Since spamdyke runs on an unmodified qmail setup, it seems that a good
addition would early detection of non-existing users. This will fix the
backscatter problem that is inherent with qmail by rejecting email
before queuing rather than bouncing them.
http://en.wikipedia.org/wiki/Backscatter_%
have pulled
a few converts to the spamdyke fold.
I guess the next piece of the puzzle with be ipv6 support. Of course
that means that the rbl sites need to support this in a consistent fashion.
Gary
On 4/27/12 2:05 PM, Eric Shubert wrote:
> On 04/27/2012 10:54 AM, Gary Gendel wrote:
>>
Are you sure that there is nothing already bound to port 25?
On 6/14/12 6:26 AM, Doug Eggleton wrote:
Currently trying to get Spamdyke configured on Plesk 10.4/Qmail . It
works on port 587 but not port 25. Instead we get error messages
saying "The server responded: spamdyke 4.2.0+TLS+CONFIGTE
On 7/6/12 10:20 AM, Mark Frater wrote:
> Hi guys,
>
> Has there been any further developments / discussions in getting Spamdyke to
> run as a daemon or similar method in order to get it to work with other
> MTA's such as Postfix?
>
> Qmail is seriously long in the tooth and no longer maintained and
On 7/11/12 1:50 PM, Eric Shubert wrote:
> On 07/11/2012 10:40 AM, BC wrote:
>> On 7/11/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote:
>>> I've disabled graylisting on a few domains that are sensitive to timely
>>> delivery. They haven't complained about any increase in spam. You might
>>
On 7/12/12 1:18 PM, BC wrote:
> On 7/12/2012 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote:
>> I use an internal caching DNS server as a DNS forwarder for spamdyke's
>> dns requests. This way I only need to query outside once, and
>> subsequent spam bursts from the same server are rejected b
I'm in the same situation as you. The only reason I decided to move from
djbdns is because it doesn't handle IPV6 without patching. Since my ISP
has started providing IPV6, and saw that unbound was already in
OpenIndiana's repository, I figured that this is the time to see if was
an appropriate
On 7/28/12 1:09 AM, Eric Shubert wrote:
> A potential problem just occurred to me though. QMT uses the (preferred
> default) submission port 587, and includes a qmail-smtpd patch which
> forces authentication (export REQUIRE_AUTH=1). While spamdyke wouldn't
> typically be used on the submission por
On 9/17/12 7:34 AM, emailitis.com
wrote:
Thanks
for that help Gary,
My
whitelist_rdns does not have any entries. Can you tell me
what we should put in that? Is it a single line:
Behalf Of Gary Gendel
Sent: 17 September 2012 13:33
To: spamdyke users
Subject: Re: [spamdyke-users] How best to
whitelist rejected emails
On 9/17/12 7:34 AM, emailitis.com
Kevin,
Qmail looks for the environment variable RELAYCLIENT, if that is
set, then qmail will happily relay.
My guess is that something upstream or downstream from spamdyke is
doing the dirty deed. For example, if you use tcpserver, check
it's
On 02/08/2013 11:10 AM, Eric Shubert wrote:
> I've received a malicious spam from the following address:
> Received: from unknown (HELO 74-142-212-17.dhcp.insightbb.com)
> (74.142.212.17)
>
> I'm a little surprised that the address hasn't been blacklisted, being
> an apparent dynamic address. I'm
On 02/08/2013 01:19 PM, Eric Shubert wrote:
>
> On 02/08/2013 10:16 AM, Lutz Petersen wrote:
>> Again:
>>
>> It is a very _bad_ idea to block hosts with the keyword dhcp in the rdns
>> name.
>> A lot of static hosts (hostingcenter etc.) have this keyword in their rdns
>> and
>> they all are stati
I do something similar for my ip blacklist. I have a honeypot that, if
it receives email. it adds the sender's ip to the blacklist with a
timestamp in a preceding comment. If I get another email from that
server, it just updates the comment so the expiration gets extended. I
run a nightly cr
ad of make but it should be easy to figure out what needs
to be done from the included Jamfile.
Feel free to use it, modify it, or throw it away as needed. :)
Gary
On 03/26/2013 11:05 AM, Denny Jones wrote:
Interesting concept. Care to share your script?
-Original Message-----
From: G
Sam,
Any plans to release your work to reject invalid users in Spamdyke to
prevent backscatter? This would be the (hopefully) the last needed
piece of the system for me.
Gary
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spa
Hi all,
Anyone else see a growing number of spam that just breezes through
spamdyke and spamassassin?
They are short (<10 lines of content), emails that contain shortened
URLs in them. An interesting thing is that many come from machines with
common domain prefixes. For example:
cars.kevina
Sam,
I just started playing with your hunter-seeker script. Is there a
repository where the latest hunter-seeker filters can be downloaded? I
don't know how often you and others update them, but new filters would
be a nice thing to share. Also, any unblacklistable domains that have
been coll
x27;ve added when people
> have been blocked accidentally.
>
> -- Sam Clippinger
>
>
>
>
> On Aug 13, 2013, at 8:39 AM, Gary Gendel wrote:
>
>> Sam,
>>
>> I just started playing with your hunter-seeker script. Is there a
>> repository where the l
... is the setup I've been using.
In my configuration, I relegate Spamassassin to a couple of useful
blacklists I wouldn't use with spamdyke. These are a bit less accurate
so they need a more soft failure than spamdyke's go/no-go approach.
What really adds to the game is the scan the body con
Did you set "dns-server-ip" in your spamdyke.conf file? If so, it it
pointing to the right server?
On 08/23/2013 04:58 AM, JP Kelly wrote:
> I am using spamdyke 4.3.1+TLS+CONFIGTEST+DEBUG+MYSQL[haggybear.de]
> On Plesk 11 CentOS 5
> All of the reverse DNS entries show up as unknown even though I
Sam,
I suppose that all rejects are sent back as temporary failures. Is it
possible to select specific ones and send back as permanent? For
example, I have two spam sites that pound my server daily over several
years. Do you think sending back permanent errors will dissuade these
sites or a
On 10/21/2013 01:48 PM, Sam Clippinger wrote:
I have some good news and some bad news...
The good news: spamdyke version 5.0.0 is done, tested and ready. The
biggest new feature is recipient validation -- spamdyke uses the
qmail's configuration files and duplicates qmail's logic to determine
Well sort of...
With ZFS this happens automatically because the file information is
cached in the ARC RAM unless forced out. I'm currently running a 91%
cache hit rate on this server which runs file, web, streaming, and mail
services. It's running OpenIndiana (hipster) and has 4G RAM with 4
Prefetch is evil and is disabled by default in illumos based
distributions (in newer versions it is enabled for scrubs since these
are sequential in nature and can get a performance boost). I'm talking
about the Adaptive Replacement Cache (ARC). This uses various metrics
such as lru to determ
It's my understanding (which may be faulty) that spamdyke always creates
a 0 byte file the first time it gets mail from the domain. When it sees
another email from that domain (after the prerequisite graylist-min-secs
delay) then it puts the sending server into the file and allows the mail
to
Faris,
I thought there was a spamdyke flowchart somewhere, but my mind must be
playing tricks because I couldn't find it.
Logically, it would seem to me that order would be:
Check all whitelists, if found then accept the mail
Check all blacklists, if found then reject the mail
It it passes th
1/22/2013 10:09 AM, Eric Shubert wrote:
On 11/19/2013 04:46 AM, Gary Gendel wrote:
Spamdyke does clean up these files periodically (as set by
graylist-max-secs)
I don't believe this is entirely true. Spamdyke will honor/see these
expirations only if/when another email is sent after this time h
Whoops! I read the comment which was obviously wrong. :O
On 11/22/13, 9:13 PM, BC wrote:
On 11/22/2013 7:09 PM, Gary Gendel wrote:
My graylists do get constantly pruned but others seem to have old
ones remaining. Then again, my graylist-max-secs is set to 1296000
(one day) which is
Sam,
Thanks for this addition to spamdyke's capabilities. I back up my
system daily using rsync and it seems to re-copy many of the traps each
time. Are you touching these each time a message comes in regardless of
it being blocked?
Gary
___
spamd
Sam,
Just curious to see how things are coming? Sounds like you may have
expanded the scope of this release based upon some of the recent group
discussions.
Gary
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mai
Sam,
Not an issue but you should mark down that 5.0.0 treats the spawned
program argument differently than 4.x. In 5.0.0 I have to explicitly
specify the fully qualified path to qmail-smtpd where 4.x found it in
the PATH.
Gary
___
spamdyke-users m
I tend to agree, however, it does depend on the ordering. I found that
there are a lot of duplications on the list so the first one tends to
get the most hits. My list consists of
b.barracudacentral.org
zen.spamhause.org
I've tried others, but the others I've added only add a very small
add
Almost all of my uncaught spam comes from two domains:
colocrossing.com
hostnoc.net
The latter usually has the ip address in the rdns so you can trap it
that way, but I just block them entirely. With these two out of the way,
and barracudacentral and zen.spamhaus, my users see almost no spam.
I tend to agree. The lists I've chosen have been the result of many
years of tuning. Actually shlink.org wasn't even in my radar and isn't
on many of the multi-rbl test sites so I need to test it.
I'd be curious to hear about Sam's blacklist setup.
Gary
On 03/09/2014 09:24 AM, Dossy Shiobara
In the last month, I've seen a large increase in spam that breezes
through spamdyke and spamassassin. These are html only emails mainly
for jobs from the big web companies (Google, Facebook, etc.). The html
is biased with bayes poisoning keywords.
The links point to a page with a number of u
I also remember this discussion but it was quite a while ago. I had
subsequently removed greylisting as well with no noticeable increase in
spam. I did add Sam's hunter_seeker script and it did make a
difference. However, I haven't seen any new websites added to that
blocklist so I wonder wh
Sam,
Do you have a repository of your current filters that you're willing to
share? Or do I need to download the hunter_seeker package periodically?
Gary
On 11/05/2014 09:08 AM, Sam Clippinger wrote:
Looks like some Apache config entries didn't make it to the new server
when I set it up, so
Sam,
I tripped over this bug but thought I didn't set things up properly.
You've been teasing us with the next release for a while. Thanks for
letting us know it's still on it's way.
Gary
On 02/03/2015 08:04 PM, Sam Clippinger via spamdyke-users wrote:
You're quite correct -- this is a bug
Phil,
The greylisting feature of Spamdyke kicks in after whitelisting and
blacklisting operations. If these operations don't specifically reject
or accept the incoming email then it is chosen for greylisting. I
suggest you scan it's features from the spamdyke homepage. It sounds
like it is
I use port 22 for non-auth mail and 587 for TLS with auth mail. On 587
I ended up using postfix because I could never get spamdyke working. It
always failed valid authorizations.
I was putting together a new server and I decided to take another look.
The problem ended up in the checkpasswor
more interested in
adding a real "proxy mode" to spamdyke so it will work with other mail
servers beyond qmail. Qmail has become an anachronism and I'm
convinced it's time to let it go. If spamdyke can forward connections
from port 25 to port X while doing all the fi
Sam,
I'm convinced I just spent a day trying to get the qmail package
from netbsd-pkgsrc running on OmniOS. There were messed up dependencies
and the installation mixed up the qmail users and group permissions
royally. It ended up being netqmail which wasn't what I expected. The
insta
Sam,
If I use qmail with smtp auth, then spamdyke announces STARTTLS
capabilities, but if I have spamdyke do it then it doesn't. It's there
and works, but it isn't announced in the ehlo response.
gary@abby ~> openssl s_client -starttls smtp -crlf -connect
tardis.genashor.com:587 -starttls s
there isn't another bug, I just want to
make sure you're on that version before I spend time chasing a bug
that's already fixed. :)
If you are on 5.0.1, could you post your configuration file that shows
how to reproduce this? That'll probably save me quite a bit of tim
nd both of them show the AUTH lines
in every case.
How did you install qmail? Is this netqmail or Plesk or QTP or?
-- Sam Clippinger
On Aug 24, 2015, at 11:42 AM, Gary Gendel via spamdyke-users
mailto:spamdyke-users@spamdyke.org>> wrote:
Sam,
Yes I'm on 5.0.1.
I'v
Sam,
I've started a discussion on the OpenIndiana developer's mailing list
about Spamdyke and generated a lot of interest. I know you're working
on divorcing Spamdyke from Qmail and also supporting IPv6. How is this
work progressing? It seems that IPv6 seems to be a sticky point for
deploym
Faris,
Looks like it does. From the documentation in the section on Reverse DNS:
When matching an IP address in an rDNS name, spamdyke looks for the IP
address in many forms; for example, if the IP address is 11.22.33.44,
spamdyke will look for the following patterns in the rDNS name (the dot
Sam,
Is there a way to get spamdyke to log invalid authorizations in a manner
that fail2ban can use? My host has been hit continuously with
brute-force attacks. Unfortunately, the logs only have:
Jul 22 18:54:43 tardis spamdyke[26727]: [ID 702911 mail.info]
FILTER_AUTH_REQUIRED
Jul 22 18:5
on failure" messages should show
the IP address right after the username, separated by a space. (NOTE:
I haven't compiled or tested this change, proceed with caution...)
-- Sam Clippinger
On Jul 22, 2016, at 6:17 PM, Gary Gendel via spamdyke-users
mailto:spamdyke-users@spamdyke.o
Don't you need a private key file as well? Mine has:
tls-certificate-file=fullchain.pem
tls-privatekey-file=privkey.pem
On 10/12/2016 03:31 PM, marek--- via spamdyke-users wrote:
I read an old thread on this problem, but did not see a solution.
# spamdyke -v
spamdyke 5.0.1+TLS+CONFIGTEST+DE
This doesn't look like it's email originating from your system.
Instead, it looks like spamdyke has accepted the message and then qmail
is doing the rejection. My guess is that it passes through spamdyke
with an invalid destination user. Qmail then tries to reject it.
You can avoid this by
52 matches
Mail list logo