Re: [spamdyke-users] Receiving from other Mailservers with StartTLS on port 25 failed
I am not sure if this will give us more informetion, since there are only relaylock entries written to maillog and no firther entries from spamdyke. I activated the option and looking forward to capture one of these connections. Am 17.12.2015 um 02:21 schrieb Sam Clippinger via spamdyke-users: I don't see anything in your config file that looks like a problem. Since it's working for some connections and not others, I'd guess it's something about those mailservers -- they're expecting some response (or something) that spamdyke isn't sending, so the connection stalls. Can you try enabling the "full-log-option" to capture the data from one of these failed connections? -- Sam Clippinger On Dec 14, 2015, at 8:29 AM, Arne Metzger <mo...@foni.net <mailto:mo...@foni.net>> wrote: Hi Sam, sorry for the delayed reply. My config files are attached below. But i can't provide any log file data - the only hint i see in /var/log/maillog is an entry "relaylock: ..." any nothing more. Spamdyke doesn't seem to notice the connection. # cat /etc/spamdyke5.conf log-level=verbose log-target=syslog dns-level=normal filter-level=normal smtp-auth-level=ondemand-encrypted smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true relay-level=normal tls-certificate-file=/var/qmail/control/servercert.pem idle-timeout-secs=300 greeting-delay-secs=0 tls-level=smtp max-recipients=20 policy-url=http://www.shjjv.de/home/spamfilter reject-empty-rdns reject-ip-in-cc-rdns reject-unresolvable-rdns ip-in-rdns-keyword-blacklist-file=/var/qmail/spamdyke/rdns-keyword-blacklist ip-in-rdns-keyword-whitelist-file=/var/qmail/spamdyke/rdns-keyword-whitelist ip-blacklist-file=/var/qmail/spamdyke/ip-blacklist rdns-blacklist-file=/var/qmail/spamdyke/rdns-blacklist ip-whitelist-file=/var/qmail/spamdyke/ip-whitelist rdns-whitelist-file=/var/qmail/spamdyke/rdns-whitelist dns-blacklist-entry=zen.spamhaus.org <http://zen.spamhaus.org> dns-blacklist-entry=dnsbl.inps.de <http://dnsbl.inps.de> dns-blacklist-entry=ix.dnsbl.manitu.net <http://ix.dnsbl.manitu.net> dns-blacklist-entry=bl.spamcannibal.org <http://bl.spamcannibal.org> rhs-blacklist-entry=fresh.spameatingmonkey.com <http://fresh.spameatingmonkey.com> #dns-whitelist-entry=list.dnswl.org <http://list.dnswl.org> header-blacklist-file=/var/qmail/spamdyke/header-blacklist reject-sender=no-mx reject-recipient=same-as-sender sender-whitelist-file=/var/qmail/spamdyke/sender-whitelist sender-blacklist-file=/var/qmail/spamdyke/sender-blacklist graylist-dir=/var/qmail/spamdyke/graylist graylist-level=always-create-dir graylist-min-secs=300 graylist-max-secs=1814400 qmail-rcpthosts-file=/var/qmail/control/rcpthosts # cat /etc/spamdyke5_smtps.conf log-level=verbose log-target=syslog dns-level=normal filter-level=normal smtp-auth-level=ondemand-encrypted smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true relay-level=normal tls-certificate-file=/var/qmail/control/servercert.pem idle-timeout-secs=300 greeting-delay-secs=0 #151117he tls-level=smtps tls-certificate-file=/var/qmail/control/servercert.pem max-recipients=20 policy-url=http://www.shjjv.de/home/spamfilter reject-empty-rdns reject-ip-in-cc-rdns reject-unresolvable-rdns ip-in-rdns-keyword-blacklist-file=/var/qmail/spamdyke/rdns-keyword-blacklist ip-in-rdns-keyword-whitelist-file=/var/qmail/spamdyke/rdns-keyword-whitelist ip-blacklist-file=/var/qmail/spamdyke/ip-blacklist rdns-blacklist-file=/var/qmail/spamdyke/rdns-blacklist ip-whitelist-file=/var/qmail/spamdyke/ip-whitelist rdns-whitelist-file=/var/qmail/spamdyke/rdns-whitelist dns-blacklist-entry=zen.spamhaus.org <http://zen.spamhaus.org> dns-blacklist-entry=dnsbl.inps.de <http://dnsbl.inps.de> dns-blacklist-entry=ix.dnsbl.manitu.net <http://ix.dnsbl.manitu.net> dns-blacklist-entry=bl.spamcannibal.org <http://bl.spamcannibal.org> rhs-blacklist-entry=fresh.spameatingmonkey.com <http://fresh.spameatingmonkey.com> #dns-whitelist-entry=list.dnswl.org <http://list.dnswl.org> header-blacklist-file=/var/qmail/spamdyke/header-blacklist reject-sender=no-mx reject-recipient=same-as-sender sender-whitelist-file=/var/qmail/spamdyke/sender-whitelist sender-blacklist-file=/var/qmail/spamdyke/sender-blacklist graylist-dir=/var/qmail/spamdyke/graylist graylist-level=always-create-dir graylist-min-secs=300 graylist-max-secs=1814400 qmail-rcpthosts-file=/var/qmail/control/rcpthosts Best regards, Arne Am 25.11.2015 um 02:51 schrieb Sam Clippinger via spamdyke-users: It's hard to say what the problem might be without more information. Could you post your spamdyke config file? Also, if you use the full-log-dir option, spamdyke will capture everything that happens into a log file for each connection, which should show exactly what's going on. -- Sam C
[spamdyke-users] Receiving from other Mailservers with StartTLS on port 25 failed
Hi, i am using tls-level = smtp for standard smtp connections (for smtps on port 465 i use a seperate configugartion file with tls-level = smtps) Some mails from specific mailservers were not handled by spamdyke, there was just an relaylock entry in maillog, nothing more. My hosters support staff also tried to send mail with StartTLS on port 25 and got the same result: relaylock entry and nothing more. Spamdyke seems not to offer StartTLS on port 25, thus delivering fails and the sending server does not try to deliver without encryption. So the email ist not delivered at all. Has anyone heard about that? Any hints? Or more information needed? Using spamdyke 5.0.1 on ubuntu 14.04 Best regards, Arne ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] 5.0.1 - make warning fscanf on Ubuntu 14.04 LTS
Hi, i am trying to make spamdyke on ubuntu 14.04. Make show several warnings ~/spamdyke-5.0.1/spamdyke# ./configure checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for stdint.h... (cached) yes checking sys/inttypes.h usability... no checking sys/inttypes.h presence... no checking for sys/inttypes.h... no checking for sys/types.h... (cached) yes checking for stdint.h... (cached) yes checking for sys/inttypes.h... (cached) no checking whether time.h and sys/time.h may both be included... yes checking for int16_t... no checking for int32_t... no checking for int64_t... no checking for uint16_t... no checking for uint32_t... no checking for uint64_t... no checking for dirent.h that defines DIR... yes checking for library containing opendir... none required checking for struct dirent.d_type... yes checking whether DT_WHT is declared... yes checking whether S_IFWHT is declared... no checking whether INADDR_LOOPBACK is declared... yes checking whether to include debugging symbols (for gdb)... no checking for strip... strip spamdyke checking whether to include excessive debugging output... no checking whether to include some debugging output... yes checking whether to compile with address sanitizer... no checking whether to include configuration tests... yes checking if openssl/ssl.h will include without additional include directories... yes checking for library containing RSA_sign... -lcrypto checking for library containing SSL_library_init... -lssl checking for OpenSSL libraries (for TLS support)... yes checking for library containing inet_aton... none required checking for library containing bind... none required checking for library containing inet_ntoa... none required checking for library containing getopt_long... none required checking whether anonymous inner functions are supported by default... yes checking whether struct option is defined in getopt.h... yes checking whether GCC diagnostic pragma directives are supported... yes checking whether pid_t is an unsigned int or an unsigned long... unsigned int checking whether uid_t is an unsigned int or an unsigned long... unsigned int checking whether gid_t is an unsigned int or an unsigned long... unsigned int checking whether time_t is an int or a long... long checking whether int64_ts are supported in a test program... yes checking whether printf()/scanf() uses %ld for 64-bit integers... yes checking whether __func__ is available... yes checking whether socklen_t is available... yes checking whether RLIMIT_AS is available... yes configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: config.h is unchanged ~/spamdyke-5.0.1/spamdyke# make gcc -Wall -O2 -funsigned-char -c spamdyke.c gcc -E -Wall -O2 -funsigned-char configuration.c | gcc -Wall -O2 -funsigned-char -x c -c -o configuration.o - gcc -Wall -O2 -funsigned-char -c dns.c gcc -Wall -O2 -funsigned-char -c environment.c gcc -Wall -O2 -funsigned-char -c usage.c gcc -Wall -O2 -funsigned-char -c search_fs.c search_fs.c: In function 'search_file': search_fs.c:347:15: warning: ignoring return value of 'fscanf', declared with attribute warn_unused_result [-Wunused-result] fscanf(tmp_file, %*1[\r\n]); ^ search_fs.c: In function 'search_tcprules_file': search_fs.c:636:15: warning: ignoring return value of 'fscanf', declared with attribute warn_unused_result [-Wunused-result] fscanf(tmp_file, %*1[\r\n]); ^ search_fs.c: In function 'load_resolver_file': search_fs.c:820:15: warning: ignoring return value of 'fscanf', declared with attribute warn_unused_result [-Wunused-result] fscanf(tmp_file, %*1[\r\n]); ^ search_fs.c: In function 'read_file': search_fs.c:993:15: warning: ignoring return value of 'fscanf', declared with attribute warn_unused_result [-Wunused-result] fscanf(tmp_file, %*1[\r\n]); ^ search_fs.c: In function 'search_header_file': search_fs.c:1225:15: warning: ignoring return value of 'fscanf', declared with attribute warn_unused_result [-Wunused-result] fscanf(tmp_file, %*1[\r\n]); ^
Re: [spamdyke-users] 5.0.1 - make warning fscanf on Ubuntu 14.04 LTS
Hi Sam, thank you for this detailed answer. I will move forward and start to setup spamdyke on my new server - using it on a older one for years. Great code, thank you very much for the time and enegry you spent. Best regards, Arne Am 19.08.2015 um 16:09 schrieb Sam Clippinger via spamdyke-users: They're just warnings that I'm not checking the return value of a call to fscanf(). fscanf() reads data from a file into one or more variables; its return value shows how many variables were assigned. In the case of those lines, I'm using fscanf() to simply skip over any carriage return or newline characters at the end of a line and not assigning anything to any variables. That's why I'm not checking the return value -- I don't care about the actual data, I just want to move forward to the start of the next line. So the warnings are completely harmless. But I don't like my code to generate warnings, so I'll get it fixed in the next version and add Ubuntu 14.04 to my list of test systems. Thanks for reporting this! -- Sam Clippinger On Aug 19, 2015, at 5:42 AM, Arne Metzger via spamdyke-users spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org wrote: Hi, i am trying to make spamdyke on ubuntu 14.04. Make show several warnings ~/spamdyke-5.0.1/spamdyke# ./configure checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name... a.out checking for suffix of executables... checking whether we are cross compiling... no checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... yes checking for unistd.h... yes checking for stdint.h... (cached) yes checking sys/inttypes.h usability... no checking sys/inttypes.h presence... no checking for sys/inttypes.h... no checking for sys/types.h... (cached) yes checking for stdint.h... (cached) yes checking for sys/inttypes.h... (cached) no checking whether time.h and sys/time.h may both be included... yes checking for int16_t... no checking for int32_t... no checking for int64_t... no checking for uint16_t... no checking for uint32_t... no checking for uint64_t... no checking for dirent.h that defines DIR... yes checking for library containing opendir... none required checking for struct dirent.d_type... yes checking whether DT_WHT is declared... yes checking whether S_IFWHT is declared... no checking whether INADDR_LOOPBACK is declared... yes checking whether to include debugging symbols (for gdb)... no checking for strip... strip spamdyke checking whether to include excessive debugging output... no checking whether to include some debugging output... yes checking whether to compile with address sanitizer... no checking whether to include configuration tests... yes checking if openssl/ssl.h will include without additional include directories... yes checking for library containing RSA_sign... -lcrypto checking for library containing SSL_library_init... -lssl checking for OpenSSL libraries (for TLS support)... yes checking for library containing inet_aton... none required checking for library containing bind... none required checking for library containing inet_ntoa... none required checking for library containing getopt_long... none required checking whether anonymous inner functions are supported by default... yes checking whether struct option is defined in getopt.h... yes checking whether GCC diagnostic pragma directives are supported... yes checking whether pid_t is an unsigned int or an unsigned long... unsigned int checking whether uid_t is an unsigned int or an unsigned long... unsigned int checking whether gid_t is an unsigned int or an unsigned long... unsigned int checking whether time_t is an int or a long... long checking whether int64_ts are supported in a test program... yes checking whether printf()/scanf() uses %ld for 64-bit integers... yes checking whether __func__ is available... yes checking whether socklen_t is available... yes checking whether RLIMIT_AS is available... yes configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: config.h is unchanged ~/spamdyke-5.0.1/spamdyke# make gcc -Wall -O2 -funsigned-char -c spamdyke.c gcc -E -Wall -O2 -funsigned-char configuration.c | gcc -Wall -O2 -funsigned-char -x c -c -o configuration.o - gcc -Wall -O2 -funsigned-char -c dns.c gcc -Wall -O2 -funsigned-char -c environment.c gcc -Wall -O2
