I think I understand now. In your original message the message headers show that your server is adding "(DHE-RSA-AES256-SHA encrypted)" to its "Received:" line. That token is added by a patched qmail installation when the remote server transmits the message using TLS.
Because the transmission is encrypted, spamdyke can't gather the sender and recipient addresses. Version 3.1.8 didn't create a log message at all in this situation, that's why you can't find anything in your logs for these messages. (Version 4.0.0 fixes this by logging the IP address and rDNS name.) For this reason, adding the domain to your sender blacklist won't stop these messages either. spamdyke won't reject a message when it can't decrypt the TLS, because the remote server may authenticate or match a sender/recipient whitelist. The best way to fix this is to allow spamdyke to perform the TLS decryption instead of qmail. Use the "tls-certificate-file" option to give spamdyke access to the server certificate (usually "/var/qmail/control/servercert.pem"). -- Sam Clippinger Sergio Minini (NETKEY) wrote: > Some more log info: > > # cat /var/log/maillog* |grep dotzero > Jul 15 01:26:42 virtuality spamd[30259]: spamd: processing message > <[EMAIL PROTECTED]> for vpopmail:0 > Jul 15 01:26:52 virtuality spamd[30259]: spamd: result: . 4 - > BAYES_99,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_ORDB > scantime=10.7,size=7980,user=vpopmail,uid=0,required_score=7.0,rhost=localhost.l > ocaldomain,raddr=127.0.0.1,rport=46522,mid=<[EMAIL PROTECTED]>,bayes=1 > ,autolearn=no > Jul 8 01:19:44 virtuality spamd[14788]: spamd: processing message > <[EMAIL PROTECTED]> for vpopmail:0 > Jul 8 01:19:54 virtuality spamd[14788]: spamd: result: . 3 - > BAYES_99,HTML_MESSAGE,MIME_HTML_ONLY,X_PRIORITY_HIGH > scantime=9.9,size=21931,user=vpopmail,uid=0,required_score=7.0,rhost=localhost.l > ocaldomain,raddr=127.0.0.1,rport=33445,mid=<[EMAIL PROTECTED]>,bayes=1, > autolearn=no > Jul 2 11:40:31 virtuality spamd[8227]: spamd: processing message > <[EMAIL PROTECTED]> for vpopmail:0 > Jul 2 11:40:41 virtuality spamd[8227]: spamd: result: . 4 - > BAYES_99,HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_ORDB > scantime=10.2,size=8065,user=vpopmail,uid=0,required_score=7.0,rhost=localhost.l > ocaldomain,raddr=127.0.0.1,rport=39068,mid=<[EMAIL PROTECTED]>,bayes=1 > ,autolearn=no > Jun 22 04:38:46 virtuality spamdyke[7523]: DENIED_RDNS_RESOLVE from: > [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: > 201.250.31.114 origin_rdns: 201-250-31-114.speedy.com.ar auth: (unknown) > Jun 22 05:10:11 virtuality spamdyke[10901]: DENIED_RDNS_RESOLVE from: > [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: > 201.250.31.114 origin_rdns: 201-250-31-114.speedy.com.ar auth: (unknown) > > And it goes like this last entry: DENIED_RDNS_RESOLVE > > > >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Sam >> Clippinger >> Sent: Tuesday, July 15, 2008 5:47 PM >> To: spamdyke users >> Subject: Re: [spamdyke-users] Cannot reject these mails >> >> >> If there are no log entries for those IP addresses, the >> messages must be >> entering your server some other way. Your last message >> showed running >> "grep" on the output from "tail"; have you run "grep" over >> your entire >> maillog file? >> >> You could try enabling the full logging option >> ("full-log-dir") to see >> what's happening during the delivery but if they only deliver once a >> week you will probably end up with a zillion files. >> >> -- Sam Clippinger >> >> Sergio Minini (NETKEY) wrote: >> >>> Sam, >>> I am not sure about this submission port. How can I tell it >>> >> for sure? >> >>> I tried to connect using these ports and my box refused it: >>> >>> #telnet 200.80.55.22 465 >>> Trying 200.80.55.22... >>> telnet: connect to address 200.80.55.22: Connection refused #telnet >>> 200.80.55.22 587 Trying 200.80.55.22... >>> telnet: connect to address 200.80.55.22: Connection refused >>> #telnet 200.80.55.22 25 >>> Trying 200.80.55.22... >>> Connected to 200.80.55.22. >>> Escape character is '^]'. >>> 220 mail.domain.com.ar ESMTP >>> >>> Thanks for your help. >>> Sergio >>> >>> > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
