headers
N.Novozhilov | 1 Oct 2008 10:57
Favicon

Selective reject proposal

Hi Sam!

It's more question then proposal... :)

It's possible to make option or to change spamdyke behavior for the next algorithm:

- Mail to the white-listed recipient is accepted ONLY if all destination addresses
are in whitelist?

We have a lot of spam with one white address and a list of addresses in cc:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Regards
Nicholas A. Novozhilov, NAN6-RIPE

 NTR Lab
 System administrator
Permalink | Reply | 1 comment |
headers
Erald Troja | 1 Oct 2008 14:31
Picon

Re: Errors in my log files regardingdirectory/file creation

Sam,

ever since that incident, the only ERRORs
that we're getting are the "File exists" with
some sporadic "Is a directory" ERRORs

We've so far been unable to duplicate the "Not a directory" ERRORs
yet we are still able to find files starting with 'size' keyword inside 
the graylist directory.

Today we found one more such file namely 'size_1003' onto one of our the 
graylist directories.  The entry in the maillog is as shown

Sep 30 08:09:18 mail01 spamdyke[2584]: DENIED_GRAYLISTED from: size=1003 
to: user@... origin_ip: 98.135.205.165 origin_rdns: 
h165.205.135.98.ip.windstream.net auth: (unknown)

I don't have a way to find the headers, or know what was retried
to be delivered as all we have in the log files are entries such as

/var/log/maillog.1.bz2:Sep 30 04:20:51 mail01 spamdyke[23810]: 
DENIED_GRAYLISTED from: size=483
/var/log/maillog.1.bz2:Sep 30 04:27:53 mail01 spamdyke[18932]: 
DENIED_GRAYLISTED from: size=382
/var/log/maillog.1.bz2:Sep 30 04:32:53 mail01 spamdyke[27422]: 
DENIED_GRAYLISTED from: size=469
/var/log/maillog.1.bz2:Sep 30 04:33:33 mail01 spamdyke[28849]: 
DENIED_GRAYLISTED from: size=454
/var/log/maillog.1.bz2:Sep 30 04:54:09 mail01 spamdyke[3211]: 
DENIED_GRAYLISTED from: size=534
(Continue reading)

Permalink | Reply | 5 comments |
headers
Sam Clippinger | 1 Oct 2008 22:45

Re: Selective reject proposal

When a message is delivered to multiple recipients and only one of the 
recipients is whitelisted, spamdyke will only allow delivery for the 
whitelisted recipient.  The other recipients must pass the other filters 
normally (graylisting, blacklisting, etc).

The "CC" line in message headers is not the same as the real recipient 
list.  The "CC" line can be forged to contain anything and a message can 
easily be delivered to many recipients that do not appear on the "CC" 
line.  Your mail server's log files are the only way to correctly 
determine which recipients received a given message.

-- Sam Clippinger

N.Novozhilov wrote:
> Hi Sam!
>
> It's more question then proposal... :)
>
> It's possible to make option or to change spamdyke behavior for the next algorithm:
>
> - Mail to the white-listed recipient is accepted ONLY if all destination addresses
> are in whitelist?
>
> We have a lot of spam with one white address and a list of addresses in cc:
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Regards
> Nicholas A. Novozhilov, NAN6-RIPE
>
>  NTR Lab
(Continue reading)

Permalink | Reply | 0 comments |
headers
Sam Clippinger | 1 Oct 2008 22:48

Re: Errors in my log files regardingdirectory/file creation

I've tried a bunch of different ideas but I'm not having any success 
trying to make the graylist filter produce "size_XXXX" files.  spamdyke 
should ignore the "size" parameter when the sender address is given.

If this is happening as frequently as your logs show, could you enable 
full logging (with "full-log-dir") and capture one of these message 
deliveries?  (You can send the log file to me privately if you don't 
want the data on the list.)  I'd love to find a way to reproduce this 
problem and fix it.

-- Sam Clippinger

Erald Troja wrote:
> Sam,
>
> ever since that incident, the only ERRORs
> that we're getting are the "File exists" with
> some sporadic "Is a directory" ERRORs
>
> We've so far been unable to duplicate the "Not a directory" ERRORs
> yet we are still able to find files starting with 'size' keyword inside 
> the graylist directory.
>
> Today we found one more such file namely 'size_1003' onto one of our the 
> graylist directories.  The entry in the maillog is as shown
>
> Sep 30 08:09:18 mail01 spamdyke[2584]: DENIED_GRAYLISTED from: size=1003 
> to: user@... origin_ip: 98.135.205.165 origin_rdns: 
> h165.205.135.98.ip.windstream.net auth: (unknown)
>
(Continue reading)

Permalink | Reply | 4 comments |
headers
Erald Troja | 1 Oct 2008 23:50
Picon

Re: Errors in my log files regardingdirectory/file creation

Sam,

i'm ready when you are.

How do I contact you privately?

I got 2 such occurrences.

Thanks.

------------------------
Erald Troja

Sam Clippinger wrote:
> I've tried a bunch of different ideas but I'm not having any success 
> trying to make the graylist filter produce "size_XXXX" files.  spamdyke 
> should ignore the "size" parameter when the sender address is given.
> 
> If this is happening as frequently as your logs show, could you enable 
> full logging (with "full-log-dir") and capture one of these message 
> deliveries?  (You can send the log file to me privately if you don't 
> want the data on the list.)  I'd love to find a way to reproduce this 
> problem and fix it.
> 
> -- Sam Clippinger
> 
> Erald Troja wrote:
>> Sam,
>>
>> ever since that incident, the only ERRORs
(Continue reading)

Permalink | Reply | 3 comments |
headers
Sam Clippinger | 2 Oct 2008 05:41

Re: Errors in my log files regardingdirectory/file creation

I received the logs; thanks.

I see the problem -- in the two logs you sent, the two different remote 
servers are identifying their senders using the following statements:
    MAIL FROM:<- <at> > SIZE=555
    MAIL FROM:< <at> > SIZE=474
Presumably they're trying to indicate that the sender address is empty 
because the message is system-generated (probably a bounce message).  
However, the correct way give an empty address is like this:
    MAIL FROM:<>
According to my reading of the RFCs, using the at symbol ( <at> ) without a 
domain name is not valid.  Trust spambots to come up with new ways to 
break the rules.

spamdyke's parser is being confused by the extra (illegal) characters 
between the angle brackets, so it's ignoring them and using the "SIZE" 
parameter as the sender's address.  This shouldn't be very hard to fix; 
I'll get right on it.

Thanks for reporting this!

-- Sam Clippinger

Erald Troja wrote:
> Sam,
>
> i'm ready when you are.
>
> How do I contact you privately?
>
(Continue reading)

Permalink | Reply | 2 comments |
headers
K. Shantanu | 2 Oct 2008 08:24
Favicon

make fails on FBSD

Hello,
I am trying to build spamdyke-4.0.4 on FreeBSD 6.2 with gcc 3.4.6. 
./configure works fine but "make" fails.

# make
gcc -Wall -O2 -funsigned-char  -c configuration.c
configuration.c: In function `prepare_settings':
configuration.c:578: internal compiler error: Segmentation fault: 11
Please submit a full bug report,
with preprocessed source if appropriate.
See <URL:http://gcc.gnu.org/bugs.html> for instructions.
*** Error code 1

Stop in /usr/local/spamdyke-4.0.4/spamdyke.

I am not sure if it is a spamdyke error or error in my gcc.
Please suggest.
Thanks,

Shantanu
--

--
Permalink | Reply | 13 comments |
headers
Erald Troja | 2 Oct 2008 15:44
Picon

Re: Errors in my log files regardingdirectory/file creation

Sam,

you're welcome.

Do you think we should go after the "Not a directory" and "File exist"
errors, or is that something you can eventually duplicate locally
and circumvent?

------------------------
Erald Troja

Sam Clippinger wrote:
> I received the logs; thanks.
> 
> I see the problem -- in the two logs you sent, the two different remote 
> servers are identifying their senders using the following statements:
>     MAIL FROM:<- <at> > SIZE=555
>     MAIL FROM:< <at> > SIZE=474
> Presumably they're trying to indicate that the sender address is empty 
> because the message is system-generated (probably a bounce message).  
> However, the correct way give an empty address is like this:
>     MAIL FROM:<>
> According to my reading of the RFCs, using the at symbol ( <at> ) without a 
> domain name is not valid.  Trust spambots to come up with new ways to 
> break the rules.
> 
> spamdyke's parser is being confused by the extra (illegal) characters 
> between the angle brackets, so it's ignoring them and using the "SIZE" 
> parameter as the sender's address.  This shouldn't be very hard to fix; 
> I'll get right on it.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Davide D'Amico | 2 Oct 2008 16:29
Picon

Re: make fails on FBSD

Use gcc4 from ports collection. It works ;)

d.

2008/10/2 Sam Clippinger <samc@...>:
> This looks like a problem with gcc.  Version 3.4.6 is the most recent
> version before 4.x, so it might be worthwhile to submit a bug report to
> the FSF.  You shouldn't expect a quick fix though; gcc development
> proceeds at a glacial pace.  If they could tell you what's causing the
> crash though, perhaps they could suggest a way to modify spamdyke's code
> to avoid it.
>
> Is there any way you could change to a different version of gcc, either
> upgrading to 4.x or downgrade to a previous version?
>
> -- Sam Clippinger
>
> K. Shantanu wrote:
>> Hello,
>> I am trying to build spamdyke-4.0.4 on FreeBSD 6.2 with gcc 3.4.6.
>> ./configure works fine but "make" fails.
>>
>> # make
>> gcc -Wall -O2 -funsigned-char  -c configuration.c
>> configuration.c: In function `prepare_settings':
>> configuration.c:578: internal compiler error: Segmentation fault: 11
>> Please submit a full bug report,
>> with preprocessed source if appropriate.
>> See <URL:http://gcc.gnu.org/bugs.html> for instructions.
>> *** Error code 1
(Continue reading)

Permalink | Reply | 0 comments |

Gmane