Yes, this can be done using configuration directories. Simply follow
David's example below, but change the configuration files
(.../domain_setups/_recipient_/tld/firstdomain) to contain one or more
of the following options as appropriate:
ip-in-rdns-keyword-blacklist-file=!!!
reject-missing-rdns=0
reject-unresolvable-rdns=0
-- Sam Clippinger
Erald Troja wrote:
> David/Linto,
>
> This is very interesting setup.
>
> I would like to push it a bit further and try to find out if it's
> possible to have a IP_IN_RDNS_KEYWORDS restriction in place
> server wide, while allowing a few handpicked domains to have it fully
> turned off. We would like to maintain for RDNS existance and
> RNDS_RESOLVE existance serverwide as well.
>
> As of now I realize it's possible to simply whitelist a few handpicked
> Reverse DNS's
>
> Is this setup possible?
>
> Thanks.
>
> ------------------------
> Erald Troja
>
>
> David Stiller wrote:
>
>> Hi Linto,
>>
>> the per-domain basis you can create by using the config-dir option,
>> wich is well documented in the documentation:
>>
>> http://www.spamdyke.org/documentation/README.html#CONFIGURATION_DIR
>>
>> Nearly any combination of sender and recipient can be configured
>> with this option. This way i configure black- and whitelists for
>> my customers.
>>
>> My structure looks like the following.
>>
>> In /etc/spamdyke.conf i set:
>> config-dir=/var/qmail/spamdyke/domain_setups
>>
>> The directories contain:
>>
>> domain_setups/
>> `-- _recipient_
>> |-- tld
>> | `-- firstdomain (file)
>> `-- tld2
>> `-- seconddomain (file)
>>
>>
>> domain_configs/
>> |-- firstdomain.tld
>> | |-- customer_blacklist_ip
>> | |-- customer_blacklist_rdns
>> | |-- customer_whitelist_ip
>> | `-- customer_whitelist_rdns
>> `-- seconddomain.tld2
>> |-- customer_blacklist_ip
>> |-- customer_blacklist_rdns
>> |-- customer_whitelist_ip
>> `-- customer_whitelist_rdns
>>
>> In the file "firstdomain" you can setup the configuration
>> for the domain and also the IP_IN_RDNS_KEYWORDS of course.
>>
>> In my case these are:
>>
>> ip-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_ip
>> rdns-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_rdns
>> ip-whitelist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_whitelist_ip
>> rdns-whitelist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_whitelist_rdns
>> sender-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_sender
>>
>> I hope this helps! ;)
>>
>> David
>>
>>
>> Linto Paul schrieb:
>>
>>> Greetings,
>>>
>>> Could please let me know if there is a way to whitelist a domain on
>>> the IP_IN_RDNS_KEYWORDS on a per domain basis.
>>>
>>> Say we get user complaining about a domain called example.com
>>> <http://example.com>, and they say, I am the owner of example.com
>>> <http://example.com> and want this feature not used onto our domain
>>> even though you host it for us.
>>>
>>> ~~~~~~~~~~~~~~~
>>> Oct 21 11:46:44 mail01 spamdyke[24348]: DENIED_IP_IN_RDNS from:
>>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> to:
>>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> origin_ip: 66.49.15.190
>>> <http://66.49.15.190> origin_rdns: 66.49.15.190.nw.nuvox.net
>>> <http://66.49.15.190.nw.nuvox.net> auth: (unknown)
>>> ~~~~~~~~~~~~~~~~~~~~
>>>
>>> We have the RDNS blocked in our server via keyword:-
>>>
>>> .nuvox.net <http://nuvox.net>
>>>
>>> Is it possible to just put a whitelist for example.com
>>> <http://example.com> and deny all others matching this keyword.
>>>
>>> Thanks,
>>> Linto Paul
>>>
>>>
>>> On Thu, Oct 16, 2008 at 10:30 PM, <[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>> wrote:
>>>
>>> Send spamdyke-users mailing list submissions to
>>> [email protected]
>>> <mailto:[email protected]>
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>> or, via email, send a message with subject or body 'help' to
>>> [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>
>>>
>>> You can reach the person managing the list at
>>> [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of spamdyke-users digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>> 1. Regular-Expression Support (Felix Buenemann)
>>> 2. Re: spamdyke +ip-in-rdns-keyword-blacklist-entry option
>>> (Arthur Girardi)
>>> 3. Re: spamdyke +ip-in-rdns-keyword-blacklist-entry option
>>> (Felix Buenemann)
>>> 4. Re: spamdyke +ip-in-rdns-keyword-blacklist-entryoption
>>> (Tim Mancour)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Thu, 16 Oct 2008 17:07:56 +0200
>>> From: Felix Buenemann <[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>>
>>> Subject: [spamdyke-users] Regular-Expression Support
>>> To: [email protected] <mailto:[email protected]>
>>> Message-ID: <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
>>> Content-Type: text/plain; charset=ISO-8859-15
>>>
>>> Hi Sam,
>>>
>>> I wonder wether there is a specific reason not to use regular
>>> expressions via the PCRE lib to match patterns in blacklist files etc.
>>>
>>> Has this been avoided for performance reasons?
>>>
>>> -- Felix Buenemann
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 2
>>> Date: Thu, 16 Oct 2008 12:12:58 -0300
>>> From: Arthur Girardi <[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>>
>>> Subject: Re: [spamdyke-users] spamdyke
>>> +ip-in-rdns-keyword-blacklist-entry option
>>> To: [email protected] <mailto:[email protected]>
>>> Message-ID: <[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>>
>>> Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes";
>>> format="flowed"
>>>
>>> For me it looks as if the message is being blocked because it contains
>>> the country code and ip in the rdns and his setup has
>>> reject-ip-in-cc-rdns enabled.
>>>
>>> In the FAQ it says it will check reject-ip-in-cc-rdns before looking
>>> at the rdns whitelist. I'm not sure if reject-ip-in-cc-rdns would
>>> reject on spot even if it would match in the next filter (rdns
>>> whitelist).
>>>
>>> Arthur
>>>
>>> Citando Sam Clippinger <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>:
>>>
>>> > It looks like you're trying to use keywords in your rDNS
>>> whitelist file;
>>> > those files don't work that way. In an rDNS whitelist file, you can
>>> > either give complete rDNS names or you can give partial names
>>> (starting
>>> > with a dot) that will match the end of an rDNS name. For example:
>>> > fully.qualified.domain.name.example.com
>>> <http://fully.qualified.domain.name.example.com>
>>> > Will match only one rDNS name (i.e. the entire name
>>> > "fully.qualified.domain.name.example.com
>>> <http://fully.qualified.domain.name.example.com>").
>>> >
>>> > To match all names within a domain (or subdomain):
>>> > .name.example.com <http://name.example.com>
>>> > Will match rDNS names that end with ".name.example.com
>>> <http://name.example.com>" (e.g.
>>> > "fully.qualified.domain.name.example.com
>>> <http://fully.qualified.domain.name.example.com>",
>>> > "silly.domain.name.example.com
>>> <http://silly.domain.name.example.com>" or "short.name.example.com
>>> <http://short.name.example.com>").
>>> >
>>> > This file format is documented here:
>>> > http://www.spamdyke.org/documentation/README_rdns_file_format.html
>>> >
>>> > -- Sam Clippinger
>>> >
>>> > [EMAIL PROTECTED] wrote:
>>> >> Hi list!
>>> >> I run spamdyke 4.0.5 on Debian.
>>> >>
>>> >> I have this in my whitelist_rdns:
>>> >> .static.
>>> >> static.
>>> >> .dedicated.
>>> >> dedicated.
>>> >>
>>> >> But spamdyke reject emails:
>>> >> 10/16/2008 15:03:52 LOG OUTPUT
>>> >> DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] <mailto:[EMAIL
>>> PROTECTED]> to:
>>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> origin_ip:
>>> >> xxx.xxx.xxx.xxx origin_rdns: port-xxx-xxx-xxx-xxx.static.qsc.de
>>> <http://port-xxx-xxx-xxx-xxx.static.qsc.de> auth:
>>> >> (unknown)
>>> >>
>>> >> 10/16/2008 15:03:52 FROM REMOTE TO CHILD: 6 bytes
>>> >> DATA
>>> >>
>>> >> 10/16/2008 15:03:52 FROM SPAMDYKE TO REMOTE: 82 bytes
>>> >> 554 Refused. Your reverse DNS entry contains your IP address and a
>>> >> country code.
>>> >>
>>> >> 10/16/2008 15:03:52 FROM REMOTE TO CHILD: 6 bytes
>>> >> RSET
>>> >>
>>> >> 10/16/2008 15:03:52 FROM SPAMDYKE TO REMOTE: 82 bytes
>>> >> 554 Refused. Your reverse DNS entry contains your IP address and a
>>> >> country code.
>>> >>
>>> >> 10/16/2008 15:03:52 FROM REMOTE TO CHILD: 6 bytes
>>> >> QUIT
>>> >>
>>> >> 10/16/2008 15:03:52 FROM SPAMDYKE TO REMOTE: 82 bytes
>>> >> 221 Refused. Your reverse DNS entry contains your IP address and a
>>> >> country code.
>>> >>
>>> >> 10/16/2008 15:03:52 CLOSED
>>> >>
>>> >> Should
>>> >> .static.
>>> >> not match
>>> >> port-xxx-xxx-xxx-xxx.static.qsc.de
>>> <http://port-xxx-xxx-xxx-xxx.static.qsc.de>
>>> >> normally?
>>> >>
>>> >> Is this the same issue what Erald report or a new problem or
>>> did I think
>>> >> in s.th <http://s.th>. wrong?
>>> >>
>>> >> Gruss,
>>> >> Peter
>>> >>
>>> > _______________________________________________
>>> > spamdyke-users mailing list
>>> > [email protected] <mailto:[email protected]>
>>> > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>> >
>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 3
>>> Date: Thu, 16 Oct 2008 17:23:24 +0200
>>> From: Felix Buenemann <[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>>
>>> Subject: Re: [spamdyke-users] spamdyke
>>> +ip-in-rdns-keyword-blacklist-entry option
>>> To: [email protected] <mailto:[email protected]>
>>> Message-ID: <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
>>> Content-Type: text/plain; charset=ISO-8859-1
>>>
>>> Am 15.10.2008 15:20 Uhr, Tim Mancour schrieb:
>>> > Sam,
>>> >
>>> > There is a set of POSIX compatible regular expression functions
>>> available in
>>> > "C". The functions regcomp() and regexec() are both used by
>>> qmail to provide
>>> > regexp testing for the control/badxxxxx files.
>>>
>>> I jusrt wrote a similar mail, as I was wondering why NOT to use
>>> regexes
>>> in spamdyke, my only idea was that it could hurt performance.
>>>
>>> There is the PCRE library which enable parsing of perl compatible
>>> regular expressions, which have IMHO the cleanest and most widely used
>>> regex syntax. It's also very easy to test those regexes using perl.
>>>
>>> >
>>> > Regards,
>>> > Tim
>>>
>>> -- Felix
>>>
>>> > -----Original Message-----
>>> > From: [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>
>>> > [mailto:[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>] On Behalf Of Sam
>>> Clippinger
>>> > Sent: Wednesday, October 15, 2008 12:57 AM
>>> > To: spamdyke users
>>> > Subject: Re: [spamdyke-users] spamdyke
>>> +ip-in-rdns-keyword-blacklist-entry
>>> > option
>>> >
>>> > The kind of wildcards you're asking for (especially "*.*") would
>>> not be easy
>>> > to implement. However, the code that requires a keyword to be
>>> surrounded by
>>> > non-alphanumeric characters could be easily removed if you want
>>> to test the
>>> > results. In filter.c, just remove the if() block from lines 697
>>> to 706 (in
>>> > version 4.0.5). Rerun "make" and install the new binary. My
>>> instinct says
>>> > you won't like the new behavior but I could easily be wrong.
>>> >
>>> > In the long run, the best solution is probably to add support
>>> for regular
>>> > expressions. They're much more flexible and powerful and the
>>> documentation
>>> > would be much simpler as well, since many tutorials already
>>> exist for
>>> > regexps. Several people have asked for regular expression
>>> support and it's
>>> > on my list (though it's not high priority at the moment).
>>> >
>>> > -- Sam Clippinger
>>> >
>>> > Youri V. Kravatsky wrote:
>>> >> Hello Sam,
>>> >>
>>> >>
>>> >>> BTW, spamdyke won't find a keyword like "dyn" in the middle of
>>> other
>>> >>> text like "dynamic". In order to match, a keyword must (1) be
>>> at the
>>> >>> beginning of the name, (2) be surrounded with non-alphanumeric
>>> >>> characters (i.e. dots or dashes) AND include the rDNS name's
>>> TLD (e.g.
>>> >>> "example" would not be found in "11.22.33.44.example.com
>>> <http://11.22.33.44.example.com>") or (3) the
>>> >>> keyword must begin with a dot AND match the entire end of the rDNS
>>> >>> name (e.g. ".example.com <http://example.com>" would match
>>> "11.22.33.44.example.com <http://11.22.33.44.example.com>").
>>> >>> This logic exists to prevent a keyword like "dynamic" from
>>> matching
>>> >>> "11.22.33.44.notdynamic.example.com
>>> <http://11.22.33.44.notdynamic.example.com>".
>>> >>>
>>> >> Well, it is not good really, I know that correctly work on
>>> wildcards
>>> >> is not easy work in C, unlike, perl, but it would be very good
>>> to use
>>> >> file like
>>> >> .*dynamic.*
>>> >> .dynamic*.*
>>> >
>>> >> .broadband*.*
>>> >
>>> >> .*broadband.*
>>> >
>>> >> .*cable.*
>>> >
>>> >> .cable*.*
>>> >
>>> >> .*pppoe.*
>>> >
>>> >> .pppoe*.*
>>> >> Or else we will read log for a full days to find out all
>>> possible
>>> >> home-dynamic-cable-broadband providers all over the world...
>>> >>
>>>
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> Message: 4
>>> Date: Thu, 16 Oct 2008 12:04:24 -0400
>>> From: "Tim Mancour" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
>>> Subject: Re: [spamdyke-users] spamdyke
>>> +ip-in-rdns-keyword-blacklist-entryoption
>>> To: "'spamdyke users'" <[email protected]
>>> <mailto:[email protected]>>
>>> Message-ID: <[EMAIL PROTECTED]>
>>> Content-Type: text/plain; charset="us-ascii"
>>>
>>> I added a rdns regexp matching to my qmailtoaster a few years ago
>>> and I have
>>> not noticed any performance issues. You do, however, have to make
>>> sure that
>>> you keep the number of expressions do to a minimum set (my list of
>>> expressions is currently around 50 lines long).
>>>
>>> -----Original Message-----
>>> From: [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>
>>> [mailto:[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>] On Behalf Of Felix
>>> Buenemann
>>> Sent: Thursday, October 16, 2008 11:23 AM
>>> To: [email protected] <mailto:[email protected]>
>>> Subject: Re: [spamdyke-users] spamdyke
>>> +ip-in-rdns-keyword-blacklist-entryoption
>>>
>>> Am 15.10.2008 15:20 Uhr, Tim Mancour schrieb:
>>> > Sam,
>>> >
>>> > There is a set of POSIX compatible regular expression functions
>>> > available in "C". The functions regcomp() and regexec() are both
>>> used
>>> > by qmail to provide regexp testing for the control/badxxxxx files.
>>>
>>> I jusrt wrote a similar mail, as I was wondering why NOT to use
>>> regexes in
>>> spamdyke, my only idea was that it could hurt performance.
>>>
>>> There is the PCRE library which enable parsing of perl compatible
>>> regular
>>> expressions, which have IMHO the cleanest and most widely used
>>> regex syntax.
>>> It's also very easy to test those regexes using perl.
>>>
>>> >
>>> > Regards,
>>> > Tim
>>>
>>> -- Felix
>>>
>>> > -----Original Message-----
>>> > From: [EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>
>>> > [mailto:[EMAIL PROTECTED]
>>> <mailto:[EMAIL PROTECTED]>] On Behalf Of Sam
>>> > Clippinger
>>> > Sent: Wednesday, October 15, 2008 12:57 AM
>>> > To: spamdyke users
>>> > Subject: Re: [spamdyke-users] spamdyke
>>> > +ip-in-rdns-keyword-blacklist-entry
>>> > option
>>> >
>>> > The kind of wildcards you're asking for (especially "*.*") would not
>>> > be easy to implement. However, the code that requires a keyword
>>> to be
>>> > surrounded by non-alphanumeric characters could be easily removed if
>>> > you want to test the results. In filter.c, just remove the if()
>>> block
>>> > from lines 697 to 706 (in version 4.0.5). Rerun "make" and install
>>> > the new binary. My instinct says you won't like the new
>>> behavior but I
>>> could easily be wrong.
>>> >
>>> > In the long run, the best solution is probably to add support for
>>> > regular expressions. They're much more flexible and powerful
>>> and the
>>> > documentation would be much simpler as well, since many tutorials
>>> > already exist for regexps. Several people have asked for regular
>>> > expression support and it's on my list (though it's not high
>>> priority at
>>> the moment).
>>> >
>>> > -- Sam Clippinger
>>> >
>>> > Youri V. Kravatsky wrote:
>>> >> Hello Sam,
>>> >>
>>> >>
>>> >>> BTW, spamdyke won't find a keyword like "dyn" in the middle of
>>> other
>>> >>> text like "dynamic". In order to match, a keyword must (1) be at
>>> >>> the beginning of the name, (2) be surrounded with non-alphanumeric
>>> >>> characters (i.e. dots or dashes) AND include the rDNS name's
>>> TLD (e.g.
>>> >>> "example" would not be found in "11.22.33.44.example.com
>>> <http://11.22.33.44.example.com>") or (3)
>>> >>> the keyword must begin with a dot AND match the entire end of the
>>> >>> rDNS name (e.g. ".example.com <http://example.com>" would
>>> match "11.22.33.44.example.com <http://11.22.33.44.example.com>").
>>> >>> This logic exists to prevent a keyword like "dynamic" from
>>> matching
>>> >>> "11.22.33.44.notdynamic.example.com
>>> <http://11.22.33.44.notdynamic.example.com>".
>>> >>>
>>> >> Well, it is not good really, I know that correctly work on
>>> wildcards
>>> >> is not easy work in C, unlike, perl, but it would be very good
>>> to use
>>> >> file like
>>> >> .*dynamic.*
>>> >> .dynamic*.*
>>> >
>>> >> .broadband*.*
>>> >
>>> >> .*broadband.*
>>> >
>>> >> .*cable.*
>>> >
>>> >> .cable*.*
>>> >
>>> >> .*pppoe.*
>>> >
>>> >> .pppoe*.*
>>> >> Or else we will read log for a full days to find out all
>>> possible
>>> >> home-dynamic-cable-broadband providers all over the world...
>>> >>
>>>
>>>
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> [email protected] <mailto:[email protected]>
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>>
>>>
>>> ------------------------------
>>>
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> [email protected] <mailto:[email protected]>
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>>
>>> End of spamdyke-users Digest, Vol 17, Issue 37
>>> **********************************************
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> [email protected]
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>>
>> --
>> BLACKBIT neue Medien GmbH | BLACKBIT neue Werbung GmbH
>> Technischer Support/ Hotline
>> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen
>>
>> Geschäftsführer: Stefano Viani
>> Registergericht: Amtsgericht Göttingen, HRB 3222
>> Umsatzsteueridentifikationsnummer (§ 27a UstG): DE 813 114 917
>>
>> Tel: +49-551-50675-50 - Fax: +49-551-50675-20
>> E-Mail: [EMAIL PROTECTED]
>>
>> Klassische Werbung und Online-Marketing: http://www.blackbit.de
>> Software fuer Online-Marketing: http://www.go-community.de
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> spamdyke-users mailing list
>> [email protected]
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
