[spamdyke-users] PLESK SSL
Hi,
i have on all of our PLESK-servers a problem the with SSL support. TLS
works fine so far. But if a client trys to connect via port 465 the
connection give an timeout (connection died). Did i miss anything?
spamdyke 3.1.5 (also with 3.1.3)
Fedora and Centos machines.
Thanks in advance,
Otto
My /etc/xinetd.d/smtps_psa:
service smtps
{
socket_type = stream
protocol= tcp
wait= no
disable = no
user= root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = /var/qmail/bin/relaylock
/usr/local/bin/spamdyke -f /etc/spamdyke/spamdyke.conf
/var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true
/var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Squirrelmail, different local server, mail not sent
Ionut Sandu ha scritto: Hello! Yestarday i discovered spamdyke and i can say its awesome. It cured my problems with spam and all other issues. But now i cant use the webmail. It gives the following error. Service not available, closing channel Server replied: 421 Refused. You have no reverse DNS entry. My web server has 192.168.1.100 and my email server has 192.168.1.200. So .200 connects to .100 and spamdyke i belive stops him to send emails. How can i convince spamdyke to let my internal server to send email to .100? I tried always-graylist-ip-file in spamdyke.conf and put in 192.168.1.100 but still no luck. Should i restart qmail? Even so it didn't work. Your private ip address space is not reversed, eg 192.168.1.100 could not be resolved in something like pc1.domain.local . You could fix the problem by create a reverse zone in your internal dns or (better) create a new smtp service without the spamdyke invocation. If you don't want to create another smtp service you could use the |ip-whitelist-file , check on this to http://www.spamdyke.org/documentation/README.html#WHITELISTS Have fun, Davide | ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Squirrelmail, different local server, mail not sent
Thank you very much! |ip-whitelist-file , check on this to http://www.spamdyke.org/documentation/README.html#WHITELISTS It worked like a charm! Davide Bozzelli [EMAIL PROTECTED] wrote: Ionut Sandu ha scritto: Hello! Yestarday i discovered spamdyke and i can say its awesome. It cured my problems with spam and all other issues. But now i cant use the webmail. It gives the following error. Service not available, closing channel Server replied: 421 Refused. You have no reverse DNS entry. My web server has 192.168.1.100 and my email server has 192.168.1.200. So .200 connects to .100 and spamdyke i belive stops him to send emails. How can i convince spamdyke to let my internal server to send email to .100? I tried always-graylist-ip-file in spamdyke.conf and put in 192.168.1.100 but still no luck. Should i restart qmail? Even so it didn't work. Your private ip address space is not reversed, eg 192.168.1.100 could not be resolved in something like pc1.domain.local . You could fix the problem by create a reverse zone in your internal dns or (better) create a new smtp service without the spamdyke invocation. If you don't want to create another smtp service you could use the |ip-whitelist-file , check on this to http://www.spamdyke.org/documentation/README.html#WHITELISTS Have fun, Davide | ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users - Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] New log feature
I see now is it possisibile to log on syslog OR stderr. Would be useful if i could log on both syslog AND stderr at the same time, so with stderr log i could mantain ALL the smtp stuff in multilog files, and with syslog i could manage the archival of log and something like that (via syslog-ng) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] OOPS! Squirrelmail, different local server, mail not sent
Sorry. I didn't mean to clutter the list, but I didn't see that Davide had already replied and the problem was resolved. It's going to be a long day.. Sam, Thanks for the 3.1.5 build. It is doing fine. Ben ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New log feature
That should be pretty easy to do. I'll add it to my list for the next version. I think I'm adding items to the TODO list faster than I can remove them these days... :) -- Sam Clippinger Davide Bozzelli wrote: I see now is it possisibile to log on syslog OR stderr. Would be useful if i could log on both syslog AND stderr at the same time, so with stderr log i could mantain ALL the smtp stuff in multilog files, and with syslog i could manage the archival of log and something like that (via syslog-ng) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] greeting-delay-check does not work properly ?
If you're right about this, it's a bug. I'll work on reproducing it. As for the blocking, the delay is supposed to end as soon as the first characters are sent. This is by design -- if the remote server isn't going to follow the SMTP protocol, there's no point to making them wait (and consume server resources). In your case, you won't see an error message until after the recipient is specified because spamdyke has to check the recipient whitelist file before it rejects the message. -- Sam Clippinger Davide Bozzelli wrote: Davide Bozzelli ha scritto: First config: --- log-level=2 log-target=0 ip-whitelist-file=/var/qmail/control/nospamdykeip sender-whitelist-file=/var/qmail/control/nospamdykefrom tls-certificate-file=/var/qmail/control/servercert.pem recipient-whitelist-file=/var/qmail/control/nospamdyketo local-domains-file=/var/qmail/control/rcpthosts ip-in-rdns-keyword-file=/var/qmail/control/badrdns never-graylist-ip-file=/var/qmail/control/nograyip reject-missing-sender-mx reject-empty-rdns reject-unresolvable-rdns #reject-ip-in-cc-rdns #check-rhsbl=blackhole.securitysage.com #check-dnsrbl=zen.spamhaus.org greeting-delay-secs=30 - END SNIP - Result: The delay is enforced. As side note i've noticed that the delay is in act but if a try to type something spamdyke does not block me . Have fun, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] greeting-delay-check does not work properly ?
Sam Clippinger ha scritto: If you're right about this, it's a bug. I'll work on reproducing it. I think this is an issue, As for the blocking, the delay is supposed to end as soon as the first characters are sent. This is by design -- if the remote server isn't going to follow the SMTP protocol, there's no point to making them wait (and consume server resources). In your case, you won't see an error message until after the recipient is specified because spamdyke has to check the recipient whitelist file before it rejects the message. Yes, in this case you're right. Have fun, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] greeting-delay-check does not work properly ?
Sam Clippinger ha scritto: If you're right about this, it's a bug. I'll work on reproducing it. As for the blocking, the delay is supposed to end as soon as the first characters are sent. This is by design -- if the remote server isn't going to follow the SMTP protocol, there's no point to making them wait (and consume server resources). In your case, you won't see an error message until after the recipient is specified because spamdyke has to check the recipient whitelist file before it rejects the message. I can confirm you, the bug goes up when the following options are enabled: reject-ip-in-cc-rdns check-rhsbl=blackhole.securitysage.com check-dnsrbl=zen.spamhaus.org The issue affect the sparc manchine where you had logged in, and other one. Have fun, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] greeting-delay-check does not work properly ?
Davide Bozzelli wrote: Sam Clippinger ha scritto: If you're right about this, it's a bug. I'll work on reproducing it. As for the blocking, the delay is supposed to end as soon as the first characters are sent. This is by design -- if the remote server isn't going to follow the SMTP protocol, there's no point to making them wait (and consume server resources). In your case, you won't see an error message until after the recipient is specified because spamdyke has to check the recipient whitelist file before it rejects the message. I can confirm you, the bug goes up when the following options are enabled: reject-ip-in-cc-rdns check-rhsbl=blackhole.securitysage.com check-dnsrbl=zen.spamhaus.org I'm using the rDNS filters and an RBL filter, but I still have a delay. You can telnet mail.hwy39.net on 25. What am I doing differently? Ben log-level=2 tls-certificate-file=/var/qmail/control/servercert.pem local-domains-file=/var/qmail/control/rcpthosts max-recipients=5 idle-timeout-secs=60 rdns-whitelist-file=/home/vpopmail graylist-dir=/home/vpopmail/graylist.d graylist-min-secs=300 graylist-max-secs=1814400 sender-blacklist-file=/home/vpopmail/blacklist_senders reject-ip-in-cc-rdns reject-empty-rdns reject-unresolvable-rdns rdns-whitelist-file=/home/vpopmail/whitelist_rdns ip-whitelist-file=/home/vpopmail/whitelist_ip greeting-delay-secs=5 reject-missing-sender-mx check-dnsrbl=xbl.spamhaus.org ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] greeting-delay-check does not work properly ?
Ben Mills ha scritto: I'm using the rDNS filters and an RBL filter, but I still have a delay. You can telnet mail.hwy39.net on 25. What am I doing differently? Well, exactly i don't know, but i've the same beahavior on 2 servers. The delay works only when i disable: #reject-missing-sender-mx #reject-empty-rdns #reject-unresolvable-rdns #reject-ip-in-cc-rdns #check-rhsbl=blackhole.securitysage.com #check-dnsrbl=zen.spamhaus.org But i can't confirm the exact flags. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] greeting-delay-check does not work properly ?
I can't reproduce this with version 3.1.5. One thought: is it possible you're seeing no delay because the connection matched one of the three filters you're disabling? For example, if the remote server were listed on the zen.spamhaus.org DNS RBL, spamdyke would not delay the greeting banner. This is by design -- it's better to send the rejection and close the connection and free your server's resources as fast as possible. Otherwise, high spam traffic could quickly become a DoS attack. If that explanation doesn't fit, could you send more details about the connections that aren't delayed? A full log would be perfect. -- Sam Clippinger Davide Bozzelli wrote: Sam Clippinger ha scritto: If you're right about this, it's a bug. I'll work on reproducing it. As for the blocking, the delay is supposed to end as soon as the first characters are sent. This is by design -- if the remote server isn't going to follow the SMTP protocol, there's no point to making them wait (and consume server resources). In your case, you won't see an error message until after the recipient is specified because spamdyke has to check the recipient whitelist file before it rejects the message. I can confirm you, the bug goes up when the following options are enabled: reject-ip-in-cc-rdns check-rhsbl=blackhole.securitysage.com check-dnsrbl=zen.spamhaus.org The issue affect the sparc manchine where you had logged in, and other one. Have fun, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
