I have spamdyke, with Atomic Secured Linux as well, protecting a server, and it works well generally, stopping about 50% of emails (I note that some people have reported 90+% Spam statistics). I have just run a DNSStuff Anti-Spam Filtering Test. It got through:
"This is a test message that was sent to you because you or someone you know visited the DNSstuff Mail Server Test Center and ran an anti-spam test against this email address. This email message contains a forged received header with with a blacklisted IP Address. If you received this message without a spam warning or notification, we recommend you perform the following steps: 1. Contact your email administrator. 2. If you are the email administrator, review your current anti-spam settings, and insure that the latest updates are applied and that your spam filtering software is enabled." Because it has a forged received header and a blacklisted IP address, I would like it to be rejected, naturally. maillog said: Aug 26 08:09:29 plesk2 spamdyke[20992]: ALLOWED from: [email protected] to: [email protected] origin_ip: 75.125.82.251 origin_rdns: gold.dnsstuff.com auth: (unknown) and the email header says: X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on plesk2.ourdomain.co.uk X-Spam-Level: X-Spam-Status: No, score=-1.0 required=4.0 tests=BAYES_00,HTML_MESSAGE, HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,MISSING_MID autolearn=no version=3.2.5 Received: (qmail 21000 invoked from network); 26 Aug 2009 08:09:30 +0100 Received: from gold.dnsstuff.com (HELO main) (75.125.82.251) by plesk2.ourdomain.co.uk with SMTP; 26 Aug 2009 08:09:29 +0100 Received-SPF: pass (plesk2.ourdomain.co.uk: SPF record at dnsstuff.com designates 75.125.82.251 as permitted sender) Received: from forgedsnd.example.com ([127.0.0.2]) by forgedrcv.example.com with fakesvc; Thu, 13 Aug 2009 07:30:02 To: [email protected] From: "DNSstuff Mail Server Test Center" <[email protected]> Subject: DNSstuff Mail Server Test Center - Anti-Spam Test Message Date: Wed, 26 Aug 2009 07:09:14 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="US-ASCII" Content-Disposition: inline My spamdyke config file is: [r...@plesk2 ~]# cat /etc/spamdyke.conf #Plesk-Addon #use log-level=verbose to see which dnsrbls triggered. use info for normal level. use debug ## for loads of stuff. log-level=info #idle-timeout-secs=180 local-domains-file=/var/qmail/control/rcpthosts tls-certificate-file=/var/qmail/control/servercert.pem #AUTH FROM xinetd-conf smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /bin/true smtp-auth-level=ondemand-encrypted ## the following url gets put in all rejection messages so people who get false positives ## know where to go for help: policy-url=http://emailitis.com/index_files/spam_rejection.html graylist-level=always graylist-dir=/var/qmail/spamdyke/greylist #GREYLIST MINIMUM = 5 Min graylist-min-secs=300 #GREYLIST MAX = 3 Months graylist-max-secs=1814400 sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients ip-in-rdns-keyword-blacklist-file=/var/qmail/spamdyke/blacklist_keywords ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip sender-whitelist-file=/var/qmail/spamdyke/whitelist_senders greeting-delay-secs=5 #RBL BLOCKLISTS dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=bogons.cymru.com reject-missing-sender-mx reject-empty-rdns reject-unresolvable-rdns [r...@plesk2 ~]# Listening to these posts, I guess that there are a LOT more complex settings that I could or should have in my config. Can anyone advise what setting(s) might prevent similar emails from getting through next time? Kind regards, Christoph _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
