Hi, and thanks for your reply. Should i use a "." instead of a "@" as a wildcard?
Kind Regards M Ulrich C. Manns skrev: > Just add your domain to the senders blacklist with a . as wildchard. Example: > [email protected] -> .spam.com > > Your Users should use authentification. So they can send e-mail through > spamdyke. > > Regards, > Ulrich > > Am 15.12.2009 um 21:54 schrieb Magnus Ringdahl: > > >> Hi. >> I have been using spamdyke for quite some time now, and it reduces my >> spammails alot. >> But it have a hell of a problem with spammers (often viagra) the spoof >> the localdomains. >> I often get spammails where the sending address is the same as my >> receiving address. >> And i dint know how to block them. >> >> I have pasted my configurationfiles so you coould see if there is some >> issues. Using Debian and Plesk 9.2. >> >> spamdyke.conf >> ------------------------------------ >> log-level=verbose >> filter-level=normal >> local-domains-file=/var/qmail/control/rcpthosts >> max-recipients=20 >> idle-timeout-secs=60 >> graylist-level=only >> graylist-dir=/var/qmail/spamdyke/greylist >> graylist-min-secs=300 >> graylist-max-secs=1814400 >> >> sender-whitelist-file=/var/qmail/spamdyke/whitelisted_senders >> rdns-whitelist-file=/var/qmail/spamdyke/whitelisted_rdns >> ip-whitelist-file=/var/qmail/spamdyke/whitelisted_ip >> >> sender-blacklist-file=/var/qmail/spamdyke/blacklisted_senders >> recipient-blacklist-file=/var/qmail/spamdyke/blacklisted_recipients >> ip-blacklist-file=/var/qmail/spamdyke/blacklisted_ip >> dns-blacklist-entry=zen.spamhaus.org >> >> reject-empty-rdns >> reject-unresolvable-rdns >> greeting-delay-secs=5 >> reject-missing-sender-mx >> >> policy-url=http://www.your-domain-here.com/spam_policy >> -------------------------------------------------------------------- >> >> smtp_psa >> -------------------------------------------------- >> service smtp >> { >> socket_type = stream >> protocol = tcp >> wait = no >> disable = no >> user = root >> instances = UNLIMITED >> env = SMTPAUTH=1 >> server = /var/qmail/bin/tcp-env >> server_args = -Rt0 /usr/local/bin/spamdyke -f >> /etc/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd >> /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw >> /var/qmail/bin/true >> } >> --------------------------------------------------------- >> >> The whitelisted_ip file contains the mailservers ip-addresses. >> The blacklisted_senders file contains the localdomains (@domain.tld). >> The blacklisted_words contains alot of words like .t-dialin.net, >> .t-ipconnect.de, .in-addr.arpa, .dhcp, .net, in-addr.arpa, dhcp, >> dynamic, and so on. >> >> I understand the spamdyke filters that they work something like this. If >> the sending server is listed in whitelisted_ip the mail passes the >> filter. If its not listed in whitelisted_ip it then checks the >> blabklisted_senders if the sending address is listed it drops the mail. >> Is that correct? >> >> Here is a sample of the mail.log of a spammail that in my opinion should >> have been dropped but passes all filters. >> >> Dec 15 17:52:55 web01 spamdyke[24928]: TLS_ENCRYPTED from: (unknown) to: >> (unknown) origin_ip: 80.179.197.221 origin_rdns: >> 80.179.197.221.cable.012.net.il auth: (unknown) >> Dec 15 17:52:56 web01 qmail-queue-handlers[24946]: Handlers Filter >> before-queue for qmail started ... >> Dec 15 17:52:56 web01 qmail-queue-handlers[24946]: >> [email protected] >> Dec 15 17:52:56 web01 qmail-queue-handlers[24946]: [email protected] >> Dec 15 17:52:56 web01 spf filter[24947]: Starting spf filter... >> Dec 15 17:52:56 web01 spf filter[24947]: SPF result: neutral >> Dec 15 17:52:56 web01 spf filter[24947]: SPF status: PASS >> Dec 15 17:52:56 web01 qmail: 1260895976.491935 new msg 4252544 >> Dec 15 17:52:56 web01 qmail: 1260895976.491935 info msg 4252544: bytes >> 2246 from <[email protected]> qp 24948 uid 2020 >> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: Handlers Filter >> before-local for qmail started ... >> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: >> [email protected] >> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: [email protected] >> Dec 15 17:52:56 web01 qmail-local-handlers[24949]: mailbox: >> /var/qmail/mailnames/domain.tld/info >> Dec 15 17:52:56 web01 qmail: 1260895976.515935 starting delivery 2744: >> msg 4252544 to local [email protected] >> Dec 15 17:52:56 web01 qmail: 1260895976.515935 status: local 1/10 remote >> 0/20 >> Dec 15 17:52:56 web01 qmail: 1260895976.523935 delivery 2744: success: >> did_0+0+2/ >> Dec 15 17:52:56 web01 qmail: 1260895976.523935 status: local 0/10 remote >> 0/20 >> Dec 15 17:52:56 web01 qmail: 1260895976.523935 end msg 4252544 >> >> Dec 15 21:22:57 web01 /var/qmail/bin/relaylock[6350]: >> /var/qmail/bin/relaylock: mail from 125.25.15.31:52521 >> (125.25.15.31.adsl.dynamic.totbb.net) >> Dec 15 21:22:59 web01 spamdyke[6349]: TLS_ENCRYPTED from: (unknown) to: >> (unknown) origin_ip: 125.25.15.31 origin_rdns: >> 125.25.15.31.adsl.dynamic.totbb.net auth: (unknown) >> Dec 15 21:23:01 web01 qmail-queue-handlers[6354]: Handlers Filter >> before-queue for qmail started ... >> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: [email protected] >> Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: [email protected] >> Dec 15 21:23:02 web01 spf filter[6355]: Starting spf filter... >> Dec 15 21:23:02 web01 spf filter[6355]: Error code: (2) Could not find a >> valid SPF record >> Dec 15 21:23:02 web01 spf filter[6355]: Failed to query MAIL-FROM: No >> DNS data for 'domain.tld'. >> Dec 15 21:23:02 web01 spf filter[6355]: SPF result: none >> Dec 15 21:23:02 web01 spf filter[6355]: SPF status: PASS >> Dec 15 21:23:02 web01 qmail-queue[6356]: scan: the >> message(drweb.tmp.Wu6OR3) sent by [email protected] to >> [email protected] is passed >> Dec 15 21:23:02 web01 qmail: 1260908582.819935 new msg 4253887 >> Dec 15 21:23:02 web01 qmail: 1260908582.819935 info msg 4253887: bytes >> 2469 from <[email protected]> qp 6357 uid 2020 >> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: Handlers Filter >> before-local for qmail started ... >> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: [email protected] >> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: [email protected] >> Dec 15 21:23:02 web01 qmail-local-handlers[6358]: mailbox: >> /var/qmail/mailnames/domain.tld/kundtjanst >> Dec 15 21:23:02 web01 qmail: 1260908582.855935 starting delivery 2998: >> msg 4253887 to local [email protected] >> Dec 15 21:23:02 web01 qmail: 1260908582.855935 status: local 1/10 remote >> 0/20 >> Dec 15 21:23:02 web01 qmail: 1260908582.859935 delivery 2998: success: >> did_0+0+2/ >> Dec 15 21:23:02 web01 qmail: 1260908582.859935 status: local 0/10 remote >> 0/20 >> Dec 15 21:23:02 web01 qmail: 1260908582.859935 end msg 4253887 >> >> How can i check that smtp_auth is working? Im starting to wonder that >> it's not. >> I hope someone have the time to answer. I have been struggling with this >> for a long time withput getting rid of those annoying mails. >> >> Kind Regards >> M >> >> >> Eduard Svarc skrev: >> >>> Hello, >>> >>> these keywords .net and .com are used just for testing if IP is in >>> reverse DNS listed. Is not done against normal reverse DNS records for >>> servers like mail.somedomain.net. So in combination with keyword >>> reject-ip-in-cc-rdns and .net in file >>> /etc/spamdyke/ip-in-rdns-keyword-blacklist-file it will reject mail >>> from 242-29-179-94.pool.ukrtel.net because that sender will be >>> positively tested as not valid reverse DNS. >>> >>> use just net without that '.' is not suficient because SPAMDYKE use >>> this '.' as flag for testing end of string only. So listing .com and >>> .net does magic for SPAMDYKE when it testing IP in reverse DNS for >>> country code DNS, like .it,, .uk etc it does same for .com and .net. >>> Personally I did add into that file other ones special domains like >>> .eu, .org, .info, .biz. These should not be used by ISP providers for >>> assigning reverse names, but who knows. Anyway it doesn't hurt my >>> configuration and I'm preparded. >>> >>> Eduard Švarc >>> >>> DATA Intertech s.r.o. >>> Kladenská 46 >>> 160 00 Praha 6 >>> Czech Republic >>> tel. +420-235365267, fax +420-235361446 >>> >>> [email protected] wrote on 14.12.2009 09:55:45: >>> >>> >>>> thanks Eduard Švarc >>>> >>>> Same query as david stiller raised, .com, .net are valid domain right? >>>> >>>> also >>>> >>>> @400000004b25fa572bd181a4 CHKUSER accepted rcpt: from <fx...@bmelaw. >>>> com::> remote <microsof-7b1919:unknown:94.179.29.242> rcpt >>>> <[email protected]> : found existing recipient >>>> @400000004b25fa572bd2316c spamdyke[27021]: ALLOWED from: >>>> [email protected] to: [email protected] origin_ip: 94.179. >>>> 29.242 origin_rdns: 242-29-179-94.pool.ukrtel.net auth: (unknown) >>>> >>>> the above ip is listed in rbl , >>>> >>>> IP Address Lookup >>>> >>>> [image removed] >>>> >>>> 94.179.29.242 is not listed in the SBL >>>> 94.179.29.242 is listed in the PBL, in the following records: >>>> PBL239543 >>>> 94.179.29.242 is not listed in the XBL >>>> >>>> >>>> >>>> >>>> this doesnt look like false positive >>>> >>>> From: Eduard Svarc <[email protected]> >>>> To: spamdyke users <[email protected]> >>>> Sent: Mon, December 14, 2009 12:48:07 PM >>>> Subject: Re: [spamdyke-users] spamdyke configuration finetuneing >>>> >>>> >>>> Hello, >>>> >>>> I see you have two things out. 1st you using RBLS, that could give >>>> you a lot positive false spam. 2nd you completely have commented out >>>> best thing in SPAMDYKE. Is sniffing IPs in reverse DNS. Most of bots >>>> and spams comming from Internet zombies. Here are my advices: >>>> >>>> 1 - comment out dns-blacklist-entry=zen.spamhaus.org >>>> 2 - uncoment reject-empty-rdns, reject-ip-in-cc-rdns, reject- >>>> missing-sender-mx and reject-unresolvable-rdns >>>> 3- into /etc/spamdyke/blacklist_recipients add your domain in format >>>> @your-domain (it will block all mails like to: n...@your-domain from: >>>> n...@your-domain) >>>> 4- into /etc/spamdyke/ip-in-rdns-keyword-blacklist-file put these >>>> >>> words : >>> >>>> dsl >>>> .com >>>> .net >>>> broadband >>>> dynamic >>>> >>>> I could guarantee you will fall bellow 1% of SPAM with nearly zero >>>> false positives. Of course someone who can't follow certain >>>> guidelines for theirs servers will not be able to send you e-mails >>>> at all. But you can easily handle it by adding IP's in >>>> /etc/spamdyke/whitelist_ip or adding senders into >>>> /etc/spamdyke/whitelist_senders >>>> >>>> I stop using any RBLS services ages ago, they are way unreliable. >>>> >>>> Good luck, >>>> Eduard Švarc >>>> >>>> DATA Intertech s.r.o. >>>> Kladenská 46 >>>> 160 00 Praha 6 >>>> Czech Republic >>>> tel. +420-235365267, fax +420-235361446 >>>> >>>> [email protected] wrote on 14.12.2009 07:24:03: >>>> >>>> New Windows 7: Find the right PC for you. Learn more. >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> > > > ------------------------------------------------------------------------ > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
