Hi,
I'm running Spamdyke 4.3.1 on a Centos 6 server. I've been
successfully using spamdyke along with fail2ban to block IPs with the following
characteristics:
Missing RNDS and RDNS containing IP address.
In the maillog files I see the following:
Aug 24 04:14:42 server spamdyke[20879]: FILTER_IP_IN_CC_RDNS ip: 186.52.196.7
rdns: r186-52-196-7.dialup.adsl.anteldata.net.uy
Aug 24 04:14:42 server spamdyke[20879]: DENIED_IP_IN_CC_RDNS from:
[email protected] to: [email protected] origin_ip: 186.52.196.7 origin_rdns:
r186-52-196-7.dialup.adsl.an
Aug 24 04:15:07 server spamdyke[23813]: FILTER_RDNS_MISSING ip: 117.207.23.39
Aug 24 04:15:07 server spamdyke[23813]: DENIED_RDNS_MISSING from:
[email protected] to: [email protected] origin_ip: 117.207.23.39 origin_rdns:
(unknown) auth: (unknown)
Aug 24 04:21:33 apexia spamdyke[25574]: FILTER_EARLYTALKER delay: 5
Aug 24 04:21:33 apexia /var/qmail/bin/relaylock[25582]:
/var/qmail/bin/relaylock: mail from 101.208.35.161:51645 (not defined)
My fail2ban configuration file contains:
[Definition]
failregex = spamdyke.+: DENIED_RDNS_MISSING from:.+origin_ip: <HOST>
spamdyke.+: DENIED_IP_IN_CC_RDNS from:.+origin_ip: <HOST>
spamdyke.+: FILTER_EARLYTALKER delay: 5.+from <HOST> <--not working
ignoreregex =
My issue is I now want to start banning IPs that set off the FILTER_EARLYTALKER
filter but as there is no corresponding DENIED_EARLYTALKER from: [email protected]
to [email protected] origin_ip: 111.222.333.444 I cannot figure out the proper
failregex expression to match the exising format for FILTER_EARLYTALKER nor do
I know how to change spamdyke to show a familiar DENIED_EARLYTALKER ... heading
in the maillog which I could determine the proper failregex for. If anyone can
provide me with some suggestions that would be appreciated.
Regards,
Shane Bywater
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
