Dear all, I'm having a bit of an issue trying to block messages based on the envelope sender. Basically it doesn't seem to work at all, so I'm obviously doing something wrong.
All the other types of blacklists and whitelists seem to work just fine. I understand the difference between the "From" and the envelope sender, and that TLS can be an issue. But as far as I'm aware it is the envelope sender that I'm targeting, and in this case my qmail installation doesn't support TLS so spamdyke is set to handle the TLS and should be able to read the contents of the message. I'm using SpamDyke 5.01 Please could someone kindly take a quick look at my log/config/header of an example email, to see what I'm doing wrong? In the example below, the envelope sender I'm trying to block has (some-reference-or-other)@tooplemail.com as the envelope sender so I'm using @tooplemail.com in my blacklist_sender file. ******************* Maillog extract: Jul 21 10:32:55 ms2 spamd[30006]: spamd: checking message <2dqy.87yto274c.20160721093145...@tooplemail.com> for qscand:500 Jul 21 10:32:57 ms2 spamd[30006]: spamd: result: Y 4 - BAYES_00,DIGEST_MULTIPLE,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREE_QUOTE_INS TANT,HTML_MESSAGE,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,RAZOR2_CF_RANGE_E8_51_1 00,RAZOR2_CHECK,RCVD_IN_DNSWL_NONE,SPF_PASS scantime=1.9,size=55241,user=qscand,uid=500,required_score=3.0,rhost=localho st,raddr=127.0.0.1,rport=53794,mid=<2DQY.87YTO274C.20160721093145243@tooplem ail.com>,bayes=0.000000,autolearn=no Jul 21 10:32:57 ms2 qmail-scanner-queue.pl: qmail-scanner[25272]: Clear:RC:0(94.143.105.188):SA:1(4.3/3.0): 2.092064 55184 bo-3ueb-2dqy-yto27-c0...@tooplemail.com redac...@redacted.tld Why_is_Toople.com_different_to_the_rest? <2dqy.87yto274c.20160721093145...@tooplemail.com> 1469093575.25274-0.ms2.redac...@redacted.tld:3611 orig-ms2.redacted.tld146909357479725272:55184 1469093575.25274-1.ms2.redacted.tld:46150 Jul 21 10:32:57 ms2 spamdyke[25257]: ALLOWED from: bo-3ueb-2dqy-yto27-c0...@tooplemail.com to: redac...@redacted.tld origin_ip: 94.143.105.188 origin_rdns: cloudtengroup1.mta.dotmailer.com auth: (unknown) encryption: TLS reason: 250_ok_1469093577_qp_25272 ****************** ****************** Spamdyke config file: log-level=verbose idle-timeout-secs=60 greeting-delay-secs=11 policy-url=http://www.redacted.tld/email.html graylist-dir=/var/qmail/graylist graylist-level=none graylist-min-secs=300 graylist-max-secs=1814400 ip-blacklist-file=/etc/spamdyke.d/blacklist_ip sender-blacklist-file=/etc/spamdyke.d/blacklist_sender rdns-blacklist-file=/etc/spamdyke.d/blacklist_rdns recipient-blacklist-file=/etc/spamdyke.d/blacklist_recipient ip-whitelist-file=/etc/spamdyke.d/whitelist_ip rdns-whitelist-file=/etc/spamdyke.d/whitelist_rdns recipient-whitelist-file=/etc/spamdyke.d/whitelist_recipient sender-whitelist-file=/etc/spamdyke.d/whitelist_sender tls-certificate-file=/ssl/c1org1516.pem tls-level=smtp-no-passthrough #(Blacklists redacted) reject-empty-rdns ****************** ****************** /etc/spamdyke.d/blacklist_sender contains: @tooplemail.com ****************** ****************** EXAMPLE EMAIL HEADER (Slightly complicated because it goes through two qmail-scanner/spamdyke servers, ms2.redacted.tld and 147.redacted.tld, each with different spamassassin configs (hence the odd subject modification!), to get to the mailbox) Received: (qmail 25508 invoked by uid 2523); 21 Jul 2016 10:33:11 +0100 X-Qmail-Scanner-Diagnostics: from ms2.redacted.tld by ip147.redacted.tld (envelope-from <bo-3ueb-2dqy-yto27-c0...@tooplemail.com>, uid 2020) with qmail-scanner-2.10st (clamdscan: 0.99.2/21940. mhr: 1.0. spamassassin: 3.3.2. perlscan: 2.10st. Clear:RC:0(178.62.199.136):SA:1(3.6/3.0):. Processed in 2.510301 secs); 21 Jul 2016 09:33:11 -0000 X-Spam-Status: Yes, hits=3.6 required=3.0 X-Spam-Level: +++ Received: from ms2.redacted.tld (redacted) by ip147.redacted.tld with SMTP; 21 Jul 2016 10:33:08 +0100 Received: (qmail 25293 invoked by uid 500); 21 Jul 2016 09:32:57 -0000 X-Qmail-Scanner-Diagnostics: from cloudtengroup1.mta.dotmailer.com by ms2.redacted.tld (envelope-from <bo-3ueb-2dqy-yto27-c0...@tooplemail.com>, uid 496) with qmail-scanner-2.10st (clamdscan: 0.99.2/21940. mhr: 1.0. spamassassin: 3.3.2. perlscan: 2.10st. Clear:RC:0(94.143.105.188):SA:1(4.3/3.0):. Processed in 2.094403 secs); 21 Jul 2016 09:32:57 -0000 X-Qmail-Scanner-MOVED-X-Spam-Status: Yes, hits=4.3 required=3.0 X-Qmail-Scanner-MOVED-X-Spam-Level: ++++ Received: from cloudtengroup1.mta.dotmailer.com (94.143.105.188) by ms2.redacted.tld with SMTP; 21 Jul 2016 09:32:54 -0000 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dkim1024; d=tooplemail.com; h=From:To:Subject:MIME-Version:Content-Type:Date:List-Unsubscribe:Reply-To:M essage-ID; i=daniel.clem...@tooplemail.com; bh=l80qAnWoe07RouX288jDc7eGwnI=; b=eKFZ6Hdnf2Y6CSyjmyGiZVhZ0sLTRBhdvTW6lTPSBXcSi4sN1cOahISl7yHYH+6e3C5BVWZhZR Ac I8K4/ou8t07mvwjo5l/aHP2GCUZ1+tIw/ApSNwsjep7ZHL2FGV9M/uJKEY+yx/pzIB3QSnJ1cj4v RttFGlwSie1pPu7twYA= From: "Welcome To Toople.com Newsletter" <daniel.clem...@tooplemail.com> To: "redac...@redacted.tld" <redac...@redacted.tld> Subject: ****SPAM**** LOW * ****SPAM**** MEDIUM * Why is Toople.com different to the rest? MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="87YTO274C:20160721093145243" X-Mailer: dmDroid Date: Thu, 21 Jul 2016 10:31:45 +0100 X-CampaignID: GIKG X-dmid: 3UEB-2DQY-YTO27 Feedback-ID: 3UEB:2DQY:20160721:DDGESP List-Unsubscribe: <http://tooplemail.com/3UEB-2DQY-87YTO274C/uauto.aspx> Bounces-to: bo-3ueb-2dqy-yto27-c0...@tooplemail.com Return-Path: bo-3ueb-2dqy-yto27-c0...@tooplemail.com Reply-To: "Welcome To Toople.com Newsletter" <re-3ueb-2dqy-yto27-c0...@tooplemail.com> Message-ID: <2dqy.87yto274c.20160721093145...@tooplemail.com> ************** ************** Config test (run as root, but should be valid enough): # /usr/local/bin/spamdyke --config-test -f /etc/spamdyke.d/spamdyke.conf /var/qmail/bin/qmail-smtpd spamdyke 5.0.1+TLS+CONFIGTEST+DEBUG (C)2015 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ Use --help for an option summary, --more-help for option details or see README.html for complete documentation. Testing configuration... WARNING: Running tests as superuser root(0), group root(0). These test results may not be valid if the mail server runs as another user. SUCCESS: spamdyke binary (/usr/local/bin/spamdyke) is not owned by root and/or is not marked setuid. INFO: Running command to test capabilities: /var/qmail/bin/qmail-smtpd SUCCESS: /var/qmail/bin/qmail-smtpd does not appear to offer TLS support. spamdyke will offer, intercept and decrypt TLS traffic. SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer SMTP AUTH support. spamdyke will observe any authentication and trust its response. INFO(config-dir): Testing configuration directory: /etc/spamdyke.d/configdir SUCCESS(config-dir): Configuration directory tests succeeded: /etc/spamdyke.d/configdir INFO(config-dir): Testing configuration directory: /etc/spamdyke.d/individuals SUCCESS(config-dir): Configuration directory tests succeeded: /etc/spamdyke.d/individuals INFO(config_test_file_read): Testing file read: config_test.c SUCCESS(config-file): Opened for reading: /etc/spamdyke.d/spamdyke.conf INFO(config_test_file_read): Testing file read: config_test.c SUCCESS(dns-resolv-conf): Opened for reading: /etc/resolv.conf ERROR(graylist-level): The "graylist-level" option is "none" but other graylist options were given. They will all be ignored. INFO(config_test_file_read): Testing file read: config_test.c SUCCESS(ip-blacklist-file): Opened for reading: /etc/spamdyke.d/blacklist_ip INFO(config_test_file_read): Testing file read: config_test.c SUCCESS(ip-whitelist-file): Opened for reading: /etc/spamdyke.d/whitelist_ip SUCCESS(qmail-rcpthosts-file): Opened for reading: /var/qmail/control/rcpthosts INFO(config_test_file_read): Testing file read: config_test.c SUCCESS(rdns-blacklist-file): Opened for reading: /etc/spamdyke.d/blacklist_rdns INFO(config_test_file_read): Testing file read: config_test.c SUCCESS(rdns-whitelist-file): Opened for reading: /etc/spamdyke.d/whitelist_rdns INFO(config_test_file_read): Testing file read: config_test.c SUCCESS(recipient-blacklist-file): Opened for reading: /etc/spamdyke.d/blacklist_recipient INFO(config_test_file_read): Testing file read: config_test.c SUCCESS(recipient-whitelist-file): Opened for reading: /etc/spamdyke.d/whitelist_recipient INFO(config_test_file_read): Testing file read: config_test.c SUCCESS(sender-blacklist-file): Opened for reading: /etc/spamdyke.d/blacklist_sender INFO(config_test_file_read): Testing file read: config_test.c SUCCESS(sender-whitelist-file): Opened for reading: /etc/spamdyke.d/whitelist_sender INFO(tls-certificate-file): Testing TLS by initializing SSL/TLS library with certificate and key SUCCESS(tls-certificate-file): Opened for reading: /ssl/c1org1516.pem SUCCESS(tls-certificate-file): Certificate and key loaded; SSL/TLS library successfully initialized ERROR: Tests complete. Errors detected. *********************** _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
