Sorry about me replying to my own inquiry, but I've found out that for
some reason my system didn't query the local nameserver anymore. After
adding 127.0.0.1 to the list of nameservers in resolv.conf spamdyke
instantly filtered all incoming mails again.
Could it be something in the DNS replies that somehow confused
spamdyke? Space for further improvement, maybe? Regards,
Christian
Am 13.05.2008 um 14:34 schrieb Christian Aust:
> Hi,
>
> spamdyke 3.1.7 worked pretty well during the last weeks. However,
> after I upgraded my installation of Plesk to 8.4.0 last weekend, I
> found that lots of spam are coming through which should have been
> blocked by spamdyke. Obviously, this has something to do with me
> upgrading the system, but WTF went wrong? I'm clueless, after digging
> through the docs and log files.
>
> Spamdyke is running from the xinetd configuration, the command itself
> as not been changed but there was an issue with Plesk not being able
> to authenticate users to allow them to relay. Common solution seemed
> to be to add some env variables to the xinetd file:
>
> service smtp
> {
> socket_type = stream
> env = SMTPAUTH=1 SHORTNAMES=0
> protocol = tcp
> wait = no
> disable = no
> user = root
> instances = UNLIMITED
> server = /var/qmail/bin/tcp-env
> server_args = -Rt0 /var/qmail/bin/relaylock /usr/local/
> bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd /var/
> qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /
> var/qmail/bin/true
> }
>
> Now my mail users can authenticate themselves again and are allowed to
> relay. Spamdyke is set to log-level=4 in its config file, and this is
> something that I see quite frequently now:
>
> May 13 14:22:23 lvps92-51-129-12 relaylock: /var/qmail/bin/relaylock:
> mail from 89.144.65.55:2543 (not defined)
> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: querying
> 55.65.144.89.in-addr.arpa with DNS server 80.237.128.144:53 (attempt
> 1)
> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
> packet: 43 bytes
> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
> packet: 43 bytes
> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: found no
> records for 55.65.144.89.in-addr.arpa
> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: querying
> 55.65.144.89. with DNS server 80.237.128.144:53 (attempt 1)
> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
> packet: 30 bytes
> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
> packet: 46 bytes
> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
> response: A
> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: found A record
> for 55.65.144.89.: 55.65.144.89
> May 13 14:22:25 lvps92-51-129-12 spamdyke[15913]: ALLOWED from: [EMAIL
> PROTECTED]
> to: [EMAIL PROTECTED] origin_ip: 89.144.65.55 origin_rdns:
> (unknown) auth: (unknown)
> [... qmail handler stuff deleted ...]
> May 13 14:22:26 lvps92-51-129-12 qmail-local-handlers[15923]: Handlers
> Filter before-local for qmail started ...
> May 13 14:22:26 lvps92-51-129-12 qmail-local-handlers[15923]: [EMAIL
> PROTECTED]
> May 13 14:22:26 lvps92-51-129-12 qmail-local-handlers[15923]: [EMAIL
> PROTECTED]
> May 13 14:22:27 lvps92-51-129-12 spamd[22311]: spamd: got connection
> over /tmp/spamd_full.sock
> May 13 14:22:27 lvps92-51-129-12 spamd[22311]: spamd: using default
> config for [EMAIL PROTECTED]: /var/qmail/mailnames/wilde-
> welt.de/
> christian/.spamassassin/user_prefs
> May 13 14:22:27 lvps92-51-129-12 spamd[22311]: spamd: processing
> message <[EMAIL PROTECTED]> for [EMAIL PROTECTED]
> :110
> May 13 14:22:28 lvps92-51-129-12 spamd[22311]: spamd: identified spam
> (12.1/5.0) for [EMAIL PROTECTED]:110 in 1.1 seconds, 884 bytes.
> May 13 14:22:28 lvps92-51-129-12 spamd[22311]: spamd: result: Y 12 -
> FAKE_REPLY_C
> ,RCVD_IN_PBL
> ,RDNS_NONE
> ,URIBL_AB_SURBL
> ,URIBL_BLACK,URIBL_OB_SURBL,URIBL_SC_SURBL,XMAILER_MIMEOLE_OL_7533E
> scantime=1.1,size=884,[EMAIL PROTECTED]
> welt
> .de,uid=110,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/
> tmp/spamd_full.sock,mid=<01c8b50d
> [EMAIL PROTECTED]>,autolearn=spam
>
> So spamdyke passed a message that scored 12 points from SpamAssassin,
> AFAICS without bothering about RBL or anything else. Whats wrong? What
> could have happened to render my favorite spamblocker pretty useless?
> Any comment is greatly appreciated. Best regards,
>
> Christian
>
>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
