Hi Markus, add this to your spamdyke.conf
ip-in-rdns-keyword-blacklist-entry=.net So the sending server would be recognize with it's ip-address in the rdns entry. Regards, Ulrich Am 13.11.2009 um 14:21 schrieb Markus Thüer: > Ok, I've put [email protected] in my conf. > > But just 30 minutes later another spam got through. Just with the same kind > of header as listed below. > > Received: (qmail 32252 invoked from network); 13 Nov 2009 14:05:58 +0100 > Received: from 83-70-163-32-dynamic.b-ras1.prp.dublin.eircom.net > (83.70.163.32) > by tabellarius.kapuziner.de with (RC4-MD5 encrypted) SMTP; 13 Nov 2009 > 14:05:57 +0100 > From: Official VIAGRA (R) Store <[email protected]> > To: [email protected] > Subject: Dear wuerzburg 75% 0FF on Pfizer. > > I have defiantly no user in Ireland, so does this mean that some spammer can > authenticate with my server? > The spam is always the same but comes from different addresses all over the > world. > > Greetings Markus > > > > -----Ursprüngliche Nachricht----- > Von: [email protected] > [mailto:[email protected]] Im Auftrag von David Stiller > Gesendet: Freitag, 13. November 2009 12:25 > An: spamdyke users > Betreff: Re: [spamdyke-users] Spam gets through even if its blacklisted > > You can, as all filters are ignored/bypassed when you login by SMTP. > > Am 13.11.2009 um 11:48 schrieb Markus Thüer: > >> We have not whitelisted our own Domain. So spamdyke does rejects mails >> with a forged sender who uses our domain. The log looks like this: >> >> Spamdyke DENIED_RLB_MATCH from: [email protected] to [email protected] >> origin_ip: 222.253.182.216 origin_rdns. >> 22.53.182.216.pool.ukrtel.net auth: >> (unknown) >> >> But some get through. And if I would blacklist our domain, who can I >> sent mail within the domain? >> >> Greetings Markus >> >> -----Ursprüngliche Nachricht----- >> Von: [email protected] >> [mailto:[email protected]] Im Auftrag von David >> Stiller >> Gesendet: Freitag, 13. November 2009 08:31 >> An: spamdyke users >> Betreff: Re: [spamdyke-users] Spam gets through even if its >> blacklisted >> >> Blacklisting all your local domains should help this. They used your >> local domain hoping, that you whitelisted them: >> >>> From: (c) VIAGRA (tm) Store <[email protected]> >> >> So add @kapuziner.org to blacklist. >> >> Am 12.11.2009 um 21:47 schrieb Markus Thüer: >> >>> Certainly: >>> >>> The header after spamdyke: >>> >>> Content-Type: message/rfc822; x-spam-type=original >>> Content-Description: original message before SpamAssassin >>> Content-Disposition: attachment >>> Content-Transfer-Encoding: 8bit >>> >>> Received: (qmail 12216 invoked from network); 12 Nov 2009 15:55:53 >>> +0100 >>> Received: from 87-205-53-218.adsl.inetia.pl (87.205.53.218) >>> by tabellarius.kapuziner.de with (RC4-MD5 encrypted) SMTP; 12 Nov >>> 2009 >>> 15:55:52 +0100 >>> From: (c) VIAGRA (tm) Store <[email protected]> >>> To: [email protected] >>> Subject: Personal 75% OFF to [email protected]. Pfizer. >>> Content-Type: text/html; charset="utf-8" >>> MIME-Version: 1.0 >>> >>> >>> After spamassian it looks like this: >>> >>> Received: from localhost by tabellarius.kapuziner.de >>> with SpamAssassin (version 3.2.3); >>> Thu, 12 Nov 2009 15:55:59 +0100 >>> From: (c) VIAGRA (tm) Store <[email protected]> >>> To: [email protected] >>> Subject: *****SPAM***** Personal 75% OFF to [email protected]. >>> Pfizer. >>> X-Spam-Flag: YES >>> X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on >>> tabellarius.kapuziner.de >>> X-Spam-Level: **************************** >>> X-Spam-Status: Yes, score=28.9 required=7.0 >>> tests=BAYES_95,FH_HELO_EQ_D_D_D_D, >>> >>> HELO_DYNAMIC_HCC,HELO_DYNAMIC_IPADDR2,HTML_IMAGE_ONLY_28,HTML_IMAGE_R >>> A >>> TIO_02 >>> , >>> >>> HTML_MESSAGE,MIME_HTML_ONLY,MISSING_DATE,MISSING_MID,RCVD_IN_BL_SPAMC >>> O >>> P_NET, >>> >>> RCVD_IN_PBL,RCVD_IN_SORBS_WEB,RCVD_IN_XBL,RDNS_DYNAMIC,URIBL_AB_SURBL >>> , >>> URIBL_BLACK,URIBL_JP_SURBL,URIBL_WS_SURBL,URI_HEX autolearn=spam >>> version=3.2.3 >>> MIME-Version: 1.0 >>> Content-Type: multipart/mixed; boundary="----------=_4AFC21FF. >>> 60B4CCD4" >>> >>> >>> >>> >>> Eric worte: >>> >>> Will you post an example header of an email that passed spamdyke but >>> was tagged as spamassassin? That would allow us to help you >>> troubleshoot. >>> Short of that, we can only speculate. >>> >>> Markus Thüer wrote: >>>> Hi, >>>> >>>> >>>> >>>> I got an interesting problem. >>>> >>>> I am running spamdyke on Plesk (8.04) for 18 Month now and it was >>>> working very nicely all the time. Since a few weeks a number of >>>> spams are getting through. But then they are identified and marked >>>> by spamassasin which is also running with plesk. >>>> >>>> But spamdyke is using the same blacklists as spamassasin. So they >>>> should be rejected before they reach spamassasin . >>>> >>>> >>>> >>>> The first thing I tried, was to update spamdyke for I was working >>>> with >>>> 3.1.8 >>>> >>>> So now I have the newest version but the behavior is still the same. >>>> >>>> >>>> >>>> I am not really an expert, but still I have to manage a server with >>>> 400 accounts and quite a bit of traffic. >>>> >>>> >>>> >>>> So if you could give me a hint where to look and how to find out why >>>> these mails are getting through I would be happy. >>>> >>>> >>>> >>>> Here my configuration: >>>> >>>> >>>> >>>> max-recipients=20 >>>> >>>> reject-empty-rdns >>>> >>>> reject-ip-in-cc-rdns >>>> >>>> reject-missing-sender-mx >>>> >>>> reject-unresolvable-rdns >>>> >>>> dns-blacklist-entry=zen.spamhaus.org >>>> >>>> dns-blacklist-entry=multi.uribl.com >>>> >>>> dns-blacklist-entry=bl.spamcop.net >>>> >>>> graylist-level=always >>>> >>>> graylist-dir=/var/qmail/spamdyke/greylist >>>> >>>> graylist-max-secs=1814400 >>>> >>>> graylist-min-secs=300 >>>> >>>> local-domains-file=/var/qmail/control/rcpthosts >>>> >>>> >>>> >>>> >>>> >>>> many thanks >>>> >>>> >>>> >>>> Markus >>>> >>>> >>>> >>>> >>>> >>>> >>>> -------------------------------------------------------------------- >>>> - >>>> --- >>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >>> -- >>> -Eric 'shubes' >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> David Stiller >> Technischer Support >> >> Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer >> Werbeagentur unter http://www.blackbit.de/tagebuch >> >> Blackbit neue Medien GmbH >> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen >> >> Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 >> E-Mail: [email protected] – Hotline: [email protected] >> >> Amtsgericht Göttingen: HRB 3222 >> USt-IdNr.: DE 813114917 >> Geschäftsführer: Herr Stefano Viani >> >> >> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > David Stiller > Technischer Support > > Neues von Blackbit: aktuelle Projekte und Wissenswertes aus unserer > Werbeagentur unter http://www.blackbit.de/tagebuch > > Blackbit neue Medien GmbH > Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen > > Tel.: +49-551-50675-60 - Fax: +49-551-50675-20 > E-Mail: [email protected] – Hotline: [email protected] > > Amtsgericht Göttingen: HRB 3222 > USt-IdNr.: DE 813114917 > Geschäftsführer: Herr Stefano Viani > > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
