Hi.
I have been using plesk for some years now, and last year i discovered spamdyke.
I got rid of almost all spammails. But somehow i can't get rid of spammers that spoof my localdomains.
The from and to address is the same.
I have spent the last week to find a solution but every try is failing.
Could someone with a working (correct qmail+spamdyke) installation/configuration help me?
This is what i got atm.
spamdyke.conf
smtp_psa
The whitelisted_ip file contains the mailservers ip-addresses.
The blacklisted_senders file contains the localdomains (@domain.tld).
The blacklisted_words contains alot of words like .t-dialin.net, .t-ipconnect.de, .in-addr.arpa, .dhcp, .net, in-addr.arpa, dhcp, dynamic, and so on.
I understand the spamdyke filters that they work something like this. If the sending server is listed in whitelisted_ip the mail passes the filter. If its not listed in whitelisted_ip it then checks the blacklisted_senders if the sending address is listed it drops the mail. Is that correct?
Here is a sample of the mail.log of a spammail that in my opinion should have been dropped but passes all filters.
Im not quite sure if the smtp_auth works. Its not open for relay, but i want all users to be authenticated in order to be able to send mails. Anyone got that working with spamdyke and plesks qmail?
Im using Debian system.
Looking forward to your replys.
Kind Regards
M
I have been using plesk for some years now, and last year i discovered spamdyke.
I got rid of almost all spammails. But somehow i can't get rid of spammers that spoof my localdomains.
The from and to address is the same.
I have spent the last week to find a solution but every try is failing.
Could someone with a working (correct qmail+spamdyke) installation/configuration help me?
This is what i got atm.
spamdyke.conf
Code:
log-level=verbose
filter-level=normal
local-domains-file=/var/qmail/control/rcpthosts
max-recipients=20
idle-timeout-secs=60
graylist-level=only
graylist-dir=/var/qmail/spamdyke/greylist
graylist-min-secs=300
graylist-max-secs=1814400
sender-whitelist-file=/var/qmail/spamdyke/whitelisted_senders
rdns-whitelist-file=/var/qmail/spamdyke/whitelisted_rdns
ip-whitelist-file=/var/qmail/spamdyke/whitelisted_ip
sender-blacklist-file=/var/qmail/spamdyke/blacklisted_senders
recipient-blacklist-file=/var/qmail/spamdyke/blacklisted_recipients
ip-blacklist-file=/var/qmail/spamdyke/blacklisted_ip
dns-blacklist-entry=zen.spamhaus.org
reject-empty-rdns
reject-unresolvable-rdns
greeting-delay-secs=5
reject-missing-sender-mx
policy-url=http://www.your-domain-here.com/spam_policy
smtp_psa
Code:
service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
env = SMTPAUTH=1
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}
The whitelisted_ip file contains the mailservers ip-addresses.
The blacklisted_senders file contains the localdomains (@domain.tld).
The blacklisted_words contains alot of words like .t-dialin.net, .t-ipconnect.de, .in-addr.arpa, .dhcp, .net, in-addr.arpa, dhcp, dynamic, and so on.
I understand the spamdyke filters that they work something like this. If the sending server is listed in whitelisted_ip the mail passes the filter. If its not listed in whitelisted_ip it then checks the blacklisted_senders if the sending address is listed it drops the mail. Is that correct?
Here is a sample of the mail.log of a spammail that in my opinion should have been dropped but passes all filters.
Code:
Dec 15 21:22:57 web01 /var/qmail/bin/relaylock[6350]: /var/qmail/bin/relaylock: mail from 125.25.15.31:52521 (125.25.15.31.adsl.dynamic.totbb.net)
Dec 15 21:22:59 web01 spamdyke[6349]: TLS_ENCRYPTED from: (unknown) to: (unknown) origin_ip: 125.25.15.31 origin_rdns: 125.25.15.31.adsl.dynamic.totbb.net auth: (unknown)
Dec 15 21:23:01 web01 qmail-queue-handlers[6354]: Handlers Filter before-queue for qmail started ...
Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: [email protected]
Dec 15 21:23:02 web01 qmail-queue-handlers[6354]: [email protected]
Dec 15 21:23:02 web01 spf filter[6355]: Starting spf filter...
Dec 15 21:23:02 web01 spf filter[6355]: Error code: (2) Could not find a valid SPF record
Dec 15 21:23:02 web01 spf filter[6355]: Failed to query MAIL-FROM: No DNS data for 'domain.tld'.
Dec 15 21:23:02 web01 spf filter[6355]: SPF result: none
Dec 15 21:23:02 web01 spf filter[6355]: SPF status: PASS
Dec 15 21:23:02 web01 qmail-queue[6356]: scan: the message(drweb.tmp.Wu6OR3) sent by [email protected] to [email protected] is passed
Dec 15 21:23:02 web01 qmail: 1260908582.819935 new msg 4253887
Dec 15 21:23:02 web01 qmail: 1260908582.819935 info msg 4253887: bytes 2469 from <[email protected]> qp 6357 uid 2020
Dec 15 21:23:02 web01 qmail-local-handlers[6358]: Handlers Filter before-local for qmail started ...
Dec 15 21:23:02 web01 qmail-local-handlers[6358]: [email protected]
Dec 15 21:23:02 web01 qmail-local-handlers[6358]: [email protected]
Dec 15 21:23:02 web01 qmail-local-handlers[6358]: mailbox: /var/qmail/mailnames/domain.tld/kundtjanst
Dec 15 21:23:02 web01 qmail: 1260908582.855935 starting delivery 2998: msg 4253887 to local [email protected]
Dec 15 21:23:02 web01 qmail: 1260908582.855935 status: local 1/10 remote 0/20
Dec 15 21:23:02 web01 qmail: 1260908582.859935 delivery 2998: success: did_0+0+2/
Dec 15 21:23:02 web01 qmail: 1260908582.859935 status: local 0/10 remote 0/20
Dec 15 21:23:02 web01 qmail: 1260908582.859935 end msg 4253887
Im not quite sure if the smtp_auth works. Its not open for relay, but i want all users to be authenticated in order to be able to send mails. Anyone got that working with spamdyke and plesks qmail?
Im using Debian system.
Looking forward to your replys.
Kind Regards
M