spamdyke didn't catch it because the server that connected to yours was 37.52.140.51, which doesn't have an rDNS name that triggers the filter. What you're seeing here is from the message headers, which supposedly show the servers that have handled the message. spamdyke doesn't search the message headers -- they're too easy to forge. To see what spamdyke is working with, look at the log messages from spamdyke in your maillog file.
The reject-unresolvable-rdns filter should block connections from hosts with rDNS names of "localhost". Are you sure you this connection wasn't whitelisted for some reason -- i.e. you don't have "localhost" in your rDNS whitelist? -- Sam Clippinger On Aug 11, 2013, at 3:16 PM, BC wrote: > > Now I'm really puzzled... > > This came in just now: > > Received: from localhost (HELO 37.52.140.51) (127.0.0.1) > by purgatoire.org with SMTP; 11 Aug 2013 13:40:49 -0600 > Received: from unknown (HELO localhost) ([email protected]@165.25.147.39) > by 51-140-52-37.pool.ukrtel.net with ESMTPA; Sun, 11 Aug 2013 22:45:44 > +0200 > > > Notice that it contains BOTH an IP address and the word "pool". My > blacklist_keywords file for ip-in-rdns-keyword-blacklist-file contains the > word "pool". Yet this email was allowed through spamdyke as follows: > > Aug 11 13:40:50 C2Q_Q9400 spamdyke[73552]: ALLOWED from: (unknown) to: > [email protected] origin_ip: 127.0.0.1 origin_rdns: localhost auth: > (unknown) encryption: (none) reason: 250_ok_1376250050_qp_73554 > > > > Is that "localhost" what is causing this to be permitted? Clearly this did > not come from "localhost", yet spamdyke accepted it as if it did. > > How can I block this sort of thing. I have this in my .conf file: > reject-unresolvable-rdns=yes > > I'm sure I have something that needs to be tweaked a bit more. > > Thanks in advance... > > > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
