I understand now. Where the log entries say "from:" they're displaying the
content of the "envelope sender", which is the sender address given during the
SMTP protocol, not the "From" header in the message itself. Those addresses can
be blocked using the sender blacklist filter.
If you want spamdyke (version 4.2.0) to check the sender blacklist before it
does anything else, you can make that change thus:
In spamdyke.c, move the filter_sender_blacklist() command on line 1626
above the filter_rdns_missing() command on line 1604. NOTE: this will make an
entry in your sender blacklist override all whitelists, even IP and rDNS
whitelists.
Add the "config-dir" option to your configuration file, pointing to an
empty folder (explanation below).
There are three blocks of filter calls in spamdyke.c because of configuration
directories. If the "config-dir" option is *not* used:
The filter_* commands starting on line 2978 are called as soon as the
connection is established.
The filter_* commands starting on line 1534 are called as soon as the
"MAIL FROM" command is given (identifying the sender address).
The filter_* commands starting on line 1632 are called each time the
"RCPT TO" command is given (identifying each recipient address).
The idea is to run the filters as soon as the needed information is available,
so the connection to qmail can be closed as early as possible.
If the "config-dir" option *is* given, spamdyke can't load its final
configuration until it knows the remote IP address, the rDNS name, the sender
address *and* the recipient address. After all, there's no point in doing any
filter work early because a file in a configuration folder may turn off
filters, which means the time will have been wasted. In that case, no filter_*
commands are called until the block starting on line 1601, after the "RCPT TO"
command is given.
I hope that helps. :)
-- Sam Clippinger
On Sep 3, 2011, at 2:56 AM, Marcin Orlowski wrote:
> no, no. i mean i want to filter based on the content that shows up in quoted
> log entry as 'from' as quickly as it become available. i already got one
> running but i modified sender blacklist filter for this. from what i see
> dnsbl are queried earlier which would make sense as all you need is sender's
> ip, but i do not fully understand what is rbl logged entry 'from' content
> from (or whst data spamdyke got before it llaunch 1st filter it can)? and as
> it is there my question is - is it safe to put my filter as 1st, before rbl?
> in 97% spam i fight now can be blocked safely with my filter only, but i'd
> like to keep rbls. now i got them off.
>
> another question - there are 3 blocks of filter calls in spamdyke.c - why
> (it's simplier to as instead of reading thid big if/else serpent that leads
> to it :)?
>
> Sam Clippinger <[email protected]> wrote:
>
>> At this time, the only way to change the order of the filters is to edit
>> spamdyke.c and move the function calls around. Look for calls to
>> filter_sender_blacklist() in smtp_filter(). Those lines will be clustered
>> near other calls to filter* functions and reordering them will change the
>> order the filters are run.
>>
>> -- Sam Clippinger
>>
>> On Sep 1, 2011, at 3:46 PM, Marcin Orlowski wrote:
>>
>>> Hi,
>>>
>>> I need to filter connection based on From (or MAIL FROM) content as
>>> early as I can, especially before any dns query is executed. Can I do
>>> that? I see logged
>>>
>>> DENIED_IP_IN_RDNS from: [email protected] to:
>>> xxxxxx origin_ip: 201.37.200.58 origin_rdns: c925c83a.virtua.com.br
>>> auth: (unknown) encryption: (none)
>>>
>>> so it seems I could?
>>>
>>>
>>> PS: online documentation is broken here:
>>> http://spamdyke.org/documentation/README.html#REJECTING_ADDRESSES
>>>
>>> Regards,
>>> --
>>> "Daddy, what "Formatting drive C:" means?"...
>>>
>>> Marcin http://wfmh.org.pl/carlos/
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> [email protected]
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
>> _______________________________________________
>> spamdyke-users mailing list
>> [email protected]
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
