Sam, thank you very much for your answer. It is as you describe ... header without the "From"
Ej: Oct 4 01:08:44 ns spamdyke[15166]: ALLOWED from: (unknown) to: i...@dominio.cl origin_ip: 157.55.234.249 origin_rdns: mail-db3hn0249.outbound.protection.outlook.com auth: (unknown) encryption: TLS reason: 250_ok_1443931724_qp_15172 Original Header: ------------------------------------------------------------ Return-Path: <> Delivered-To: i...@dominio.cl Received: (qmail 15172 invoked by uid 89); 4 Oct 2015 04:08:44 -0000 Received: from unknown (HELO emea01-db3-obe.outbound.protection.outlook.com) (157.55.234.249) by ns.dominio.cl with SMTP; 4 Oct 2015 04:08:44 -0000 Received-SPF: pass (ns.dominio.cl: SPF record at spf.protection.outlook.com designates 157.55.234.249 as permitted sender) Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=<>; Received: from [104.243.24.168] (104.243.24.168) by VI1PR09MB0430.eurprd09.prod.outlook.com (10.162.9.146) with Microsoft SMTP Server (TLS) id 15.1.286.20; Sun, 4 Oct 2015 04:10:37 +0000 Content-Type: multipart/alternative; boundary="===============1143449470==" MIME-Version: 1.0 Subject: E-Mail Update To: Recipients From: Administrator Date: Sun, 4 Oct 2015 00:10:15 -0700 Reply-To: <noreply@org> X-Originating-IP: [104.243.24.168] X-ClientProxiedBy: CY1PR13CA0087.namprd13.prod.outlook.com (25.164.65.13) To VI1PR09MB0430.eurprd09.prod.outlook.com (25.162.9.146) Return-Path: <> Message-ID: < vi1pr09mb04304bf51c82487363476aa8b8...@vi1pr09mb0430.eurprd09.prod.outlook.com > X-Microsoft-Exchange-Diagnostics: 1;VI1PR09MB0430;2:xmJp4A8bl5Y8HNBBaHwn02MUj6nIoi8l8Rglo9n8gOlyGDIIoJKqzHzKyzTiNIs/ruzH0ix+Yv3NVbl/xsLBpfmNEjqbU6ZWcsLq/0VPd1JYFFKpP26sbclf+c4PiFsj1ieo0RwMMNxt4F6Nt8M2Flu60fRH00FNtcy5FT4DEsA=;3:fSzVh1RpaRAzT6JQq86H32z6lJeYl3ZiI6ZAovurpzUknHT7OCYPELiuoGGMREHGX+/KI7MXcWLGr9chTrsThfXSCgyC8HR0xC0ARTO/0j3JqiYzWryOx5RFbxa7/DKE7ACHZYBx6KxyKnSCWZZHhA==;25:5ReVVKf5e/bdKcnBfeGopfqNhK51r06vcgfQECO6PRPvjaM0OftkjhF/ia+pLVVEolr5WtHy71jjb8MM3h5O+VLBKJYAcq2YGCF+0AsVJDbJqRSCGtu2iIZKQXzc4u7fX0sHM460RTtYrYeoi2tOTGGYA0n5bYozZVUj9thLUkn1FK6jIdfbNgGORcjfkQO7CQBrpPHi/TX86+Pt1m12njEc9G3LVE4W7wxEnjGcl3oa3iVf40/J8SBDHNlT0g/F;4:Q57Q9gDAm9qikUGbG1cPBXxCUUwakIHff+WNZvqNPP1ERepyXAUiQbAdEU3pKAtqt3oCHPGp6XPrwbkQsLyEWblf7skc9rD/aB/sl/x98PbbVWjANJoEBcyyzo+XkFNTVrZZ5TE2tInpfzbvu2h7Hpq7zvye/fVGegN06Bn/7BK6D1wS+l8w3+533s3kgJv6jf9fDt12f9GehLsnRL9W5xl1pwifAwL0REBkiStE6gOe2mBGgS3/N1ufSbtvFsFBP6bUSw/oUUpw9AAj0SNESYhKC672OClnoAdXWCYuw5e1ulxBbguHws6fIzeJ6HK0fxXu+FTSLhzPV5dFbGh5ur6Vdu+88BLcNr7YrLKw+bE= X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR09MB0430; X-Microsoft-Antispam-PRVS: < vi1pr09mb0430c644faa522cf5807ccabb8...@vi1pr09mb0430.eurprd09.prod.outlook.com > X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(601004)(2401047)(5005006)(520078)(8121501046)(3002001);SRVR:VI1PR09MB0430;BCL:0;PCL:0;RULEID:;SRVR:VI1PR09MB0430; X-Forefront-PRVS: 0719EC6A9A X-Forefront-Antispam-Report: SFV:SPM;SFS:(10019020)(6049001)(5005620100007);DIR:OUT;SFP:1501;SCL:9;SRVR:VI1PR09MB0430;H:[104.243.24.168];FPR:;SPF:None;PTR:InfoNoRecords;LANG:en; Received-SPF: None (protection.outlook.com: [104.243.24.168] does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: 1;VI1PR09MB0430;23:eSEok75S9treOLjvA6skaDVR4Uc+bQc6shjBHq1JOxhn0pcCvwvlQzh7T2bRTF8hNpOf1ULWvxis3rAzbLKpWKRT894izYD3Mbeflj9eLRf3DqFSrrcfc9lo/kQf0nRGy+hMTRAu3dvXbxigrWQ0R0o3/r2rVn6mw4K8GB50LCjz8d/dz2L/wMgMMqtzDR4aswUefinHPuSckQzW9j5Y6pgtsASrZOpas4o9MhLHBEg=;5:RUq29oCWKEljA59XILxIyeSXjJPkZJNbzGI1ix5k0L8UGNvaVL9ico4o/ShY6NyeC2PRP5htv/KBpk6WCn7ckBHq64BgsGYYJA9e7hyTa33ElwbGVKOKoCjKcvCvtY5d7QJ2W/m1QkRYqjja2N+qNg==;24:UCZ6Ev6gwE4pK9adEaHnl9vq6f3z/Nbbq92W9+xZ5Uhjb5vElZMoxiuRRuaVBwEInX6qiTIkx8bi4b7v2TP6UQ==;20:OLbRn6GKCkL4dZx2dnqZ/eE/LBF+bllJanQAl8sFiyFM9gh9tmdW7w2u6lH2d/ODvxYoZt3NjuP/vLk/1JWiIw== SpamDiagnosticOutput: 1:22 SpamDiagnosticMetadata: 00000000%2D0000%2D0000%2D0000%2D000000000000 X-OriginatorOrg: contactun.onmicrosoft.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 Oct 2015 04:10:37.6998 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR09MB0430 *--===============1143449470==* *Content-Type: text/plain; charset="iso-8859-1"* *MIME-Version: 1.0* *Content-Transfer-Encoding: quoted-printable* *Content-Description: Mail message body* E-Mail Update = 20GB = 23GB Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator, A= nd You Will Not Be Able To Receive New Mails Until You Re-Validate It. To R= e-Validate click = = =20 --------------------------------------------------------------------------------------------------- you can filter it with maildrop? There is some howto to read? Best regards, Paul 2015-10-11 19:45 GMT-03:00 Sam Clippinger via spamdyke-users < spamdyke-users@spamdyke.org>: > I'm not sure I understand your question. If you want to block messages > without a "From" line in their header, spamdyke can't do that. You may be > able to use a secondary filter like maildrop to delete the message after it > is accepted however. > > -- Sam Clippinger > > > > > On Oct 9, 2015, at 10:17 AM, Linux via spamdyke-users < > spamdyke-users@spamdyke.org> wrote: > > sorry to hang me for this post, but I would consult them taking advantage > of the conversation can be locked via e-mail comes without sender? I'm > getting a lot of spam that has this pattern. > > Best regards, > > Paul > > 2015-10-03 1:05 GMT-03:00 Philip Rhoades via spamdyke-users < > spamdyke-users@spamdyke.org>: > >> Sam, >> >> >> On 2015-10-02 23:47, Sam Clippinger via spamdyke-users wrote: >> >>> I guess so, but remember the wildcarding uses globbing, not regexes. >>> What I mean is: using "?*" is equivalent to just "*". >>> >> >> >> Right. >> >> >> Also, the line >>> has to contain at least one colon or spamdyke won't use it (message >>> headers always use a colon to separate the field name from the value). >>> >> >> >> Yep. >> >> >> Why not just use multiple entries in the file? If either one matches, >>> the message will be blocked and it'd be easier to understand: >>> From: *@skysoft.com [1] >>> Reply-To: *@skysoft.com [1] >>> >> >> >> Doubling the number of lines offends my sensibilities . . this works: >> >> [FR][re][op][ml]*:*iskysoft.com* >> >> Also, sorting this issue out forced me to sort out the rDNS problem for >> my main web server - so thanks for that too! >> >> Regards, >> >> Phil. >> >> >> -- Sam Clippinger >>> >>> On Oct 2, 2015, at 4:34 AM, Philip Rhoades via spamdyke-users >>> <spamdyke-users@spamdyke.org> wrote: >>> >>> On 2015-10-02 15:42, Philip Rhoades via spamdyke-users wrote: >>>> Sam, >>>> On 2015-09-26 01:12, Sam Clippinger via spamdyke-users wrote: >>>> The header blacklist file has a different format from the sender >>>> blacklist file, so just copying entries from one to the other won't >>>> work. You need to provide a pattern that matches the line(s) in the >>>> message header -- in your mail client, you should have an option to >>>> "view message source" or "view raw headers" that will show you what >>>> it >>>> looks like. In this specific case, you probably want this: >>>> Reply-To: *@skysoft.com [1] [3]* >>>> The format is case insensitive and uses globbing for wildcards, so * >>>> will match multiple characters and [] will match a set or range of >>>> characters, just like the bash command prompt. The filter will >>>> ignore >>>> any lines in the file that don't contain a colon. Full details here: >>>> http://www.spamdyke.org/documentation/README.html#HEADERS [2] [4] >>>> So if I wanted to block the same address for both From: and >>>> Reply-To: >>>> I could use: >>>> [fr][re][op][ml].*@skysoft.com [1] >>>> >>> >>> [fr][re][op][ml]?*@skysoft.com [1] >>> >>> so "*" doesn't repeat only "[ml]" ? >>> >>> ? >>>> Thanks, >>>> Phil. >>>> For testing, you certainly can use telnet -- I do it all the time. >>>> Just make sure the host you telnet from isn't blocked or whitelisted >>>> for some other reason (most folks whitelist localhost, for example). >>>> -- Sam Clippinger >>>> On Sep 25, 2015, at 1:31 AM, Philip Rhoades via spamdyke-users >>>> <spamdyke-users@spamdyke.org> wrote: >>>> Sam, >>>> On 2015-09-15 07:27, Sam Clippinger via spamdyke-users wrote: >>>> Actually, no. The sender-blacklist-* and recipient-blacklist-* >>>> filters >>>> operate on different data from the header-blacklist-* filters. The >>>> reason is because the sender and recipient addresses are given >>>> during >>>> the SMTP protocol and aren't part of the message itself -- the >>>> addresses you see in your mail client are the From and To entries >>>> from >>>> the message header. The first paragraph here explains in a little >>>> more >>>> detail: >>>> http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS >>>> [3] >>>> >>>> [1] >>>> [1] >>>> Yes, sorry, I should have realised that . . >>>> Put another way, the sender address doesn't have to match the >>>> "From" >>>> address visible in the mail client -- well-behaved mail clients >>>> make >>>> them the same, but that's a courtesy and not a requirement. The >>>> Reply-To address is part of the message header and, again, is only >>>> a >>>> convention used by well-behaved clients. If you've ever been Bcc'd >>>> on >>>> a message, you've seen this in action -- the sender's mail client >>>> gave >>>> your address as a recipient but didn't put your address on the >>>> "To" >>>> line in the message header. >>>> Right, so, some follow up questions: I moved the following from the >>>> sender-blacklist to the header-blacklist: >>>> @iskysoft.com [2] >>>> - first in the conf file then later into a separate >>>> header-blacklist-file with all the massaged addresses from my old >>>> setup - but the sender above still seems to be getting through. I >>>> thought the "@" was supposed to act like a wild card? Am I still >>>> doing something wrong? >>>> When I add addresses etc to blacklists etc, is there any way of >>>> doing a test myself to see that the block is working? Using a telnet >>>> to port 25 on my qmail server and manually pasting header lines is >>>> not a real test is it? >>>> Thanks, >>>> Phil. >>>> -- Sam Clippinger >>>> On Sep 13, 2015, at 9:20 PM, Philip Rhoades via spamdyke-users >>>> <spamdyke-users@spamdyke.org> wrote: >>>> Sam, >>>> On 2015-09-14 11:38, Sam Clippinger via spamdyke-users wrote: >>>> I'm not entirely sure I understand your question... if the >>>> Reply-To >>>> address is always the same, you should be able to block it using >>>> the >>>> header blacklist filter. >>>> Ah . . OK - I will try that but doesn't that mean that: >>>> sender-blacklist-entry >>>> is redundant - ie: >>>> header-blacklist-entry >>>> should cover everything? >>>> Thanks, >>>> Phil. >>>> If you're wanting to compare the Reply-To >>>> address to the From address or the sender address, spamdyke >>>> doesn't >>>> have that ability. >>>> -- Sam Clippinger >>>> On Sep 13, 2015, at 4:11 PM, Philip Rhoades via spamdyke-users >>>> <spamdyke-users@spamdyke.org> wrote: >>>> People, >>>> One variety of spam that is successfully delivered to me has a >>>> different "From:" addresses but the same "Reply-To:" address - I >>>> can't see a way of blocking these mails in the conf file via the >>>> "Reply-To:" address - is it possible? >>>> Thanks, >>>> Phil. >>>> -- >>>> Philip Rhoades >>>> PO Box 896 >>>> Cowra NSW 2794 >>>> Australia >>>> E-mail: p...@pricom.com.au >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> spamdyke-users@spamdyke.org >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> spamdyke-users@spamdyke.org >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>> -- >>> Philip Rhoades >>> PO Box 896 >>> Cowra NSW 2794 >>> Australia >>> E-mail: p...@pricom.com.au >>> _______________________________________________ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> Links: >>> ------ >>> [1] >>> http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS >>> _______________________________________________ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> -- >>> Philip Rhoades >>> PO Box 896 >>> Cowra NSW 2794 >>> Australia >>> E-mail: p...@pricom.com.au >>> _______________________________________________ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> Links: >>> ------ >>> [1] >>> http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS >>> [2] http://iskysoft.com >>> [3] http://skysoft.com >>> [4] http://www.spamdyke.org/documentation/README.html#HEADERS >>> _______________________________________________ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> -- >>> Philip Rhoades >>> >>> PO Box 896 >>> Cowra NSW 2794 >>> Australia >>> E-mail: p...@pricom.com.au >>> _______________________________________________ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >>> >>> Links: >>> ------ >>> [1] http://skysoft.com >>> [2] http://www.spamdyke.org/documentation/README.html#HEADERS >>> [3] http://www.spamdyke.org/documentation/README.html#REJECTING_SENDERS >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >> >> -- >> Philip Rhoades >> >> PO Box 896 >> Cowra NSW 2794 >> Australia >> E-mail: p...@pricom.com.au >> _______________________________________________ >> spamdyke-users mailing list >> spamdyke-users@spamdyke.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >
_______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users