From the log entries you sent, this looks more like a configuration
problem. spamdyke was querying "55.65.144.89." for A records but those
queries look like they were intended for a DNS RBL (the RBL name should
have been appended to the end of the reversed IP address). I wonder if
it was having a problem parsing your configuration file?
Now that it's working, can you reproduce this problem by just removing
127.0.0.1 from your resolv.conf file and changing nothing else? If so,
please send me your configuration file so I can try to reproduce this.
There could be something fishy in the responses from your secondary
nameserver.
-- Sam Clippinger
Christian Aust wrote:
> Sorry about me replying to my own inquiry, but I've found out that for
> some reason my system didn't query the local nameserver anymore. After
> adding 127.0.0.1 to the list of nameservers in resolv.conf spamdyke
> instantly filtered all incoming mails again.
>
> Could it be something in the DNS replies that somehow confused
> spamdyke? Space for further improvement, maybe? Regards,
>
> Christian
>
> Am 13.05.2008 um 14:34 schrieb Christian Aust:
>
>
>> Hi,
>>
>> spamdyke 3.1.7 worked pretty well during the last weeks. However,
>> after I upgraded my installation of Plesk to 8.4.0 last weekend, I
>> found that lots of spam are coming through which should have been
>> blocked by spamdyke. Obviously, this has something to do with me
>> upgrading the system, but WTF went wrong? I'm clueless, after digging
>> through the docs and log files.
>>
>> Spamdyke is running from the xinetd configuration, the command itself
>> as not been changed but there was an issue with Plesk not being able
>> to authenticate users to allow them to relay. Common solution seemed
>> to be to add some env variables to the xinetd file:
>>
>> service smtp
>> {
>> socket_type = stream
>> env = SMTPAUTH=1 SHORTNAMES=0
>> protocol = tcp
>> wait = no
>> disable = no
>> user = root
>> instances = UNLIMITED
>> server = /var/qmail/bin/tcp-env
>> server_args = -Rt0 /var/qmail/bin/relaylock /usr/local/
>> bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd /var/
>> qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /
>> var/qmail/bin/true
>> }
>>
>> Now my mail users can authenticate themselves again and are allowed to
>> relay. Spamdyke is set to log-level=4 in its config file, and this is
>> something that I see quite frequently now:
>>
>> May 13 14:22:23 lvps92-51-129-12 relaylock: /var/qmail/bin/relaylock:
>> mail from 89.144.65.55:2543 (not defined)
>> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: querying
>> 55.65.144.89.in-addr.arpa with DNS server 80.237.128.144:53 (attempt
>> 1)
>> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
>> packet: 43 bytes
>> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
>> packet: 43 bytes
>> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: found no
>> records for 55.65.144.89.in-addr.arpa
>> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: querying
>> 55.65.144.89. with DNS server 80.237.128.144:53 (attempt 1)
>> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
>> packet: 30 bytes
>> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
>> packet: 46 bytes
>> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: received DNS
>> response: A
>> May 13 14:22:23 lvps92-51-129-12 spamdyke[15913]: INFO: found A record
>> for 55.65.144.89.: 55.65.144.89
>> May 13 14:22:25 lvps92-51-129-12 spamdyke[15913]: ALLOWED from: [EMAIL
>> PROTECTED]
>> to: [EMAIL PROTECTED] origin_ip: 89.144.65.55 origin_rdns:
>> (unknown) auth: (unknown)
>> [... qmail handler stuff deleted ...]
>> May 13 14:22:26 lvps92-51-129-12 qmail-local-handlers[15923]: Handlers
>> Filter before-local for qmail started ...
>> May 13 14:22:26 lvps92-51-129-12 qmail-local-handlers[15923]: [EMAIL
>> PROTECTED]
>> May 13 14:22:26 lvps92-51-129-12 qmail-local-handlers[15923]: [EMAIL
>> PROTECTED]
>> May 13 14:22:27 lvps92-51-129-12 spamd[22311]: spamd: got connection
>> over /tmp/spamd_full.sock
>> May 13 14:22:27 lvps92-51-129-12 spamd[22311]: spamd: using default
>> config for [EMAIL PROTECTED]: /var/qmail/mailnames/wilde-
>> welt.de/
>> christian/.spamassassin/user_prefs
>> May 13 14:22:27 lvps92-51-129-12 spamd[22311]: spamd: processing
>> message <[EMAIL PROTECTED]> for [EMAIL PROTECTED]
>> :110
>> May 13 14:22:28 lvps92-51-129-12 spamd[22311]: spamd: identified spam
>> (12.1/5.0) for [EMAIL PROTECTED]:110 in 1.1 seconds, 884 bytes.
>> May 13 14:22:28 lvps92-51-129-12 spamd[22311]: spamd: result: Y 12 -
>> FAKE_REPLY_C
>> ,RCVD_IN_PBL
>> ,RDNS_NONE
>> ,URIBL_AB_SURBL
>> ,URIBL_BLACK,URIBL_OB_SURBL,URIBL_SC_SURBL,XMAILER_MIMEOLE_OL_7533E
>> scantime=1.1,size=884,[EMAIL PROTECTED]
>> welt
>> .de,uid=110,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=/
>> tmp/spamd_full.sock,mid=<01c8b50d
>> [EMAIL PROTECTED]>,autolearn=spam
>>
>> So spamdyke passed a message that scored 12 points from SpamAssassin,
>> AFAICS without bothering about RBL or anything else. Whats wrong? What
>> could have happened to render my favorite spamblocker pretty useless?
>> Any comment is greatly appreciated. Best regards,
>>
>> Christian
>>
>>
>> _______________________________________________
>> spamdyke-users mailing list
>> [email protected]
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
