spamdyke is a drop-in filter for qmail to provide connection-time blacklisting, graylisting, DNS RBL checking, improved logging.
Version: 4.0.10spamdyke is a drop-in filter for qmail to provide connection-time blacklisting, graylisting, DNS RBL checking, improved logging, and more spamdyke project is a standalone program that does not use qmail source code or require patching/recompiling qmail.
Operating System: Linux
For anyone who runs a mail server, spam is a problem. It's a huge problem and it's only getting bigger. Unfortunately, qmail doesn't have many facilities for dealing with spam. qmail also doesn't do good logging. The qmail logs are probably useful to qmail developers but not to system administrators. Consider:
- Qmail doesn't log with a human-readable time format.
- Qmail logs don't track usable information (like senders and recipients).
- Qmail doesn't log to a single log file, making it very difficult to track an email from connection to delivery.
- Qmail logs roll over after a set size is reached (could be a few hours, could be a few minutes).
All of these things makes qmail very difficult to troubleshoot or monitor. spamdyke solves this. It monitors incoming traffic, acting as a middleman between qmail and the remote server. It catches the sender and recipient addresses as they go by and logs them to syslog. If it sees something it doesn't like (e.g. a blacklisted sender), it cuts the connection, closes qmail and fakes the rest of the SMTP transaction with the remote server. qmail thinks the remote server disconnected normally. The remote server thinks qmail is rejecting the message. It's the best of both worlds.
Some history: DJB's ucspi-tools package includes a handy little program called rblsmtpd for checking incoming SMTP connections against a DNSRBL. Initially, this seemed like a great thing (and it was) but it didn't go far enough. Lots of spam still came through. So after extending rblsmtpd to do more and more and more things, a limit was finally reached where it wouldn't go any further. Thus, spamdyke was born.
Those filters end up rejecting more than 99.9% of the incoming connections to my mail server. As a result, I receive (on average) less than one spam message PER WEEK! (Down from a high of 70 per day.) Regular correspondance with real people has not suffered.
Graylisting deserves special mention. As of 2007, it's not widely used (and therefore still effective against spammers). Here's how it works:
An incoming connection is received and the sender and recipient are identified.
A log is consulted to see if the sender has sent email to the recipient before. If so, the message is accepted. If not, the message is rejected with a temporary rejection code and a log entry is made.
When the remote mail server retries the message (usually only a few minutes later), the previously-logged connection is noted and the message is accepted.
Simple, right? After the system is activated, regular correspondents' first email is delayed a few minutes. After that, there are no delays. But the spam stops because most spammers don't retry their deliveries! Even when they do, they usually change their sender address to a new (fake) one, which gets graylisted.
Graylisting is amazing and makes a tremendous difference (for now). spamdyke will also:
- Bypass all filters if the remote server's IP address is listed in an IP whitelist file.
- Bypass all filters if the remote server's reverse DNS entry is listed in a domain name whitelist file.
- Log meaningful messages to the syslog (very unlike qmail's logs).
- Log all SMTP traffic to aid diagnosing problems.