Hi,
spamdyke 3.1.7 worked pretty well during the last weeks. However,
after I upgraded my installation of Plesk to 8.4.0 last weekend, I
found that lots of spam are coming through which should have been
blocked by spamdyke. Obviously, this has something to do with me
upgrading the system, but WTF went wrong? I'm clueless, after digging
through the docs and log files.
Spamdyke is running from the xinetd configuration, the command itself
as not been changed but there was an issue with Plesk not being able
to authenticate users to allow them to relay. Common solution seemed
to be to add some env variables to the xinetd file:
service smtp
{
socket_type = stream
env = SMTPAUTH=1 SHORTNAMES=0
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /var/qmail/bin/relaylock /usr/local/
bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd /var/
qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /
var/qmail/bin/true
}
Now my mail users can authenticate themselves again and are allowed to
relay. Spamdyke is set to log-level=4 in its config file, and this is
something that I see quite frequently now:
May 13 14:22:23 lvps92-51-129-12 relaylock: /var/qmail/bin/relaylock:
mail from 89.144.65.55:2543 (not defined)
May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: querying
55.65.144.89.in-addr.arpa with DNS server 80.237.128.144:53 (attempt 1)
May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
packet: 43 bytes
May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
packet: 43 bytes
May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: found no
records for 55.65.144.89.in-addr.arpa
May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: querying
55.65.144.89. with DNS server 80.237.128.144:53 (attempt 1)
May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
packet: 30 bytes
May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
packet: 46 bytes
May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
response: A
May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: found A record
for 55.65.144.89.: 55.65.144.89
May 13 14:22:25 lvps92-51-129-12 spamdyke[15913]: ALLOWED from: [EMAIL
PROTECTED]
to: [EMAIL PROTECTED] origin_ip: 89.144.65.55 origin_rdns:
(unknown) auth: (unknown)
[... qmail handler stuff deleted ...]
May 13 14:22:26 lvps92-51-129-12 qmail-local-handlers[15923]: Handlers
Filter before-local for qmail started ...
May 13 14:22:26 lvps92-51-129-12 qmail-local-handlers[15923]: [EMAIL PROTECTED]
May 13 14:22:26 lvps92-51-129-12 qmail-local-handlers[15923]: [EMAIL PROTECTED]
May 13 14:22:27 lvps92-51-129-12 spamd[22311]: spamd: got connection
over /tmp/spamd_full.sock
May 13 14:22:27 lvps92-51-129-12 spamd[22311]: spamd: using default
config for [EMAIL PROTECTED]: /var/qmail/mailnames/wilde-welt.de/
christian/.spamassassin/user_prefs
May 13 14:22:27 lvps92-51-129-12 spamd[22311]: spamd: processing
message <[EMAIL PROTECTED]> for [EMAIL PROTECTED]
:110
May 13 14:22:28 lvps92-51-129-12 spamd[22311]: spamd: identified spam
(12.1/5.0) for [EMAIL PROTECTED]:110 in 1.1 seconds, 884 bytes.
May 13 14:22:28 lvps92-51-129-12 spamd[22311]: spamd: result: Y 12 -
FAKE_REPLY_C
,RCVD_IN_PBL
,RDNS_NONE
,URIBL_AB_SURBL
,URIBL_BLACK,URIBL_OB_SURBL,URIBL_SC_SURBL,XMAILER_MIMEOLE_OL_7533E
scantime=1.1,size=884,[EMAIL PROTECTED]
welt
.de,uid=110,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/
tmp/spamd_full.sock,mid=<01c8b50d
[EMAIL PROTECTED]>,autolearn=spam
So spamdyke passed a message that scored 12 points from SpamAssassin,
AFAICS without bothering about RBL or anything else. Whats wrong? What
could have happened to render my favorite spamblocker pretty useless?
Any comment is greatly appreciated. Best regards,
Christian
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
