Hi,
I disabled all whitelist options in spamdyke.conf and restarted
spamdyke. Confirmed no whitelist filters continued to be displayed in the
maillog file and also confirmed that only FILTER_EARLYTALKER delay: 5 was found
but still no DENIED_EARLYTALKER entries. I even checked back in maillog files
from 2012 and found the same result. It just can't be an authenticated user
from so many different IPs (100s) from such a long period of time as my server
would certainly be listed in multiple DNS blacklists (it's currently not in
any). If anyone else has the same issue I would be curious if it has anything
to do with Plesk being involved. If there are no other recommendations maybe
I'll try installing Spamdyke 5.0.0 unless anyone has had issues using it on a
Plesk 10.4.4, CentoOS 6 server. All comments are welcomed.
Regards,
Shane Bywater
----------------------------------------------------------------------
Message: 1
Date: Wed, 12 Mar 2014 17:28:58 -0500
From: Sam Clippinger <[email protected]>
Subject: Re: [spamdyke-users] modifying way that filters are shown in
log files
To: spamdyke users <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset="us-ascii"
If the earlytalker filter actually blocks a connection, you should see a
"DENIED_EARLYTALKER" message in the log. Are you sure that connection isn't
whitelisted or authenticating? Either of those things would prevent the
earlytalker filter from actually blocking the connection.
-- Sam Clippinger
On Mar 11, 2014, at 10:04 PM, Shane Bywater <[email protected]> wrote:
> Hi,
> I'm running Spamdyke 4.3.1 on a Centos 6 server. I've been
> successfully using spamdyke along with fail2ban to block IPs with the
> following characteristics:
> Missing RNDS and RDNS containing IP address.
>
> In the maillog files I see the following:
> Aug 24 04:14:42 server spamdyke[20879]: FILTER_IP_IN_CC_RDNS ip:
> 186.52.196.7 rdns: r186-52-196-7.dialup.adsl.anteldata.net.uy
> Aug 24 04:14:42 server spamdyke[20879]: DENIED_IP_IN_CC_RDNS from:
> [email protected] to: [email protected] origin_ip: 186.52.196.7
> origin_rdns: r186-52-196-7.dialup.adsl.an Aug 24 04:15:07 server
> spamdyke[23813]: FILTER_RDNS_MISSING ip: 117.207.23.39 Aug 24 04:15:07
> server spamdyke[23813]: DENIED_RDNS_MISSING from: [email protected]
> to: [email protected] origin_ip: 117.207.23.39 origin_rdns: (unknown)
> auth: (unknown) Aug 24 04:21:33 apexia spamdyke[25574]:
> FILTER_EARLYTALKER delay: 5 Aug 24 04:21:33 apexia
> /var/qmail/bin/relaylock[25582]: /var/qmail/bin/relaylock: mail from
> 101.208.35.161:51645 (not defined)
>
> My fail2ban configuration file contains:
> [Definition]
> failregex = spamdyke.+: DENIED_RDNS_MISSING from:.+origin_ip: <HOST>
> spamdyke.+: DENIED_IP_IN_CC_RDNS from:.+origin_ip: <HOST>
> spamdyke.+: FILTER_EARLYTALKER delay: 5.+from <HOST>
> <--not working ignoreregex =
>
> My issue is I now want to start banning IPs that set off the
> FILTER_EARLYTALKER filter but as there is no corresponding DENIED_EARLYTALKER
> from: [email protected] to [email protected] origin_ip: 111.222.333.444 I cannot
> figure out the proper failregex expression to match the exising format for
> FILTER_EARLYTALKER nor do I know how to change spamdyke to show a familiar
> DENIED_EARLYTALKER ... heading in the maillog which I could determine the
> proper failregex for. If anyone can provide me with some suggestions that
> would be appreciated.
>
> Regards,
> Shane Bywater
>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.spamdyke.org/mailman/private/spamdyke-users/attachments/20140312/af220ab8/attachment-0001.html
------------------------------
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
End of spamdyke-users Digest, Vol 82, Issue 9
*********************************************
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
