Great advice, thank you. I made some changes to the spamdyke config file and the rdns file, restarted various services and now (I have actually sent a separate post on this) it would appear that spamdyke is not working at all.
I have /etc/init.d/qmail And /etc/xinetd.d/smtp_psa But have not changed either file. I am not sure which one is directing what happens with our mail (I've always been a bit confused about that). Can you tell me what might have happened from the change and restarts? Kind Regards, Christoph Kuhle From: [email protected] [mailto:[email protected]] On Behalf Of Gary Gendel Sent: 17 September 2012 13:33 To: spamdyke users Subject: Re: [spamdyke-users] How best to whitelist rejected emails On 9/17/12 7:34 AM, emailitis.com wrote: Thanks for that help Gary, My whitelist_rdns does not have any entries. Can you tell me what we should put in that? Is it a single line: yahoo.com .yahoo.com You're missing the leading period. This will take care of all the yahoo sites (USA, UK, Japan, etc.). and in whitelist_senders file: a. Do I list email addresses on individual lines? b. Can we use wildcards like *@bbc.co.uk? Yes. But I would use the whitelist-senders list only for those rare occasions where there is no only way. There is too much spam spoofing of the sender's address. In the smtp protocol, there is no restriction on what is placed in the From:, To:, etc. (visible) fields. Even the low level smtp handshaking can be told it's coming from a different user than the real sender. This is why spamdyke should be set up to reject mainly based upon the sending server because that would be extremely hard to spoof. It is also why most RBLs reject any mail from open relays (those that will accept mail from anyone and send it out again). Maybe the following should be a separate post, but we have disabled some of the main spamdyke checks: reject-missing-sender-mx=false reject-empty-rdns=false reject-unresolvable-rdns=false reject-identical-sender-recipient=false The only two I would put back in are: reject-empty-rdns reject-unresolvable-rdns If they don't have a proper reverse-dns set up then they have no business sending email. If you trace these back, you'll probably find that this is an unassigned ip address hijacked from an ISP. Most ISPs will at least have some default reverse-lookup for all of their customer space. I agree that the other two are too aggressive and I have them shut off as well. One recent addition that has made a significant dent in false negatives was the addition of a right-hand-side (rhs) blacklists. I would check out: dbl.spamhaus.org urired.spameatingmonkey.net fresh15.spameatingmonkey.net The last one will reject any mail from domains that were created withing the last 15 days. There are bigger and smaller time windows that you can use from spameatingmonkey.net to suit your taste. I happen to use all three, but even using the first or second alone will make a big difference. because we were getting a lot of genuine emails rejected and it was really affecting our service to hosted domains. Is there a clever way to monitor and try to identify the genuine emails which do not have MX or RDNS properly set up? And when those come through, what steps do you seasoned gurus use to allow genuine emails through while keeping those rules intact? Advice very gratefully received from this lovely mailing list where responses are comprehensive and quick - thank you all for that. That would be interesting for me as well. I do periodically check the logs for any anomalies, but in the several years I've used spamdyke with the above settings, I've only found one false positive due to a misconfiguration by the sending ISP, which has since been corrected (they were being rejected by a lot of servers besides mine). Kind Regards, Christoph Kuhle From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: 16 September 2012 23:39 To: spamdyke users Subject: Re: [spamdyke-users] How best to whitelist rejected emails Some RBLs block yahoo because spammers really love to use it. I feel that this is way too aggressive and any blacklist that blocks like this I avoid. However, I do have yahoo in my rdns whitelist anyway since I use that to avoid putting things on the graylist. This way I can use the graylist more effectively to see if my spamdyke rejection strategy is working well. Gary _____ On Sep 16, 2012 6:02 PM, emailitis.com <[email protected]> wrote: Thank you Sam for your speedy response. How can I tell if I have the latest version? Can you tell me what shell command to run? And to update, is it simply "yum upgrade spamdyke"? I do not want to whitelist the whole btinternet.com domain as there will be Spam. I really like your idea to "use a configuration directory to whitelist any sender within btinternet.com when the rDNS of the server is within yahoo.com". Can you tell me how to do that please? Kind regards, <http://www.facebook.com/pages/emailitis/271193302894913> Description: emailitis VoIP | Broadband | Domain hosting | Web design & SEO emailitis.com <http://www.emailitis.com/> | 01722 770004 | Cross Keys House, Queen Street, Salisbury, SP1 1EY emailitis.com is a trading name of Expat Email Ltd, Registered in England (No. 05140609) VAT No. GB 843 7166 15 <http://www.twitter.com/emailitis> Description: ZA102637858 <http://www.facebook.com/pages/emailitis/271193302894913> Description: ZA102637861 From: [email protected] [mailto:[email protected]] On Behalf Of Sam Clippinger Sent: 16 September 2012 22:51 To: spamdyke users Subject: Re: [spamdyke-users] How best to whitelist rejected emails This is an RBL rejection, which means that the remote IP address has been blacklisted by a DNS RBL provider you're using. (If you upgrade spamdyke to the latest version, the log message will include the name of the RBL that generated the match.) I point this out because you may not want to whitelist this -- it may actually be spam. If you don't want to just whitelist the entire btinternet.com domain from any source, you could use a configuration directory to whitelist any sender within btinternet.com when the rDNS of the server is within yahoo.com. That would help cut down on the false negatives. You could further restrict the whitelist to only trigger when the recipient is also within a specific domain(s) on your server. -- Sam Clippinger On Sep 16, 2012, at 4:00 PM, emailitis.com wrote: We are getting BT emails rejected like: Sep 12 20:56:28 plesk3 spamdyke[20050]: DENIED_RBL_MATCH from: [email protected] to: [email protected] origin_ip: 77.238.189.199 origin_rdns: nm2-vm0.bullet.mail.ird.yahoo.com auth: (unknown) encryption: (none) I could whitelist the sender (not recommended I know). But is there a better way to ensure that all btinternet emails (now owned by yahoo) can be whitelisted? Also, if we were to whitelist a sender, is the email address only shown in the whitelist_senders file? Kind regards, Christoph _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
<<image001.jpg>>
<<image002.gif>>
<<image003.gif>>
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
