Very strange. Is it possible you're using spamdyke on multiple ports (e.g. 25 and 587) with different configuration files?
If not, it kinda sounds like a whitelist is being hit. There are two things you can do to find out for sure. First, try increasing your "log-level" option to "verbose". If any filter is triggered, it will print a message showing the filter and the details of what matched (filename and line, usually). If that doesn't help, try enabling full logging and catch one of these messages as it comes in. The full log file will contain pretty much everything spamdyke does or thinks during the connection -- if you could send it to me, I should be able to tell you exactly what's happening. -- Sam Clippinger On Jan 12, 2012, at 6:41 AM, Angus McIntyre wrote: > Apologies in advance for what is undoubtedly going to turn out to be a > "D'oh!" error on my part, but I'm running out of ideas here. > > I'm trying to block incoming mail from French snowshoe spammer > "multi-fax.fr", who sends mail from a range of IP addresses and changes > domain names every day to try to avoid detection. > > In my IP blacklist file at '/home/vpopmail/spamdyke/ip-blacklist', I have > entries: > > 195.43.150.170 > 195.43.150.171 > 194.43.150.172 > > and so forth. The file contains just 40 lines (so I'm not hitting any upper > limits on file size). > > My spamdyke configuration file at '/etc/spamdyke.conf' contains the line: > > ip-blacklist-file=/home/vpopmail/spamdyke/ip-blacklist > > The configuration file does not contain any other 'ip-blacklist-file=' > entries, and 'ip-blacklist-entry' is commented out. > > Spamdyke itself is being invoked with: > > /usr/local/bin/spamdyke -f /etc/spamdyke.conf … > > and I know that the correct config file is being read, because it's creating > its graylists at the appropriate place. Graylisting and blacklisting work > splendidly, by the way. > > However, the French are still getting through. Here's a 'Received' line from > a message: > > Received: from mx.lirmat.net (195.43.150.172) > by mail.mydomain.com with SMTP; 12 Jan 2012 03:15:02 -0500 > > and here's what the logs have to say about it: > > /var/log/maillog:Jan 12 03:15:02 s1 spamdyke[16941]: ALLOWED from: > [email protected] to: [email protected] origin_ip: > 195.43.150.172 origin_rdns: mx.lirmat.net auth: (unknown) encryption: (none) > > I was running Spamdyke 4.1.0, I've just upgraded to Spamdyke 4.2.1. > > Can anyone think of a reason why IP blacklisting might not be working? > > Thanks for any help or suggestions, > > Angus > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
