Kloxo 6.1.12 Stop Spam - Spamdyke

edit /var/qmail/supervise/smtp/run

run file
##############################
#!/bin/sh
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
BLACKLIST=`cat /var/qmail/control/blacklists`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
RBLSMTPD="/usr/bin/rblsmtpd"
HOSTNAME=`hostname`
VCHKPW="/home/lxadmin/mail/bin/vchkpw"
REQUIRE_AUTH=0
LOCAL=`head -1 /var/qmail/control/me`


exec /usr/bin/softlimit -m 20000000 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ 
$RBLSMTPD $SMTPD $VCHKPW /bin/true 2>&1

 

 

#######################################################
tcp.smtp file 
#######################################################
127.:allow,RELAYCLIENT="",RBLSMTPD="", DKSIGN="/var/qmail/control/domainkeys/%/private"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT= "10",CHKUSER_WRONGRCPTLIMIT="3", DKVERIFY="DEGIJKfh",QMAILQUEUE="/var/qmail/bin/simscan", DKQUEUE="/var/qmail/bin/qmail-queue.orig", DKSIGN="/var/qmail/control/domainkeys/%/private"
########################################################
smtp_lxa file
########################################################
service smtp 
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
env = SENDER_NOCHECK=1 DKSIGN=/var/qmail/control/domainkeys/%/private QMAILQUEUE=/var/qmail/bin/simscan
instances = UNLIMITED
server = /usr/bin/lxredirecter.sh
server_args = /var/qmail/bin/tcp-env -Rt0 /usr/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd /home/lxadmin/mail/bin/vchkpw true
}
#########################################################
spamdyke.conf 
########################################################


# This is an example spamdyke configuration file for spamdyke version 4.0.0.
#
# Without editing, this file will do nothing -- every available option is
# commented out. To enable options, edit the values and remove the comment
# markers at the beginning of the lines (#).
#
# See the README.html file in spamdyke's "documentation" directory for a full
# description of each option. The documentation is also available on spamdyke's
# website:
http://www.spamdyke.org/

############################################################ ####################
# Sets spamdyke's overall filter behavior.
# Available values: allow-all, normal, require-auth, reject-all
# Default: normal
filter-level=normal

# Delays the SMTP greeting banner for SECS seconds. A value of 0 disables this
# feature.
# Default: 0
#greeting-delay-secs=NUM
greeting-delay-secs=5

# Limit incoming messages to NUM recipients. A value of 0 disables this
# feature.
# Default: 0
#max-recipients=NUM
max-recipients=3

# Drop superuser privileges and run as USER instead.
# Default: none
#run-as-user=USER[:GROUP]

############################################################ ####################
# DNS TESTS
############################################################ ####################
# Reject connections from remote servers without rDNS names.
# Default: no
#reject-empty-rdns
reject-empty-rdns

# Reject connections from servers with rDNS names that contain their IP address
# and end in a two-character country code.
# Default: no
#reject-ip-in-cc-rdns

# Reject messages from sender whose domain names have no MX records.
# Default: no
#reject-missing-sender-mx
reject-missing-sender-mx

# Reject connections from servers with rDNS names that do not resolve to IP
# addresses.
# Default:no
#reject-unresolvable-rdns
reject-unresolvable-rdns

############################################################ ####################
# LOGGING
############################################################ ####################
# Controls the amount (and detail) of the log messages spamdyke produces.
# Available values: none, error, info, verbose, debug, excessive
# Default: error
log-level=excessive

# Controls where spamdyke's log messages are sent.
# Available values: syslog, stderr
# Default: syslog
#log-target=VALUE

# Outputs all SMTP data into files in DIR.
# Default: none
#full-log-dir=DIR

############################################################ ####################
# CONFIGURATION FILES
############################################################ ####################
# Configuration files can include other configuration files.
# Default: none
#config-file=FILE

# Configuration directories are very powerful but can also be very complicated;
# don't use them if you don't need to.
# Default: none
#config-dir=DIR

# Controls how configuration directories are searched.
# Available values: first, all-ip, all-rdns, all-sender, all-recipient
# Default: first
#config-dir-search=VALUE

############################################################ ####################
# TIMEOUTS
############################################################ ####################
# Close the connection after SECS seconds, regardless of activity. A value of
# 0 disables this feature.
# Default: 0
#connection-timeout-secs=SECS

# Close the connection after SECS seconds of inactivity. A value of 0 disables
# this feature.
# Default: 0
idle-timeout-secs=30

############################################################ ####################
# LOCAL BLACKLISTS
############################################################ ####################
# Reject connections from IP addresses that match IPADDRESS.
# Default: none
#ip-blacklist-entry=IPADDRESS

# Reject connections from IP addresses that match entries in FILE.
# Default: none
#ip-blacklist-file=FILE

# Reject connections from rDNS names that match NAME.
# Default: none
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=list.dsbl.org
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=b.barracudacentral.org
dns-blacklist-entry=zombie.dnsbl.sorbs.net

# Reject connections from rDNS names that match entries in FILE.
# Default: none
#rdns-blacklist-file=FILE

# Reject connections from rDNS names that match files in DIR.
# Default: none
#rdns-blacklist-dir=DIR

# Reject all messages sent to recipient ADDRESS.
# Default: none
#recipient-blacklist-entry=ADDRESS

# Reject all messages sent to any recipient address listed in FILE.
# Default: none
#recipient-blacklist-file=FILE

# Reject all messages sent from sender ADDRESS.
# Default: none
#sender-blacklist-entry=ADDRESS

# Reject all messages sent from any sender address listed in FILE.
# Default: none
#sender-blacklist-file=FILE

# Reject connections from rDNS names that contain their IP address and KEYWORD.
# Default: none
#ip-in-rdns-keyword-blacklist-entry=KEYWORD

# Reject connections from rDNS names that contain their IP address and a keyword
# in FILE.
# Default: none
#ip-in-rdns-keyword-blacklist-file=FILE

############################################################ ####################
# LOCAL WHITELISTS
############################################################ ####################
# Whitelist connections from IP addresses that match IPADDRESS.
# Default: none
#ip-whitelist-entry=IPADDRESS

# Whitelist connections from IP addresses that match entries in FILE.
# Default: none
#ip-whitelist-file=FILE
ip-whitelist-file=/etc/spamdyke-ip-white.list

# Whitelist connections from rDNS names that match NAME.
# Default: none
#rdns-whitelist-entry=NAME

# Whitelist connections from rDNS names that match entries in FILE.
# Default: none
#rdns-whitelist-file=FILE

# Whitelist connections from rDNS names that match files in DIR.
# Default: none
#rdns-whitelist-dir=DIR

# Whitelist all messages sent to recipient ADDRESS.
# Default: none
#recipient-whitelist-entry=ADDRESS

# Whitelist all messages sent to any recipient address listed in FILE.
# Default: none
#recipient-whitelist-file=FILE

# Whitelist all messages sent from sender ADDRESS.
# Default: none
#sender-whitelist-entry=ADDRESS

# Whitelist all messages sent from any sender address listed in FILE.
# Default: none
#sender-whitelist-file=FILE

# Whitelist connections from rDNS names that contain their IP address and
# KEYWORD.
# Default: none
#ip-in-rdns-keyword-whitelist-entry=KEYWORD

# Whitelist connections from rDNS names that contain their IP address and a
# keyword in FILE.
# Default: none
#ip-in-rdns-keyword-whitelist-file=FILE

############################################################ ####################
# DNS-BASED BLACKLISTS
############################################################ ####################
# Check a DNS RBL.
# Default: none
#dns-blacklist-entry=DNSRBL


# Check all DNS RBLs listed in FILE.
# Default: none
#dns-blacklist-file=FILE

# Check an RHSBL.
# Default: none
rhs-blacklist-entry=dynamic.rhs.mailpolice.com
rhs-blacklist-entry=multi.surbl.org
rhs-blacklist-entry=multi.uribl.com
rhs-blacklist-entry=rhsbl.sorbs.net

# Check all RHSBLs listed in FILE.
# Default: none
#rhs-blacklist-file=FILE

############################################################ ####################
# DNS-BASED WHITELISTS
############################################################ ####################
# Check a DNS whitelist.
# Default: none
#dns-whitelist-entry=WHITELIST

# Check all DNS whitelist listed in a file.
# Default: none
#dns-whitelist-file=FILE

# Check an RHS whitelist.
# Default: none
#rhs-whitelist-entry=RHSBL

# Check all RHS whitelists listed in FILE.
# Default: none
#rhs-whitelist-file=FILE

############################################################ ####################
# GRAYLISTING
############################################################ ####################
# Controls the behavior of spamdyke's graylist filter.
# Available values: none, always, always-create-dir, only, only-create-dir
# Default: none
graylist-level=none

# Create the graylist files in DIR.
# Default: none
graylist-dir=/var/tmp/graylist.d

# Invalidate graylist entries after SECS seconds. A value of 0 deactivates this
# feature.
# Default: 0
#graylist-max-secs=SECS
graylist-max-secs=1814400

# Graylist entries are not valid until they are SECS seconds old. A value of 0
# deactivates this feature.
# Default: 0
#graylist-min-secs=SECS
graylist-min-secs=300

# Reverse the current graylist behavior for incoming connections whose IP
# addresses match IPADDRESS.
# Default: none
#graylist-exception-ip-entry=IPADDRESS

# Read a list of IP addresses from a file and reverse the current graylist
# behavior for any connections from matching IP addresses.
# Default: none
#graylist-exception-ip-file=FILE

# Reverse the current graylist behavior for incoming connections whose rDNS
# names match NAME.
# Default: none.
#graylist-exception-rdns-entry=NAME

# Read a list of rDNS names from a file and reverse the current graylist
# behavior for any connections from matching rDNS names.
# Default: none
#graylist-exception-rdns-file=FILE

# Search an rDNS directory and reverse the current graylist behavior for any
# connections from matching rDNS names.
# Default: none
#graylist-exception-rdns-dir=DIR

############################################################ ####################
# SMTP AUTHENTICATION
############################################################ ####################
# Controls the way spamdyke offers, supports and processes SMTP authentication.
# Available values: none, observe, ondemand, ondemand-encrypted, always,
# always-encrypted
# Default: observe
#smtp-auth-level=VALUE

# Process authentication by running COMMAND, if necessary.
# Default: none
#smtp-auth-command=COMMAND

# Use NAME as the local server's name during CRAM-MD5 authentication.
# Default: unknown.server.unknown.domain
#hostname=NAME

# Read the local server's name from the first line of FILE for use during
# CRAM-MD5 authentication.
# Default: none
#hostname-file=FILE

# Run COMMAND and read the local server's name from the first line of output
# for use during CRAM-MD5 authentication.
#hostname-command=COMMAND

############################################################ ####################
# TLS / SSL
############################################################ ####################
# Controls the way spamdyke offers and supports TLS or SMTPS.
# Available values: none, smtp, smtps
# Default: none
#tls-level=VALUE

# Read SSL certificate from FILE.
# Default: none
#tls-certificate-file=FILE

# Read SSL certificate private key from FILE.
# Default: none
#tls-privatekey-file=FILE

# Decrypt SSL certificate private key using PASSWORD.
# Default: none
#tls-privatekey-password=PASSWORD

# Read the password for the SSL certificate private key from the first line of
# FILE.
# Default: none
#tls-privatekey-password-file=FILE

############################################################ ####################
# RELAYING OPTIONS
############################################################ ####################
# Sets spamdyke's relay protection level.
# Available values: block-all, no-check, normal, allow-all
# Default: normal
#relay-level=VALUE

# spamdyke's relay protection requires reading qmail's access file.
# This file is usually: /etc/tcp.smtp
# Default: none
#access-file=FILE

# Several features require access to the list of locally hosted domains.
# This file is usually: /var/qmail/control/rcpthosts
# Default: none
#local-domains-file=FILE
local-domains-file=/var/qmail/control/rcpthosts

# Adds a single domain to spamdyke's list of locally hosted domains.
# Default: none
#local-domains-entry=DOMAIN

############################################################ ####################
# DNS OPTIONS
############################################################ ####################
# These options should only be used if spamdyke's default behavior is causing
# problems.

# Sets the aggressiveness of spamdyke's DNS resolver.
# Available values: none, normal, aggressive
# Default: aggressive
dns-level=aggressive
# Adds a nameserver to spamdyke's list of primary nameservers.
# Default: none (reads nameservers from /etc/resolv.conf)
#dns-server-ip-primary=IP[:PORT]

# Adds a nameserver to spamdyke's list of secondary nameservers.
# Default: none (reads nameservers from /etc/resolv.conf)
#dns-server-ip=IP[:PORT]

# Sets the number of times spamdyke queries its primary nameservers.
# Default: 1
#dns-max-retries-primary=NUM

# Sets the total number of times spamdyke queries nameservers.
# Default: 3
#dns-max-retries-total=NUM

# Sets the total number of seconds spamdyke will spend on any DNS query.
# Default: 30
#dns-timeout-secs=SECS

############################################################ ####################
# REJECTION MESSAGES
############################################################ ####################
# Append URL to the end of every rejection message sent to the remote server.
# Default: none
#policy-url=URL

# Use TEXT as the rejection message when a connection is blocked because the
# remote server matches a line in an access file that denies access.
# Default: "Refused. Access is denied."
#rejection-text-access-denied=TEXT

# Use TEXT as the rejection message when authentication fails for any reason.
# Default: "Refused. Authentication failed."
#rejection-text-auth-failure=TEXT

# Use TEXT as the rejection message when SMTP AUTH is rejected because the
# remote server tries to use an unsupported authentication method. This should
# never happen.
# Default: "Refused. Unknown authentication method."
#rejection-text-auth-unknown=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's IP address is listed on a DNS blacklist. This text will only
# be used if the DNS blacklist does not provide a text message and the name of
# the DNS blacklist will be appended.
# Default: "Refused. Your IP address is listed in the RBL at "
#rejection-text-dns-blacklist=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server sent data before the SMTP greeting banner was sent.
# Default: "Refused. You are not following the SMTP protocol."
#rejection-text-earlytalker=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server has no rDNS name.
# Default: "Refused. You have no reverse DNS entry."
#rejection-text-empty-rdns=TEXT

# Use TEXT as the rejection message when a recipient is blocked by the graylist
# filter.
# Default: "Your address has been graylisted. Try again later."
#rejection-text-graylist=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's IP address is listed in a blacklist file or directory.
# Default: "Refused. Your IP address is blacklisted."
#rejection-text-ip-blacklist=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's rDNS name contains its IP address and ends in a country code.
# Default: "Refused. Your reverse DNS entry contains your IP address and a
# country code."
#rejection-text-ip-in-cc-rdns=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# sender's rDNS name contains its IP address and a blacklisted keyword.
# Default: "Refused. Your reverse DNS entry contains your IP address and a
# banned keyword."
#rejection-text-ip-in-rdns-keyword-blacklist=TEXT

# Use TEXT as the rejection message when a recipient is blocked because the
# recipient address was given with no domain name.
# Default: "Improper recipient address. Try supplying a domain name."
#rejection-text-local-recipient=TEXT

# Use TEXT as the rejection message when a recipient is blocked because the
# maximum number of recipients has been reached.
# Default: "Too many recipients. Try the remaining addresses again later."
#rejection-text-max-recipients=TEXT

# Use TEXT as the rejection message when a recipient is blocked because the
# sender's email domain has no mail exchanger.
# Default: "Refused. The domain of your sender address has no mail exchanger
# (MX)."
#rejection-text-missing-sender-mx=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's rDNS name is listed in a blacklist file or directory.
# Default: "Refused. Your domain name is blacklisted."
#rejection-text-rdns-blacklist=TEXT

# Use TEXT as the rejection message when a recipient is blocked because the
# recipient's address is listed in a blacklist file.
# Default: "Refused. Mail is not being accepted at this address."
#rejection-text-recipient-blacklist=TEXT

# Use TEXT as the rejection message when a connection is blocked because all
# connections are being rejected.
# Default: "Refused. Mail is not being accepted."
#rejection-text-reject-all=TEXT

# Use TEXT as the rejection message when a recipient is blocked because the
# remote server does not have permission to relay.
# Default: "Refused. Sending to remote addresses (relaying) is not allowed."
#rejection-text-relaying-denied=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's rDNS name or the sender's email domain name is listed on a RHS
# blacklist. This text will only be used if the RHS blacklist does not provide a
# text message and the name of the RHS blacklist will be appended.
# Default: "Refused. Your domain name is listed in the RHSBL at "
#rejection-text-rhs-blacklist=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# sender's address is listed in a blacklist file.
# Default: "Refused. Your sender address has been blacklisted."
#rejection-text-sender-blacklist=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server has not authenticated.
# Default: "Refused. Authentication is required to send mail."
#rejection-text-smtp-auth-required=TEXT

# Use TEXT as the rejection message when a connection times out.
# Default: "Timeout. Talk faster next time."
#rejection-text-timeout=TEXT

# Use TEXT as the rejection message when a SSL/TLS connection cannot be
# negotiated with the remote client.
# Default: "Failed to negotiate TLS connection."
#rejection-text-tls-failure=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's rDNS name does not resolve.
# Default: "Refused. Your reverse DNS entry does not resolve."
#rejection-text-unresolvable-rdns=TEXT

# Use TEXT as the rejection message when a connection is blocked because no valid
# recipients have been given.
# Default: "Refused. You must specify at least one valid recipient."
#rejection-text-zero-recipients=TEXT

###########################################################
log level must be changed.. 
Should Work!