It's possible the missing angle brackets are causing the problem but the text you're seeing is part of the message headers, not part of the SMTP envelope. The angle brackets may not be missing there.
Is [EMAIL PROTECTED] in a recipient whitelist file? spamdyke 3.1.3 allows all recipients after a whitelisted recipient is seen in the SMTP envelope. I've fixed that bug in the next version but haven't released it yet. If the address isn't whitelisted, could you enable full logging (with "full-log-dir") and send me a log of one of these messages? I'd like to reproduce this bug and squash it. -- Sam Clippinger Marc Van Houwelingen wrote: > I have been scratching my head as to how some blacklisted recipients are > getting through SpamDyke, and I think I've finally figured it out. I think > it has something to do the spam having an incorrectly formatted Cc: line > (Missing closing angle brackets). Here are the To and CC from the header as > it came in: > > ----------------------------------------------------- > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]>, > <[EMAIL PROTECTED], > <[EMAIL PROTECTED], > <[EMAIL PROTECTED] > ----------------------------------------------------- > > Note the missing ">" on the last 3 emails. > > Now, three of these recipients are blacklisted: baldwind, andrews, and > andrewsd. The other two, amber and amber-bike, are not blacklisted. > > Here is the log: > > ----------------------------------------------------- > Jan 17 14:25:18 buzz spamdyke[3328]: > DENIED_RECIPIENT_BLACKLISTED(/home/spamdyke/recipient-blacklist-file:5) > from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: > 81.20.177.203 origin_rdns: 81-20-177-203.dsl1.localdial.com auth: (unknown) > Jan 17 14:25:19 buzz spamdyke[3328]: ALLOWED from: [EMAIL PROTECTED] > to: [EMAIL PROTECTED] origin_ip: 81.20.177.203 origin_rdns: > 81-20-177-203.dsl1.localdial.com auth: (unknown) > Jan 17 14:25:19 buzz spamdyke[3328]: ALLOWED from: [EMAIL PROTECTED] > to: [EMAIL PROTECTED] origin_ip: 81.20.177.203 origin_rdns: > 81-20-177-203.dsl1.localdial.com auth: (unknown) > Jan 17 14:25:19 buzz spamdyke[3328]: ALLOWED from: [EMAIL PROTECTED] > to: [EMAIL PROTECTED] origin_ip: 81.20.177.203 origin_rdns: > 81-20-177-203.dsl1.localdial.com auth: (unknown) > Jan 17 14:25:19 buzz spamdyke[3328]: ALLOWED from: [EMAIL PROTECTED] > to: [EMAIL PROTECTED] origin_ip: 81.20.177.203 origin_rdns: > 81-20-177-203.dsl1.localdial.com auth: (unknown) > Jan 17 14:25:20 buzz spamdyke[3328]: ALLOWED from: [EMAIL PROTECTED] > to: [EMAIL PROTECTED] origin_ip: 81.20.177.203 origin_rdns: > 81-20-177-203.dsl1.localdial.com auth: (unknown) > Jan 17 14:25:20 buzz spamdyke[3328]: ALLOWED from: [EMAIL PROTECTED] > to: [EMAIL PROTECTED] origin_ip: 81.20.177.203 origin_rdns: > 81-20-177-203.dsl1.localdial.com auth: (unknown) > Jan 17 14:25:20 buzz spamdyke[3328]: ALLOWED from: [EMAIL PROTECTED] > to: [EMAIL PROTECTED] origin_ip: 81.20.177.203 origin_rdns: > 81-20-177-203.dsl1.localdial.com auth: (unknown) > Jan 17 14:25:20 buzz spamdyke[3328]: ALLOWED from: [EMAIL PROTECTED] > to: [EMAIL PROTECTED] origin_ip: 81.20.177.203 origin_rdns: > 81-20-177-203.dsl1.localdial.com auth: (unknown) > ----------------------------------------------------- > > The first recipient is correctly denied. Then the next two are allowed (also > correct). But then it gets screwy - the last two are allowed, despite being > blacklisted, and then all 4 CC'd email addresses are repeated. > > Is it possible the missing angle-bracket is a way for spammers to sneak past > spamdyke? > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
