Hi,
As requested here is my configuration file. Note: My ip-whitelist-file
is empty and I continue to see 100s of FILTER_EARLYTALKER delay: 5 entries but
no DENIED_EARLYTALKER in my maillog files.
# spamdyke configuration file for spamdyke version 4.3.1.
# Note: All other lines not shown below are commented out on the server
greeting-delay-secs=5
reject-empty-rdns
reject-ip-in-cc-rdns
reject-missing-sender-mx
reject-unresolvable-rdns
log-level=verbose
config-dir=/var/spamdyke/domain_setups
connection-timeout-secs=0
idle-timeout-secs=60
reject-identical-sender-recipient
ip-blacklist-file=/var/spamdyke/ip-blacklist-file
recipient-blacklist-file=/var/spamdyke/recipient-blacklist-file
sender-blacklist-file=/var/spamdyke/sender-blacklist-file
ip-whitelist-file=/var/spamdyke/ip-whitelist-file
recipient-whitelist-file=/var/spamdyke/recipient-whitelist-file
sender-whitelist-file=/var/spamdyke/sender-whitelist-file
dns-blacklist-file=/var/spamdyke/dns-blacklist-file
smtp-auth-level=ondemand
smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true
smtp-auth-command=/var/qmail/bin/cmd5checkpw /var/qmail/bin/true
tls-certificate-file=/var/qmail/control/servercert.pem
local-domains-file=/var/qmail/control/rcpthosts
Thanks for looking into this Sam.
Regards,
Shane Bywater
Message: 1
Date: Tue, 1 Apr 2014 18:31:15 -0500
From: Sam Clippinger <[email protected]>
Subject: Re: [spamdyke-users] modifying way that filters are shown in
log files
To: spamdyke users <[email protected]>
Message-ID: <[email protected]>
Content-Type: text/plain; charset="us-ascii"
I'm really sorry I haven't been able to get to spamdyke issues lately, let me
see if I can catch up...
When I test the earlytalker filter by itself from the command line, it appears
to work:
root@patched:/usr/local/src/spamdyke-5.0.0/spamdyke# ./spamdyke --log-target
stderr -linfo -e 10 ../tests/smtpdummy/smtpdummy helo me
220 smtpdummy ESMTP
250 HELO received
mail from:<[email protected]>
250 Refused. You are not following the SMTP protocol.
rcpt to:<[email protected]>
554 Refused. You are not following the SMTP protocol.
spamdyke[4199]: DENIED_EARLYTALKER from: [email protected] to: [email protected]
origin_ip: 0.0.0.0 origin_rdns: (unknown) auth: (unknown) encryption: (none)
reason: (empty) quit
221 Refused. You are not following the SMTP protocol.
So if your connections aren't being whitelisted, there may be a bug where the
earlytalker filter is failing when combined with some other option(s). Could
you send me your spamdyke configuration file so I can try to reproduce your
setup and nail it down?
-- Sam Clippinger
On Mar 13, 2014, at 3:03 PM, Shane Bywater <[email protected]> wrote:
> Hi,
> I disabled all whitelist options in spamdyke.conf and restarted
> spamdyke. Confirmed no whitelist filters continued to be displayed in the
> maillog file and also confirmed that only FILTER_EARLYTALKER delay: 5 was
> found but still no DENIED_EARLYTALKER entries. I even checked back in
> maillog files from 2012 and found the same result. It just can't be an
> authenticated user from so many different IPs (100s) from such a long period
> of time as my server would certainly be listed in multiple DNS blacklists
> (it's currently not in any). If anyone else has the same issue I would be
> curious if it has anything to do with Plesk being involved. If there are no
> other recommendations maybe I'll try installing Spamdyke 5.0.0 unless anyone
> has had issues using it on a Plesk 10.4.4, CentoOS 6 server. All comments
> are welcomed.
>
> Regards,
> Shane Bywater
>
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 12 Mar 2014 17:28:58 -0500
> From: Sam Clippinger <[email protected]>
> Subject: Re: [spamdyke-users] modifying way that filters are shown in
> log files
> To: spamdyke users <[email protected]>
> Message-ID: <[email protected]>
> Content-Type: text/plain; charset="us-ascii"
>
> If the earlytalker filter actually blocks a connection, you should see a
> "DENIED_EARLYTALKER" message in the log. Are you sure that connection isn't
> whitelisted or authenticating? Either of those things would prevent the
> earlytalker filter from actually blocking the connection.
>
> -- Sam Clippinger
>
>
>
>
> On Mar 11, 2014, at 10:04 PM, Shane Bywater <[email protected]> wrote:
>
>> Hi,
>> I'm running Spamdyke 4.3.1 on a Centos 6 server. I've been
>> successfully using spamdyke along with fail2ban to block IPs with the
>> following characteristics:
>> Missing RNDS and RDNS containing IP address.
>>
>> In the maillog files I see the following:
>> Aug 24 04:14:42 server spamdyke[20879]: FILTER_IP_IN_CC_RDNS ip:
>> 186.52.196.7 rdns: r186-52-196-7.dialup.adsl.anteldata.net.uy
>> Aug 24 04:14:42 server spamdyke[20879]: DENIED_IP_IN_CC_RDNS from:
>> [email protected] to: [email protected] origin_ip: 186.52.196.7
>> origin_rdns: r186-52-196-7.dialup.adsl.an Aug 24 04:15:07 server
>> spamdyke[23813]: FILTER_RDNS_MISSING ip: 117.207.23.39 Aug 24
>> 04:15:07 server spamdyke[23813]: DENIED_RDNS_MISSING from:
>> [email protected]
>> to: [email protected] origin_ip: 117.207.23.39 origin_rdns: (unknown)
>> auth: (unknown) Aug 24 04:21:33 apexia spamdyke[25574]:
>> FILTER_EARLYTALKER delay: 5 Aug 24 04:21:33 apexia
>> /var/qmail/bin/relaylock[25582]: /var/qmail/bin/relaylock: mail from
>> 101.208.35.161:51645 (not defined)
>>
>> My fail2ban configuration file contains:
>> [Definition]
>> failregex = spamdyke.+: DENIED_RDNS_MISSING from:.+origin_ip: <HOST>
>> spamdyke.+: DENIED_IP_IN_CC_RDNS from:.+origin_ip: <HOST>
>> spamdyke.+: FILTER_EARLYTALKER delay: 5.+from <HOST> <--not
>> working ignoreregex =
>>
>> My issue is I now want to start banning IPs that set off the
>> FILTER_EARLYTALKER filter but as there is no corresponding
>> DENIED_EARLYTALKER from: [email protected] to [email protected] origin_ip:
>> 111.222.333.444 I cannot figure out the proper failregex expression to match
>> the exising format for FILTER_EARLYTALKER nor do I know how to change
>> spamdyke to show a familiar DENIED_EARLYTALKER ... heading in the maillog
>> which I could determine the proper failregex for. If anyone can provide me
>> with some suggestions that would be appreciated.
>>
>> Regards,
>> Shane Bywater
>>
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
