Faris,
I thought there was a spamdyke flowchart somewhere, but my mind must be
playing tricks because I couldn't find it.
Logically, it would seem to me that order would be:
Check all whitelists, if found then accept the mail
Check all blacklists, if found then reject the mail
It it passes the above checks then do graylisting.
If it accepts the mail then it sends it on to qmail for further
processing. Since qmail is where the spamassassin, etc. hooks are, my
understanding is that the graylist would be updated before any
DENIED_OTHER issues. I haven't checked this hypothesis with
experimentation or documentation so YMMV.
Gary
On 11/22/2013 05:24 AM, Faris Raouf wrote:
Thanks Gary. That makes total sense. Unfortunately the file definitely
wasn't protected in any way, so this incident is still a bit of a mystery.
On a related matter, however, am I correct in thinking that if a
graylisted sender resends after the "--min" interval but fails to pass
another filter (which on my systems includes DENIED_OTHER which can
indicate a full mailbox or a spamassassin/clamav fail), their
graylisting file will not be updated -- i.,e. they could still have a
0 byte graylist file, as though they never resent? Or am I imagining
that I read something like this in the docs?
This isn't what happened in the incident I'm talking about -- I'm just
thinking in general terms.
Faris. (please excuse the HTML in my reply)
It's my understanding (which may be faulty) that spamdyke always
creates a 0 byte file the first time it gets mail from the domain.
When it sees another email from that domain (after the prerequisite
graylist-min-secs delay) then it puts the sending server into the file
and allows the mail to go through as long as mail comes from that
exact server. This is why you sometimes see multiple servers listed
in the graylist file. Spamdyke does clean up these files periodically
(as set by graylist-max-secs)
My guess is that this file was protected, preventing spamdyke from
doing it's job. This could happen if someone changed the owner of the
file or it's permissions.
Gary
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
