spamdyke-users]

This is correct, with one small addition -- the MAIL first message is not 
coming from spamdyke.  That message is being generated by qmail, which is why 
spamdyke logs it with DENIED_OTHER.

If you want to figure out exactly what's going on, you could turn on spamdyke's 
full logging to capture the entire session.  It will generate a log file for 
every connection, so you'll have to search to find the one you want, but it'll 
show every byte that goes through and exactly what spamdyke does with it (along 
with plenty of other debugging data).  There is a remote possibility this 
sender's software is sending the MAIL FROM command in a way spamdyke can't 
parse, causing it to eat the input and never send it to qmail, but the full log 
would show it either way.  The option to enable that feature is full-log-dir.

-- Sam Clippinger




On Jun 22, 2015, at 11:32 AM, Angus McIntyre via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 On 2015-06-22 11:55, Alessio Cecchi via spamdyke-users wrote:
 one sender (and only this one) is unable to send email to my users,
 this is the error in spamdyke log:
 Jun 22 05:47:37 mx01 spamdyke[1066]: DENIED_OTHER from:
 i...@domain.net to: j...@domain.com origin_ip: 98.18.75.3 origin_rdns:
 static-98-18-75-3.optusnet.com.au auth: (unknown) encryption: TLS
 reason: 503_MAIL_first_(#5.5.1)
 The sender said that is unable to send email only to me so the
 problem is mine ...
 How can I solve this problem or how can I demonstrate that is a sender 
 problem?
 
 My understanding is that 503 MAIL first occurs when the other side is using 
 badly implemented software that sends SMTP commands out of order.
 
 Normally, the SMTP transaction should go something like (with Spamdyke's 
 responses indented for clarity):
 
   HELO bar.com
 220 baz.com
   MAIL FROM: u...@bar.com
 250 OK
   RCPT TO: u...@baz.com
 250 OK
 
 and so on.
 
 If the other side starts with:
 
   RCPT TO: u...@baz.com
 
 Then Spamdyke will respond:
 
   503 MAIL first (#5.5.1)
 
 In other words, Spamdyke is saying You should have sent the command MAIL 
 first.
 
 I believe that this is what's happening in your case.
 
 From my reading of:
 
https://tools.ietf.org/html/rfc821#page-37
 
 Spamdyke is actually right to do this. A client that leads off with an 
 out-of-order command is not following the SMTP protocol. Because SMTP is a 
 stateful protocol, sending out-of-order commands could lead an MTA to end up 
 in an inconsistent state, and mail could be lost.
 
 I don't know exactly what the other user's client is sending, but from my 
 experimentation it looks most likely that it's sending RCPT before anything 
 else. If it sent another command, such as DATA, or an unrecognized command 
 such as QUUX, Spamdyke would give a different error.
 
 Because this is a fairly fundamental error on the part of the remote client, 
 I would not expect it to be possible to configure Spamdyke to handle this 
 case.
 
 Obviously, if he's able to deliver mail to other destinations, then other 
 MTAs must be more forgiving. Nevertheless, it looks to me as if Spamdyke is 
 following RFC821, and his software is not.
 
 Sam Clippinger can probably confirm whether or not this is the case, and 
 whether there's anything you can do about it. But it looks to me as if the 
 other guy's software is broken, and it's his problem, not yours.
 
 Angus
 
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

[Sam Clippinger via spamdyke-users]

Regex support is on the (rather lengthy) to-do list, but frankly it's not a 
very high priority -- there's a lot of low-hanging fruit that would be of much 
more benefit right now.  Plus, since I'm not one of the 10 people in the world 
who completely understands regexes, I doubt I would actually use them myself; 
I'd rather add globbing support, which I do understand. :)

spamdyke's header filter runs at connection time, as all of its filters do.  If 
a header line matches a blacklisted pattern, the entire message is rejected 
(the sending server receives an error code, qmail never sees the message).

-- Sam Clippinger




On Jun 19, 2015, at 9:09 PM, Philip Rhoades via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Sam,
 
 See inline comments:
 
 
 On 2015-06-20 11:53, Sam Clippinger via spamdyke-users wrote:
 You're correct spamdyke does not support regexes for any of its
 options, but you can use a wildcard in a sender or recipient
 white/blacklist file to match entire domains by prefixing the line
 with an @ symbol. For example:
 @example.com [1]
 
 
 Yep, saw that - is it possible to support regexes in the future?
 
 
 Full documentation here:
 http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS
 [2]
 BUT! Be careful -- the To and From lines in the message header are
 not the same as the sender and recipient. The sender and recipient
 are part of SMTP, the To and From lines are part of the message data
 and are completely unrelated. Think of it this way: when a letter is
 sent through the post office, the name on the outside of the envelope
 tells the postman which mailbox gets the envelope (or where to send it
 back to) but top of the letter inside may have a completely unrelated
 letterhead and salutation. Whenever spamdyke's options/documentation
 refer to a sender or a recipient, it means the name on the outside
 of the envelope. The user never sees those values in their mail client
 unless the sender chooses to use those values in the To and From
 fields. Spammers typically fake all sender/recipient/To/From fields,
 but other software does too for perfectly legitimate reasons (e.g.
 mailing lists, autoresponders).
 
 
 Right.
 
 
 If you want to block based on the To
 and From lines the user sees in their mail client, you should look at
 spamdyke's header blacklist filter:
 http://www.spamdyke.org/documentation/README.html#HEADERS [3]
 
 
 In that case the mail has already been accepted?  When I was using the 
 qmail-qfilter+Ruby script method - my understanding of it at least - was that 
 my Ruby script could process the header and body of the email and exit with a 
 particular error code if the mail was bad and this would terminate the SMTP 
 negotiation with that error message (eg drop the mail silently).  So in this 
 case I was able to look at all the header fields as well as the mail body and 
 do whatever I wanted before accepting the mail.
 
 
 Header filtering doesn't support regexes either, but it does use
 globbing to allow more wildcard options.
 
 
 Right.
 
 Thanks,
 
 Phil.
 
 
 On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users
 spamdyke-users@spamdyke.org wrote:
 People,
 As well as using GreyLite I have done my own thing for many years
 with qmail-qfilter and a Ruby script (it started off as a Ruby
 learning exercise . . ) - anyway for my white and black lists I was
 able to have in the plain text files things like:
 ad...@phillipsfinancial.com.au
 administrator@(booksjournals.com(|.au)|(prix.|)pricom.com.au|qps.com.au)
 adwords-noreply
 america.com
 ecolife
 where if any of those particular regexes appeared in the To: or
 From: or whatever, they could be allowed or blocked or whatever - I
 am guessing that eg the recipient-blacklist-file=FILE only allows
 for full email addresses?
 Thanks,
 Phil.
 --
 Philip Rhoades
 PO Box 896
 Cowra NSW 2794
 Australia
 E-mail: p...@pricom.com.au
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users
 Links:
 --
 [1] http://example.com
 [2] http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS
 [3] http://www.spamdyke.org/documentation/README.html#HEADERS
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users
 
 -- 
 Philip Rhoades
 
 PO Box 896
 Cowra  NSW  2794
 Australia
 E-mail:  p...@pricom.com.au
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Softlimit messages

[Sam Clippinger via spamdyke-users]

IMHO, everyone should delete the softlimit program from their servers 
immediately.  Not that I have a strong opinion on the matter or anything. :)

The softlimit program seems like a good idea -- set an upper limit on the 
amount of RAM a program can use, to guard against memory leaks (but not buffer 
overflows).  In practice however, it causes far far more problems than it 
causes.  When a program hits the limit, it always happens inside a library 
function and not the application itself.  So the user sees strange errors from 
glibc or OpenSSL functions that are never related to memory allocation.  Those 
errors always look like real bugs, because there's never any indication the 
limit was hit.

There's also no way to even estimate how much memory is correct.  Does anyone 
really understand how many libraries a program loads and how much memory they 
need?  spamdyke uses OpenSSL and on some systems, separate libraries for math 
and DNS functions.  Unpatched qmail doesn't use many libraries, but if patches 
have been applied to allow TLS or authentication, it may use many (who uses 
unpatched qmail anyway?).  If vpopmail is in use, it may need MySQL, depending 
on how it was compiled.  If the server is configured to use stack guarding or 
memory profiling, the virtual memory use could be astronomical.  Every guide 
I've ever read says to use trial-and-error to find the lowest value that 
appears to work, then double (or triple) it.  Crazy!

I've spent way way too much time trying to track down bugs that were caused 
by softlimit and I finally reached my own limit this year.  That's why spamdyke 
5.0.1 examines the limits it starts with and, if it can, resets them.  It can't 
undo hard limits set by the ulimit program, but it can (and does) undo 
softlimit.

-- Sam Clippinger




On Jun 20, 2015, at 2:05 PM, Philip Rhoades via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 People,
 
 I played around with the logging verbosity and found if I used debug mode I 
 saw suggestions (commands!?) in the log about remove the softlimit function 
 from the start script for qmail-smtpd - while I was trying to sort out the 
 last bug that was preventing eQmail from working, I did actually do that - is 
 the softlimit function even necessary these days on a lightly loaded server 
 with 8GB RAM?
 
 Thanks,
 
 Phil.
 -- 
 Philip Rhoades
 
 PO Box 896
 Cowra  NSW  2794
 Australia
 E-mail:  p...@pricom.com.au
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] recipient-blacklist-file=FILE with RegExes?

[Sam Clippinger via spamdyke-users]

You're correct spamdyke does not support regexes for any of its options, but 
you can use a wildcard in a sender or recipient white/blacklist file to match 
entire domains by prefixing the line with an @ symbol.  For example:
@example.com
Full documentation here:
http://www.spamdyke.org/documentation/README.html#REJECTING_RECIPIENTS

BUT!  Be careful -- the To and From lines in the message header are not the 
same as the sender and recipient.  The sender and recipient are part of 
SMTP, the To and From lines are part of the message data and are completely 
unrelated.  Think of it this way: when a letter is sent through the post 
office, the name on the outside of the envelope tells the postman which mailbox 
gets the envelope (or where to send it back to) but top of the letter inside 
may have a completely unrelated letterhead and salutation.  Whenever spamdyke's 
options/documentation refer to a sender or a recipient, it means the name 
on the outside of the envelope.  The user never sees those values in their mail 
client unless the sender chooses to use those values in the To and From fields. 
 Spammers typically fake all sender/recipient/To/From fields, but other 
software does too for perfectly legitimate reasons (e.g. mailing lists, 
autoresponders).  If you want to block based on the To and From lines the user 
sees in their mail client, you should look at spamdyke's header blacklist 
filter:
http://www.spamdyke.org/documentation/README.html#HEADERS
Header filtering doesn't support regexes either, but it does use globbing to 
allow more wildcard options.

-- Sam Clippinger




On Jun 19, 2015, at 7:47 PM, Philip Rhoades via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 People,
 
 As well as using GreyLite I have done my own thing for many years with 
 qmail-qfilter and a Ruby script (it started off as a Ruby learning exercise . 
 . ) - anyway for my white and black lists I was able to have in the plain 
 text files things like:
 
 ad...@phillipsfinancial.com.au
 administrator@(booksjournals.com(|.au)|(prix.|)pricom.com.au|qps.com.au)
 adwords-noreply
 america.com
 ecolife
 
 where if any of those particular regexes appeared in the To: or From: or 
 whatever, they could be allowed or blocked or whatever - I am guessing that 
 eg the recipient-blacklist-file=FILE only allows for full email addresses?
 
 Thanks,
 
 Phil.
 -- 
 Philip Rhoades
 
 PO Box 896
 Cowra  NSW  2794
 Australia
 E-mail:  p...@pricom.com.au
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Moving from GreyLite

[Sam Clippinger via spamdyke-users]

I'm not familiar with GreyLite at all, but connection-time means spamdyke 
does its work while the message is still coming into your mail server -- while 
the connection with the sending server is active.  This is as opposed to 
filtering messages in the mail queue, after the remote server is no longer 
connected (and believes the message has been delivered).  The advantage of a 
connection-time filter is the remote server sees the rejection and the spam is 
never stored on your server at all.  Rejecting messages after they've been 
queued requires either sending a bounce message or delivering it to a user's 
Junk folder.

This distinction comes up a lot around qmail regarding recipient validation.  
By itself, qmail does not validate recipients when messages are accepted.  Any 
username at a valid domain is accepted, then bounced later if the address turns 
out to be invalid.  This leads to the problem of backscatter spam -- spammers 
deliberately send messages to invalid addresses and set the from address to 
their intended target.  A qmail server will bounce the message (complete with 
spam or virus) to the victim.  For qmail to validate recipients at connection 
time requires a patch or a filter like spamdyke.

-- Sam Clippinger




On Jun 19, 2015, at 5:21 AM, Philip Rhoades via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 People,
 
 I have been using GreyLite for many years but it hasn't been supported for 
 quite a while - I think it is time to update to SpamDyke . . but I have some 
 questions - first one:
 
 I looked at the SpamDyke web site and it is still not clear to me - it says 
 'connection-time means spamdyke evaluates and rejects spam while the remote 
 server is still delivering it' - does this mean it does it at the TCP / mail 
 envelope level? ie so it would be the same as GreyLite?  GL blocks and forces 
 possibly bad mails to be resent some time later which many spammers don't 
 attempt . .
 
 Thanks,
 
 Phil.
 -- 
 Philip Rhoades
 
 PO Box 896
 Cowra  NSW  2794
 Australia
 E-mail:  p...@pricom.com.au
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Need help for customizing reject message

[Sam Clippinger via spamdyke-users]

Yes, all of the rejection messages can be customized.  Each message is 
controlled by an option that begins with rejection-text.  For example, the 
message you gave can be changed with the option rejection-text-ip-in-cc-rdns. 
 The full list of rejection message options is here:
http://www.spamdyke.org/documentation/README.html#SMTP_ERROR

-- Sam Clippinger




On Jun 12, 2015, at 9:06 AM, Agence Webtao via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Hi everybody,
  
 Do you know a way to customize reject message?
  
 for exemple this one: Refused. Your reverse DNS entry contains your IP 
 address and a country code.
  
 I run spamdyke with Qmail on CentOS.
  
 I will appreciate any help, thanks :-)
  
 Lénaïc
  
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Log helo with log-level=info

[Sam Clippinger via spamdyke-users]

At present, spamdyke does not log the HELO name and there's no easy way to 
configure it to do so.  I've been intending to make the logging more 
configurable to allow admins to capture information like this (and also the 
Subject or other headers) but haven't gotten it done yet.  Hopefully I'll be 
able to add it soon.

-- Sam Clippinger




On Jun 12, 2015, at 4:42 AM, Alessio Cecchi via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Hi,
 
 I'm running spamdyke 5.0.1 and works very well, but I have a request.
 
 Can spamdyke log the helo sent from the remote server? For example:
 
 spamdyke[10250]: ALLOWED from: newslet...@domain.com to: ales...@domain.it 
 origin_ip: 85.11.212.124 origin_rdns: eg-c-7-124.domain.net helo: 
 mx.domains.com auth: (unknown) encryption: (none) reason: 
 250_ok_1434101245_qp_10301
 
 see  helo: mx.domains.com.
 
 The helo is usefull but also mandatory if you want to send your log as feed 
 to DNSBL organizations to improve their spam detection (and this would be a 
 benefit for all users).
 
 Can the helo add via configuration or require some coding?
 
 -- 
 Alessio Cecchi
 http://www.linkedin.com/in/alessice
 
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Just tried 5.0.1 but something is still missing

[Sam Clippinger via spamdyke-users]

Anything's possible hard to say.  Could you post your config file?  Have 
you tried running the config-test command?

-- Sam Clippinger




On May 19, 2015, at 12:49 AM, Les Fenison via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 I finally got around to installing version 5.0.1 and then with excitement I 
 did a telnet to port 25 and typed ehlo hoping to see that long awaited 
 250-STARTTLS and... it wasn't there.
  
 Did I miss something in the configuration switches or settings? 
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

[spamdyke-users] New version: spamdyke 5.0.1

[Sam Clippinger via spamdyke-users]

spamdyke lives!

spamdyke version 5.0.1 is now available:
http://www.spamdyke.org/

This version fixes a ton of bugs, including a number of access violations that 
can lead to crashes.  Most importantly, the recipient validation feature now 
works correctly (and has been exhaustively tested).

Version 5.0.1 is backwards-compatible with version 5.0.0; simply replacing the 
old binary with the new one should be safe.

-- Sam Clippinger




___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Segfault in spamdyke (libc-2.14.1.so) since use of version 5 | *** glibc detected *** /usr/local/bin/spamdyke: double free or corruption (fasttop):

[Sam Clippinger via spamdyke-users]

Wow Gentoo, really? Every time I consider Gentoo, I start getting flashbacks of installing Slackware 1.2 from floppy disks back in the elder days. Nevertheless, I tried installing Gentoo to try to duplicate your environment and gave up about halfway through the install guide... I can't remember how far I got, but it was one of the pages in the low 500's, I think. :)Anyway, I've spent the last couple days hunting bugs and I've found a few that might be responsible for these errors. Could you try applying this patch and see if it resolves the segfaults? It should apply cleanly to spamdyke 5.0.0:	cd /path/to/src/spamdyke-5.0.0	patch -p1  spamdyke-5.0.0-segfault.patch	makeThen install the new binary over the old one.If this doesn't fix your crashes, at least it'll fix a lot of other potential ones!

spamdyke-5.0.0-segfault.patch
Description: Binary data

-- Sam Clippinger

On Apr 9, 2015, at 11:05 PM, Konstantin via spamdyke-users spamdyke-users@spamdyke.org wrote:Hi Everyone!On a virtual gentoo server I currently have:ebuild: dev-libs/openssl-1.0.1l-r1OpenSSL 1.0.1l 15 Jan 2015ebuild: sys-devel/gcc-4.8.4gcc (Gentoo 4.8.4 p1.4, pie-0.6.1) 4.8.4ebuild: sys-libs/glibc-2.20-r2glibc 2.20ebuild: sys-kernel/gentoo-sources-3.17.7custom build kernel 3.17.7-gentoo-domUNot sure about /etc/xinetd.d/smtps_psa since I don't have it but unning process looks like this:10821 ? S 4:07 /usr/bin/tcpserver -p -v -R -x /etc/tcprules.d/tcp.qmail-smtp.cdb -c 40 -u 201 -g 200 0.0.0.0 smtp spamdyke -f /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpd /var/vpopmail/bin/vchkpw /bin/trueLet me know if I can provide you something more relevant, Sam.-- BR,KonstantinOn 2015-04-09 20:27, Sam Clippinger via spamdyke-users wrote:I've been looking through the many log files you sent, thank for beingso thorough! From what I can see in the files you and Konstantin havesent, it looks like the problem lies somewhere in the TLS/SSL cleanuproutine. In your log files, all of the crashes seem to happen justafter a client fails to connect with SMTPS due to a cipher negotiationproblem. There are only four different OpenSSL error codes beinglogged, which translate as: error:1406B0CB:SSL routines:GET_CLIENT_MASTER_KEY:peer error nocipher error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number error:1409442E:SSL routines:SSL3_READ_BYTES:tlsv1 alert protocolversionThose appear to be the only connections that are crashing, otherconnections that successfully negotiate their TLS/SSL sessions seem tobe fine.I haven't had any success in reproducing this bug yet, but I'm stillworking on it. I'm curious about some of the versions on your serverthough -- could you send me the version numbers of OpenSSL, gcc andthe kernel you're running? Could you also send me your/etc/xinetd.d/smtps_psa file (the one that starts spamdyke for SMTPS)?I'd like to see how it's being started so I can try to simulate it.Thanks!-- Sam ClippingerOn Apr 7, 2015, at 5:44 PM, Dirk via spamdyke-usersspamdyke-users@spamdyke.org wrote:Dear Sam,at first thank you for glorious work with spamdyke! I'm using itsinceseveral years and it's very helpful to me.At 30th march 2015 I've done an upgrade to version 5 (previous: last4version). Since then I often get a segfault in spamdyke:Tue Apr 7 12:05:19 2015] spamdyke[13607]: segfault at 14 ip7f60ce1e3ba8 sp 7fff6bac3ce0 error 4 inlibc-2.14.1.so[7f60ce19b000+187000][Tue Apr 7 12:16:20 2015] spamdyke[13959]: segfault at 14 ip7fe1145bdba8 sp 7fffa6426b90 error 4 inlibc-2.14.1.so[7fe114575000+187000][Tue Apr 7 12:47:31 2015] spamdyke[15309]: segfault at 14 ip7f9971e49ba8 sp 7fffa03aad20 error 4 inlibc-2.14.1.so[7f9971e01000+187000][Tue Apr 7 15:30:51 2015] spamdyke[21795]: segfault at 14 ip7fb0cac66ba8 sp 7fff209aa400 error 4 inlibc-2.14.1.so[7fb0cac1e000+187000][Tue Apr 7 16:13:02 2015] spamdyke[23130]: segfault at 14 ip7f47bd14eba8 sp 7fff5b5fd1e0 error 4 inlibc-2.14.1.so[7f47bd106000+187000][Tue Apr 7 17:22:50 2015] spamdyke[26691]: segfault at 14 ip7f24e499bba8 sp 7fff0cbd2060 error 4 inlibc-2.14.1.so[7f24e4953000+187000][Tue Apr 7 22:37:46 2015] spamdyke[6768]: segfault at 14 ip7fcd7c1ffba8 sp 7fff0fd874f0 error 4 inlibc-2.14.1.so[7fcd7c1b7000+187000][Tue Apr 7 22:37:48 2015] spamdyke[6775]: segfault at 1a ip7fb2f498eba8 sp 7fff6f12c380 error 4 inlibc-2.14.1.so[7fb2f4946000+187000][Tue Apr 7 22:37:49 2015] spamdyke[6780]: segfault at 1a ip7f4e9ee6fba8 sp 7fff517bbbd0 error 4 inlibc-2.14.1.so[7f4e9ee27000+187000][Tue Apr 7 22:38:11 2015] spamdyke[6764]: segfault at c ip7ffc08375ba8sp 7fff0c363ba0 error 4 in libc-2.14.1.so[7ffc0832d000+187000][Tue Apr 7 23:15:12 2015] spamdyke[10219]: segfault at 14 ip7ff1e6e54ba8 sp 7fffad8b0870 error 4 inlibc-2.14.1.so[7ff1e6e0c000+187000][Tue Apr 7 23:30:42 2015] spamdyke[10658]: segfault at 14 ip7f7e5db7eba8 sp 7fff00aa9eb0 error 4 inlibc

Re: [spamdyke-users] TLS problems

[Sam Clippinger via spamdyke-users]

Yes you did and I'm sorry I didn't find a solution then.  Having more available 
time now, I'd like to take another shot.

Looking over the logs you sent me last year, I believe the crashes you were 
seeing are different from the ones reported earlier this week.  In the 
spamdyke.conf file you sent, you're using the ip-relay-file option and I think 
it's very likely spamdyke is crashing while trying to parse that file.  If you 
still have it, could you send me that file so I can test against it?

-- Sam Clippinger




On Apr 10, 2015, at 1:49 PM, Steve Cole via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 On 2015-04-10 02:52 AM, Les Fenison via spamdyke-users wrote:
 I am running spamdyke version 5.0.0+TLS+CONFIGTEST+DEBUG with Plesk's qmail 
 and trying to do TLS.
  
 I don't know what I am doing so please correct me if I am debugging this 
 wrong...   Using openssl to verify the connection, it seems to connect OK 
 but email clients claim that starttls is not supported. 
  
 From the command line I see this which tells me it actually is working 
 except for the second line.  Is this normal?
  
 
 I reported these problems over a year ago.  Just FYI.
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Vesrion 5.0.0 reject-sender=no-mx overriding based on source IP address

[Sam Clippinger via spamdyke-users]

I think I found the problem here.  It's definitely a bug in the configuration 
parsing code!  Options that can take multiple pre-defined values like 
reject-sender are cumulative -- they only add more values, they don't subtract. 
 So when spamdyke finds none in the configuration directory, it adds none 
to the existing value of no-mx.  Since none has a value of zero, nothing 
happens.  Trying to unset no-mx by using a value of !no-mx doesn't work 
either.

But simply clearing the value seems to work fine.  So for now, I'd suggest 
changing the 1 file in your configuration directory to use this line instead:
reject-sender=!!!
That will reset the reject-sender option to zero (none), which is what you 
want.  I'll include a real fix for this in the next version.

Still trying to find the segfault, that's a deeper rabbit hole...

-- Sam Clippinger




On Apr 8, 2015, at 12:35 AM, Konstantin via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Hi Everyone,
 
 On Apr 6, 2015, at 12:45 AM, Konstantin via spamdyke-users
 spamdyke-users@spamdyke.org wrote:
 Hi Sam,
 Thank you very much for what you are doing. I'm testing spamdyke
 5.0.0 now and I found spamdyke-qrv feature very useful. Sometimes it
 crashes, but still usable. :)
 I'm trying to make some exceptions for emails that comes from a
 certain IP subnets using
 config-dir=/etc/spamdyke/config.d
 mail spamdyke # cat /etc/spamdyke/config.d/_ip_/10/1
 reject-empty-rdns=0
 reject-sender=none
 And it doesn't seem working for me. Did I missed something?
 
 On 2015-04-07 18:06, Sam Clippinger via spamdyke-users wrote:
 It's hard to say without more information. From what you've shown, it
 looks like the reject-empty-dns and reject-sender filters should be
 deactivated for any connections from 10.1.x.x. But if that's not
 working, could you post your full config and some log messages? I'd
 also suggest running the config-test feature to look for problems;
 sometimes it's as simple as permissions on a folder.
 
 You are correct. Instead of creating MX records and resolvable PTR records 
 for every local server I'm just trying to skip these checks when connecton 
 comes from a certain IP addresses.
 
 My current spamdyke configuration is:
 ---
 log-level=verbose
 tls-certificate-file=/var/qmail/control/servercert.pem
 graylist-level=always
 graylist-dir=/var/tmp/spamdyke/graylist
 graylist-exception-ip-file=/etc/spamdyke/graylist-exception-ip-file
 graylist-exception-rdns-file=/etc/spamdyke/graylist-exception-rdns-file
 graylist-max-secs=3369600
 graylist-min-secs=50
 reject-empty-rdns
 reject-unresolvable-rdns
 reject-sender=no-mx
 rejection-text-recipient-same-as-sender
 rhs-blacklist-entry=sbl-xbl.spamhaus.org
 greeting-delay-secs=0
 max-recipients=100
 connection-timeout-secs=1800
 idle-timeout-secs=120
 config-dir=/etc/spamdyke/config.d
 rdns-blacklist-file=/etc/spamdyke/rdns-keyword-blacklist-file
 ip-blacklist-file=/etc/spamdyke/ip-blacklist-file
 reject-recipient=invalid
 recipient-validation-command=/usr/local/bin/spamdyke-qrv
 ---
 
 I don't think that file/directory permissions issue happens in my case. As 
 long as I'm seeing from excessive logs spamdyke reads the change:
 
 DEBUG(process_config_dir()@configuration.c:4469): searching for config dir at 
 /etc/spamdyke/config.d/_ip_
 DEBUG(process_config_dir()@configuration.c:4496): searching for config file 
 or dir at /etc/spamdyke/config.d/_ip_/10/1/5/4
 DEBUG(process_config_dir()@configuration.c:4496): searching for config file 
 or dir at /etc/spamdyke/config.d/_ip_/10/1/5
 DEBUG(process_config_dir()@configuration.c:4496): searching for config file 
 or dir at /etc/spamdyke/config.d/_ip_/10/1
 DEBUG(process_config_dir()@configuration.c:4509): reading configuration file: 
 /etc/spamdyke/config.d/_ip_/10/1
 EXCESSIVE(process_config_file()@configuration.c:4351): set configuration 
 option reject-empty-rdns from file /etc/spamdyke/config.d/_ip_/10/1, line 1: 0
 EXCESSIVE(process_config_file()@configuration.c:4351): set configuration 
 option reject-sender from file /etc/spamdyke/config.d/_ip_/10/1, line 2: none
 
 I'll send you my excessive log output personally if you have a time to look 
 at it.
 
 -- 
 BR,
 Konstantin
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] DENIED_RDNS_RESOLVE Question

[Sam Clippinger via spamdyke-users]

The error DENIED_RDNS_RESOLVE means spamdyke found an rDNS name, but the name 
it found doesn't forward-resolve to an IP address (any IP address).  So even 
though compxroads.com has an IP, m1.compxroads.com does not, so spamdyke 
rejected it.

-- Sam Clippinger




On Mar 24, 2015, at 4:03 PM, Denny Jones via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Hello,
 
 Here's the log entry I'm getting:
 
 Mar 24 08:16:09 michael spamdyke[12081]: DENIED_RDNS_RESOLVE from: 
 em...@domina.com to: ema...@domina2.com origin_ip: 173.10.76.81 origin_rdns: 
 m1.compxroads.com auth: (unknown) encryption: TLS reason: (empty)
 
 Seems like it shouldn't list a domain if it can't resolve t he RDNS. I'm I 
 missing something here?
 
 NOTE: If I do a reverse look up on 173.10.76.81 I get: compxroads.com
 
 Is the error because the origin RDNS is m1.compxroads.com?
 
 Thanks,
 Denny
 
 
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Spamdyke answers with incomplete SMTP message

[Sam Clippinger via spamdyke-users]

You're quite correct -- this is a bug in version 5.0.0.  I've got it fixed in 
the next version, hopefully to be released very soon.

-- Sam Clippinger




On Feb 2, 2015, at 1:38 PM, Heiko Bornholdt via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Hi,
 
 I’m trying to replace my Spamdyke 4.3 with 5.0. I want to disable SSLv3 
 because of POODLE.
 
 I’m using Ubuntu 12.04 LTS and have Spamdyke compiled from source without any 
 special configuration.
 
 root@andromeda:~# spamdyke --version
 spamdyke 5.0.0+TLS+CONFIGTEST+DEBUG (C)2014 Sam Clippinger, samc (at) 
 silence (dot) org
 http://www.spamdyke.org/
 
 This is my run-script:
 root@andromeda:~# cat /etc/service/qmail-relay-submit/run
 #!/bin/sh
 QMAILUID=`id -u qmaild`
 NOFILESGID=`id -g qmaild`
 exec tcpserver -v -HPR -u $QMAILUID -g $NOFILESGID 0 587 spamdyke -f 
 /etc/spamdyke-587.conf /usr/sbin/qmail-smtpd 21
 
 
 I have problems with submitting messages via SMTP. I have debugged the 
 problem with swaks and tcpdump, and so I have discovered, that with my 
 configuration Spamdyke is sending incomplete SMTP answers.
 
 From my local computer I run:
 [heiko@dhcp-172-21-37-9 ~]$ swaks -t he...@bornholdt.it -f 
 he...@andromeda.bornholdt.it --server andromeda.bornholdt.it:587 --auth 
 --auth-user=heiko
 Password: s3cr3t
 === Trying andromeda.bornholdt.it:587...
 === Connected to andromeda.bornholdt.it.
 -  220 andromeda.bornholdt.it ESMTP
 - EHLO dhcp-172-21-37-9.wlan.uni-hamburg.de.local
 ** Timeout (30 secs) waiting for server response
 - HELO dhcp-172-21-37-9.wlan.uni-hamburg.de.local
 -  250 andromeda.bornholdt.it
 *** Host did not advertise authentication
 - QUIT
 -  221 andromeda.bornholdt.it
 === Connection closed with remote host.
 
 And on the server:
 root@andromeda:~# tcpflow -i any -C -e port 587
 tcpflow[9428]: listening on any
 220 andromeda.bornholdt.it ESMTP
 
 EHLO dhcp-172-21-37-9.wlan.uni-hamburg.de.local
 
 250-andromeda.bornholdt.it
 
 250-PIPELINING
 250-8BITMIME
 250-AUTH LOGIN PLAIN
 250-STARTTLS
 
 
 Nothing happens for 30 seconds and then the client aborts because of a 
 timeout.
 
 My configuration:
 root@andromeda:~# cat /etc/spamdyke-587.conf
 log-level=verbose
 log-target=stderr
 smtp-auth-level=always
 smtp-auth-command=/usr/bin/checkvpw /usr/local/bin/heiko-smtp-auth-logger 
 maildir
 hostname-file=/var/lib/qmail/control/me
 tls-level=smtp
 tls-certificate-file=/etc/qmail/servercert.pem
 tls-privatekey-file=/etc/qmail/servercert.pem
 tls-cipher-list=kEDH:AESGCM:HIGH:+MEDIUM:TLSv1:+ALL:!RC4:!SEED:!IDEA:!RC2:!3DES:!DES:!MD5:!DSS:!aNULL:!eNULL:!ECDSA:!ECDH:!PSK:!SRP
 tls-dhparams-file=/etc/ssl/private/dhparam2048.pem
 qmail-morercpthosts-cdb=/var/lib/qmail/control/morercpthosts.cdb
 qmail-rcpthosts-file=/dev/null
 
 
 Log:
 root@andromeda:~# cat /var/log/qmail/qmail-relay-submit/current | tai64nlocal
 2015-02-02 18:33:29.206085500 tcpserver: status: 1/40
 2015-02-02 18:33:29.206143500 tcpserver: pid 11591 from 134.100.17.1
 2015-02-02 18:33:29.212386500 tcpserver: ok 11591 
 static.199.121.76.144.clients.your-server.de::::144.76.121.199:587 
 ::::134.100.17.1::57359
 2015-02-02 18:33:29.213511500 spamdyke[11591]: 
 ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable nameserver 
 found: 2a01:4f8:0:a111::add:9898
 2015-02-02 18:33:29.213579500 spamdyke[11591]: 
 ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable nameserver 
 found: 2a01:4f8:0:a102::add:
 2015-02-02 18:33:29.213609500 spamdyke[11591]: 
 ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable nameserver 
 found: 2a01:4f8:0:a0a1::add:1010
 2015-02-02 18:33:59.323577500 tcpserver: end 11591 status 0
 2015-02-02 18:33:59.323578500 tcpserver: status: 0/40
 
 I think, the problem is, that the server will send “250-STARTTLS” and not 
 “250 STARTTLS” (missing hyphen). So the client thinks, that the message is 
 not complete and waits for the next line.
 
 Best regards,
 Heiko
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Problems Using spamdyke-qrv With Aliases In Alias Domain

[Sam Clippinger via spamdyke-users]

This is correct -- spamdyke-qrv has a bug that doesn't correctly validate 
forward addresses that are not hosted locally.  I hope to have a new version of 
spamdyke available very soon that will fix this problem (and several others).  
Just need to get all the test scripts to run successfully...

-- Sam Clippinger




On Jan 10, 2015, at 9:40 AM, Martin H. Sluka via spamdyke-users 
spamdyke-users@spamdyke.org wrote:

 Hi Konstantin,
 
 I have difficulties using spamdyke-qrv in combination with aliases
 on aliased domains with vpopmail. For example when I'm creating a
 new domain original-domain.com with alias domain alias-domain.com
 and then after creating forward al...@original-domain.com I expect
 to be receiving email on al...@alias-domain.com as well. But
 spamdyke-qrv filters it. :(
 
 maybe it's the bug explained here:
 http://comments.gmane.org/gmane.mail.spam.spamdyke.user/4055
 
 At least, this one caused trouble at our site in connection with
 forwardings to remote addresses in .qmail files.
 
 Any ideas how to fix it?
 
 The following patch works for me as a workaround:
 
 --- spamdyke-5.0.0/spamdyke-qrv/validate-qrv.c  2014-01-27 23:28:00.0 
 +0100
 +++ spamdyke-5.0.0/spamdyke-qrv/validate-qrv.c.patched  2014-12-30 
 01:30:37.405723118 +0100
 @@ -1247,14 +1247,8 @@
 
   break;
 case 47:
 -  if (((return_value = validate(current_settings, 
 qmail_lines[current_line] + ((qmail_lines[current_line][0] == 
 QMAIL_FORWARD_START_CHAR) ? 1 : 0), (qmail_lines[current_line][i] == '@') ? 
 (i - 1) : i, (qmail_lines[current_line][i] == '@') ? 
 (qmail_lines[current_line] + i + 1) : , forwarded + 1)) == DECISION_VALID) 
 ||
 -  (return_value == DECISION_ERROR))
 -continue_processing = 0;
 -  else
 -{
 -current_line++;
 -current_step = 37;
 -}
 +  return_value = DECISION_UNKNOWN;
 +  continue_processing = 0;
 
   break;
 default:
 
 That is, instead of trying to recursively resolve aliases,
 I just consider their status as unknown, which lets spamdyke
 accept messages by default.
 
 If that does not work for you, please send the output of
 spamdyke-qrv -vv alias-domain.com alias to the list
 (assuming that you have configured and compiled spamdyke-qrv
 --with-excessive-output).
 
 Regards,
 Martin
 
 -- 
 ___ _
 Martin H. Sluka  \ mailto:mar...@sluka.de /   ASCII ribbon ( )
 Breite Straße 3   \ tel +49-700-19751024 /  campaign - against  X
 D-90552 Röthenbach \-- http://unf.ug ---/  HTML email  vcards / \
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users