Assuming the "ALLOWED" log message you provided is accurate, it looks like the problem is authentication -- all filters are disabled after authentication succeeds. Your log message shows the same username in both the "from" and "auth" fields, which makes me suspect either the user's password has been compromised or the user's PC has been infected with malware.
I'd suggest changing the account password so authentication will fail -- spamdyke's filters should work fine after that. -- Sam Clippinger On Mar 23, 2016, at 5:00 AM, Stephen Provis via spamdyke-users <[email protected]> wrote: > Hi, I'm having trouble blacklisting specific sending email addresses and > would appreciate some advice please. I am using Spamdyke 5.0.1 on Ubuntu > 10.04 and qmail. > > I have tried all of the following rules to block email from a specific email > (for security lets say the email address is [email protected]) but each time > Spamdyke allows the emails through. > > My config file looks like this: > > header-blacklist-entry=From: *<*smith.fake>* > header-blacklist-entry=from:*smith.fake* > header-blacklist-entry=From:*[email protected]* > > [email protected] > [email protected] > > #sender-blacklist-file=/tmp/spamdyke.txt > > dns-server-ip=208.67.222.222:53 > log-level=excessive > max-recipients=5 > idle-timeout-secs=300 > reject-empty-rdns > reject-unresolvable-rdns > reject-ip-in-cc-rdns > reject-sender=no-mx > dns-blacklist-entry=b.barracudacentral.org > dns-blacklist-entry=zen.spamhaus.org > rhs-blacklist-entry=fresh.spameatingmonkey.com > > > ################################################################################ > # SET THE FILENAME BELOW AND ENABLE BOTH OF THESE OPTIONS > ################################################################################ > # Controls the way spamdyke offers and supports TLS or SMTPS. > tls-level=smtp > > # Read SSL certificate from FILE. > tls-certificate-file=/var/qmail/control/servercert.pem > > And the syslog reports the following: > > Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: > [email protected] > Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: > [email protected] > Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: hook_dir = > '/opt/psa/handlers/before-queue' > Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: recipient[3] = > '[email protected]' > Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: handlers dir = > '/opt/psa/handlers/before-queue/recipient/[email protected]' > Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail-queue-handlers[6890]: starter: > submitter[6899] exited normally > Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail: 1458726477.792849 new msg 32933026 > Mar 23 09:47:57 lvpsxx-xx-xx-xxx qmail: 1458726477.792929 info msg 32933026: > bytes 1269 from <[email protected]> qp 6899 uid 2020 > Mar 23 09:47:57 lvpsxx-xx-xx-xxx spamdyke[6822]: ALLOWED from: > [email protected] to: [email protected] origin_ip: xxx.xxx.xxx.xxx > origin_rdns: xxxx.xxxxxxx.net auth: [email protected] encryption: TLS reason: > 250_ok_1458726477_qp_6890 > > Any assistance would be greatly appreciated. > > Regards, > Stephen > > > > Stephen Provis > Website Developer > Stephen Provis and Co > > t: 07922 195703 > w: www.stephenprovis.com > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
