We have a recurring and annoying email that is all about the same thing - trying to get us to click a link to purchase a domain similar to one we have. It always comes from a different domain. For some reason it is getting through spamdyke - maillog entry below.
Oct 21 12:55:28 plesk3 /var/qmail/bin/relaylock[28833]: /var/qmail/bin/relaylock: mail from 209.217.243.18:46899 (box018.wtsuk.net) Oct 21 12:55:31 plesk3 spamdyke[28833]: ALLOWED from: [email protected] to: [email protected] origin_ip: 209.217.243.18 origin_rdns: box018.wtsuk.net auth: (unknown) encryption: (none) Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: [email protected] Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: [email protected] Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: handlers_stderr: SKIP Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: SKIP during call 'check-quota' handler Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: starter: submitter[28894] exited normally Oct 21 12:55:31 plesk3 qmail: 1350820531.379894 new msg 107741568 Oct 21 12:55:31 plesk3 qmail: 1350820531.379950 info msg 107741568: bytes 4935 from <[email protected]> qp 28894 uid 2020 Oct 21 12:55:31 plesk3 qmail: 1350820531.381039 starting delivery 4241: msg 107741568 to local [email protected] Oct 21 12:55:31 plesk3 qmail: 1350820531.381073 status: local 1/10 remote 0/20 Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: Handlers Filter before-local for qmail started ... Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: [email protected] Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: [email protected] Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: mailbox: /var/qmail/mailnames/hosted-domain.com/user Oct 21 12:55:31 plesk3 imapd: 1350820531.387880 DISCONNECTED, ip=[::ffff:84.21.130.8], headers=0, body=0, rcvd=0, sent=56, maildir=/home/KohaChoji Oct 21 12:55:31 plesk3 qmail: 1350820531.411940 delivery 4241: success: did_0+0+2/ Oct 21 12:55:31 plesk3 qmail: 1350820531.412068 status: local 0/10 remote 0/20 Oct 21 12:55:31 plesk3 qmail: 1350820531.412099 end msg 107741568 We put in a rule on Spamassassin as well but emails to the one user below are ignored. The rule we put in for that was as follows: body EXPATVOIP /expatvoip.com/i score EXPATVOIP 100 emails to all other users are rejected as they should be. On a possibly related note, should a RDNS fail on the emails below which are getting through? It was Spam purporting to be from UPS - normal stuff: Oct 21 07:31:01 plesk3 spamdyke[26354]: ALLOWED from: [email protected] to: [email protected] origin_ip: 74.50.94.114 origin_rdns: 74-50-94-114.static.hostdepartment.com auth: (unknown) encryption: (none) Oct 21 07:31:01 plesk3 spamdyke[26353]: ALLOWED from: [email protected] to: [email protected] origin_ip: 74.50.94.114 origin_rdns: 74-50-94-114.static.hostdepartment.com auth: (unknown) encryption: (none) Grateful, as ever, in advance for assistance from some experts. Kind Regards, Christoph Kuhle
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
