If there are no log entries at all, several possibilities come to mind. First, the connections may actually be coming from a different IP address. That isn't likely but it's possible that the "Received:" line is incorrect. Second, you might be looking at a bug in spamdyke. Third and most likely, the mail could be coming in on another port that doesn't use spamdyke. Does your server accept SMTPS connections on port 465 or offer a "submission port" on port 587?
-- Sam Clippinger Sergio Minini (NETKEY) wrote: > I've been using spamdyke for almost a year now. > It rejects lots (LOTS!) of SPAM, but I cannot make it reject this specific > spammer. > > There are no log entries for this sender > # tail /var/log/maillog |grep dotzero > # tail /var/log/maillog |grep 200.123.189.81 > # tail /var/log/maillog |grep 200.49.148.190 > # tail /var/log/maillog |grep 200.49.155.85 > # > None of these outputs any results. > Other IP's or blacklisted sender get denied & logged. If I do it with another > sender I can see a log entry: > Jul 14 07:43:24 virtuality spamdyke[29104]: DENIED_BLACKLIST_IP from: > [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin _ip: 64.76.120.153 > origin_rdns: news.hsmglobal.com auth: (unknown) > > I cannot test it that often because this sender only spams once a week or so. > > > >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Sam >> Clippinger >> Sent: Tuesday, July 15, 2008 12:28 PM >> To: spamdyke users >> Subject: Re: [spamdyke-users] Cannot reject these mails >> >> >> Very strange. Is spamdyke printing any errors into the logs? Do >> spamdyke's normal log messages show the IP addresses for >> these messages >> that match the entries in your blacklist file? >> >> You might also try running the "config-test" feature to see >> if there are >> any problems with your configuration or permissions. >> >> -- Sam Clippinger >> >> Sergio Minini (NETKEY) wrote: >> >>> List, >>> About once a get we get a lot of spam messages like the one >>> >> I attach >> >>> its headers here (3) I tried to block those Ips, see (2), >>> >> but it still >> >>> gets through. Any ideas why? >>> I might end up adding that domain in the sender-blacklist, >>> >> but I wonder why it's >> >>> not blocked by the ip-blacklist. >>> Thanks for your thoughts, >>> Sergio >>> >>> (1) /**** Spamdyke config file ****/ >>> # spamdyke.conf 3.1.8 >>> # SM - 24-ene-08 >>> # >>> reject-empty-rdns=yes >>> reject-unresolvable-rdns=yes >>> log-level=2 >>> local-domains-file=/var/qmail/control/rcpthosts >>> max-recipients=10 >>> idle-timeout-secs=400 >>> graylist-dir=/var/spool/graylist >>> graylist-min-secs=300 >>> graylist-max-secs=1814400 >>> ip-whitelist-file=/var/qmail/control/whiteiplist >>> greeting-delay-secs=5 >>> #archivo para poner los que NO acepta como sender >>> sender-blacklist-file=/var/qmail/control/sender-blacklist >>> sender-whitelist-file=/var/qmail/control/whitelist >>> ip-blacklist-file=/var/qmail/control/ip-blacklist >>> #validar BlackList Publicas >>> check-dnsrbl=zen.spamhaus.org >>> check-dnsrbl=bl.spamcop.net >>> >>> (2) /**** excertp from ip-blacklist file ****/ >>> #dotzero SPAMMERS >>> 200.123.189.81 >>> 200.49.148.190 >>> 200.49.155.85 >>> >>> (3) /**** Email headers ****/ >>> >From - Tue Jul 15 09:33:16 2008 >>> X-Account-Key: account3 >>> X-UIDL: 1216096014.32211.Virtuality,S=8467 >>> X-Mozilla-Status: 0001 >>> X-Mozilla-Status2: 00000000 >>> X-Mozilla-Keys: >>> >>> Return-Path: <[EMAIL PROTECTED]> >>> Delivered-To: [EMAIL PROTECTED] >>> Received: (qmail 32199 invoked by uid 89); 15 Jul 2008 >>> >> 04:26:51 -0000 >> >>> Received: by simscan 1.2.0 ppid: 32191, pid: 32192, t: 11.6379s >>> scanners: clamav: 0.88.2/m:38/d:1456 spam: 3.1.1 >>> X-Spam-Checker-Version: SpamAssassin 3.1.1-nk (2006-03-10) on >>> Virtuality >>> X-Spam-Level: **** >>> X-Spam-Status: No, score=4.5 required=7.0 >>> >> tests=BAYES_99,HTML_MESSAGE, >> >>> MIME_HTML_ONLY,RCVD_IN_ORDB autolearn=no version=3.1.1-nk >>> Received: from unknown (HELO freemail-02-ar.wavenet.com.ar) >>> >> (200.49.148.190) >> >>> by mail.netkey.com.ar with (DHE-RSA-AES256-SHA encrypted) >>> >> SMTP; 15 Jul 2008 >> >>> 04:26:40 -0000 >>> Received: from Martin ([200.123.189.81]) >>> by freemail-02-ar.wavenet.com.ar >>> >> (200.49.148.190)(Merak 8.0.3) with >> >>> ASMTP id WM120360 >>> for <[EMAIL PROTECTED]>; Tue, 15 Jul 2008 >>> >> 01:26:39 -0300 >> >>> Date: Tue, 15 Jul 2008 01:26:38 -0300 >>> Mime-version: 1.0 >>> Subject: >>> >> =?ISO-8859-1?Q?DOTZERO_anuncia_nuevos_cursos_y_tem=E1ticas?= >> >>> From: DOTZERO Red de Talento <[EMAIL PROTECTED]> >>> To: <[EMAIL PROTECTED]> >>> Message-Id: <[EMAIL PROTECTED]> >>> Reply-To: [EMAIL PROTECTED] >>> Original-recipient: rfc822;[EMAIL PROTECTED] >>> Content-Type: text/html; charset="ISO-8859-1" >>> Content-transfer-encoding: quoted-printable >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
