Whitelists always override blacklists, no matter where they are found or what order they are listed in.
-- Sam Clippinger David Stiller wrote: > As an answer to this: > "Is it possible to just put a whitelist for example.com > <http://example.com> and deny all others matching this keyword." > > Sure. I would just whitelist 66.49.15.190 and blacklist .nuvox.net > <http://nuvox.net>. Don't know wich one catches > first. I would try. > > Regards, > David > > <http://66.49.15.190> > > David Stiller schrieb: > >> Hi Linto, >> >> the per-domain basis you can create by using the config-dir option, >> wich is well documented in the documentation: >> >> http://www.spamdyke.org/documentation/README.html#CONFIGURATION_DIR >> >> Nearly any combination of sender and recipient can be configured >> with this option. This way i configure black- and whitelists for >> my customers. >> >> My structure looks like the following. >> >> In /etc/spamdyke.conf i set: >> config-dir=/var/qmail/spamdyke/domain_setups >> >> The directories contain: >> >> domain_setups/ >> `-- _recipient_ >> |-- tld >> | `-- firstdomain (file) >> `-- tld2 >> `-- seconddomain (file) >> >> >> domain_configs/ >> |-- firstdomain.tld >> | |-- customer_blacklist_ip >> | |-- customer_blacklist_rdns >> | |-- customer_whitelist_ip >> | `-- customer_whitelist_rdns >> `-- seconddomain.tld2 >> |-- customer_blacklist_ip >> |-- customer_blacklist_rdns >> |-- customer_whitelist_ip >> `-- customer_whitelist_rdns >> >> In the file "firstdomain" you can setup the configuration >> for the domain and also the IP_IN_RDNS_KEYWORDS of course. >> >> In my case these are: >> >> ip-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_ip >> rdns-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_rdns >> ip-whitelist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_whitelist_ip >> rdns-whitelist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_whitelist_rdns >> sender-blacklist-file=/var/qmail/spamdyke/domain_configs/firstdomain.tld/customer_blacklist_sender >> >> I hope this helps! ;) >> >> David >> >> >> Linto Paul schrieb: >> >>> Greetings, >>> >>> Could please let me know if there is a way to whitelist a domain on >>> the IP_IN_RDNS_KEYWORDS on a per domain basis. >>> >>> Say we get user complaining about a domain called example.com >>> <http://example.com>, and they say, I am the owner of example.com >>> <http://example.com> and want this feature not used onto our domain >>> even though you host it for us. >>> >>> ~~~~~~~~~~~~~~~ >>> Oct 21 11:46:44 mail01 spamdyke[24348]: DENIED_IP_IN_RDNS from: >>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> to: >>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> origin_ip: 66.49.15.190 >>> <http://66.49.15.190> origin_rdns: 66.49.15.190.nw.nuvox.net >>> <http://66.49.15.190.nw.nuvox.net> auth: (unknown) >>> ~~~~~~~~~~~~~~~~~~~~ >>> >>> We have the RDNS blocked in our server via keyword:- >>> >>> .nuvox.net <http://nuvox.net> >>> >>> Is it possible to just put a whitelist for example.com >>> <http://example.com> and deny all others matching this keyword. >>> >>> Thanks, >>> Linto Paul >>> >>> >>> On Thu, Oct 16, 2008 at 10:30 PM, >>> <[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>> wrote: >>> >>> Send spamdyke-users mailing list submissions to >>> [email protected] >>> <mailto:[email protected]> >>> >>> To subscribe or unsubscribe via the World Wide Web, visit >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> or, via email, send a message with subject or body 'help' to >>> [EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> >>> >>> You can reach the person managing the list at >>> [EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> >>> >>> When replying, please edit your Subject line so it is more specific >>> than "Re: Contents of spamdyke-users digest..." >>> >>> >>> Today's Topics: >>> >>> 1. Regular-Expression Support (Felix Buenemann) >>> 2. Re: spamdyke +ip-in-rdns-keyword-blacklist-entry option >>> (Arthur Girardi) >>> 3. Re: spamdyke +ip-in-rdns-keyword-blacklist-entry option >>> (Felix Buenemann) >>> 4. Re: spamdyke +ip-in-rdns-keyword-blacklist-entryoption >>> (Tim Mancour) >>> >>> >>> ---------------------------------------------------------------------- >>> >>> Message: 1 >>> Date: Thu, 16 Oct 2008 17:07:56 +0200 >>> From: Felix Buenemann <[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>> >>> Subject: [spamdyke-users] Regular-Expression Support >>> To: [email protected] <mailto:[email protected]> >>> Message-ID: <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >>> Content-Type: text/plain; charset=ISO-8859-15 >>> >>> Hi Sam, >>> >>> I wonder wether there is a specific reason not to use regular >>> expressions via the PCRE lib to match patterns in blacklist files >>> etc. >>> >>> Has this been avoided for performance reasons? >>> >>> -- Felix Buenemann >>> >>> >>> >>> ------------------------------ >>> >>> Message: 2 >>> Date: Thu, 16 Oct 2008 12:12:58 -0300 >>> From: Arthur Girardi <[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>> >>> Subject: Re: [spamdyke-users] spamdyke >>> +ip-in-rdns-keyword-blacklist-entry option >>> To: [email protected] <mailto:[email protected]> >>> Message-ID: >>> <[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>> >>> Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; >>> format="flowed" >>> >>> For me it looks as if the message is being blocked because it >>> contains >>> the country code and ip in the rdns and his setup has >>> reject-ip-in-cc-rdns enabled. >>> >>> In the FAQ it says it will check reject-ip-in-cc-rdns before looking >>> at the rdns whitelist. I'm not sure if reject-ip-in-cc-rdns would >>> reject on spot even if it would match in the next filter (rdns >>> whitelist). >>> >>> Arthur >>> >>> Citando Sam Clippinger <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>: >>> >>> > It looks like you're trying to use keywords in your rDNS >>> whitelist file; >>> > those files don't work that way. In an rDNS whitelist file, you can >>> > either give complete rDNS names or you can give partial names >>> (starting >>> > with a dot) that will match the end of an rDNS name. For example: >>> > fully.qualified.domain.name.example.com >>> <http://fully.qualified.domain.name.example.com> >>> > Will match only one rDNS name (i.e. the entire name >>> > "fully.qualified.domain.name.example.com >>> <http://fully.qualified.domain.name.example.com>"). >>> > >>> > To match all names within a domain (or subdomain): >>> > .name.example.com <http://name.example.com> >>> > Will match rDNS names that end with ".name.example.com >>> <http://name.example.com>" (e.g. >>> > "fully.qualified.domain.name.example.com >>> <http://fully.qualified.domain.name.example.com>", >>> > "silly.domain.name.example.com >>> <http://silly.domain.name.example.com>" or >>> "short.name.example.com <http://short.name.example.com>"). >>> > >>> > This file format is documented here: >>> > http://www.spamdyke.org/documentation/README_rdns_file_format.html >>> > >>> > -- Sam Clippinger >>> > >>> > [EMAIL PROTECTED] wrote: >>> >> Hi list! >>> >> I run spamdyke 4.0.5 on Debian. >>> >> >>> >> I have this in my whitelist_rdns: >>> >> .static. >>> >> static. >>> >> .dedicated. >>> >> dedicated. >>> >> >>> >> But spamdyke reject emails: >>> >> 10/16/2008 15:03:52 LOG OUTPUT >>> >> DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] <mailto:[EMAIL >>> PROTECTED]> to: >>> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> origin_ip: >>> >> xxx.xxx.xxx.xxx origin_rdns: >>> port-xxx-xxx-xxx-xxx.static.qsc.de >>> <http://port-xxx-xxx-xxx-xxx.static.qsc.de> auth: >>> >> (unknown) >>> >> >>> >> 10/16/2008 15:03:52 FROM REMOTE TO CHILD: 6 bytes >>> >> DATA >>> >> >>> >> 10/16/2008 15:03:52 FROM SPAMDYKE TO REMOTE: 82 bytes >>> >> 554 Refused. Your reverse DNS entry contains your IP address and a >>> >> country code. >>> >> >>> >> 10/16/2008 15:03:52 FROM REMOTE TO CHILD: 6 bytes >>> >> RSET >>> >> >>> >> 10/16/2008 15:03:52 FROM SPAMDYKE TO REMOTE: 82 bytes >>> >> 554 Refused. Your reverse DNS entry contains your IP address and a >>> >> country code. >>> >> >>> >> 10/16/2008 15:03:52 FROM REMOTE TO CHILD: 6 bytes >>> >> QUIT >>> >> >>> >> 10/16/2008 15:03:52 FROM SPAMDYKE TO REMOTE: 82 bytes >>> >> 221 Refused. Your reverse DNS entry contains your IP address and a >>> >> country code. >>> >> >>> >> 10/16/2008 15:03:52 CLOSED >>> >> >>> >> Should >>> >> .static. >>> >> not match >>> >> port-xxx-xxx-xxx-xxx.static.qsc.de >>> <http://port-xxx-xxx-xxx-xxx.static.qsc.de> >>> >> normally? >>> >> >>> >> Is this the same issue what Erald report or a new problem or >>> did I think >>> >> in s.th <http://s.th>. wrong? >>> >> >>> >> Gruss, >>> >> Peter >>> >> >>> > _______________________________________________ >>> > spamdyke-users mailing list >>> > [email protected] <mailto:[email protected]> >>> > http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> > >>> >>> >>> >>> >>> ------------------------------ >>> >>> Message: 3 >>> Date: Thu, 16 Oct 2008 17:23:24 +0200 >>> From: Felix Buenemann <[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>> >>> Subject: Re: [spamdyke-users] spamdyke >>> +ip-in-rdns-keyword-blacklist-entry option >>> To: [email protected] <mailto:[email protected]> >>> Message-ID: <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >>> Content-Type: text/plain; charset=ISO-8859-1 >>> >>> Am 15.10.2008 15:20 Uhr, Tim Mancour schrieb: >>> > Sam, >>> > >>> > There is a set of POSIX compatible regular expression functions >>> available in >>> > "C". The functions regcomp() and regexec() are both used by >>> qmail to provide >>> > regexp testing for the control/badxxxxx files. >>> >>> I jusrt wrote a similar mail, as I was wondering why NOT to use >>> regexes >>> in spamdyke, my only idea was that it could hurt performance. >>> >>> There is the PCRE library which enable parsing of perl compatible >>> regular expressions, which have IMHO the cleanest and most widely >>> used >>> regex syntax. It's also very easy to test those regexes using perl. >>> >>> > >>> > Regards, >>> > Tim >>> >>> -- Felix >>> >>> > -----Original Message----- >>> > From: [EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> >>> > [mailto:[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>] On Behalf Of Sam >>> Clippinger >>> > Sent: Wednesday, October 15, 2008 12:57 AM >>> > To: spamdyke users >>> > Subject: Re: [spamdyke-users] spamdyke >>> +ip-in-rdns-keyword-blacklist-entry >>> > option >>> > >>> > The kind of wildcards you're asking for (especially "*.*") >>> would not be easy >>> > to implement. However, the code that requires a keyword to be >>> surrounded by >>> > non-alphanumeric characters could be easily removed if you want >>> to test the >>> > results. In filter.c, just remove the if() block from lines >>> 697 to 706 (in >>> > version 4.0.5). Rerun "make" and install the new binary. My >>> instinct says >>> > you won't like the new behavior but I could easily be wrong. >>> > >>> > In the long run, the best solution is probably to add support >>> for regular >>> > expressions. They're much more flexible and powerful and the >>> documentation >>> > would be much simpler as well, since many tutorials already >>> exist for >>> > regexps. Several people have asked for regular expression >>> support and it's >>> > on my list (though it's not high priority at the moment). >>> > >>> > -- Sam Clippinger >>> > >>> > Youri V. Kravatsky wrote: >>> >> Hello Sam, >>> >> >>> >> >>> >>> BTW, spamdyke won't find a keyword like "dyn" in the middle >>> of other >>> >>> text like "dynamic". In order to match, a keyword must (1) >>> be at the >>> >>> beginning of the name, (2) be surrounded with non-alphanumeric >>> >>> characters (i.e. dots or dashes) AND include the rDNS name's >>> TLD (e.g. >>> >>> "example" would not be found in "11.22.33.44.example.com >>> <http://11.22.33.44.example.com>") or (3) the >>> >>> keyword must begin with a dot AND match the entire end of the >>> rDNS >>> >>> name (e.g. ".example.com <http://example.com>" would match >>> "11.22.33.44.example.com <http://11.22.33.44.example.com>"). >>> >>> This logic exists to prevent a keyword like "dynamic" from >>> matching >>> >>> "11.22.33.44.notdynamic.example.com >>> <http://11.22.33.44.notdynamic.example.com>". >>> >>> >>> >> Well, it is not good really, I know that correctly work on >>> wildcards >>> >> is not easy work in C, unlike, perl, but it would be very good >>> to use >>> >> file like >>> >> .*dynamic.* >>> >> .dynamic*.* >>> > >>> >> .broadband*.* >>> > >>> >> .*broadband.* >>> > >>> >> .*cable.* >>> > >>> >> .cable*.* >>> > >>> >> .*pppoe.* >>> > >>> >> .pppoe*.* >>> >> Or else we will read log for a full days to find out all >>> possible >>> >> home-dynamic-cable-broadband providers all over the world... >>> >> >>> >>> >>> >>> >>> ------------------------------ >>> >>> Message: 4 >>> Date: Thu, 16 Oct 2008 12:04:24 -0400 >>> From: "Tim Mancour" <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> >>> Subject: Re: [spamdyke-users] spamdyke >>> +ip-in-rdns-keyword-blacklist-entryoption >>> To: "'spamdyke users'" <[email protected] >>> <mailto:[email protected]>> >>> Message-ID: <[EMAIL PROTECTED]> >>> Content-Type: text/plain; charset="us-ascii" >>> >>> I added a rdns regexp matching to my qmailtoaster a few years ago >>> and I have >>> not noticed any performance issues. You do, however, have to make >>> sure that >>> you keep the number of expressions do to a minimum set (my list of >>> expressions is currently around 50 lines long). >>> >>> -----Original Message----- >>> From: [EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> >>> [mailto:[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>] On Behalf Of Felix >>> Buenemann >>> Sent: Thursday, October 16, 2008 11:23 AM >>> To: [email protected] <mailto:[email protected]> >>> Subject: Re: [spamdyke-users] spamdyke >>> +ip-in-rdns-keyword-blacklist-entryoption >>> >>> Am 15.10.2008 15:20 Uhr, Tim Mancour schrieb: >>> > Sam, >>> > >>> > There is a set of POSIX compatible regular expression functions >>> > available in "C". The functions regcomp() and regexec() are >>> both used >>> > by qmail to provide regexp testing for the control/badxxxxx files. >>> >>> I jusrt wrote a similar mail, as I was wondering why NOT to use >>> regexes in >>> spamdyke, my only idea was that it could hurt performance. >>> >>> There is the PCRE library which enable parsing of perl compatible >>> regular >>> expressions, which have IMHO the cleanest and most widely used >>> regex syntax. >>> It's also very easy to test those regexes using perl. >>> >>> > >>> > Regards, >>> > Tim >>> >>> -- Felix >>> >>> > -----Original Message----- >>> > From: [EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]> >>> > [mailto:[EMAIL PROTECTED] >>> <mailto:[EMAIL PROTECTED]>] On Behalf Of Sam >>> > Clippinger >>> > Sent: Wednesday, October 15, 2008 12:57 AM >>> > To: spamdyke users >>> > Subject: Re: [spamdyke-users] spamdyke >>> > +ip-in-rdns-keyword-blacklist-entry >>> > option >>> > >>> > The kind of wildcards you're asking for (especially "*.*") >>> would not >>> > be easy to implement. However, the code that requires a >>> keyword to be >>> > surrounded by non-alphanumeric characters could be easily >>> removed if >>> > you want to test the results. In filter.c, just remove the >>> if() block >>> > from lines 697 to 706 (in version 4.0.5). Rerun "make" and install >>> > the new binary. My instinct says you won't like the new >>> behavior but I >>> could easily be wrong. >>> > >>> > In the long run, the best solution is probably to add support for >>> > regular expressions. They're much more flexible and powerful >>> and the >>> > documentation would be much simpler as well, since many tutorials >>> > already exist for regexps. Several people have asked for regular >>> > expression support and it's on my list (though it's not high >>> priority at >>> the moment). >>> > >>> > -- Sam Clippinger >>> > >>> > Youri V. Kravatsky wrote: >>> >> Hello Sam, >>> >> >>> >> >>> >>> BTW, spamdyke won't find a keyword like "dyn" in the middle >>> of other >>> >>> text like "dynamic". In order to match, a keyword must (1) be at >>> >>> the beginning of the name, (2) be surrounded with >>> non-alphanumeric >>> >>> characters (i.e. dots or dashes) AND include the rDNS name's >>> TLD (e.g. >>> >>> "example" would not be found in "11.22.33.44.example.com >>> <http://11.22.33.44.example.com>") or (3) >>> >>> the keyword must begin with a dot AND match the entire end of the >>> >>> rDNS name (e.g. ".example.com <http://example.com>" would >>> match "11.22.33.44.example.com <http://11.22.33.44.example.com>"). >>> >>> This logic exists to prevent a keyword like "dynamic" from >>> matching >>> >>> "11.22.33.44.notdynamic.example.com >>> <http://11.22.33.44.notdynamic.example.com>". >>> >>> >>> >> Well, it is not good really, I know that correctly work on >>> wildcards >>> >> is not easy work in C, unlike, perl, but it would be very good >>> to use >>> >> file like >>> >> .*dynamic.* >>> >> .dynamic*.* >>> > >>> >> .broadband*.* >>> > >>> >> .*broadband.* >>> > >>> >> .*cable.* >>> > >>> >> .cable*.* >>> > >>> >> .*pppoe.* >>> > >>> >> .pppoe*.* >>> >> Or else we will read log for a full days to find out all >>> possible >>> >> home-dynamic-cable-broadband providers all over the world... >>> >> >>> >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] <mailto:[email protected]> >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >>> >>> ------------------------------ >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] <mailto:[email protected]> >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >>> End of spamdyke-users Digest, Vol 17, Issue 37 >>> ********************************************** >>> >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> -- >> BLACKBIT neue Medien GmbH | BLACKBIT neue Werbung GmbH >> Technischer Support/ Hotline >> Ernst-Ruhstrat-Straße 6 - D-37079 Göttingen >> >> Geschäftsführer: Stefano Viani >> Registergericht: Amtsgericht Göttingen, HRB 3222 >> Umsatzsteueridentifikationsnummer (§ 27a UstG): DE 813 114 917 >> >> Tel: +49-551-50675-50 - Fax: +49-551-50675-20 >> E-Mail: [EMAIL PROTECTED] >> >> Klassische Werbung und Online-Marketing: http://www.blackbit.de >> Software fuer Online-Marketing: http://www.go-community.de >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > > > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
