Config file is:
log-level=info local-domains-file=/var/qmail/control/rcpthosts max-recipients=50 idle-timeout-secs=60 greeting-delay-secs=2 #GREYLISTING graylist-dir=/var/qmail/spamdyke/greylist graylist-min-secs=300 graylist-max-secs=1814400 #BLACKLISTING sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip sender-blacklist-entry=*@*chevxa.com #WHITELISTING sender-whitelist-file=/var/qmail/spamdyke/whitelist_senders rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip ip-whitelist-entry=78.32.162.57 tls-certificate-file=/var/qmail/control/servercert.pem sender-whitelist-entry=*@polyclip.com.br recipient-whitelist-entry=*@dball.com #RBL BLOCKLISTS dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net #dns-blacklist-entry=bogons.cymru.com #dns-blacklist-entry=b.barracudacentral.org #REJECTS policy-url=http://www.domain.com/domain-hosting/faq/122-spam-policy reject-missing-sender-mx=false reject-empty-rdns=true reject-unresolvable-rdns=true reject-identical-sender-recipient=false Can you tell us how we add a header blacklist? The subject has always included the spamvertised domain name in this particular case. Kind Regards, Christoph Kuhle From: [email protected] [mailto:[email protected]] On Behalf Of Sam Clippinger Sent: 22 October 2012 18:17 To: spamdyke users Subject: Re: [spamdyke-users] It's as if we have whitelisted recipients Can you post your spamdyke configuration file so we can see what filters you have enabled? If this is constantly coming from different domains and different hosts, I'd look at adding a header blacklist, especially if they're putting the name of the spamvertized domain in the subject line. -- Sam Clippinger On Oct 22, 2012, at 12:07 PM, emailitis.com wrote: We have a recurring and annoying email that is all about the same thing - trying to get us to click a link to purchase a domain similar to one we have. It always comes from a different domain. For some reason it is getting through spamdyke - maillog entry below. Oct 21 12:55:28 plesk3 /var/qmail/bin/relaylock[28833]: /var/qmail/bin/relaylock: mail from 209.217.243.18:46899 (box018.wtsuk.net) Oct 21 12:55:31 plesk3 spamdyke[28833]: ALLOWED from: [email protected] to: [email protected] origin_ip: 209.217.243.18 origin_rdns: box018.wtsuk.net auth: (unknown) encryption: (none) Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: [email protected] Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: [email protected] Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: handlers_stderr: SKIP Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: SKIP during call 'check-quota' handler Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: starter: submitter[28894] exited normally Oct 21 12:55:31 plesk3 qmail: 1350820531.379894 new msg 107741568 Oct 21 12:55:31 plesk3 qmail: 1350820531.379950 info msg 107741568: bytes 4935 from <[email protected]> qp 28894 uid 2020 Oct 21 12:55:31 plesk3 qmail: 1350820531.381039 starting delivery 4241: msg 107741568 to local [email protected] Oct 21 12:55:31 plesk3 qmail: 1350820531.381073 status: local 1/10 remote 0/20 Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: Handlers Filter before-local for qmail started ... Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: [email protected] Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: [email protected] Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: mailbox: /var/qmail/mailnames/hosted-domain.com/user Oct 21 12:55:31 plesk3 imapd: 1350820531.387880 DISCONNECTED, ip=[::ffff:84.21.130.8], headers=0, body=0, rcvd=0, sent=56, maildir=/home/KohaChoji Oct 21 12:55:31 plesk3 qmail: 1350820531.411940 delivery 4241: success: did_0+0+2/ Oct 21 12:55:31 plesk3 qmail: 1350820531.412068 status: local 0/10 remote 0/20 Oct 21 12:55:31 plesk3 qmail: 1350820531.412099 end msg 107741568 We put in a rule on Spamassassin as well but emails to the one user below are ignored. The rule we put in for that was as follows: body EXPATVOIP /expatvoip.com/i score EXPATVOIP 100 emails to all other users are rejected as they should be. On a possibly related note, should a RDNS fail on the emails below which are getting through? It was Spam purporting to be from UPS - normal stuff: Oct 21 07:31:01 plesk3 spamdyke[26354]: ALLOWED from: [email protected] to: [email protected] origin_ip: 74.50.94.114 origin_rdns: 74-50-94-114.static.hostdepartment.com auth: (unknown) encryption: (none) Oct 21 07:31:01 plesk3 spamdyke[26353]: ALLOWED from: [email protected] to: [email protected] origin_ip: 74.50.94.114 origin_rdns: 74-50-94-114.static.hostdepartment.com auth: (unknown) encryption: (none) Grateful, as ever, in advance for assistance from some experts. Kind Regards, Christoph Kuhle _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
