Hi, I'm running Spamdyke 4.3.1 on a Centos 6 server. I've been successfully using spamdyke along with fail2ban to block IPs with the following characteristics: Missing RNDS and RDNS containing IP address.
In the maillog files I see the following: Aug 24 04:14:42 server spamdyke[20879]: FILTER_IP_IN_CC_RDNS ip: 186.52.196.7 rdns: r186-52-196-7.dialup.adsl.anteldata.net.uy Aug 24 04:14:42 server spamdyke[20879]: DENIED_IP_IN_CC_RDNS from: birgitta.weh...@vll.ca to: u...@domain.com origin_ip: 186.52.196.7 origin_rdns: r186-52-196-7.dialup.adsl.an Aug 24 04:15:07 server spamdyke[23813]: FILTER_RDNS_MISSING ip: 117.207.23.39 Aug 24 04:15:07 server spamdyke[23813]: DENIED_RDNS_MISSING from: 73a8...@enerdeco.nl to: u...@domain.com origin_ip: 117.207.23.39 origin_rdns: (unknown) auth: (unknown) Aug 24 04:21:33 apexia spamdyke[25574]: FILTER_EARLYTALKER delay: 5 Aug 24 04:21:33 apexia /var/qmail/bin/relaylock[25582]: /var/qmail/bin/relaylock: mail from 101.208.35.161:51645 (not defined) My fail2ban configuration file contains: [Definition] failregex = spamdyke.+: DENIED_RDNS_MISSING from:.+origin_ip: <HOST> spamdyke.+: DENIED_IP_IN_CC_RDNS from:.+origin_ip: <HOST> spamdyke.+: FILTER_EARLYTALKER delay: 5.+from <HOST> <--not working ignoreregex = My issue is I now want to start banning IPs that set off the FILTER_EARLYTALKER filter but as there is no corresponding DENIED_EARLYTALKER from: x...@yyy.com to u...@domain.com origin_ip: 111.222.333.444 I cannot figure out the proper failregex expression to match the exising format for FILTER_EARLYTALKER nor do I know how to change spamdyke to show a familiar DENIED_EARLYTALKER ... heading in the maillog which I could determine the proper failregex for. If anyone can provide me with some suggestions that would be appreciated. Regards, Shane Bywater _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users