I'm really sorry I haven't been able to get to spamdyke issues lately, let me
see if I can catch up...
When I test the earlytalker filter by itself from the command line, it appears
root@patched:/usr/local/src/spamdyke-5.0.0/spamdyke# ./spamdyke --log-target
stderr -linfo -e 10 ../tests/smtpdummy/smtpdummy
220 smtpdummy ESMTP
250 HELO received
250 Refused. You are not following the SMTP protocol.
554 Refused. You are not following the SMTP protocol.
spamdyke: DENIED_EARLYTALKER from: f...@bar.com to: b...@foo.com
origin_ip: 0.0.0.0 origin_rdns: (unknown) auth: (unknown) encryption: (none)
221 Refused. You are not following the SMTP protocol.
So if your connections aren't being whitelisted, there may be a bug where the
earlytalker filter is failing when combined with some other option(s). Could
you send me your spamdyke configuration file so I can try to reproduce your
setup and nail it down?
-- Sam Clippinger
On Mar 13, 2014, at 3:03 PM, Shane Bywater <sh...@apexia.ca> wrote:
> I disabled all whitelist options in spamdyke.conf and restarted
> spamdyke. Confirmed no whitelist filters continued to be displayed in the
> maillog file and also confirmed that only FILTER_EARLYTALKER delay: 5 was
> found but still no DENIED_EARLYTALKER entries. I even checked back in
> maillog files from 2012 and found the same result. It just can't be an
> authenticated user from so many different IPs (100s) from such a long period
> of time as my server would certainly be listed in multiple DNS blacklists
> (it's currently not in any). If anyone else has the same issue I would be
> curious if it has anything to do with Plesk being involved. If there are no
> other recommendations maybe I'll try installing Spamdyke 5.0.0 unless anyone
> has had issues using it on a Plesk 10.4.4, CentoOS 6 server. All comments
> are welcomed.
> Shane Bywater
> Message: 1
> Date: Wed, 12 Mar 2014 17:28:58 -0500
> From: Sam Clippinger <s...@silence.org>
> Subject: Re: [spamdyke-users] modifying way that filters are shown in
> log files
> To: spamdyke users <email@example.com>
> Message-ID: <a70266f0-2742-4c3b-9820-adc66fe9f...@silence.org>
> Content-Type: text/plain; charset="us-ascii"
> If the earlytalker filter actually blocks a connection, you should see a
> "DENIED_EARLYTALKER" message in the log. Are you sure that connection isn't
> whitelisted or authenticating? Either of those things would prevent the
> earlytalker filter from actually blocking the connection.
> -- Sam Clippinger
> On Mar 11, 2014, at 10:04 PM, Shane Bywater <sh...@apexia.ca> wrote:
>> I'm running Spamdyke 4.3.1 on a Centos 6 server. I've been
>> successfully using spamdyke along with fail2ban to block IPs with the
>> following characteristics:
>> Missing RNDS and RDNS containing IP address.
>> In the maillog files I see the following:
>> Aug 24 04:14:42 server spamdyke: FILTER_IP_IN_CC_RDNS ip:
>> 126.96.36.199 rdns: r186-52-196-7.dialup.adsl.anteldata.net.uy
>> Aug 24 04:14:42 server spamdyke: DENIED_IP_IN_CC_RDNS from:
>> birgitta.weh...@vll.ca to: u...@domain.com origin_ip: 188.8.131.52
>> origin_rdns: r186-52-196-7.dialup.adsl.an Aug 24 04:15:07 server
>> spamdyke: FILTER_RDNS_MISSING ip: 184.108.40.206 Aug 24 04:15:07
>> server spamdyke: DENIED_RDNS_MISSING from: 73a8...@enerdeco.nl
>> to: u...@domain.com origin_ip: 220.127.116.11 origin_rdns: (unknown)
>> auth: (unknown) Aug 24 04:21:33 apexia spamdyke:
>> FILTER_EARLYTALKER delay: 5 Aug 24 04:21:33 apexia
>> /var/qmail/bin/relaylock: /var/qmail/bin/relaylock: mail from
>> 18.104.22.168:51645 (not defined)
>> My fail2ban configuration file contains:
>> failregex = spamdyke.+: DENIED_RDNS_MISSING from:.+origin_ip: <HOST>
>> spamdyke.+: DENIED_IP_IN_CC_RDNS from:.+origin_ip: <HOST>
>> spamdyke.+: FILTER_EARLYTALKER delay: 5.+from <HOST>
>> <--not working ignoreregex =
>> My issue is I now want to start banning IPs that set off the
>> FILTER_EARLYTALKER filter but as there is no corresponding
>> DENIED_EARLYTALKER from: x...@yyy.com to u...@domain.com origin_ip:
>> 111.222.333.444 I cannot figure out the proper failregex expression to match
>> the exising format for FILTER_EARLYTALKER nor do I know how to change
>> spamdyke to show a familiar DENIED_EARLYTALKER ... heading in the maillog
>> which I could determine the proper failregex for. If anyone can provide me
>> with some suggestions that would be appreciated.
>> Shane Bywater
>> spamdyke-users mailing list
> -------------- next part --------------
> An HTML attachment was scrubbed...
> spamdyke-users mailing list
> End of spamdyke-users Digest, Vol 82, Issue 9
> spamdyke-users mailing list
spamdyke-users mailing list