Re: [spamdyke-users] QMAILTOASTER + SPAMDYKE
hi i followed your suggestions but i am facing problems if i put line -x TCP_CDB below i am not able to smtp authenticate and send any email with my own email id which is on the server. the connection simply terminates. if i remove -x TCP_CDB then i can send emails from this id even if password is not provided ... ie authentication is not checked properly. could you please chk and let me know what is wrong #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/spamdyke \ -l \ -d /var/qmail/control/rcpthosts \ -d /var/qmail/control/morercpthosts \ --reject-missing-sender-mx \ --smtp-auth-command /home/vpopmail/bin/vchkpw /bin/true --hostname ns1.aaaonlinux.com \ $SMTPD $VCHKPW /bin/true 21 raj -- Original Message -- From: Sam Clippinger [EMAIL PROTECTED] Reply-To: spamdyke users spamdyke-users@spamdyke.org Date: Sat, 08 Sep 2007 13:28:31 -0500 To use both rcpthosts and morercpthosts, simply provide the -d flag twice: spamdyke -d /var/qmail/control/rcpthosts -d /var/qmail/control/morercpthosts ... To prevent all mail delivery except by authenticated users, I recommend blacklisting all IP addresses (-B) with an IP blacklist file like this: 0.0.0.0/0.0.0.0 Then use the --smtp-auth-command flag to enable SMTP AUTH. spamdyke will block all senders unless they authenticate. The --access-file flag is only needed when qmail has not been patched to provide SMTP AUTH. In that situation, spamdyke must control relaying because qmail will block remote senders who have authenticated. Because you're running qmail toaster, this isn't necessary for you. Because your password check shows vchkpw doesn't support CRAM-MD5, be sure to use the --smtp-auth-command flag, not --smtp-auth-command-encryption. Most likely, your vpopmail was compiled without cleartext password support, which makes challenge/response authentication impossible. -- Sam Clippinger Raj wrote: hi i have qmail toaster which also incorporates chkuser in it and vpopmail user mysql database for storing passwords. i have disabled chkuser in the tcp.smtp file. i have also disable rblsmtpd and blacklists files since the same is done by spamdyke where i am getting confused pertains to smtp authentication and relaying. -d /var/qmail/control/rcpthosts now qmail installation has rcpthosts and morercpthosts ? how do i handle that ? or should i create a seperate rcpthosts file specially for spamdyke concerning smtp authentication what i need is every email user on my server who sends out emails should smtp authenticate before sending email. do i need to use the flag --access-file /etc/tcp.smtp what should be the content of this file help required please. /var/qmail/supervise/smtp/run file # #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME \ -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/spamdyke \ -l \ --reject-missing-sender-mx \ --smtp-auth-command-encryption /home/vpopmail/bin/vchkpw /bin/true --hostname ns1.abc.com \ --access-file /var/qmail/spamdyke/tcp.smtp \ $SMTPD $VCHKPW /bin/true 21 # result of my password check Beginning unencrypted password test. Sending data to child process: [EMAIL PROTECTED] Test result: SUCCESS Beginning CRAM-MD5 encrypted password test. Sending data to child process: [EMAIL PROTECTED] ERROR: Child process exited with an undocumented return code: 3 Test result: FAILURE (perhaps /home/vpopmail/bin/vchkpw doesn't support CRAM-MD5) tcp.smtp file 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1,CHKUSER_START=NONE :allow,BADMIMETYPE=,BADLOADERTYPE=,CHKUSER_RCPTLIMIT=100,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=/var/qmail/bin/qmail-queue.orig, NOP0FCHECK=1, CHKUSER_START=ALWAYS Thanks very much raj ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing
Re: [spamdyke-users] QMAILTOASTER + SPAMDYKE
The -x flag is for blacklists, not for the access file. Use the --access-file flag instead. Also, spamdyke cannot read CDB files. Just use the plain text version: /etc/tcp.smtp -- Sam Clippinger Raj wrote: hi i followed your suggestions but i am facing problems if i put line -x TCP_CDB below i am not able to smtp authenticate and send any email with my own email id which is on the server. the connection simply terminates. if i remove -x TCP_CDB then i can send emails from this id even if password is not provided ... ie authentication is not checked properly. could you please chk and let me know what is wrong #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/spamdyke \ -l \ -d /var/qmail/control/rcpthosts \ -d /var/qmail/control/morercpthosts \ --reject-missing-sender-mx \ --smtp-auth-command /home/vpopmail/bin/vchkpw /bin/true --hostname ns1.aaaonlinux.com \ $SMTPD $VCHKPW /bin/true 21 raj -- Original Message -- From: Sam Clippinger [EMAIL PROTECTED] Reply-To: spamdyke users spamdyke-users@spamdyke.org Date: Sat, 08 Sep 2007 13:28:31 -0500 To use both rcpthosts and morercpthosts, simply provide the -d flag twice: spamdyke -d /var/qmail/control/rcpthosts -d /var/qmail/control/morercpthosts ... To prevent all mail delivery except by authenticated users, I recommend blacklisting all IP addresses (-B) with an IP blacklist file like this: 0.0.0.0/0.0.0.0 Then use the --smtp-auth-command flag to enable SMTP AUTH. spamdyke will block all senders unless they authenticate. The --access-file flag is only needed when qmail has not been patched to provide SMTP AUTH. In that situation, spamdyke must control relaying because qmail will block remote senders who have authenticated. Because you're running qmail toaster, this isn't necessary for you. Because your password check shows vchkpw doesn't support CRAM-MD5, be sure to use the --smtp-auth-command flag, not --smtp-auth-command-encryption. Most likely, your vpopmail was compiled without cleartext password support, which makes challenge/response authentication impossible. -- Sam Clippinger Raj wrote: hi i have qmail toaster which also incorporates chkuser in it and vpopmail user mysql database for storing passwords. i have disabled chkuser in the tcp.smtp file. i have also disable rblsmtpd and blacklists files since the same is done by spamdyke where i am getting confused pertains to smtp authentication and relaying. -d /var/qmail/control/rcpthosts now qmail installation has rcpthosts and morercpthosts ? how do i handle that ? or should i create a seperate rcpthosts file specially for spamdyke concerning smtp authentication what i need is every email user on my server who sends out emails should smtp authenticate before sending email. do i need to use the flag --access-file /etc/tcp.smtp what should be the content of this file help required please. /var/qmail/supervise/smtp/run file # #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME \ -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/spamdyke \ -l \ --reject-missing-sender-mx \ --smtp-auth-command-encryption /home/vpopmail/bin/vchkpw /bin/true --hostname ns1.abc.com \ --access-file /var/qmail/spamdyke/tcp.smtp \ $SMTPD $VCHKPW /bin/true 21 # result of my password check Beginning unencrypted password test. Sending data to child process: [EMAIL PROTECTED] Test result: SUCCESS Beginning CRAM-MD5 encrypted password test. Sending data to child process: [EMAIL PROTECTED] ERROR: Child process exited with an undocumented return code: 3 Test result: FAILURE (perhaps /home/vpopmail/bin/vchkpw doesn't support CRAM-MD5) tcp.smtp file 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1,CHKUSER_START=NONE :allow,BADMIMETYPE=,BADLOADERTYPE=,CHKUSER_RCPTLIMIT=100,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=/var/qmail/bin/qmail-queue.orig, NOP0FCHECK=1, CHKUSER_START=ALWAYS Thanks