spamdyke spamdyke is a drop-in filter for qmail to provide connection-time blacklisting, graylisting, DNS RBL checking, improved logging.
Download

spamdyke Ranking & Summary

spamdyke Tags

mail mail filter qmail qmail filter DNS RBL checking spamdyke

spamdyke Description

spamdyke is a drop-in filter for qmail to provide connection-time blacklisting, graylisting, DNS RBL checking, improved logging. spamdyke is a drop-in filter for qmail to provide connection-time blacklisting, graylisting, DNS RBL checking, improved logging, and more spamdyke project is a standalone program that does not use qmail source code or require patching/recompiling qmail.For anyone who runs a mail server, spam is a problem. It's a huge problem and it's only getting bigger. Unfortunately, qmail doesn't have many facilities for dealing with spam. qmail also doesn't do good logging. The qmail logs are probably useful to qmail developers but not to system administrators. Consider:- Qmail doesn't log with a human-readable time format. - Qmail logs don't track usable information (like senders and recipients). - Qmail doesn't log to a single log file, making it very difficult to track an email from connection to delivery. - Qmail logs roll over after a set size is reached (could be a few hours, could be a few minutes).All of these things makes qmail very difficult to troubleshoot or monitor. spamdyke solves this. It monitors incoming traffic, acting as a middleman between qmail and the remote server. It catches the sender and recipient addresses as they go by and logs them to syslog. If it sees something it doesn't like (e.g. a blacklisted sender), it cuts the connection, closes qmail and fakes the rest of the SMTP transaction with the remote server. qmail thinks the remote server disconnected normally. The remote server thinks qmail is rejecting the message. It's the best of both worlds.Some history: DJB's ucspi-tools package includes a handy little program called rblsmtpd for checking incoming SMTP connections against a DNSRBL. Initially, this seemed like a great thing (and it was) but it didn't go far enough. Lots of spam still came through. So after extending rblsmtpd to do more and more and more things, a limit was finally reached where it wouldn't go any further. Thus, spamdyke was born.Those filters end up rejecting more than 99.9% of the incoming connections to my mail server. As a result, I receive (on average) less than one spam message PER WEEK! (Down from a high of 70 per day.) Regular correspondance with real people has not suffered.Graylisting deserves special mention. As of 2007, it's not widely used (and therefore still effective against spammers). Here's how it works: An incoming connection is received and the sender and recipient are identified.A log is consulted to see if the sender has sent email to the recipient before. If so, the message is accepted. If not, the message is rejected with a temporary rejection code and a log entry is made. When the remote mail server retries the message (usually only a few minutes later), the previously-logged connection is noted and the message is accepted.Simple, right? After the system is activated, regular correspondents' first email is delayed a few minutes. After that, there are no delays. But the spam stops because most spammers don't retry their deliveries! Even when they do, they usually change their sender address to a new (fake) one, which gets graylisted.Graylisting is amazing and makes a tremendous difference (for now). spamdyke will also:- Bypass all filters if the remote server's IP address is listed in an IP whitelist file. - Bypass all filters if the remote server's reverse DNS entry is listed in a domain name whitelist file. - Log meaningful messages to the syslog (very unlike qmail's logs). - Log all SMTP traffic to aid diagnosing problems. Here are some key features of "spamdyke": · Reject the connection if the remote server has no reverse DNS entry. · Reject the connection if the remote server's reverse DNS entry does not resolve. · Reject the connection if the remote server's reverse DNS entry contains its IP address and a prohibited keyword (like "dynamic"). · Reject the connection if the remote server's reverse DNS entry contains its IP address and ends in a country code (what's the japanese word for "dynamic"?). · Reject the connection if the remote server's IP address is listed in an IP blacklist. · Reject the connection if the remote server's reverse DNS entry is listed in a domain name blacklist. · Reject the connection if the remote server's IP address is listed in a given DNS realtime blacklist. · Reject the connection if the remote server sends data before the SMTP greeting banner is displayed (earlytalkers). · Reject the connection if the sender's address is listed in a sender blacklist file. · Limit recipients to a maximum number per connection. (Yes, this goes against RFC 821 but legitimate mail servers retry the rejected recipients, spammers don't.) · Graylist incoming mail to specific domains (some domains can enjoy graylisting while others do not). · Close the connection after a set idle time. · Close the connection after a set maximum time. What's New in This Release: · A bug in Plesk 9 that sets the remote IP address to a name instead of an IP address was worked around.

spamdyke Related Software