Re: [spamdyke-users] Help with spamdyke...
There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
Ron eliminated softlimit entirely, and still has the error. Thanks for the suggestion though. -- -Eric 'shubes' On 06/10/2011 05:11 AM, BC wrote: There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
Have you used your mail server without ssl certificate? What message appears at the side of your customer? Can you share that with us? Jose 2011/6/10 Eric Shubert e...@shubes.net: Ron eliminated softlimit entirely, and still has the error. Thanks for the suggestion though. -- -Eric 'shubes' On 06/10/2011 05:11 AM, BC wrote: There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
Please read through the previous posts on the subject. Thanks for helping. On 06/10/2011 08:57 AM, Jose Galvez wrote: Ok so turn off tls, how can we help you? How can we see what's going on if we can see only. It's not working Just That TLS is the problem Please don't get angry with me, my english is bad. Regards Jose 2011/6/10 Eric Shuberte...@shubes.net: It's been established already that TLS is the problem. No cert, no TLS. Am I missing something? On 06/10/2011 08:15 AM, Jose Galvez wrote: But the first thing is to know where dosen't work. Keep out certificate, try to send email and if it works qmail and spamdyke configuration it's correct. And then try to use the certificate... It's my opinion. Jose 2011/6/10 Eric Shuberte...@shubes.net: I think Ron's in the process of trying a cert signed by a registered CA instead of using a self signed cert. On 06/10/2011 07:50 AM, Jose Galvez wrote: Have you used your mail server without ssl certificate? What message appears at the side of your customer? Can you share that with us? Jose 2011/6/10 Eric Shuberte...@shubes.net: Ron eliminated softlimit entirely, and still has the error. Thanks for the suggestion though. -- -Eric 'shubes' On 06/10/2011 05:11 AM, BC wrote: There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
I'm under the impression that if you use tls-level=none in your spamdyke config, then it works. If you haven't tried this, please do. On 06/10/2011 09:11 AM, ron wrote: When I disable spamdyke, qmail accepts the emails just fine, its when spamdyke is enabled that the emails can not be received. Cert or no cert I wouldnt think makes a difference, right? On 6/10/2011 11:15 AM, Jose Galvez wrote: But the first thing is to know where dosen't work. Keep out certificate, try to send email and if it works qmail and spamdyke configuration it's correct. And then try to use the certificate... It's my opinion. Jose 2011/6/10 Eric Shuberte...@shubes.net: I think Ron's in the process of trying a cert signed by a registered CA instead of using a self signed cert. On 06/10/2011 07:50 AM, Jose Galvez wrote: Have you used your mail server without ssl certificate? What message appears at the side of your customer? Can you share that with us? Jose 2011/6/10 Eric Shuberte...@shubes.net: Ron eliminated softlimit entirely, and still has the error. Thanks for the suggestion though. -- -Eric 'shubes' On 06/10/2011 05:11 AM, BC wrote: There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
Yes, it does work. Dossy has been doing work with the client directly, she has been emailing him as tests also and so far he has confirmed that the issue is with spamdyke TLS from what I have gathered. On 6/10/2011 12:20 PM, Eric Shubert wrote: I'm under the impression that if you use tls-level=none in your spamdyke config, then it works. If you haven't tried this, please do. On 06/10/2011 09:11 AM, ron wrote: When I disable spamdyke, qmail accepts the emails just fine, its when spamdyke is enabled that the emails can not be received. Cert or no cert I wouldnt think makes a difference, right? On 6/10/2011 11:15 AM, Jose Galvez wrote: But the first thing is to know where dosen't work. Keep out certificate, try to send email and if it works qmail and spamdyke configuration it's correct. And then try to use the certificate... It's my opinion. Jose 2011/6/10 Eric Shuberte...@shubes.net: I think Ron's in the process of trying a cert signed by a registered CA instead of using a self signed cert. On 06/10/2011 07:50 AM, Jose Galvez wrote: Have you used your mail server without ssl certificate? What message appears at the side of your customer? Can you share that with us? Jose 2011/6/10 Eric Shuberte...@shubes.net: Ron eliminated softlimit entirely, and still has the error. Thanks for the suggestion though. -- -Eric 'shubes' On 06/10/2011 05:11 AM, BC wrote: There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
Thanks for verifying this. And thanks to Dossy for delving into this. He appears to have a good handle on the situation. I'm eager to hear what he finds. On 06/10/2011 09:49 AM, ron wrote: Yes, it does work. Dossy has been doing work with the client directly, she has been emailing him as tests also and so far he has confirmed that the issue is with spamdyke TLS from what I have gathered. On 6/10/2011 12:20 PM, Eric Shubert wrote: I'm under the impression that if you use tls-level=none in your spamdyke config, then it works. If you haven't tried this, please do. On 06/10/2011 09:11 AM, ron wrote: When I disable spamdyke, qmail accepts the emails just fine, its when spamdyke is enabled that the emails can not be received. Cert or no cert I wouldnt think makes a difference, right? On 6/10/2011 11:15 AM, Jose Galvez wrote: But the first thing is to know where dosen't work. Keep out certificate, try to send email and if it works qmail and spamdyke configuration it's correct. And then try to use the certificate... It's my opinion. Jose 2011/6/10 Eric Shuberte...@shubes.net: I think Ron's in the process of trying a cert signed by a registered CA instead of using a self signed cert. On 06/10/2011 07:50 AM, Jose Galvez wrote: Have you used your mail server without ssl certificate? What message appears at the side of your customer? Can you share that with us? Jose 2011/6/10 Eric Shuberte...@shubes.net: Ron eliminated softlimit entirely, and still has the error. Thanks for the suggestion though. -- -Eric 'shubes' On 06/10/2011 05:11 AM, BC wrote: There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
It depends, is Qmail using a different cert than Spamdyke is? When you say you're doing TLS directly in Qmail, I'm assuming that you're using a Qmail that has the Qmail-TLS patch applied? http://inoa.net/qmail-tls/ Qmail-TLS appears to use $QMAILDIR/control/servercert.pem and uses 512- and 1024-bit DH param files, as well. I can see that Ron's Spamdyke configuration is pointing at the same certificate, but doesn't support a separate DH param PEM as far as I can see. This last bit (the DH params) is the only major difference I can see between Qmail-TLS and Spamdyke. Going to test a few things ... ;) On 6/10/11 12:11 PM, ron wrote: When I disable spamdyke, qmail accepts the emails just fine, its when spamdyke is enabled that the emails can not be received. Cert or no cert I wouldnt think makes a difference, right? -- Dossy Shiobara | He realized the fastest way to change do...@panoptic.com | is to laugh at your own folly -- then you http://panoptic.com/ | can let go and quickly move on. (p. 70) * WordPress * jQuery * MySQL * Security * Business Continuity * ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
I have downloaded and installed the current version of qmailtoaster if that helps with what I have installed. On 6/10/2011 1:13 PM, Dossy Shiobara wrote: It depends, is Qmail using a different cert than Spamdyke is? When you say you're doing TLS directly in Qmail, I'm assuming that you're using a Qmail that has the Qmail-TLS patch applied? http://inoa.net/qmail-tls/ Qmail-TLS appears to use $QMAILDIR/control/servercert.pem and uses 512- and 1024-bit DH param files, as well. I can see that Ron's Spamdyke configuration is pointing at the same certificate, but doesn't support a separate DH param PEM as far as I can see. This last bit (the DH params) is the only major difference I can see between Qmail-TLS and Spamdyke. Going to test a few things ... ;) On 6/10/11 12:11 PM, ron wrote: When I disable spamdyke, qmail accepts the emails just fine, its when spamdyke is enabled that the emails can not be received. Cert or no cert I wouldnt think makes a difference, right? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
I'll answer for Ron, as he's using QMT, which I'm familiar with. On 06/10/2011 10:13 AM, Dossy Shiobara wrote: It depends, is Qmail using a different cert than Spamdyke is? No. (per config file) When you say you're doing TLS directly in Qmail, I'm assuming that you're using a Qmail that has the Qmail-TLS patch applied? http://inoa.net/qmail-tls/ That is correct. Qmail-TLS appears to use $QMAILDIR/control/servercert.pem and uses 512- and 1024-bit DH param files, as well. I can see that Ron's Spamdyke configuration is pointing at the same certificate, but doesn't support a separate DH param PEM as far as I can see. You mean spamdyke doesn't support a separate DH param PEM? This last bit (the DH params) is the only major difference I can see between Qmail-TLS and Spamdyke. Going to test a few things ... ;) Great, thanks. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
On 6/10/11 1:30 PM, Eric Shubert wrote: Qmail-TLS appears to use $QMAILDIR/control/servercert.pem and uses 512- and 1024-bit DH param files, as well. I can see that Ron's Spamdyke configuration is pointing at the same certificate, but doesn't support a separate DH param PEM as far as I can see. You mean spamdyke doesn't support a separate DH param PEM? Not that I could find. However, I *should* just be able to concat the DH param PEM onto the end of the certificate PEM, and OpenSSL should Do The Right Thing(tm) with it. -- Dossy Shiobara | He realized the fastest way to change do...@panoptic.com | is to laugh at your own folly -- then you http://panoptic.com/ | can let go and quickly move on. (p. 70) * WordPress * jQuery * MySQL * Security * Business Continuity * ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
On 06/10/2011 10:42 AM, Dossy Shiobara wrote: On 6/10/11 1:30 PM, Eric Shubert wrote: Qmail-TLS appears to use $QMAILDIR/control/servercert.pem and uses 512- and 1024-bit DH param files, as well. I can see that Ron's Spamdyke configuration is pointing at the same certificate, but doesn't support a separate DH param PEM as far as I can see. You mean spamdyke doesn't support a separate DH param PEM? Not that I could find. However, I *should* just be able to concat the DH param PEM onto the end of the certificate PEM, and OpenSSL should Do The Right Thing(tm) with it. I'm sure you know more about SSL than I do, and I'm just wondering. Why does TLS work with some servers and not others? Is it due to a particular cipher that's being used? Of course, I'm making a bit of a presumption here. My server is configured very close if not identically to Ron's, and I'm seeing smtp sessions with TLS (non-authenticated) fairly regularly. Chase, Discover, gmail and ebay (among others) are sending to me using TLS with no problem. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
I suspect there's an interop issue between MS Exchange's Edge Transport server SSL/TLS implementation and Spamdyke's SSL/TLS implementation. Reviewing the Spamdyke code now, there's a few technical issues I'd like to raise ... in a separate post, perhaps. On 6/10/11 2:20 PM, Eric Shubert wrote: I'm sure you know more about SSL than I do, and I'm just wondering. Why does TLS work with some servers and not others? Is it due to a particular cipher that's being used? Of course, I'm making a bit of a presumption here. My server is configured very close if not identically to Ron's, and I'm seeing smtp sessions with TLS (non-authenticated) fairly regularly. Chase, Discover, gmail and ebay (among others) are sending to me using TLS with no problem. -- Dossy Shiobara | He realized the fastest way to change do...@panoptic.com | is to laugh at your own folly -- then you http://panoptic.com/ | can let go and quickly move on. (p. 70) * WordPress * jQuery * MySQL * Security * Business Continuity * ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
On 06/10/2011 11:59 AM, Dossy Shiobara wrote: I suspect there's an interop issue between MS Exchange's Edge Transport server SSL/TLS implementation and Spamdyke's SSL/TLS implementation. I think that's a good hunch. MS occasionally (at least) has their own way of doing things. :( Reviewing the Spamdyke code now, there's a few technical issues I'd like to raise ... in a separate post, perhaps. Great. Yeah, this thread's getting a little long (again). -- -Eric 'shubes' On 6/10/11 2:20 PM, Eric Shubert wrote: I'm sure you know more about SSL than I do, and I'm just wondering. Why does TLS work with some servers and not others? Is it due to a particular cipher that's being used? Of course, I'm making a bit of a presumption here. My server is configured very close if not identically to Ron's, and I'm seeing smtp sessions with TLS (non-authenticated) fairly regularly. Chase, Discover, gmail and ebay (among others) are sending to me using TLS with no problem. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users