Ok, I've put [email protected] in my conf. But just 30 minutes later another spam got through. Just with the same kind of header as listed below.
Received: (qmail 32252 invoked from network); 13 Nov 2009 14:05:58 +0100 Received: from 83-70-163-32-dynamic.b-ras1.prp.dublin.eircom.net (83.70.163.32) by tabellarius.kapuziner.de with (RC4-MD5 encrypted) SMTP; 13 Nov 2009 14:05:57 +0100 From: Official VIAGRA (R) Store <[email protected]> To: [email protected] Subject: Dear wuerzburg 75% 0FF on Pfizer. I have defiantly no user in Ireland, so does this mean that some spammer can authenticate with my server? The spam is always the same but comes from different addresses all over the world. Greetings Markus -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von David Stiller Gesendet: Freitag, 13. November 2009 12:25 An: spamdyke users Betreff: Re: [spamdyke-users] Spam gets through even if its blacklisted You can, as all filters are ignored/bypassed when you login by SMTP. Am 13.11.2009 um 11:48 schrieb Markus Thüer: > We have not whitelisted our own Domain. So spamdyke does rejects mails > with a forged sender who uses our domain. The log looks like this: > > Spamdyke DENIED_RLB_MATCH from: [email protected] to [email protected] > origin_ip: 222.253.182.216 origin_rdns. > 22.53.182.216.pool.ukrtel.net auth: > (unknown) > > But some get through. And if I would blacklist our domain, who can I > sent mail within the domain? > > Greetings Markus > > -----Ursprüngliche Nachricht----- > Von: [email protected] > [mailto:[email protected]] Im Auftrag von David > Stiller > Gesendet: Freitag, 13. November 2009 08:31 > An: spamdyke users > Betreff: Re: [spamdyke-users] Spam gets through even if its > blacklisted > > Blacklisting all your local domains should help this. They used your > local domain hoping, that you whitelisted them: > >> From: (c) VIAGRA (tm) Store <[email protected]> > > So add @kapuziner.org to blacklist. > > Am 12.11.2009 um 21:47 schrieb Markus Thüer: > >> Certainly: >> >> The header after spamdyke: >> >> Content-Type: message/rfc822; x-spam-type=original >> Content-Description: original message before SpamAssassin >> Content-Disposition: attachment >> Content-Transfer-Encoding: 8bit >> >> Received: (qmail 12216 invoked from network); 12 Nov 2009 15:55:53 >> +0100 >> Received: from 87-205-53-218.adsl.inetia.pl (87.205.53.218) >> by tabellarius.kapuziner.de with (RC4-MD5 encrypted) SMTP; 12 Nov >> 2009 >> 15:55:52 +0100 >> From: (c) VIAGRA (tm) Store <[email protected]> >> To: [email protected] >> Subject: Personal 75% OFF to [email protected]. Pfizer. >> Content-Type: text/html; charset="utf-8" >> MIME-Version: 1.0 >> >> >> After spamassian it looks like this: >> >> Received: from localhost by tabellarius.kapuziner.de >> with SpamAssassin (version 3.2.3); >> Thu, 12 Nov 2009 15:55:59 +0100 >> From: (c) VIAGRA (tm) Store <[email protected]> >> To: [email protected] >> Subject: *****SPAM***** Personal 75% OFF to [email protected]. >> Pfizer. >> X-Spam-Flag: YES >> X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on >> tabellarius.kapuziner.de >> X-Spam-Level: **************************** >> X-Spam-Status: Yes, score=28.9 required=7.0 >> tests=BAYES_95,FH_HELO_EQ_D_D_D_D, >> >> HELO_DYNAMIC_HCC,HELO_DYNAMIC_IPADDR2,HTML_IMAGE_ONLY_28,HTML_IMAGE_R >> A >> TIO_02 >> , >> >> HTML_MESSAGE,MIME_HTML_ONLY,MISSING_DATE,MISSING_MID,RCVD_IN_BL_SPAMC >> O >> P_NET, >> >> RCVD_IN_PBL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_DYNAMIC,URIBL_AB_SURBL >> , >> URIBL_BLACK,URIBL_JP_SURBL,URIBL_WS_SURBL,URI_HEX autolearn=spam >> version=3.2.3 >> MIME-Version: 1.0 >> Content-Type: multipart/mixed; boundary="----------=_4AFC21FF. >> 60B4CCD4" >> >> >> >> >> Eric worte: >> >> Will you post an example header of an email that passed spamdyke but >> was tagged as spamassassin? That would allow us to help you >> troubleshoot. >> Short of that, we can only speculate. >> >> Markus Thüer wrote: >>> Hi, >>> >>> >>> >>> I got an interesting problem. >>> >>> I am running spamdyke on Plesk (8.04) for 18 Month now and it was >>> working very nicely all the time. Since a few weeks a number of >>> spams are getting through. But then they are identified and marked >>> by spamassasin which is also running with plesk. >>> >>> But spamdyke is using the same blacklists as spamassasin. So they >>> should be rejected before they reach spamassasin . >>> >>> >>> >>> The first thing I tried, was to update spamdyke for I was working >>> with >>> 3.1.8 >>> >>> So now I have the newest version but the behavior is still the same. >>> >>> >>> >>> I am not really an expert, but still I have to manage a server with >>> 400 accounts and quite a bit of traffic. >>> >>> >>> >>> So if you could give me a hint where to look and how to find out why >>> these mails are getting through I would be happy. >>> >>> >>> >>> Here my configuration: >>> >>> >>> >>> max-recipients=20 >>> >>> reject-empty-rdns >>> >>> reject-ip-in-cc-rdns >>> >>> reject-missing-sender-mx >>> >>> reject-unresolvable-rdns >>> >>> dns-blacklist-entry=zen.spamhaus.org >>> >>> dns-blacklist-entry=multi.uribl.com >>> >>> dns-blacklist-entry=bl.spamcop.net >>> >>> graylist-level=always >>> >>> graylist-dir=/var/qmail/spamdyke/greylist >>> >>> graylist-max-secs=1814400 >>> >>> graylist-min-secs=300 >>> >>> local-domains-file=/var/qmail/control/rcpthosts >>> >>> >>> >>> >>> >>> many thanks >>> >>> >>> >>> Markus >>> >>> >>> >>> >>> >>> >>> -------------------------------------------------------------------- >>> - >>> --- >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> >> -- >> -Eric 'shubes' >> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > David Stiller > Technischer Support > > Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer > Werbeagentur unter http://www.blackbit.de/tagebuch > > Blackbit neue Medien GmbH > Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen > > Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 > E-Mail: [email protected] Hotline: [email protected] > > Amtsgericht Göttingen: HRB 3222 > USt-IdNr.: DE 813114917 > Geschäftsführer: Herr Stefano Viani > > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users David Stiller Technischer Support Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer Werbeagentur unter http://www.blackbit.de/tagebuch Blackbit neue Medien GmbH Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 E-Mail: [email protected] Hotline: [email protected] Amtsgericht Göttingen: HRB 3222 USt-IdNr.: DE 813114917 Geschäftsführer: Herr Stefano Viani _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
