odd behaviour of spamdb

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

odd behaviour of spamdb

Markus Rosjat
hi there,

I have a script the following script to delete spam mx ip from the spamd
whitelist and write them in my own blacklist. After that I reload the
blacklist with spamd- setup.  This seems to work but I noticed when the
same ip has another mail in the greylist the ip becomes whitelisted if
the delivery attempt is successful (which it shouldnt in the first place
because I trapped the ip and put it in my blacklist). This seems like an
odd behaviour to me, its not the end of the world but it feels kinda
wrong :)

here is the script:

ip_range=$1

for i in `spamdb | grep $ip_range | grep WHITE | awk -F "|" '{print $2}'`;
  do
   echo $i
   /usr/sbin/spamdb -d $i
   /usr/sbin/spamdb -a -t $i
   echo $i >> /etc/mail/blacksheep.txt
  done

/usr/libexec/spamd-setup

maybe someone give me some hints for improvement

regards

--
Markus Rosjat    fon: +49 351 8107223    mail: [hidden email]

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT

Reply | Threaded
Open this post in threaded view
|

Re: odd behaviour of spamdb

patrick keshishian
On 7/13/15, Markus Rosjat <[hidden email]> wrote:

> hi there,
>
> I have a script the following script to delete spam mx ip from the spamd
> whitelist and write them in my own blacklist. After that I reload the
> blacklist with spamd- setup.  This seems to work but I noticed when the
> same ip has another mail in the greylist the ip becomes whitelisted if
> the delivery attempt is successful (which it shouldnt in the first place
> because I trapped the ip and put it in my blacklist). This seems like an
> odd behaviour to me, its not the end of the world but it feels kinda
> wrong :)

If i understand your message correctly, after removal of the ip
from the WHITE list, it still remains in the GREY, which will be
WHITE-listed again, on the next spamd scan (60 second interval),
thus, allowing for the successful delivery.

To see this with an IP that has been WHITE-listed, but still in
the GREY, do:

$ spamdb | grep $ip
WHITE|$ip|...
GREY|$ip|...
$ spamdb -d $ip
$ spamdb | grep $ip
GREY|$ip|...
$ sleep 60
$ spamdb | grep $ip
WHITE|$ip|...
GREY|$ip|...


As a side note, your awk bit can be replaced by a `cut -d \| -f 2'.

--patrick


> here is the script:
>
> ip_range=$1
>
> for i in `spamdb | grep $ip_range | grep WHITE | awk -F "|" '{print $2}'`;
>   do
>    echo $i
>    /usr/sbin/spamdb -d $i
>    /usr/sbin/spamdb -a -t $i
>    echo $i >> /etc/mail/blacksheep.txt
>   done
>
> /usr/libexec/spamd-setup
>
> maybe someone give me some hints for improvement
>
> regards
>
> --
> Markus Rosjat    fon: +49 351 8107223    mail: [hidden email]
>
> G+H Webservice GbR Gorzolla, Herrmann
> Königsbrücker Str. 70, 01099 Dresden
>
> http://www.ghweb.de
> fon: +49 351 8107220   fax: +49 351 8107227
>
> Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you
> print it, think about your responsibility and commitment to the ENVIRONMENT

Reply | Threaded
Open this post in threaded view
|

Re: odd behaviour of spamdb

Markus Rosjat
Am 13.07.2015 um 10:07 schrieb patrick keshishian:

> On 7/13/15, Markus Rosjat <[hidden email]> wrote:
>> hi there,
>>
>> I have a script the following script to delete spam mx ip from the spamd
>> whitelist and write them in my own blacklist. After that I reload the
>> blacklist with spamd- setup.  This seems to work but I noticed when the
>> same ip has another mail in the greylist the ip becomes whitelisted if
>> the delivery attempt is successful (which it shouldnt in the first place
>> because I trapped the ip and put it in my blacklist). This seems like an
>> odd behaviour to me, its not the end of the world but it feels kinda
>> wrong :)
> If i understand your message correctly, after removal of the ip
> from the WHITE list, it still remains in the GREY, which will be
> WHITE-listed again, on the next spamd scan (60 second interval),
> thus, allowing for the successful delivery.
well after the first run of the script the ip should be trapped and in
my opinion the grey mail shouldnt white list  the ip again. I just saw
this behaviour  2 times with the same ip because they sent the mail to 3
different mailaddresses.

> To see this with an IP that has been WHITE-listed, but still in
> the GREY, do:
>
> $ spamdb | grep $ip
> WHITE|$ip|...
> GREY|$ip|...
> $ spamdb -d $ip
> $ spamdb | grep $ip
> GREY|$ip|...
> $ sleep 60
> $ spamdb | grep $ip
> WHITE|$ip|...
> GREY|$ip|...
>
>
> As a side note, your awk bit can be replaced by a `cut -d \| -f 2'.
  thanks for the hint :)

> --patrick
>
>
>> here is the script:
>>
>> ip_range=$1
>>
>> for i in `spamdb | grep $ip_range | grep WHITE | awk -F "|" '{print $2}'`;
>>    do
>>     echo $i
>>     /usr/sbin/spamdb -d $i
>>     /usr/sbin/spamdb -a -t $i
>>     echo $i >> /etc/mail/blacksheep.txt
>>    done
>>
>> /usr/libexec/spamd-setup
>>
>> maybe someone give me some hints for improvement
>>
>> regards
>>
>> --
>> Markus Rosjat    fon: +49 351 8107223    mail: [hidden email]
>>
>> G+H Webservice GbR Gorzolla, Herrmann
>> Königsbrücker Str. 70, 01099 Dresden
>>
>> http://www.ghweb.de
>> fon: +49 351 8107220   fax: +49 351 8107227
>>
>> Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you
>> print it, think about your responsibility and commitment to the ENVIRONMENT
>>
>>

--
Markus Rosjat    fon: +49 351 8107223    mail: [hidden email]

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT

Reply | Threaded
Open this post in threaded view
|

Re: odd behaviour of spamdb

Boudewijn Dijkstra-2
In reply to this post by Markus Rosjat
Op Mon, 13 Jul 2015 09:14:37 +0200 schreef Markus Rosjat <[hidden email]>:

> hi there,
>
> I have a script the following script to delete spam mx ip from the spamd
> whitelist and write them in my own blacklist. After that I reload the
> blacklist with spamd- setup.  This seems to work but I noticed when the
> same ip has another mail in the greylist the ip becomes whitelisted if
> the delivery attempt is successful (which it shouldnt in the first place
> because I trapped the ip and put it in my blacklist). This seems like an
> odd behaviour to me, its not the end of the world but it feels kinda
> wrong :)
>
> here is the script:
>
> ip_range=$1
>
> for i in `spamdb | grep $ip_range | grep WHITE | awk -F "|" '{print $2}'`;
>   do
>    echo $i
>    /usr/sbin/spamdb -d $i
>    /usr/sbin/spamdb -a -t $i
>    echo $i >> /etc/mail/blacksheep.txt
>   done
>
> /usr/libexec/spamd-setup
>
> maybe someone give me some hints for improvement

The explicit deletion (-d) is unnecessary and may have race condition problems.  An IP that is both trapped and grey will not be re-added to the whitelist, unless spamlogd interferes.



--
(Remove the obvious prefix to reply privately.)
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/