Re: [spamdyke-users] Cannot reject these mails

[Sergio Minini (NETKEY)]

I've been using spamdyke for almost a year now.
It rejects lots (LOTS!) of SPAM, but I cannot make it reject this specific
spammer.

There are no log entries for this sender
        # tail /var/log/maillog |grep dotzero
        # tail /var/log/maillog |grep 200.123.189.81
        # tail /var/log/maillog |grep 200.49.148.190
        # tail /var/log/maillog |grep 200.49.155.85
        #
None of these outputs any results. 
Other IP's or blacklisted sender get denied & logged. If I do it with another
sender I can see a log entry:
Jul 14 07:43:24 virtuality spamdyke[29104]: DENIED_BLACKLIST_IP from:
[EMAIL PROTECTED] to: [EMAIL PROTECTED] origin _ip: 64.76.120.153
origin_rdns: news.hsmglobal.com auth: (unknown)    

I cannot test it that often because this sender only spams once a week or so.


> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On Behalf Of Sam 
> Clippinger
> Sent: Tuesday, July 15, 2008 12:28 PM
> To: spamdyke users
> Subject: Re: [spamdyke-users] Cannot reject these mails
> 
> 
> Very strange.  Is spamdyke printing any errors into the logs?  Do 
> spamdyke's normal log messages show the IP addresses for 
> these messages 
> that match the entries in your blacklist file?
> 
> You might also try running the "config-test" feature to see 
> if there are 
> any problems with your configuration or permissions.
> 
> -- Sam Clippinger
> 
> Sergio Minini (NETKEY) wrote:
> > List,
> > About once a get we get a lot of spam messages like the one 
> I attach 
> > its headers here (3) I tried to block those Ips, see (2), 
> but it still 
> > gets through. Any ideas why?
> > I might end up adding that domain in the sender-blacklist, 
> but I wonder why it's
> > not blocked by the ip-blacklist.
> > Thanks for your thoughts, 
> > Sergio
> >
> > (1) /**** Spamdyke config file ****/
> > # spamdyke.conf 3.1.8
> > # SM - 24-ene-08
> > #
> > reject-empty-rdns=yes
> > reject-unresolvable-rdns=yes
> > log-level=2
> > local-domains-file=/var/qmail/control/rcpthosts
> > max-recipients=10
> > idle-timeout-secs=400
> > graylist-dir=/var/spool/graylist
> > graylist-min-secs=300
> > graylist-max-secs=1814400 
> > ip-whitelist-file=/var/qmail/control/whiteiplist
> > greeting-delay-secs=5
> > #archivo para poner los que NO acepta como sender 
> > sender-blacklist-file=/var/qmail/control/sender-blacklist
> > sender-whitelist-file=/var/qmail/control/whitelist
> > ip-blacklist-file=/var/qmail/control/ip-blacklist
> > #validar BlackList Publicas
> > check-dnsrbl=zen.spamhaus.org
> > check-dnsrbl=bl.spamcop.net
> >
> > (2) /****  excertp from ip-blacklist file ****/
> > #dotzero SPAMMERS
> > 200.123.189.81
> > 200.49.148.190
> > 200.49.155.85
> >
> > (3) /**** Email headers ****/
> > >From - Tue Jul 15 09:33:16 2008
> > X-Account-Key: account3
> > X-UIDL: 1216096014.32211.Virtuality,S=8467
> > X-Mozilla-Status: 0001
> > X-Mozilla-Status2: 00000000
> > X-Mozilla-Keys:
> >
> > Return-Path: <[EMAIL PROTECTED]>
> > Delivered-To: [EMAIL PROTECTED]
> > Received: (qmail 32199 invoked by uid 89); 15 Jul 2008 
> 04:26:51 -0000
> > Received: by simscan 1.2.0 ppid: 32191, pid: 32192, t: 11.6379s
> >          scanners: clamav: 0.88.2/m:38/d:1456 spam: 3.1.1
> > X-Spam-Checker-Version: SpamAssassin 3.1.1-nk (2006-03-10) on 
> > Virtuality
> > X-Spam-Level: ****
> > X-Spam-Status: No, score=4.5 required=7.0 
> tests=BAYES_99,HTML_MESSAGE,
> >         MIME_HTML_ONLY,RCVD_IN_ORDB autolearn=no version=3.1.1-nk
> > Received: from unknown (HELO freemail-02-ar.wavenet.com.ar) 
> (200.49.148.190)
> >   by mail.netkey.com.ar with (DHE-RSA-AES256-SHA encrypted) 
> SMTP; 15 Jul 2008
> > 04:26:40 -0000
> > Received: from Martin ([200.123.189.81])
> >         by freemail-02-ar.wavenet.com.ar 
> (200.49.148.190)(Merak 8.0.3) with
> > ASMTP id WM120360
> >         for <[EMAIL PROTECTED]>; Tue, 15 Jul 2008 
> 01:26:39 -0300
> > Date: Tue, 15 Jul 2008 01:26:38 -0300
> > Mime-version: 1.0
> > Subject: 
> =?ISO-8859-1?Q?DOTZERO_anuncia_nuevos_cursos_y_tem=E1ticas?=
> > From: DOTZERO Red de Talento <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Message-Id: <[EMAIL PROTECTED]>
> > Reply-To: [EMAIL PROTECTED]
> > Original-recipient: rfc822;[EMAIL PROTECTED]
> > Content-Type: text/html; charset="ISO-8859-1"
> > Content-transfer-encoding: quoted-printable
> >
> > _______________________________________________
> > spamdyke-users mailing list
> > spamdyke-users@spamdyke.org 
> > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> >   
> _______________________________________________
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org 
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
> 

_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users