Discussion:
strange behaviour spamd
(too old to reply)
Markus Rosjat
2016-07-21 15:34:37 UTC
Permalink
Hi there,

I noticed that a trapped ip gets whitelisted when there are still
greylisted messages. this shouldn't happen when I use the -a -t switches
to trap the ip or do I miss something here ?

Regards
--
Markus Rosjat fon: +49 351 8107223 mail: ***@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220 fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT
Peter Hessler
2016-07-22 07:54:22 UTC
Permalink
Greytrap addresses only trap the systems when it has not been seen
before. In your case, they arlready have a GREY entry, so they have
been seen and the trapping won't take effect.


On 2016 Jul 21 (Thu) at 17:34:37 +0200 (+0200), Markus Rosjat wrote:
:Hi there,
:
:I noticed that a trapped ip gets whitelisted when there are still greylisted
:messages. this shouldn't happen when I use the -a -t switches to trap the ip
:or do I miss something here ?
:
:Regards
:
:--
:Markus Rosjat fon: +49 351 8107223 mail: ***@ghweb.de
:
:G+H Webservice GbR Gorzolla, Herrmann
:K??nigsbr??cker Str. 70, 01099 Dresden
:
:http://www.ghweb.de
:fon: +49 351 8107220 fax: +49 351 8107227
:
:Bitte pr??fen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you
:print it, think about your responsibility and commitment to the ENVIRONMENT
:

--
We don't understand the software, and sometimes we don't understand the
hardware, but we can *___see* the blinking lights!
Markus Rosjat
2016-07-22 08:53:01 UTC
Permalink
This seems flawed , because when I see a spammer sending a mail to 10
addresses and I trap the spammer IP the grey entries shouldn't over ride
the Trap entry at all. I even put the ip on my personal blacklist and
called the spamd-setup to take effect. At this point the grey entries
shouldnt be delivered in my opinion.
Post by Peter Hessler
Greytrap addresses only trap the systems when it has not been seen
before. In your case, they arlready have a GREY entry, so they have
been seen and the trapping won't take effect.
:Hi there,
:I noticed that a trapped ip gets whitelisted when there are still greylisted
:messages. this shouldn't happen when I use the -a -t switches to trap the ip
:or do I miss something here ?
:Regards
:--
:G+H Webservice GbR Gorzolla, Herrmann
:K??nigsbr??cker Str. 70, 01099 Dresden
:http://www.ghweb.de
:fon: +49 351 8107220 fax: +49 351 8107227
:Bitte pr??fen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you
:print it, think about your responsibility and commitment to the ENVIRONMENT
--
Markus Rosjat fon: +49 351 8107223 mail: ***@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220 fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT
Chris Bennett
2016-07-22 14:32:14 UTC
Permalink
Post by Markus Rosjat
This seems flawed , because when I see a spammer sending a mail to 10
addresses and I trap the spammer IP the grey entries shouldn't over ride the
Trap entry at all. I even put the ip on my personal blacklist and called the
spamd-setup to take effect. At this point the grey entries shouldnt be
delivered in my opinion.
Post by Peter Hessler
Greytrap addresses only trap the systems when it has not been seen
before. In your case, they arlready have a GREY entry, so they have
been seen and the trapping won't take effect.
I have to agree with Markus Rosjat 100%.
I have a script running that picks out evil spam addresses that I have
seen previously and traps them.
Which is worthless, as it runs off the Greytrapped addresses.
Which means that the only way I can block them is with pfctl blocking
the address permanently? Some of these IP addresses are forged, but
would still block that address for the incoming spam.

Seriously, I'm looking at this wrong or is there another answer I'm not
seeing?

Thanks,
Chris Bennett

Loading...