Re: [spamdyke-users] Cannot block sender with header-blacklist-entry or sender-blacklist-entry

[Sam Clippinger via spamdyke-users]

Assuming the "ALLOWED" log message you provided is accurate, it looks like the 
problem is authentication -- all filters are disabled after authentication 
succeeds.  Your log message shows the same username in both the "from" and 
"auth" fields, which makes me suspect either the user's password has been 
compromised or the user's PC has been infected with malware.

I'd suggest changing the account password so authentication will fail -- 
spamdyke's filters should work fine after that.

-- Sam Clippinger




On Mar 23, 2016, at 5:00 AM, Stephen Provis via spamdyke-users 
 wrote:

> Hi, I'm having trouble blacklisting specific sending email addresses and 
> would appreciate some advice please. I am using Spamdyke 5.0.1 on Ubuntu 
> 10.04 and qmail.
> 
> I have tried all of the following rules to block email from a specific email 
> (for security lets say the email address is j...@smith.fake) but each time 
> Spamdyke allows the emails through.
> 
> My config file looks like this:
> 
> header-blacklist-entry=From: *<*smith.fake>*
> header-blacklist-entry=from:*smith.fake*
> header-blacklist-entry=From:*j...@smith.fake*
> 
> sender-blacklist-entry=@smith.fake
> sender-blacklist-entry=j...@smith.fake
> 
> #sender-blacklist-file=/tmp/spamdyke.txt
> 
> dns-server-ip=208.67.222.222:53
> log-level=excessive
> max-recipients=5
> idle-timeout-secs=300
> reject-empty-rdns
> reject-unresolvable-rdns
> reject-ip-in-cc-rdns
> reject-sender=no-mx
> dns-blacklist-entry=b.barracudacentral.org
> dns-blacklist-entry=zen.spamhaus.org
> rhs-blacklist-entry=fresh.spameatingmonkey.com
> 
> 
> 
> # SET THE FILENAME BELOW AND ENABLE BOTH OF THESE OPTIONS
> 
> # Controls the way spamdyke offers and supports TLS or SMTPS.
> tls-level=smtp
> 
> # Read SSL certificate from FILE.
> tls-certificate-file=/var/qmail/control/servercert.pem
> 
> And the syslog reports the following:
> 
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: 
> from=j...@smith.fake
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: 
> to=some...@somewhere.fake
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: hook_dir = 
> '/opt/psa/handlers/before-queue'
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: recipient[3] = 
> 'some...@somewhere.fake'
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: handlers dir = 
> '/opt/psa/handlers/before-queue/recipient/some...@somewhere.fake'
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: starter: 
> submitter[6899] exited normally
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail: 1458726477.792849 new msg 32933026
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail: 1458726477.792929 info msg 32933026: 
> bytes 1269 from  qp 6899 uid 2020
> Mar 23 09:47:57 lvpsxx-xx-xx-xxx spamdyke[6822]: ALLOWED from: 
> j...@smith.fake to: some...@somewhere.fake origin_ip: xxx.xxx.xxx.xxx 
> origin_rdns: .xxx.net auth: j...@smith.fake encryption: TLS reason: 
> 250_ok_1458726477_qp_6890
> 
> Any assistance would be greatly appreciated.
> 
> Regards,
> Stephen
> 
> 
> 
> Stephen Provis
> Website Developer
> Stephen Provis and Co
> 
> t: 07922 195703
> w: www.stephenprovis.com
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

[spamdyke-users] Cannot block sender with header-blacklist-entry or sender-blacklist-entry

[Stephen Provis via spamdyke-users]

Hi, I'm having trouble blacklisting specific sending email addresses and
would appreciate some advice please. I am using Spamdyke 5.0.1 on Ubuntu
10.04 and qmail.

I have tried all of the following rules to block email from a specific
email (for security lets say the email address is j...@smith.fake) but each
time Spamdyke allows the emails through.

My config file looks like this:

header-blacklist-entry=From: *<*smith.fake>*
header-blacklist-entry=from:*smith.fake*
header-blacklist-entry=From:*j...@smith.fake*

sender-blacklist-entry=@smith.fake
sender-blacklist-entry=j...@smith.fake

#sender-blacklist-file=/tmp/spamdyke.txt

dns-server-ip=208.67.222.222:53
log-level=excessive
max-recipients=5
idle-timeout-secs=300
reject-empty-rdns
reject-unresolvable-rdns
reject-ip-in-cc-rdns
reject-sender=no-mx
dns-blacklist-entry=b.barracudacentral.org
dns-blacklist-entry=zen.spamhaus.org
rhs-blacklist-entry=fresh.spameatingmonkey.com



# SET THE FILENAME BELOW AND ENABLE BOTH OF THESE OPTIONS

# Controls the way spamdyke offers and supports TLS or SMTPS.
tls-level=smtp

# Read SSL certificate from FILE.
tls-certificate-file=/var/qmail/control/servercert.pem

And the syslog reports the following:

Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]:
from=j...@smith.fake
Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]:
to=some...@somewhere.fake
Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: hook_dir =
'/opt/psa/handlers/before-queue'
Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: recipient[3] =
'some...@somewhere.fake'
Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: handlers dir =
'/opt/psa/handlers/before-queue/recipient/some...@somewhere.fake'
Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: starter:
submitter[6899] exited normally
Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail: 1458726477.792849 new msg 32933026
Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail: 1458726477.792929 info msg
32933026: bytes 1269 from  qp 6899 uid 2020
Mar 23 09:47:57 lvpsxx-xx-xx-xxx spamdyke[6822]: ALLOWED from:
j...@smith.fake to: some...@somewhere.fake origin_ip: xxx.xxx.xxx.xxx
origin_rdns: .xxx.net auth: j...@smith.fake encryption: TLS reason:
250_ok_1458726477_qp_6890

Any assistance would be greatly appreciated.

Regards,
Stephen



Stephen Provis*Website Developer**Stephen Provis and Co*

t: 07922 195703
w: www.stephenprovis.com
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users