Duplicate "ALLOWED from" log entries

Hello,

I did a quick search in the mailing list about this issue, but didn't
find anything related, so here I go:

When an email with multiple RCPT TO is sent in single SMTP session, it
seems all previous recipients are logged at each new RCPT TO command.
See attached spamdyke.txt log for details (I've replaced original
sender/recipient names for privacy reasons).

Basically if there's incoming mail from one sender to 3 recipients in
single smtp session I see something like:

ALLOWED from: sender to recipient-1
ALLOWED from: sender to recipient-1
ALLOWED from: sender to recipient-2
ALLOWED from: sender to recipient-1
ALLOWED from: sender to recipient-2
ALLOWED from: sender to recipient-3

Which in some extreme cases where session had 9000 recipients led to
multi GB log file.

Glancing quickly through sources I didn't find how this works, but I'll
look again later this week when I have more time.

--

-- 
Teodor Milkov | System Administrator | ICDSoft Ltd.

SpamDyke an Mail Relay server (Qmail Toaster)

_______________________________________________
spamdyke-users mailing list
spamdyke-users@...
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

refuse email notice

_______________________________________________
spamdyke-users mailing list
spamdyke-users@...
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

spamdyke and local users

hi there. Many of the users who use our servers for SMTP use an 
alternate port. So far I didn't have spamdyke running on that port (it 
was only running port 25), but I just started it.  I disabled many of 
its checks, such as missing RDNS, as many of them do not have a reverse 
DNS entry (telecoms do not bother with such things).

I was wondering if it is recommended, and which options are best to use 
on local users..
PS: I use spamdyke, spamassassin,qmail-scanner-queue.

Many thanks, -t

Timer for objects in blacklist

Is there a way we could get a configuration for a timer to be set on 
blacklist items in any blacklist?
For instance when I configure firewall rules and use address lists I 
always use a timer on these list
to be removed from the list after a certain amount of time but the rule 
is always there so if the address
gets caught by the rule gets re added to the list again.

  I was thinking if there was an easier way to manage these list better 
and the timer came up.

If I was able to place a timer on the items in the list say for 30days 
or less to be emptied out would be great.
Something else to consider is dumping them into another list to be 
watched and if they show up again then re-add
them back to the current list and drop the others in the old list after 
a few days.

this may help with my pain of these list growing out of control.

Thanks
Dave

_______________________________________________
spamdyke-users mailing list
spamdyke-users@...
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

allow incoming mail to specific recipients only from authentificated users

Hello,

i have to find a solution for this situation:

on my plesk-vserver (qmail and spamdyke) we have several recipients 
without an assigned mailbox, since we use those addresses only for 
mail-groups (with both internal and external recipients).

now i want to prevent external and unauthenticated SMTP-traffic to those 
mail-group-addresses. Only authenticated internal users should be 
allowed to send emails to them.

I just did a test and sent a mail from one of my accounts to a 
test-recipient on my vserver, that has a mail-group assigned. Since my 
mail comes from an reliable mail-server, all filter of spamdyke passed 
and my mail was allowed to be delivered to the test-recipient.

Is there any way to block connections that pass all filters to specific 
recipients unless those connections use SMTP-AUTH?

Regards,
Arne

Blocking DHCP addresses

I've received a malicious spam from the following address:
Received: from unknown (HELO 74-142-212-17.dhcp.insightbb.com) 
(74.142.212.17)

I'm a little surprised that the address hasn't been blacklisted, being 
an apparent dynamic address. I'm using
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=bl.spamcop.net

Is there a good way to block public hosts with dhcp in their name?
Is there a better approach to this?

--

-- 
-Eric 'shubes'

header-blacklist-file does not work

Hi,

I got:

header-blacklist-file=/etc/spamdyke4/header-blacklist-file.conf

which looks like this:

Subject: Zapraszamy do podjecia w wolnym czasie dodatkowej*
Subject: *Proponujemy proste rozwiazanie*dodatkowa praca*
Subject: Poszukujemy w Twoim regionie pomocnikow do dobrze oplacanej pracy.*
Subject: Poszukujemy zdalnych pracownikow do pracy na akord z wynagrodzeniem 95 EUR za 1 godzine.*
Subject: Zapraszamy do podjecia w wolnym czasie dodatkowej pracy z wynagrodzeniem 95 EUR za 1 godzine.*
Subject: Czy dysponujesz dwoma wolnymi godzinami w tygodniu? Oto jak zarobc 185 EUR w tym czasie.*
Subject: Zarob 200-400 EUR za dwie godziny pracy juz w nastepnym tygodniu*
Subject: Międzynarodową konferencja, Ukraina, Lwów,*
Subject: Kod Zawiadomienie Error *
From:*>,*<*

and still, crap like this sneaks in even it should be caught by two entries:

Return-Path: <cattinessk <at> yahoo.nl>
Received: (qmail 5550 invoked from network); 2 Feb 2013 15:23:53 -0000
Received: from unknown (HELO netiaspot) (213.195.157.96)
   by n01 with SMTP; 2 Feb 2013 15:23:53 -0000
Received: from [166.23.23.186] (helo=udhuit.qcoqnktc.com)
	by netiaspot with esmtpa (Exim 4.69)
	(envelope-from )
	id 1MM8IB-9358id-VM
	for admin <at> d2m.pl; Sat, 2 Feb 2013 16:23:52 +0100
Date: Sat, 2 Feb 2013 16:23:52 +0100
From: <admin <at> d2m.pl>,
	<darekn <at> xxx.pl>,
	<d2md2m <at> xxx.pl>,
	<monika <at> xxx.pl>
X-Mailer: The Bat! (v2.00.3) Educational
X-Priority: 3 (Normal)
Message-ID: <3182570264.3L7096IR068429 <at> ujwih.fhabbbryh.su>
To: <admin <at> d2m.pl>,
	<darekn <at> xxx.pl>,
	<d2md2m <at> xxx.pl>,
	<monika <at> xxx.pl>
Subject: Zapraszamy do podjecia w wolnym czasie dodatkowej pracy z wynagrodzeniem 95 EUR za 1 godzine.
MIME-Version: 1.0
Content-Type: text/html;
   charset=us-ascii
Content-Transfer-Encoding: 7bit

Any ideas?

Regards,
--

-- 
"Daddy, what "Formatting drive C:" means?"...

Marcin             http://wfmh.org.pl/carlos/
_______________________________________________
spamdyke-users mailing list
spamdyke-users <at> spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: query, wich is format file whitelist_ip ?

tcp.smtp is not so flexible. "man tcprules" says this:

Address ranges:

        tcprules treats  1.2.3.37-53:ins  as  an  abbreviation  for  the 
  rules
        1.2.3.37:ins,  1.2.3.38:ins,  and so on up through 1.2.3.53:ins. 
  Simi-
        larly, 10.2-3.:ins is an abbreviation for 10.2.:ins and 10.3.:ins.

On 01/31/2013 09:28 AM, Linux wrote:
> Sorry my friends for the trouble and being offtopic to spamdyke
> handled properly so you as the notation of a network segment tcp.smtp?
>
> example: 192.168.0.1/19
>
> is
>
> HostMin: 192.168.0.1
> HostMax: 192.168.31.254
>
>
> correct notation is
>
> 192.168.0-192.168.31.: Allow
>
>
> Is that correct?
>
> Thanks and sorry for not being completely on the topic.
>
> Best regards,
>
> Pablo
>
> 2013/1/31 Linux <distribucionlinux-Re5JQEeQqe8AvxtiuMwx3w@...>:
>> Eric thank you very much :) , very clarifying your information.
>>
>> Best regards.
>>
>> Pablo
>>
>> 2013/1/31 Eric Shubert <ejs-MdyVq9ofcYSsTnJN9+BGXg@...>:
>>>
>>>
>>> On 01/31/2013 08:51 AM, Linux wrote:
>>>> Hello friends, I want to include a segment on my whitelist ip but do
>>>> not know which format to use,
>>>>
>>>> this is valid?
>>>>
>>>> 192.168.1.0/20
>>>>
>>>> or is another format?
>>>>
>>>> Thanks for your help
>>>>
>>>
>>> The format is quite flexible:
>>> http://www.spamdyke.org/documentation/README_ip_file_format.html
>>>
>>> --
>>> -Eric 'shubes'
>>>
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@...
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

--

-- 
-Eric 'shubes'

Re: query, wich is format file whitelist_ip ?

> Hello friends, I want to include a segment on my whitelist ip but do
> not know which format to use,
> this is valid?
> 192.168.1.0/20

The format ist valid. The ip/mask ist impossible.. 

ip-whitelist-entry=192.168.1.0/24

Re: query, wich is format file whitelist_ip ?

On 01/31/2013 08:51 AM, Linux wrote:
> Hello friends, I want to include a segment on my whitelist ip but do
> not know which format to use,
>
> this is valid?
>
> 192.168.1.0/20
>
> or is another format?
>
> Thanks for your help
>

The format is quite flexible:
http://www.spamdyke.org/documentation/README_ip_file_format.html

--

-- 
-Eric 'shubes'