headers
Rafael Andrade | 1 Apr 2009 12:42
Picon

Re: Blacklist Dont Work Correctly With 500 Entries

Thanks Sam !

I found erros in my config file, u can help-me?
I test with config-test. Above.

root <at> net spamdyke]# spamdyke  --config-test /etc/spamdyke/spamdyke.conf  && tail -f /var/log/maillog
spamdyke 4.0.10+TLS+CONFIGTEST+DEBUG (C)2008 Sam Clippinger, samc (at) silence (dot) org
http://www.spamdyke.org/

Use -h for an option summary or see README.html for complete option details.

ERROR: Command returned no output: /etc/spamdyke/spamdyke.conf
ERROR: Tests complete. Errors detected.
Apr  1 07:35:42 net spamdyke[2005]: ERROR: unable to execute child process /etc/spamdyke/spamdyke.conf: Exec format error
Apr  1 07:35:48 net spamdyke[2005]: ERROR: unable to execute child process /etc/spamdyke/spamdyke.conf: Exec format error

My Spamdyke.conf
#Spamdyke.conf # rbl dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zombie.dnsbl.sorbs.net dns-blacklist-entry=dul.dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=list.dsbl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts log-level=debug #log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
Which permissions i need to add on spamdyke? root?
Im using qmailtoaster + spamdyke.


Thanks all!!

Rafael



Sam Clippinger escreveu:
You seem to have a lot of whitelist files enabled; it's possible an entry in one of those files is allowing this connection. If you increase your "log-level" command to "verbose", spamdyke will log which filter is matching each connection, which should reveal a whitelist match (if that's what's happening). I also recommend running spamdyke's "config-test" feature to look for permission problems, syntax errors, etc. -- Sam Clippinger Rafael Andrade wrote:
Hello All, Im dont know whats happen on my qmail + spamdyke, last days some blocked domains can send msgs for my domains. Eg above. Mar 27 11:37:15 net spamdyke[20571]: DENIED_SENDER_BLACKLISTED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 27 11:57:51 net spamdyke[20805]: DENIED_SENDER_BLACKLISTED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 30 10:13:16 net spamdyke[10323]: ALLOWED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 30 10:24:31 net spamdyke[10478]: ALLOWED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) In mar 27/03 this email roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org has blocked, but in mar 30/03 his can send msg? Why this happen? More information Above. Spamdyke.conf file black_list_senders file #Spamdyke.conf # rbl dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zombie.dnsbl.sorbs.net dns-blacklist-entry=dul.dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=list.dsbl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts log-level=debug #log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients #Blacklist file have roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org in line 152. the blacklist file have 498 entries. Anyone can help-me please? im receiving lots of spam! =\ _______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users 
_______________________________________________
spamdyke-users mailing list
spamdyke-users@...
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Permalink | Reply | 5 comments |
headers
Sam Clippinger | 1 Apr 2009 16:32

Re: Blacklist Dont Work Correctly With 500 Entries

It looks like you forgot a few items from the command you used to run 
"config-test".  Specifically, you must give the "-f" flag before the 
configuration file and you must give the path to the qmail binary (and 
all of its arguments), just the way it is given in the "run" file.  With 
the command you gave, spamdyke is trying to execute your configuration 
file instead of reading it, which is obviously not what you want.

-- Sam Clippinger

Rafael Andrade wrote:
> Thanks Sam !
>
> I found erros in my config file, u can help-me?
> I test with config-test. Above.
>
> root <at> net spamdyke]# spamdyke  --config-test 
> /etc/spamdyke/spamdyke.conf  && tail -f /var/log/maillog
> spamdyke 4.0.10+TLS+CONFIGTEST+DEBUG (C)2008 Sam Clippinger, samc (at) 
> silence (dot) org
> http://www.spamdyke.org/
>
> Use -h for an option summary or see README.html for complete option 
> details.
>
> ERROR: Command returned no output: /etc/spamdyke/spamdyke.conf
> ERROR: Tests complete. Errors detected.
> Apr  1 07:35:42 net spamdyke[2005]: ERROR: unable to execute child 
> process /etc/spamdyke/spamdyke.conf: Exec format error
> Apr  1 07:35:48 net spamdyke[2005]: ERROR: unable to execute child 
> process /etc/spamdyke/spamdyke.conf: Exec format error
>
> My Spamdyke.conf
> #Spamdyke.conf
> # rbl
> dns-blacklist-entry=zen.spamhaus.org
> dns-blacklist-entry=bl.spamcop.net
> dns-blacklist-entry=zombie.dnsbl.sorbs.net
> dns-blacklist-entry=dul.dnsbl.sorbs.net
> dns-blacklist-entry=bogons.cymru.com
> dns-blacklist-entry=ix.dnsbl.manitu.net
> dns-blacklist-entry=list.dsbl.org
>
> # graylist
> #graylist-dir=/etc/spamdyke/graylist.d
> graylist-dir=/home/vpopmail/graylist.d
> graylist-level=always
> graylist-max-secs=2678400
> graylist-min-secs=180
> greeting-delay-secs=5
>
>
> local-domains-file=/var/qmail/control/rcpthosts
> log-level=debug
> #log-level=info
> log-target=syslog
> #log-target=stderr
> max-recipients=50
> #policy-url=http://my.policy.explanation.url/
> reject-empty-rdns
> #reject-ip-in-cc-rdns
> reject-missing-sender-mx
> reject-unresolvable-rdns
> tls-certificate-file=/var/qmail/control/servercert.pem
>
>
> # blacklist and whitelist ip
> ip-blacklist-file=/etc/spamdyke/blacklist_ip
> ip-whitelist-file=/etc/spamdyke/whitelist_ip
>
> # blacklist and whitelist keywords
> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
>
> # blacklist and whitelist senders
> sender-blacklist-file=/etc/spamdyke/blacklist_senders
> sender-whitelist-file=/etc/spamdyke/whitelist_senders
>
> # blacklist and whitelist rdns
> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns   
> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
>
> # whitelist dns
> dns-whitelist-file=/etc/spamdyke/whitelist_dns
>
> # blacklist and whitelist recipients
> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
>
> Which permissions i need to add on spamdyke? root?
> Im using qmailtoaster + spamdyke.
>
>
> Thanks all!!
>
> Rafael
>
>
>
> Sam Clippinger escreveu:
>> You seem to have a lot of whitelist files enabled; it's possible an 
>> entry in one of those files is allowing this connection.  If you 
>> increase your "log-level" command to "verbose", spamdyke will log which 
>> filter is matching each connection, which should reveal a whitelist 
>> match (if that's what's happening).
>>
>> I also recommend running spamdyke's "config-test" feature to look for 
>> permission problems, syntax errors, etc.
>>
>> -- Sam Clippinger
>>
>> Rafael Andrade wrote:
>>   
>>> Hello All,
>>>
>>> Im dont know whats happen on my qmail + spamdyke, last days some blocked 
>>> domains can send msgs for my domains.
>>> Eg above.
>>>
>>> Mar 27 11:37:15 net spamdyke[20571]: DENIED_SENDER_BLACKLISTED from: 
>>> roberto.metais@... to:
vendas@... origin_ip: 
>>> 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown)
>>> Mar 27 11:57:51 net spamdyke[20805]: DENIED_SENDER_BLACKLISTED from: 
>>> roberto.metais@... to:
vendas@... origin_ip: 
>>> 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown)
>>> Mar 30 10:13:16 net spamdyke[10323]: ALLOWED from: 
>>> roberto.metais@... to:
vendas@... origin_ip: 
>>> 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown)
>>> Mar 30 10:24:31 net spamdyke[10478]: ALLOWED from: 
>>> roberto.metais@... to:
vendas@... origin_ip: 
>>> 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown)
>>>
>>>
>>> In mar 27/03 this email roberto.metais@... has blocked, but
in 
>>> mar 30/03 his can send msg? Why this happen?
>>>
>>> More information Above.
>>> Spamdyke.conf file
>>> black_list_senders file
>>>
>>>
>>>
>>> #Spamdyke.conf
>>> # rbl
>>> dns-blacklist-entry=zen.spamhaus.org
>>> dns-blacklist-entry=bl.spamcop.net
>>> dns-blacklist-entry=zombie.dnsbl.sorbs.net
>>> dns-blacklist-entry=dul.dnsbl.sorbs.net
>>> dns-blacklist-entry=bogons.cymru.com
>>> dns-blacklist-entry=ix.dnsbl.manitu.net
>>> dns-blacklist-entry=list.dsbl.org
>>>
>>> # graylist
>>> #graylist-dir=/etc/spamdyke/graylist.d
>>> graylist-dir=/home/vpopmail/graylist.d
>>> graylist-level=always
>>> graylist-max-secs=2678400
>>> graylist-min-secs=180
>>> greeting-delay-secs=5
>>>
>>>
>>> local-domains-file=/var/qmail/control/rcpthosts
>>> log-level=debug
>>> #log-level=info
>>> log-target=syslog
>>> #log-target=stderr
>>> max-recipients=50
>>> #policy-url=http://my.policy.explanation.url/
>>> reject-empty-rdns
>>> #reject-ip-in-cc-rdns
>>> reject-missing-sender-mx
>>> reject-unresolvable-rdns
>>> tls-certificate-file=/var/qmail/control/servercert.pem
>>>
>>>
>>> # blacklist and whitelist ip
>>> ip-blacklist-file=/etc/spamdyke/blacklist_ip
>>> ip-whitelist-file=/etc/spamdyke/whitelist_ip
>>>
>>> # blacklist and whitelist keywords
>>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
>>> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
>>>
>>> # blacklist and whitelist senders
>>> sender-blacklist-file=/etc/spamdyke/blacklist_senders
>>> sender-whitelist-file=/etc/spamdyke/whitelist_senders
>>>
>>> # blacklist and whitelist rdns
>>> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns   
>>> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
>>>
>>> # whitelist dns
>>> dns-whitelist-file=/etc/spamdyke/whitelist_dns
>>>
>>> # blacklist and whitelist recipients
>>> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
>>> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
>>>
>>>
>>>
>>> #Blacklist file
>>> have
>>>
>>> roberto.metais@... in line 152.
>>>
>>> the blacklist file have 498 entries.
>>>
>>>
>>> Anyone can help-me please?
>>>
>>> im receiving lots of spam! =\
>>>
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> spamdyke-users@...
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>   
>>>     
>> _______________________________________________
>> spamdyke-users mailing list
>> spamdyke-users@...
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> spamdyke-users mailing list
> spamdyke-users@...
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
Permalink | Reply | 4 comments |
headers
Rafael Andrade | 1 Apr 2009 18:17
Picon

Re: Blacklist Dont Work Correctly With 500 Entries

Thanks Sam,


I stop qmail service, and run my smtp "Run file" manually with config-test option in spamdyke.

Above my smtp run file.


######################
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
BLACKLIST=`cat /var/qmail/control/blacklists`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
RBLSMTPD="/usr/bin/rblsmtpd"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0

exec /usr/bin/softlimit -m 20000000 \
     /usr/bin/tcpserver -D -t 1 -v -P -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
     /usr/local/bin/spamdyke --config-test -f /etc/spamdyke/spamdyke.conf $SMTPD $VCHKPW /bin/true 2>&1


##################

Errors in /var/log/maillog.

ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/minatti/0003af7a.000000709315-JyOTjV0lQv07lZ9V/NTDHwh0onu2mTI+@public.gmane.org: Not a directory
ERROR(graylist-level): Failed to create file in directory: /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org/spamdyke-test_1238596931_9529: Not a directory
ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org: Not a directory
ERROR(graylist-level): Failed to create file in directory: /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org/spamdyke-test_1238596931_9526: Not a directory
ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org: Not a directory

#################

What u think about this?

Thanks Sam.

Rafael


Sam Clippinger escreveu:
It looks like you forgot a few items from the command you used to run "config-test". Specifically, you must give the "-f" flag before the configuration file and you must give the path to the qmail binary (and all of its arguments), just the way it is given in the "run" file. With the command you gave, spamdyke is trying to execute your configuration file instead of reading it, which is obviously not what you want. -- Sam Clippinger Rafael Andrade wrote:
Thanks Sam ! I found erros in my config file, u can help-me? I test with config-test. Above. root <at> net spamdyke]# spamdyke --config-test /etc/spamdyke/spamdyke.conf && tail -f /var/log/maillog spamdyke 4.0.10+TLS+CONFIGTEST+DEBUG (C)2008 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ Use -h for an option summary or see README.html for complete option details. ERROR: Command returned no output: /etc/spamdyke/spamdyke.conf ERROR: Tests complete. Errors detected. Apr 1 07:35:42 net spamdyke[2005]: ERROR: unable to execute child process /etc/spamdyke/spamdyke.conf: Exec format error Apr 1 07:35:48 net spamdyke[2005]: ERROR: unable to execute child process /etc/spamdyke/spamdyke.conf: Exec format error My Spamdyke.conf #Spamdyke.conf # rbl dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zombie.dnsbl.sorbs.net dns-blacklist-entry=dul.dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=list.dsbl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts log-level=debug #log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients Which permissions i need to add on spamdyke? root? Im using qmailtoaster + spamdyke. Thanks all!! Rafael Sam Clippinger escreveu:
You seem to have a lot of whitelist files enabled; it's possible an entry in one of those files is allowing this connection. If you increase your "log-level" command to "verbose", spamdyke will log which filter is matching each connection, which should reveal a whitelist match (if that's what's happening). I also recommend running spamdyke's "config-test" feature to look for permission problems, syntax errors, etc. -- Sam Clippinger Rafael Andrade wrote:
Hello All, Im dont know whats happen on my qmail + spamdyke, last days some blocked domains can send msgs for my domains. Eg above. Mar 27 11:37:15 net spamdyke[20571]: DENIED_SENDER_BLACKLISTED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 27 11:57:51 net spamdyke[20805]: DENIED_SENDER_BLACKLISTED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 30 10:13:16 net spamdyke[10323]: ALLOWED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 30 10:24:31 net spamdyke[10478]: ALLOWED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) In mar 27/03 this email roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org has blocked, but in mar 30/03 his can send msg? Why this happen? More information Above. Spamdyke.conf file black_list_senders file #Spamdyke.conf # rbl dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zombie.dnsbl.sorbs.net dns-blacklist-entry=dul.dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=list.dsbl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts log-level=debug #log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients #Blacklist file have roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org in line 152. the blacklist file have 498 entries. Anyone can help-me please? im receiving lots of spam! =\ _______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
------------------------------------------------------------------------ _______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users 
_______________________________________________
spamdyke-users mailing list
spamdyke-users@...
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Permalink | Reply | 3 comments |
headers
Greg Cirelle Enterprises | 3 Apr 2009 13:45
Favicon

peculiar issue with filter_blacklist

One particular client said she was being blacklisted when sending
to another client of the same domain.

I looked at the logs and saw this entry

FILTER_BLACKLIST_IP ip: 75.180.xxx.xxx file: /home/vpopmail/ipblacklist(22)

So I went to the ipblacklist file expecting to see the ip entry, but
there was none.

The client originates from a cable network named after a
fast running bird, and they routinely get placed on third party
blacklists.

I do have entries where an ip was blacklisted and it shows the rbldns server
name, so I assumed this block would be from an entry in the above named file

is this wrong?

--

-- 
Greg Cirino
Cirelle Enterprises Inc.
603-425-2221
www.cirelle.com

Google is Not your friend!
Use ixquick.com safe search instead.
Permalink | Reply | 1 comment |
headers
Greg Cirelle Enterprises | 3 Apr 2009 14:21
Favicon

Re: peculiar issue with filter_blacklist

Sorry for the previous post.  this was sent in error

There may have well been an entry in that file
apparently there is a cron job that is managing this
process of adding and removing ip's.

thanks

Greg Cirino
Cirelle Enterprises Inc.
603-425-2221
www.cirelle.com

Google is Not your friend!
Use ixquick.com safe search instead.

Greg Cirelle Enterprises wrote:
> One particular client said she was being blacklisted when sending
> to another client of the same domain.
>
> I looked at the logs and saw this entry
>
> FILTER_BLACKLIST_IP ip: 75.180.xxx.xxx file: /home/vpopmail/ipblacklist(22)
>
> So I went to the ipblacklist file expecting to see the ip entry, but
> there was none.
>
> The client originates from a cable network named after a
> fast running bird, and they routinely get placed on third party
> blacklists.
>
> I do have entries where an ip was blacklisted and it shows the rbldns server
> name, so I assumed this block would be from an entry in the above named file
>
> is this wrong?
>
>
Permalink | Reply | 0 comments |
headers
Rafael Andrade | 3 Apr 2009 14:25
Picon

[Fwd: Re: Blacklist Dont Work Correctly With 500 Entries]

Any can help me more?

Thanks so much, Sam and Others.



-------- Mensagem original -------- Assunto: Data: De: Responder a: Para: Referências:
Re: [spamdyke-users] Blacklist Dont Work Correctly With 500 Entries
Wed, 01 Apr 2009 13:17:39 -0300
Rafael Andrade <rafael-3oY5MigPWz/L10B7xJ8auFAUjnlXr6A1@public.gmane.org>
spamdyke users <spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org>
spamdyke users <spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org>
<49D24D8F.2020500-3oY5MigPWz/L10B7xJ8auFAUjnlXr6A1@public.gmane.org> <49D27ED9.6010301-JU8gXsDTGaRAfugRpC6u6w@public.gmane.org> <49D3451C.1070604-3oY5MigPWz/L10B7xJ8auFAUjnlXr6A1@public.gmane.org> <49D37B00.1020806-JU8gXsDTGaRAfugRpC6u6w@public.gmane.org>


Thanks Sam,


I stop qmail service, and run my smtp "Run file" manually with config-test option in spamdyke.

Above my smtp run file.


######################
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
BLACKLIST=`cat /var/qmail/control/blacklists`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
RBLSMTPD="/usr/bin/rblsmtpd"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0

exec /usr/bin/softlimit -m 20000000 \
     /usr/bin/tcpserver -D -t 1 -v -P -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
     -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
     /usr/local/bin/spamdyke --config-test -f /etc/spamdyke/spamdyke.conf $SMTPD $VCHKPW /bin/true 2>&1


##################

Errors in /var/log/maillog.

ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/minatti/0003af7a.000000709315-JyOTjV0lQv07lZ9V/NTDHwh0onu2mTI+@public.gmane.org: Not a directory
ERROR(graylist-level): Failed to create file in directory: /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org/spamdyke-test_1238596931_9529: Not a directory
ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org: Not a directory
ERROR(graylist-level): Failed to create file in directory: /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org/spamdyke-test_1238596931_9526: Not a directory
ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org: Not a directory

#################

What u think about this?

Thanks Sam.

Rafael


Sam Clippinger escreveu:
It looks like you forgot a few items from the command you used to run "config-test". Specifically, you must give the "-f" flag before the configuration file and you must give the path to the qmail binary (and all of its arguments), just the way it is given in the "run" file. With the command you gave, spamdyke is trying to execute your configuration file instead of reading it, which is obviously not what you want. -- Sam Clippinger Rafael Andrade wrote:
Thanks Sam ! I found erros in my config file, u can help-me? I test with config-test. Above. root <at> net spamdyke]# spamdyke --config-test /etc/spamdyke/spamdyke.conf && tail -f /var/log/maillog spamdyke 4.0.10+TLS+CONFIGTEST+DEBUG (C)2008 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ Use -h for an option summary or see README.html for complete option details. ERROR: Command returned no output: /etc/spamdyke/spamdyke.conf ERROR: Tests complete. Errors detected. Apr 1 07:35:42 net spamdyke[2005]: ERROR: unable to execute child process /etc/spamdyke/spamdyke.conf: Exec format error Apr 1 07:35:48 net spamdyke[2005]: ERROR: unable to execute child process /etc/spamdyke/spamdyke.conf: Exec format error My Spamdyke.conf #Spamdyke.conf # rbl dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zombie.dnsbl.sorbs.net dns-blacklist-entry=dul.dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=list.dsbl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts log-level=debug #log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients Which permissions i need to add on spamdyke? root? Im using qmailtoaster + spamdyke. Thanks all!! Rafael Sam Clippinger escreveu:
You seem to have a lot of whitelist files enabled; it's possible an entry in one of those files is allowing this connection. If you increase your "log-level" command to "verbose", spamdyke will log which filter is matching each connection, which should reveal a whitelist match (if that's what's happening). I also recommend running spamdyke's "config-test" feature to look for permission problems, syntax errors, etc. -- Sam Clippinger Rafael Andrade wrote:
Hello All, Im dont know whats happen on my qmail + spamdyke, last days some blocked domains can send msgs for my domains. Eg above. Mar 27 11:37:15 net spamdyke[20571]: DENIED_SENDER_BLACKLISTED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 27 11:57:51 net spamdyke[20805]: DENIED_SENDER_BLACKLISTED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 30 10:13:16 net spamdyke[10323]: ALLOWED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 30 10:24:31 net spamdyke[10478]: ALLOWED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) In mar 27/03 this email roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org has blocked, but in mar 30/03 his can send msg? Why this happen? More information Above. Spamdyke.conf file black_list_senders file #Spamdyke.conf # rbl dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zombie.dnsbl.sorbs.net dns-blacklist-entry=dul.dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=list.dsbl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts log-level=debug #log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients #Blacklist file have roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org in line 152. the blacklist file have 498 entries. Anyone can help-me please? im receiving lots of spam! =\ _______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
------------------------------------------------------------------------ _______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users 
_______________________________________________
spamdyke-users mailing list
spamdyke-users@...
http://www.spamdyke.org/mailman/listinfo/spamdyke-users


_______________________________________________
spamdyke-users mailing list
spamdyke-users@...
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Permalink | Reply | 0 comments |
headers
Sam Clippinger | 4 Apr 2009 00:27

Re: Blacklist Dont Work Correctly With 500 Entries

DO NOT put the "config-test" option in your "run" file.  It will break 
your mail server!

Try running this command:
    /usr/local/bin/spamdyke --config-test -f /etc/spamdyke/spamdyke.conf 
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true

-- Sam Clippinger

Rafael Andrade wrote:
> Thanks Sam,
>
>
> I stop qmail service, and run my smtp "Run file" manually with 
> config-test option in spamdyke.
>
> Above my smtp run file.
>
>
> ######################
> #!/bin/sh
> QMAILDUID=`id -u vpopmail`
> NOFILESGID=`id -g vpopmail`
> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> BLACKLIST=`cat /var/qmail/control/blacklists`
> SMTPD="/var/qmail/bin/qmail-smtpd"
> TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
> RBLSMTPD="/usr/bin/rblsmtpd"
> HOSTNAME=`hostname`
> VCHKPW="/home/vpopmail/bin/vchkpw"
> REQUIRE_AUTH=0
>
> exec /usr/bin/softlimit -m 20000000 \
>      /usr/bin/tcpserver -D -t 1 -v -P -R -H -l $HOSTNAME -x $TCP_CDB 
> -c "$MAXSMTPD" \
>      -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
>      /usr/local/bin/spamdyke --config-test -f 
> /etc/spamdyke/spamdyke.conf $SMTPD $VCHKPW /bin/true 2>&1
>
>
> ##################
>
> Errors in /var/log/maillog.
>
> ERROR(graylist-level): Unable to read graylist sender directory 
>
/home/vpopmail/graylist.d/riosulense.com.br/minatti/0003af7a.000000709315@...: 
> Not a directory
> ERROR(graylist-level): Failed to create file in directory: 
>
/home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4@.../spamdyke-test_1238596931_9529: 
> Not a directory
> ERROR(graylist-level): Unable to read graylist sender directory 
>
/home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4@...:
Not 
> a directory
> ERROR(graylist-level): Failed to create file in directory: 
>
/home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4@.../spamdyke-test_1238596931_9526: 
> Not a directory
> ERROR(graylist-level): Unable to read graylist sender directory 
>
/home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4@...:
Not 
> a directory
>
> #################
>
> What u think about this?
>
> Thanks Sam.
>
> Rafael
>
>
> Sam Clippinger escreveu:
>> It looks like you forgot a few items from the command you used to run 
>> "config-test".  Specifically, you must give the "-f" flag before the 
>> configuration file and you must give the path to the qmail binary (and 
>> all of its arguments), just the way it is given in the "run" file.  With 
>> the command you gave, spamdyke is trying to execute your configuration 
>> file instead of reading it, which is obviously not what you want.
>>
>> -- Sam Clippinger
>>
>> Rafael Andrade wrote:
>>   
>>> Thanks Sam !
>>>
>>> I found erros in my config file, u can help-me?
>>> I test with config-test. Above.
>>>
>>> root <at> net spamdyke]# spamdyke  --config-test 
>>> /etc/spamdyke/spamdyke.conf  && tail -f /var/log/maillog
>>> spamdyke 4.0.10+TLS+CONFIGTEST+DEBUG (C)2008 Sam Clippinger, samc (at) 
>>> silence (dot) org
>>> http://www.spamdyke.org/
>>>
>>> Use -h for an option summary or see README.html for complete option 
>>> details.
>>>
>>> ERROR: Command returned no output: /etc/spamdyke/spamdyke.conf
>>> ERROR: Tests complete. Errors detected.
>>> Apr  1 07:35:42 net spamdyke[2005]: ERROR: unable to execute child 
>>> process /etc/spamdyke/spamdyke.conf: Exec format error
>>> Apr  1 07:35:48 net spamdyke[2005]: ERROR: unable to execute child 
>>> process /etc/spamdyke/spamdyke.conf: Exec format error
>>>
>>> My Spamdyke.conf
>>> #Spamdyke.conf
>>> # rbl
>>> dns-blacklist-entry=zen.spamhaus.org
>>> dns-blacklist-entry=bl.spamcop.net
>>> dns-blacklist-entry=zombie.dnsbl.sorbs.net
>>> dns-blacklist-entry=dul.dnsbl.sorbs.net
>>> dns-blacklist-entry=bogons.cymru.com
>>> dns-blacklist-entry=ix.dnsbl.manitu.net
>>> dns-blacklist-entry=list.dsbl.org
>>>
>>> # graylist
>>> #graylist-dir=/etc/spamdyke/graylist.d
>>> graylist-dir=/home/vpopmail/graylist.d
>>> graylist-level=always
>>> graylist-max-secs=2678400
>>> graylist-min-secs=180
>>> greeting-delay-secs=5
>>>
>>>
>>> local-domains-file=/var/qmail/control/rcpthosts
>>> log-level=debug
>>> #log-level=info
>>> log-target=syslog
>>> #log-target=stderr
>>> max-recipients=50
>>> #policy-url=http://my.policy.explanation.url/
>>> reject-empty-rdns
>>> #reject-ip-in-cc-rdns
>>> reject-missing-sender-mx
>>> reject-unresolvable-rdns
>>> tls-certificate-file=/var/qmail/control/servercert.pem
>>>
>>>
>>> # blacklist and whitelist ip
>>> ip-blacklist-file=/etc/spamdyke/blacklist_ip
>>> ip-whitelist-file=/etc/spamdyke/whitelist_ip
>>>
>>> # blacklist and whitelist keywords
>>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
>>> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
>>>
>>> # blacklist and whitelist senders
>>> sender-blacklist-file=/etc/spamdyke/blacklist_senders
>>> sender-whitelist-file=/etc/spamdyke/whitelist_senders
>>>
>>> # blacklist and whitelist rdns
>>> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns   
>>> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
>>>
>>> # whitelist dns
>>> dns-whitelist-file=/etc/spamdyke/whitelist_dns
>>>
>>> # blacklist and whitelist recipients
>>> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
>>> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
>>>
>>> Which permissions i need to add on spamdyke? root?
>>> Im using qmailtoaster + spamdyke.
>>>
>>>
>>> Thanks all!!
>>>
>>> Rafael
>>>
>>>
>>>
>>> Sam Clippinger escreveu:
>>>     
>>>> You seem to have a lot of whitelist files enabled; it's possible an 
>>>> entry in one of those files is allowing this connection.  If you 
>>>> increase your "log-level" command to "verbose", spamdyke will log which 
>>>> filter is matching each connection, which should reveal a whitelist 
>>>> match (if that's what's happening).
>>>>
>>>> I also recommend running spamdyke's "config-test" feature to look for 
>>>> permission problems, syntax errors, etc.
>>>>
>>>> -- Sam Clippinger
>>>>
>>>> Rafael Andrade wrote:
>>>>   
>>>>       
>>>>> Hello All,
>>>>>
>>>>> Im dont know whats happen on my qmail + spamdyke, last days some blocked 
>>>>> domains can send msgs for my domains.
>>>>> Eg above.
>>>>>
>>>>> Mar 27 11:37:15 net spamdyke[20571]: DENIED_SENDER_BLACKLISTED from: 
>>>>> roberto.metais@... to:
vendas@... origin_ip: 
>>>>> 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown)
>>>>> Mar 27 11:57:51 net spamdyke[20805]: DENIED_SENDER_BLACKLISTED from: 
>>>>> roberto.metais@... to:
vendas@... origin_ip: 
>>>>> 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown)
>>>>> Mar 30 10:13:16 net spamdyke[10323]: ALLOWED from: 
>>>>> roberto.metais@... to:
vendas@... origin_ip: 
>>>>> 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown)
>>>>> Mar 30 10:24:31 net spamdyke[10478]: ALLOWED from: 
>>>>> roberto.metais@... to:
vendas@... origin_ip: 
>>>>> 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown)
>>>>>
>>>>>
>>>>> In mar 27/03 this email roberto.metais@... has blocked,
but in 
>>>>> mar 30/03 his can send msg? Why this happen?
>>>>>
>>>>> More information Above.
>>>>> Spamdyke.conf file
>>>>> black_list_senders file
>>>>>
>>>>>
>>>>>
>>>>> #Spamdyke.conf
>>>>> # rbl
>>>>> dns-blacklist-entry=zen.spamhaus.org
>>>>> dns-blacklist-entry=bl.spamcop.net
>>>>> dns-blacklist-entry=zombie.dnsbl.sorbs.net
>>>>> dns-blacklist-entry=dul.dnsbl.sorbs.net
>>>>> dns-blacklist-entry=bogons.cymru.com
>>>>> dns-blacklist-entry=ix.dnsbl.manitu.net
>>>>> dns-blacklist-entry=list.dsbl.org
>>>>>
>>>>> # graylist
>>>>> #graylist-dir=/etc/spamdyke/graylist.d
>>>>> graylist-dir=/home/vpopmail/graylist.d
>>>>> graylist-level=always
>>>>> graylist-max-secs=2678400
>>>>> graylist-min-secs=180
>>>>> greeting-delay-secs=5
>>>>>
>>>>>
>>>>> local-domains-file=/var/qmail/control/rcpthosts
>>>>> log-level=debug
>>>>> #log-level=info
>>>>> log-target=syslog
>>>>> #log-target=stderr
>>>>> max-recipients=50
>>>>> #policy-url=http://my.policy.explanation.url/
>>>>> reject-empty-rdns
>>>>> #reject-ip-in-cc-rdns
>>>>> reject-missing-sender-mx
>>>>> reject-unresolvable-rdns
>>>>> tls-certificate-file=/var/qmail/control/servercert.pem
>>>>>
>>>>>
>>>>> # blacklist and whitelist ip
>>>>> ip-blacklist-file=/etc/spamdyke/blacklist_ip
>>>>> ip-whitelist-file=/etc/spamdyke/whitelist_ip
>>>>>
>>>>> # blacklist and whitelist keywords
>>>>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
>>>>> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
>>>>>
>>>>> # blacklist and whitelist senders
>>>>> sender-blacklist-file=/etc/spamdyke/blacklist_senders
>>>>> sender-whitelist-file=/etc/spamdyke/whitelist_senders
>>>>>
>>>>> # blacklist and whitelist rdns
>>>>> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns   
>>>>> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
>>>>>
>>>>> # whitelist dns
>>>>> dns-whitelist-file=/etc/spamdyke/whitelist_dns
>>>>>
>>>>> # blacklist and whitelist recipients
>>>>> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
>>>>> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
>>>>>
>>>>>
>>>>>
>>>>> #Blacklist file
>>>>> have
>>>>>
>>>>> roberto.metais@... in line 152.
>>>>>
>>>>> the blacklist file have 498 entries.
>>>>>
>>>>>
>>>>> Anyone can help-me please?
>>>>>
>>>>> im receiving lots of spam! =\
>>>>>
>>>>> _______________________________________________
>>>>> spamdyke-users mailing list
>>>>> spamdyke-users@...
>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>>>   
>>>>>     
>>>>>         
>>>> _______________________________________________
>>>> spamdyke-users mailing list
>>>> spamdyke-users@...
>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>>   
>>>>       
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> spamdyke-users@...
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>   
>>>     
>> _______________________________________________
>> spamdyke-users mailing list
>> spamdyke-users@...
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>   
> ------------------------------------------------------------------------
>
> _______________________________________________
> spamdyke-users mailing list
> spamdyke-users@...
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
Permalink | Reply | 2 comments |
headers
Rafael Andrade | 6 Apr 2009 13:32
Picon

Re: Blacklist Dont Work Correctly With 500 Entries

Hello,

I make ur test.

[root <at> gw spamdyke]# cat spamdyke-test.sh
#!/bin/bash
/usr/local/bin/spamdyke --config-test -f /etc/spamdyke/spamdyke.conf \
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true

./spamdyke-teste.sh &> teste.txt

[root <at> gw spamdyke]# head teste.txt -n 20
spamdyke 4.0.9+TLS+CONFIGTEST+DEBUG (C)2008 Sam Clippinger, samc (at) silence (dot) org
http://www.spamdyke.org/

Use -h for an option summary or see README.html for complete option details.

Testing configuration...
WARNING: Running tests as superuser root(0), group root(0). These test results may not be valid if the mail server runs as another user.
SUCCESS: spamdyke binary (/usr/local/bin/spamdyke) is not owned by root and/or is not marked setuid.
INFO: Running command to test capabilities: /var/qmail/bin/qmail-smtpd
SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer TLS support but spamdyke will intercept and decrypt the TLS traffic so all of its filters can operate.
SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer SMTP AUTH support. spamdyke will observe any authentication and trust its response.
INFO(config-file): Testing file read: /etc/spamdyke/spamdyke.conf
SUCCESS(config-file): Opened for reading: /etc/spamdyke/spamdyke.conf
INFO(graylist-level): Testing graylist directory: /home/vpopmail/graylist.d
ERROR(graylist-level): Failed to create file in directory: /home/vpopmail/graylist.d/riosulense.com.br/ta/andrew-lfactive-PbumY5hZXy3QT0dZR+AlfA@public.gmane.org/spamdyke-test_1239014905_22157: Not a directory
ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/ta/andrew-lfactive-PbumY5hZXy3QT0dZR+AlfA@public.gmane.org: Not a directory
ERROR(graylist-level): Failed to create file in directory: /home/vpopmail/graylist.d/riosulense.com.br/ta/jovana-dnerralp-Cvu+gOlV65H2eFz/2MeuCQ@public.gmane.org/spamdyke-test_1239014905_22157: Not a directory
ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/ta/jovana-dnerralp-Cvu+gOlV65H2eFz/2MeuCQ@public.gmane.org: Not a directory
ERROR(graylist-level): Failed to create file in directory: /home/vpopmail/graylist.d/riosulense.com.br/ta/size_3212/spamdyke-test_1239014906_22157: Not a directory
ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/ta/size_3212: Not a directory

[root <at> gw spamdyke]# cat teste.txt | wc -l
184242

The log file of test have 184k rows -/

What u think about this? can help-me to fix my confs?

Thanks so much Sam

Sam Clippinger escreveu:
DO NOT put the "config-test" option in your "run" file. It will break your mail server! Try running this command: /usr/local/bin/spamdyke --config-test -f /etc/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true -- Sam Clippinger Rafael Andrade wrote:
Thanks Sam, I stop qmail service, and run my smtp "Run file" manually with config-test option in spamdyke. Above my smtp run file. ###################### #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" RBLSMTPD="/usr/bin/rblsmtpd" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 20000000 \ /usr/bin/tcpserver -D -t 1 -v -P -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ /usr/local/bin/spamdyke --config-test -f /etc/spamdyke/spamdyke.conf $SMTPD $VCHKPW /bin/true 2>&1 ################## Errors in /var/log/maillog. ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/minatti/0003af7a.000000709315-JyOTjV0lQv07lZ9V/NTDHwh0onu2mTI+@public.gmane.org: Not a directory ERROR(graylist-level): Failed to create file in directory: /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org/spamdyke-test_1238596931_9529: Not a directory ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org: Not a directory ERROR(graylist-level): Failed to create file in directory: /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org/spamdyke-test_1238596931_9526: Not a directory ERROR(graylist-level): Unable to read graylist sender directory /home/vpopmail/graylist.d/riosulense.com.br/g/5hg7m4-PkbjNfxxIARBDgjK7y7TUQ@public.gmane.org: Not a directory ################# What u think about this? Thanks Sam. Rafael Sam Clippinger escreveu:
It looks like you forgot a few items from the command you used to run "config-test". Specifically, you must give the "-f" flag before the configuration file and you must give the path to the qmail binary (and all of its arguments), just the way it is given in the "run" file. With the command you gave, spamdyke is trying to execute your configuration file instead of reading it, which is obviously not what you want. -- Sam Clippinger Rafael Andrade wrote:
Thanks Sam ! I found erros in my config file, u can help-me? I test with config-test. Above. root <at> net spamdyke]# spamdyke --config-test /etc/spamdyke/spamdyke.conf && tail -f /var/log/maillog spamdyke 4.0.10+TLS+CONFIGTEST+DEBUG (C)2008 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ Use -h for an option summary or see README.html for complete option details. ERROR: Command returned no output: /etc/spamdyke/spamdyke.conf ERROR: Tests complete. Errors detected. Apr 1 07:35:42 net spamdyke[2005]: ERROR: unable to execute child process /etc/spamdyke/spamdyke.conf: Exec format error Apr 1 07:35:48 net spamdyke[2005]: ERROR: unable to execute child process /etc/spamdyke/spamdyke.conf: Exec format error My Spamdyke.conf #Spamdyke.conf # rbl dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zombie.dnsbl.sorbs.net dns-blacklist-entry=dul.dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=list.dsbl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts log-level=debug #log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients Which permissions i need to add on spamdyke? root? Im using qmailtoaster + spamdyke. Thanks all!! Rafael Sam Clippinger escreveu:
You seem to have a lot of whitelist files enabled; it's possible an entry in one of those files is allowing this connection. If you increase your "log-level" command to "verbose", spamdyke will log which filter is matching each connection, which should reveal a whitelist match (if that's what's happening). I also recommend running spamdyke's "config-test" feature to look for permission problems, syntax errors, etc. -- Sam Clippinger Rafael Andrade wrote:
Hello All, Im dont know whats happen on my qmail + spamdyke, last days some blocked domains can send msgs for my domains. Eg above. Mar 27 11:37:15 net spamdyke[20571]: DENIED_SENDER_BLACKLISTED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 27 11:57:51 net spamdyke[20805]: DENIED_SENDER_BLACKLISTED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 30 10:13:16 net spamdyke[10323]: ALLOWED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) Mar 30 10:24:31 net spamdyke[10478]: ALLOWED from: roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org to: vendas-u040QIxSA4U8kJV6YUD1dgh0onu2mTI+@public.gmane.org origin_ip: 200.203.183.103 origin_rdns: smtpout01.tpa.com.br auth: (unknown) In mar 27/03 this email roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org has blocked, but in mar 30/03 his can send msg? Why this happen? More information Above. Spamdyke.conf file black_list_senders file #Spamdyke.conf # rbl dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=zombie.dnsbl.sorbs.net dns-blacklist-entry=dul.dnsbl.sorbs.net dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=ix.dnsbl.manitu.net dns-blacklist-entry=list.dsbl.org # graylist #graylist-dir=/etc/spamdyke/graylist.d graylist-dir=/home/vpopmail/graylist.d graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts log-level=debug #log-level=info log-target=syslog #log-target=stderr max-recipients=50 #policy-url=http://my.policy.explanation.url/ reject-empty-rdns #reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns tls-certificate-file=/var/qmail/control/servercert.pem # blacklist and whitelist ip ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-whitelist-file=/etc/spamdyke/whitelist_ip # blacklist and whitelist keywords ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords # blacklist and whitelist senders sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders # blacklist and whitelist rdns rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns # whitelist dns dns-whitelist-file=/etc/spamdyke/whitelist_dns # blacklist and whitelist recipients recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients #Blacklist file have roberto.metais-jduehBtJ7hRfyO9Q7EP/yw@public.gmane.org in line 152. the blacklist file have 498 entries. Anyone can help-me please? im receiving lots of spam! =\ _______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
------------------------------------------------------------------------ _______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
------------------------------------------------------------------------ _______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list spamdyke-users-/X2b3ZMi7jpg9hUCZPvPmw@public.gmane.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users 
_______________________________________________
spamdyke-users mailing list
spamdyke-users@...
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Permalink | Reply | 1 comment |
headers
Sebastian Grewe | 8 Apr 2009 22:42
Favicon

Spamdyke Timeouts for no reason

Hey guys,

Here an issue we had a long time ago already:

A mail provider connects to our system to deliver a mail. Spamdyke 
accepts the message and sends it over to Simscan. Spamdyke logs a 
TIMEOUT error in our Log, right after that Simscan completes the scan. 
It looks like it hangs somewhere so Spamdyke, by mistake, sends a 
Timeout to the ISP. That one tries to send the same message again which 
of course fails again.

Just wondering, if anyone else had this issue? If not I can post more 
details about it.

Cheers,
Sebastian
Permalink | Reply | 6 comments |
headers
Sebastian Grewe | 8 Apr 2009 23:09
Favicon

Re: Spamdyke Timeouts for no reason

Hey again,

I was a bit quick on the draw there. After some research on our end I 
noticed that the spam filter needs quite some time to actually scan that 
mail (>60s) which results in the provider to time us out. So my question 
is: How can I skip simscan from processing messages from that one 
provider, given I have their IPs? I would do that until the message 
comes through and then disable the "whitelist" after that.

Cheers,
Sebastian

Sebastian Grewe wrote:
> Hey guys,
>
> Here an issue we had a long time ago already:
>
> A mail provider connects to our system to deliver a mail. Spamdyke 
> accepts the message and sends it over to Simscan. Spamdyke logs a 
> TIMEOUT error in our Log, right after that Simscan completes the scan. 
> It looks like it hangs somewhere so Spamdyke, by mistake, sends a 
> Timeout to the ISP. That one tries to send the same message again which 
> of course fails again.
>
> Just wondering, if anyone else had this issue? If not I can post more 
> details about it.
>
> Cheers,
> Sebastian
> _______________________________________________
> spamdyke-users mailing list
> spamdyke-users@...
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
Permalink | Reply | 5 comments |

Gmane