Dears, back to this topic. After few days observing new setup on my server. Here is certain summary. By adding two restrictions to SPAMDYKE configuration:
1) adding '.net' and '.com' into ip-in-rdns-keyword-blacklist-file 2) and adding all my local domains in form @domain.cc into sender-blacklist-file My spam count reported by anti-spam on main mail server fall from hundreds by day to tens by day. In fact I was able to lower load generated by spam by 99% or even more. When I started with only mail server and anti-spam software I did get around 10 milions messages per month. Now I'm at around thousands per month and 95% are HAM not SPAM. I couldn't thank enough to author of SPAMDYKE and whole comunity because at least for now is my nightmare over. Great thanks! Eduard [email protected] wrote on 08.05.2009 03:09:54: > OK, OK, I'll add #1. This one seems to come up every other week, so I > guess it's needed. (sheesh) :) > > #2 is already on the TODO list for an upcoming version. It's been > discussed a few times. > > I'm planning to take a close look at #3. I received some patches for it > quite a while back and I still haven't had time to go through them. I > will, I promise. > > -- Sam Clippinger > > Ulrich C. Manns wrote: > > @Sam Clippinger > > > > Hi Sam, > > > > my whishes: > > > > 1. A new parameter to reject emails if sender=recipient (because > > we?re hosting many domains an Eduard method won?t work for us) > > 2. SPF .... (DENIED_SPF) > > 3. MySQL extension from haggybear.de > > > > > > Regards, > > Ulrich > > > > ------------------------------------------------------------------------ > > *Von: *Eduard Svarc <[email protected]> > > *Antworten an: *<[email protected]>, spamdyke users > > <[email protected]> > > *Datum: *Wed, 6 May 2009 10:29:11 +0200 > > *An: *spamdyke users <[email protected]> > > *Betreff: *Re: [spamdyke-users] Posibility to blacklist messages where > > sender and recipient are exactly same > > > > > > Hi Ulrich, > > > > thanks for idea and it works. I did add into > > /etc/spamdyke.d/sender-blacklist-file all our local domain in form: > > > > @intertech.cz > > > > and now SPAMDYKE works as I do expecting: > > > > May 6 10:23:29 fw spamdyke[27819]: DENIED_SENDER_BLACKLISTED from: > > [email protected] to: [email protected] origin_ip: 89.189.3.74 > > origin_rdns: lissant.kis.ru auth: (unknown) > > > > Heureka! I hope it will helps someone else than me. But it is > > perfectly what I do expect to happens. > > > > Eduard > > > > [email protected] wrote on 06.05.2009 09:51:17: > > > > > > > > Dear Ulrich, > > > > > > I guess it couldn't be denied by DENIED_IP_IN_RDNS because > > s0106000625a2b407 > > > is not hexadecimal representation of IP address. I pick may be wrong > > > example there are partially regular reverse DNS too where sender and > > > recipent are same like: > > > > > > May 6 09:35:03 fw spamdyke[27053]: ALLOWED from: @domain.cz to: > > > @domain.cz origin_ip: 95.48.168.162 origin_rdns: jum162.internetdsl. > > > tpnet.pl auth: (unknown) > > > > > > Thanks to your answer to another thread I got idea how to block > > > these messages. I could put our domain in sender-blacklist-file and > > > it will definetely stop all messages containing SPAM with fake > > > sender from our domain. Users using another mail server for outgoing > > > mail and that mail will never reach perimeter SMTP server where > > > SPAMDYKE does run. > > > > > > Thnak you! > > > Eduard > > > > > > "Ulrich C. Manns" <[email protected]> wrote on 06.05.2009 08:59:15: > > > > > > > I think this should be a new parameter in the config for the next > > version? > > > > > > > > But this should be rejected with DENIED_IP_IN_RDNS with .net in the > > file > > > > ip-in-rdns-keyword-blacklist-file? > > > > > > > > Von: Eduard Svarc <[email protected]> > > > > Antworten an: <[email protected]>, spamdyke users <spamdyke- > > > > [email protected]> > > > > Datum: Wed, 6 May 2009 08:32:10 +0200 > > > > An: spamdyke users <[email protected]> > > > > Betreff: [spamdyke-users] Posibility to blacklist messages where > > > > sender and recipient are exactly same > > > > > > > > > > > > Dears, > > > > > > > > I'm looking for right place where I could reject messages containing > > > > with 100% probability SPAM. These messages I could easily indetify > > > > as SPAM because sender and recipient are exactly same. My server is > > > > perimeter SMTP relay only. In this case is not simply possible that > > > > he could deliver this kind of messages. In case when user of local > > > > domain acidentaly sending message to self it would be handled by > > > > main mail server not by perimeter SMTP server. > > > > > > > > I would like simply DENY all messages like these: > > > > > > > > May 6 06:57:48 fw spamdyke[23773]: ALLOWED from: [email protected] to: > > > > [email protected] origin_ip: 24.84.53.252 origin_rdns: > > > > s0106000625a2b407.vc.shawcable.net auth: (unknown) > > > > > > > > TIA > > > > Eduard > > > > _______________________________________________ > > > spamdyke-users mailing list > > > [email protected] > > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > spamdyke-users mailing list > > [email protected] > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
