date:20071026

Re: [spamdyke-users] smtp auth relay issues

2007-10-26 Thread Sam Clippinger

In order for spamdyke to correctly handle relaying, it needs three 
things: smtp-auth-command, access-file and local-domains-file.  It looks 
like you're missing the local-domains-file directive.  Try adding this 
to your spamdyke config:
local-domains-file=/var/qmail/control/rcpthosts

That'll probably do it.

-- Sam Clippinger

Steve Cole wrote:
 I have spamdyke working properly with SMTP-AUTH and TLS as far as I can 
 tell.  Spamdyke authenticates me and allows me to write to accounts on the 
 system, but when i try to relay to another system (any other system) it 
 denies me even though I've gone through the authentication (sorry, that is 
 not listed in my rcpthosts error message)
 
 In the logfile, this is the error I see:
 
 Oct 25 16:53:26 zeus spamdyke[4907]: DENIED_OTHER from: [EMAIL PROTECTED] to: 
 spamdyke-users@spamdyke.org origin_ip: 1x9.2x6.xx.77 origin_rdns: 
 XXX..com auth: [EMAIL PROTECTED]
 
 Is this expected behaviour?  Is the access-list file supposed to be set up 
 specifically to allow relaying to remote systems?
 
 Please let me know if there's something I've missed.
 
 PS, I used this command: perl -MMIME::Base64 -e 'print encode_base64 
 ([EMAIL PROTECTED])'
 
 to generate the AUTH PLAIN line.  In case anyone else runs into the need to 
 test.
 
 with config-test there are no errors other than it complaining that vchkpw is 
 not owned by root.
 
 Any help is appreciated.
 
 My entire config:
 
 log-level=2
 idle-timeout-secs=60
 tls-certificate-file=/usr/lib/courier-imap/share/pop3d.pem
 smtp-auth-command=/var/vpopmail/bin/vchkpw /bin/true
 hostname=xxx.xxs.net
 access-file=/var/vpopmail/etc/sd-access
 
 --
 Cheers,
 Steve
 ___
 spamdyke-users mailing list
 spamdyke-users@spamdyke.org
 http://www.spamdyke.org/mailman/listinfo/spamdyke-users
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] smtp auth relay issues

2007-10-26 Thread Sam Clippinger

You shouldn't need to add anything special to the access file.  As long 
as the remote IP address is allowed to send mail at all (i.e. it matches 
an :allow line), that should be enough.

Try as I might, I can't reproduce what you're seeing.  Here's what I 
tried, using spamdyke 3.0.1 (the IP address is from one of Verizon's 
mail servers):

spamdyke-3.0.1/tests# cat tmp/spamdyke.conf
log-level=2
idle-timeout-secs=60
tls-certificate-file=certificates/combined_no_passphrase/server.pem
smtp-auth-command=/home/vpopmail/bin/vchkpw /usr/bin/true
hostname=xxx.xxs.net
access-file=tmp/access.txt
local-domains-file=tmp/local_domains.txt
spamdyke-3.0.1/tests# cat tmp/local_domains.txt
example.net
spamdyke-3.0.1/tests# cat tmp/access.txt
:allow
spamdyke-3.0.1/tests# export TCPREMOTEIP=162.115.228.33
spamdyke-3.0.1/tests# ../spamdyke/spamdyke -f tmp/spamdyke.conf 
/var/qmail/bin/qmail-smtpd
220 openbsd.silence.org ESMTP
ehlo me
250-openbsd.silence.org
250-PIPELINING
250-8BITMIME
250-AUTH LOGIN PLAIN
250 STARTTLS
auth plain AH...XI=
235 Proceed.
mail from:[EMAIL PROTECTED]
250 ok
rcpt to:[EMAIL PROTECTED]
250 ok
data
354 go ahead
To: [EMAIL PROTECTED]
Subject: Testing

FOO!
.
250 ok 1188333446 qp 610
quit
221 openbsd.silence.org
spamdyke-3.0.1/tests# tail /var/log/maillog
Aug 28 16:37:18 openbsd spamdyke[3592]: ALLOWED from: [EMAIL PROTECTED] 
to: [EMAIL PROTECTED] origin_ip: 162.115.228.33 origin_rdns: 
polaris.verizonwireless.com auth: [EMAIL PROTECTED]
spamdyke-3.0.1/tests#


I get the same results when I remove example.net from the 
local_domains.txt file, so clearly spamdyke is allowing the relaying to 
take place.

When I don't authenticate, spamdyke blocks the attempt to relay:

spamdyke-3.0.1/tests# ../spamdyke/spamdyke -f tmp/spamdyke.conf 
/var/qmail/bin/qmail-smtpd
220 openbsd.silence.org ESMTP
ehlo me
250-openbsd.silence.org
250-PIPELINING
250-8BITMIME
250-AUTH LOGIN PLAIN
250 STARTTLS
mail from:[EMAIL PROTECTED]
250 ok
rcpt to:[EMAIL PROTECTED]
554 Refused. Sending to remote addresses (relaying) is not allowed.
quit
221 openbsd.silence.org
spamdyke-3.0.1/tests#


This installation of qmail is netqmail-1.05 with no additional patches 
applied (other than the netqmail patches).  vpopmail is installed, 
obviously.

A little background: a standard installation of qmail will allow 
relaying if the matching line from the access file sets the RELAYCLIENT 
environment variable.  When spamdyke is configured to handle relaying 
(by enabling SMTP AUTH and providing the access and local domains 
files), it fools qmail by _always_ setting the RELAYCLIENT variable and 
blocking relaying itself.  Because you're seeing qmail's relaying error 
message, I think something else on your system must be unsetting the 
RELAYCLIENT environment variable before qmail-smtpd runs.

Can you send your entire qmail command line?  Also, how did you install 
qmail?  What patches are applied?

-- Sam Clippinger

Steve Cole wrote:
 On Friday 26 October 2007, Sam Clippinger wrote:
 
 I've added these two lines to the config
 
 local-domains-file=/var/qmail/control/rcpthosts
 local-domains-file=/var/qmail/control/morercpthosts
 
 I still am unable to relay:
 
 
 AUTH PLAIN AHNoXX1hXXBrbXXubmVXXGdXXG9uaXQh
 235 Proceed.
 MAIL FROM: [EMAIL PROTECTED]
 250 ok
 RCPT TO: [EMAIL PROTECTED]
 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - 
 chkuser)
 
 Is there something which needs to be in my access-file such as AUTH:allow or 
 something of that nature that I missed in the documentation?  I spent about 
 two hours in the README and FAQ before posting to the list, please don't 
 shoot me.  :)
 
 I did also kill and restart the tcpserver process and did one run through 
 with 
 config-test as well to be sure that i had the file paths right, etc.
 
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

[spamdyke-users] installation question

2007-10-26 Thread Raj

hi

in the install.txt file which comes along with the download the configuration 
in qmail smtp run file is as such

/usr/local/bin/spamdyke -f /etc/spamdyke.conf \


when i look at the forums it is

/usr/local/bin/spamdyke --config-file = /etc/spamdyke.conf \

now which is correct ?

rajesh
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] smtp auth relay issues

2007-10-26 Thread Steve Cole

I had nothing in my access file.

It appears to work in this case when :allow is in the access-file.   The
documentation isn't too clear on this, although I would *SWEAR* that I
tried this beforehand.  Perhaps I was adding -x to the tcpserver command,
I know I did throw that in for kicks at one point (and I need to test that
again).

Thanks for the help, I tested it several times and it appears to work as
expected.  It's a great product, even if I'm not actually using it for
spam protection! :)

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

[spamdyke-users] permissions for spamdyke binary

2007-10-26 Thread Raj

hello

what should be permissions for the spamdyke binary if i am using qmailtoaster.

also is it possible to log the spamdyke reports to a seperate file instead of 
/var/log/maillog ?

rajesh
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] smtp auth relay issues

Re: [spamdyke-users] smtp auth relay issues

[spamdyke-users] installation question

Re: [spamdyke-users] smtp auth relay issues

[spamdyke-users] permissions for spamdyke binary

5 matches

Site Navigation

Mail list logo

Footer information