I see a couple of errors in your configuration file. In your lines for
sender-blacklist-entry, sender-whitelist-entry and recipient-whitelist-entry,
asterisks are not wildcards. In other words, those lines will never match
unless someone actually sends a message from the address *@dball.com, which
isn't likely. Instead, change them to this:
[email protected]
[email protected]
[email protected]
The header blacklists are easy to use and asterisks are valid wildcards. In
fact, the header blacklist feature uses shell globbing (not regular
expressions), so an asterisk matches zero or more characters, a question mark
matches exactly one character and bracketed groups of characters will match
anything inside the brackets. Just keep in mind that the feature only searches
the header, not the message body. In your case, I would suggest something
simple like this:
header-blacklist-entry=Subject:*domain.com*
-- Sam Clippinger
On Oct 22, 2012, at 5:24 PM, emailitis.com wrote:
> Config file is:
>
> log-level=info
> local-domains-file=/var/qmail/control/rcpthosts
> max-recipients=50
> idle-timeout-secs=60
> greeting-delay-secs=2
>
>
> #GREYLISTING
> graylist-dir=/var/qmail/spamdyke/greylist
> graylist-min-secs=300
> graylist-max-secs=1814400
>
> #BLACKLISTING
> sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders
> recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients
> ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip
> sender-blacklist-entry=*@*chevxa.com
>
> #WHITELISTING
> sender-whitelist-file=/var/qmail/spamdyke/whitelist_senders
> rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns
> ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip
> ip-whitelist-entry=78.32.162.57
> tls-certificate-file=/var/qmail/control/servercert.pem
> sender-whitelist-entry=*@polyclip.com.br
> recipient-whitelist-entry=*@dball.com
>
> #RBL BLOCKLISTS
> dns-blacklist-entry=zen.spamhaus.org
> dns-blacklist-entry=bl.spamcop.net
> #dns-blacklist-entry=bogons.cymru.com
> #dns-blacklist-entry=b.barracudacentral.org
>
> #REJECTS
> policy-url=http://www.domain.com/domain-hosting/faq/122-spam-policy
> reject-missing-sender-mx=false
> reject-empty-rdns=true
> reject-unresolvable-rdns=true
> reject-identical-sender-recipient=false
>
> Can you tell us how we add a header blacklist? The subject has always
> included the spamvertised domain name in this particular case.
>
> Kind Regards,
>
> Christoph Kuhle
>
> From: [email protected]
> [mailto:[email protected]] On Behalf Of Sam Clippinger
> Sent: 22 October 2012 18:17
> To: spamdyke users
> Subject: Re: [spamdyke-users] It's as if we have whitelisted recipients
>
> Can you post your spamdyke configuration file so we can see what filters you
> have enabled? If this is constantly coming from different domains and
> different hosts, I'd look at adding a header blacklist, especially if they're
> putting the name of the spamvertized domain in the subject line.
>
> -- Sam Clippinger
>
>
>
>
> On Oct 22, 2012, at 12:07 PM, emailitis.com wrote:
>
>
> We have a recurring and annoying email that is all about the same thing –
> trying to get us to click a link to purchase a domain similar to one we have.
> It always comes from a different domain. For some reason it is getting
> through spamdyke – maillog entry below.
>
> Oct 21 12:55:28 plesk3 /var/qmail/bin/relaylock[28833]:
> /var/qmail/bin/relaylock: mail from 209.217.243.18:46899 (box018.wtsuk.net)
> Oct 21 12:55:31 plesk3 spamdyke[28833]: ALLOWED from: [email protected]
> to: [email protected] origin_ip: 209.217.243.18 origin_rdns:
> box018.wtsuk.net auth: (unknown) encryption: (none)
> Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: [email protected]
> Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: [email protected]
> Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: handlers_stderr: SKIP
> Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: SKIP during call
> 'check-quota' handler
> Oct 21 12:55:31 plesk3 qmail-queue-handlers[28889]: starter: submitter[28894]
> exited normally
> Oct 21 12:55:31 plesk3 qmail: 1350820531.379894 new msg 107741568
> Oct 21 12:55:31 plesk3 qmail: 1350820531.379950 info msg 107741568: bytes
> 4935 from <[email protected]> qp 28894 uid 2020
> Oct 21 12:55:31 plesk3 qmail: 1350820531.381039 starting delivery 4241: msg
> 107741568 to local [email protected]
> Oct 21 12:55:31 plesk3 qmail: 1350820531.381073 status: local 1/10 remote 0/20
> Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: Handlers Filter
> before-local for qmail started ...
> Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: [email protected]
> Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: [email protected]
> Oct 21 12:55:31 plesk3 qmail-local-handlers[28895]: mailbox:
> /var/qmail/mailnames/hosted-domain.com/user
> Oct 21 12:55:31 plesk3 imapd: 1350820531.387880 DISCONNECTED,
> ip=[::ffff:84.21.130.8], headers=0, body=0, rcvd=0, sent=56,
> maildir=/home/KohaChoji
> Oct 21 12:55:31 plesk3 qmail: 1350820531.411940 delivery 4241: success:
> did_0+0+2/
> Oct 21 12:55:31 plesk3 qmail: 1350820531.412068 status: local 0/10 remote 0/20
> Oct 21 12:55:31 plesk3 qmail: 1350820531.412099 end msg 107741568
>
> We put in a rule on Spamassassin as well but emails to the one user below are
> ignored. The rule we put in for that was as follows:
>
> body EXPATVOIP /expatvoip.com/i
> score EXPATVOIP 100
> emails to all other users are rejected as they should be.
>
> On a possibly related note, should a RDNS fail on the emails below which are
> getting through? It was Spam purporting to be from UPS – normal stuff:
>
> Oct 21 07:31:01 plesk3 spamdyke[26354]: ALLOWED from:
> [email protected] to: [email protected] origin_ip:
> 74.50.94.114 origin_rdns: 74-50-94-114.static.hostdepartment.com auth:
> (unknown) encryption: (none)
> Oct 21 07:31:01 plesk3 spamdyke[26353]: ALLOWED from:
> [email protected] to: [email protected] origin_ip:
> 74.50.94.114 origin_rdns: 74-50-94-114.static.hostdepartment.com auth:
> (unknown) encryption: (none)
>
> Grateful, as ever, in advance for assistance from some experts.
>
> Kind Regards,
>
> Christoph Kuhle
>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
