Re: [spamdyke-users] new version of spamdyke?
If you give me some examples of what you're trying to do, I might be able to tell you how to do it. I'm not sure though, as I don't use this capability myself. Sam would know best. Jorge R. Constenla wrote: The directory configuration is very complex but I think that I can't block senders (domains or email) per domain that I hosts. Do you know if you can do? Thanks in advance. Eric Shubert wrote: Jorge R. Constenla wrote: The SpamDyke works great! without bugs. But is Very usefull (Excellent), if you can set some features per domain. Two Level to filter SPAM - General Level for all domains (the actual level) - And add a Domain Level Filter with features like: blacklist and whitelist lists (sender-blacklist, , etc ...) per domain. I believe this can be done, beginning with version 4. See http://www.spamdyke.org/documentation/README.html#CONFIGURATION_DIR -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] file exist?bug?
nightduke wrote: Very strange, i have downloaded the script... ./spamdyke-prune spamdyke-prune v0.3.0 spamdyke-prune processing graylist tree at /etc/spamdyke/graylist ... spamdyke-prune pruning entries older than 1814400 seconds ... spamdyke-prune processing domain vps ... spamdyke-prune vps.informicro.com - 0 entries found spamdyke-prune vps.informicro.com - 0 entries removed spamdyke-prune vps.informicro.com - 0 empty directories removed spamdyke-prune vps.informicro.com - 0 graylisting entries remain spamdyke-prune total - 1 domains processed spamdyke-prune total - 0 entries found spamdyke-prune total - 0 entries removed spamdyke-prune total - 0 empty directories removed spamdyke-prune total - 0 graylisting entries remain Seems to be not finding anything wrong? Strange isn't it? Not necessarily. What does your spamdyke configuration file contain? Did you change anything in the script, or only its name? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] TLS Error?
Greg Cirino wrote: | Greg Cirino wrote: | Could someone explain the following error | | spamdyke[26182]: ERROR: unable to read from SSL/TLS stream: A protocol | or | library failure occurred, error:1408F10B:lib(20):func(143):reason(267) | | followed by a series of | | spamdyke[25977]: ERROR: unable to write to SSL/TLS stream: The operation | failed due to an I/O error, Broken pipe | | and occassionally | | spamdyke[30525]: ERROR: unable to read from SSL/TLS stream: The | operation | failed due to an I/O error, Connection reset by peer | | spamdyke.conf file | | tls-certificate-file=/var/qmail/control/servercert.pem | tls-level=smtp | | Best | Greg | | Which distro/version are you running? | Do you have the openssl package installed? If so, which version? | Have you tried running spamdyke with the --config-test option to see if | it perhaps gives a more meaningful message? | | -- | -Eric 'shubes' | 2.6.12-1.1381_FC3smp #1 SMP openssl 0.9.7a spamdyke 4.0.10+TLS+CONFIGTEST+DEBUG it has been in production for quite some time was running tls originally, just never realized those messages, since turning it back on today. I also catch these when there is an ssl/tls error spamdyke[25231]: ERROR: unable to write to SSL/TLS stream: The operation failed due to an I/O error, Broken pipe spamdyke[25231]: ERROR: unable to write 37 bytes to file descriptor 1: Broken pipe spamdyke[25231]: TIMEOUT from: inanipab3...@brasiltelecom.net.br to: de...@renayr.com origin_ip: 201.24.172.122 origin_rdns: 201-24-172-122.cbace700.dsl.brasiltelecom.net.br auth: (unknown) reason: TIMEOUT I'm almost sure tls works as I sent an email via the seamonkey email client which uses STARTTLS and mail goes right through, with no errors being reported in the log. greg The timeout messages are fairly common. Some spammers don't know how to end a session gracefully when they're told to get lost. I'm not sure about the other errors though. I believe that the broken pipe is the crux of the error. I'm not sure how or if this is related to ssl/tls. I'm guessing that it's not ssl/tls related if that works in some cases. I'm sorry I can't be of much more help than that. I would ask though, what's causing the broken pipes? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Wrong greylist directory structure?
Hans F. Nordhaug wrote: * Sam Clippinger s...@silence.org [2010-02-13]: The incorrect directories are not a problem, they're just out of place. No legitimate deliveries will match those paths, so they won't get in the way. You can delete them or ignore them as you wish. OK. Just a thought: Is this something that could be added to the prune script that was posted on the list some days ago? I believe that the script will remove them once they age past the graylist-max-secs setting. If that's not the case, I'd be glad to modify the script so that it does. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] file exist?bug?
You don't have graylist-level set in your configuration, so graylisting is not turned on. See http://www.spamdyke.org/documentation/README.html#GRAYLISTS You will see spamdyke's graylisting messages: 02-15 08:40:14 spamdyke[23240]: DENIED_GRAYLISTED in your smtp log when it's operational. Note this is not a permanent denial. The sending server should attempt to resend the message at a later time, at which point it will be accepted (provided that graylist-min-secs has passed). This is why qtp-prune-graylist did not find any entries. Not strange at all. ;) -- -Eric 'shubes' nightduke wrote: I just changed the name of the script,here's my spamdyke.conf cat spamdyke.conf log-level=verbose local-domains-file=/var/qmail/control/rcpthosts max-recipients=10 idle-timeout-secs=60 ip-whitelist-file=/etc/spamdyke/whitelist_ip greeting-delay-secs=5 reject-missing-sender-mx tls-certificate-file=/var/qmail/control/servercert.pem policy-url= http://www.spamhaus.org/ # check-dnsrbl=bogons.cymru.com # dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net #check-dnsrbl=cbl.abuseat.org # check-dnsrbl=sbl-xbl.spamhaus.org # check-dnsrbl=list.dsbl.org # check-dnsrbl=ubl.unsubscore.com # check-dnsrbl=dhcp.tqmcube.com # check-dnsrbl=prc.tqmcube.com reject-missing-sender-mx idle-timeout-secs=300 graylist-dir=/etc/spamdyke/graylist graylist-max-secs=1814400 graylist-min-secs=300 sender-blacklist-file=/etc/spamdyke/blacklist_senders #smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true # smtp-auth-command=/home/lxadmin/mail/bin/vchkpw /bin/true #smtp-auth-command=bin/cmd5checkpw /var/qmail/bin/true smtp-auth-command=/home/lxadmin/mail/bin/vchkpw /var/qmail/bin/true 2010/2/11 Eric Shubert e...@shubes.net: nightduke wrote: Very strange, i have downloaded the script... ./spamdyke-prune spamdyke-prune v0.3.0 spamdyke-prune processing graylist tree at /etc/spamdyke/graylist ... spamdyke-prune pruning entries older than 1814400 seconds ... spamdyke-prune processing domain vps ... spamdyke-prune vps.informicro.com - 0 entries found spamdyke-prune vps.informicro.com - 0 entries removed spamdyke-prune vps.informicro.com - 0 empty directories removed spamdyke-prune vps.informicro.com - 0 graylisting entries remain spamdyke-prune total - 1 domains processed spamdyke-prune total - 0 entries found spamdyke-prune total - 0 entries removed spamdyke-prune total - 0 empty directories removed spamdyke-prune total - 0 graylisting entries remain Seems to be not finding anything wrong? Strange isn't it? Not necessarily. What does your spamdyke configuration file contain? Did you change anything in the script, or only its name? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Wrong greylist directory structure?
Hans F. Nordhaug wrote: * Eric Shubert e...@shubes.net [2010-02-14]: Hans F. Nordhaug wrote: * Sam Clippinger s...@silence.org [2010-02-13]: The incorrect directories are not a problem, they're just out of place. No legitimate deliveries will match those paths, so they won't get in the way. You can delete them or ignore them as you wish. OK. Just a thought: Is this something that could be added to the prune script that was posted on the list some days ago? I believe that the script will remove them once they age past the graylist-max-secs setting. If that's not the case, I'd be glad to modify the script so that it does. I can confirm that the script removes these files when they age beyond the graylist-max-secs setting. However, the directory seems to stick around - because of the wrong structure? Example: I had /var/spamdyke/graylist/kompakt.no/gvt.net.br/vuaqanipos2110 before running the script. Afterwards, I have an empty directory /var/spamdyke/graylist/kompakt.no/gvt.net.br I guess the problem is that the script can't know that gvt.net.br isn't the local part of a kompakt.no address (unless it takes into account that there are only three address parts). Originally, I was just wondering if the script could be extended so it removes these files no matter what age? Hans I might be able to modify the script to remove these errant entries, provided there is a way to identify which are errant vs which are legitimate. I don't know what this would be off hand. The script presently only deletes one level of empty directories per execution. The higher level empty directories should be removed on subsequent runs of the script. To be honest, it didn't occur to me that removing an empty directory would subsequently create another empty directory. If you'd care to create a ticket at http://qtp.qmailtoaster.com I'll see about changing it to repeat until all empty directories are gone. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Wrong greylist directory structure?
Is this perhaps the result of running qtp-prune-graylist? The script presently only takes one shot at pruning empty directories, which could leave empty directories at higher levels. I'm beginning to think I should fix this if it causes config-test to throw errors. What do you think Sam? Sam Clippinger wrote: Looks like a bug. Unless anyone can think of any reason why a message should be accepted without a recipient username...? -- Sam Clippinger On 2/25/10 4:24 AM, Hans F. Nordhaug wrote: * Hans F. Nordhaughans.f.nordh...@himolde.no [2010-02-14]: * Sam Clippingers...@silence.org [2010-02-13]: Messages with an empty sender address are legal -- they are typically used for bounce messages. Because of that, spamdyke will allow them. However, messages with empty usernames (e.g. @example.com) are not legal and should not be allowed. This could indicate a bug in spamdyke... is there any chance you still have the mail log entries that correspond to those addresses? It would be very handy to see what was actually sent with those messages. I didn't have the a log entry for the example I posted, but I ran the config test again and looked for some newer problems. I looked at the following error. ERROR(graylist-level): Unable to read graylist sender directory /var/spamdyke/graylist/kompakt.no/modulonet.fr/ezewuehuuw1728:irectory ERROR(graylist-level): Failed to create file in directory: /var/spamdyke/graylist/kompakt.no/gvt.net.br/vuaqanipos2110/spamdyk266176143_28737: Not a directory The corresponding entry in the SMTP log: 02-02 21:07:44 spamdyke[31368]: DENIED_GRAYLISTED from: ezewuehuuw1...@modulonet.fr to: @kompakt.no origin_ip: 85.68.111.68 origin_rdns: abo-68-111-68.mrs.modulonet.fr auth: (unknown) So it seems this might be a bug in Spamdyke or? Sam, you never replied to this. Is it a bug or a feature? Hans ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Wrong greylist directory structure?
I see. I'll move that fix to the back burner then. ;) Thanks Sam. Sam Clippinger wrote: I doubt it. The log message from Hans showed to: @kompakt.no, which shouldn't have been accepted. Leaving empty directories isn't a problem. The config-test errors are appearing because there are files at the wrong depth -- the graylist filter expects those entries to be directories, not files, so it prints an error. -- Sam Clippinger On 2/28/10 7:39 AM, Eric Shubert wrote: Is this perhaps the result of running qtp-prune-graylist? The script presently only takes one shot at pruning empty directories, which could leave empty directories at higher levels. I'm beginning to think I should fix this if it causes config-test to throw errors. What do you think Sam? Sam Clippinger wrote: Looks like a bug. Unless anyone can think of any reason why a message should be accepted without a recipient username...? -- Sam Clippinger On 2/25/10 4:24 AM, Hans F. Nordhaug wrote: * Hans F. Nordhaughans.f.nordh...@himolde.no [2010-02-14]: * Sam Clippingers...@silence.org [2010-02-13]: Messages with an empty sender address are legal -- they are typically used for bounce messages. Because of that, spamdyke will allow them. However, messages with empty usernames (e.g. @example.com) are not legal and should not be allowed. This could indicate a bug in spamdyke... is there any chance you still have the mail log entries that correspond to those addresses? It would be very handy to see what was actually sent with those messages. I didn't have the a log entry for the example I posted, but I ran the config test again and looked for some newer problems. I looked at the following error. ERROR(graylist-level): Unable to read graylist sender directory /var/spamdyke/graylist/kompakt.no/modulonet.fr/ezewuehuuw1728:irectory ERROR(graylist-level): Failed to create file in directory: /var/spamdyke/graylist/kompakt.no/gvt.net.br/vuaqanipos2110/spamdyk266176143_28737: Not a directory The corresponding entry in the SMTP log: 02-02 21:07:44 spamdyke[31368]: DENIED_GRAYLISTED from: ezewuehuuw1...@modulonet.fr to: @kompakt.no origin_ip: 85.68.111.68 origin_rdns: abo-68-111-68.mrs.modulonet.fr auth: (unknown) So it seems this might be a bug in Spamdyke or? Sam, you never replied to this. Is it a bug or a feature? Hans ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting and attachment failures
Greg Cirino wrote: Hello, Has anybody experienced issues when graylisting a domain and timeouts with attachments (PDF files in my case) Here is the scenario, Remote users sends an email to a local domain user with a pdf attachment The graylisting kicks in (normal) After the initial graylist time, the user is allowed, but the email times out. I've seen this before from multiple remote sources using qmail and sendmail servers. This happens with and without tls, so I'm not sure it's a tls issue, though I may be wrong. The log seems to indicate the connection is allowed, and the timestamp on the timeout log entry is exactly the number of seconds of the idle-timeout setting. Not sure if the communication is breaking down or what. Any ideas or experiences? best greg Which end is timing out the connection? You can use spamdyke's excellent detailed logging to find out. My guess is that the session times out before spam/virus scanning is complete. If that's the case, either tune up your scanning if possible (put working directory in tmpfs?) or increase your timeout setting to be greater than the longest scan times you're seeing. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting and attachment failures
Greg Cirino wrote: | | Which end is timing out the connection? You can use spamdyke's excellent | detailed logging to find out. My guess is that the session times out | before spam/virus scanning is complete. If that's the case, either tune | up your scanning if possible (put working directory in tmpfs?) or | increase your timeout setting to be greater than the longest scan times | you're seeing. | | -- | -Eric 'shubes' as a followup, I looked at the setup, virus scanning is done by simscan which I believe is done before the hand off to spamdyke, I may be wrong, Yes, you are. spamdyke is at the forefront. It's: spamdyke - qmail-smtp - simscan - spamassassin but any bounces due to virus detection never get logged by spamdyke as an attempted connection from what I can tell, All smtp sessions are logged by spamdyke ttbomk. I believe that rejections from spamassassin/simscan show as DENIED_OTHER. Technically these are rejections, not bounces. Bounces are messages created by a mail server after having accepted an email. In the case of spamdyke rejections, messages are never accepted so there is never a bounce coming from spamdyke. The bounce would come from the sending server back to the user. and spam filtering is done after spamdyke hands off the email to qmail, so I'm not sure the time setting of timeout is affecting this. This issue also happened when the timeout setting was set at 10 minutes. This would seem to indicate that the sending server is timing out, and not spamdyke. You should be aware that the smtp session remains active/open while the message is scanned. spamdyke isn't finished with a message until it's been processed by simscan and spamassassin. This the period during which the sending server *might* be timing out, which would be why the spamdyke timeout setting is having no effect. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] tls-level not allowed in configuration directory
Samuel Krieg wrote: Hello, I'm trying to disable TLS support when the wanted IP address connects to my server. So I wrote a file with tls-level=none in the config-dir folder, as described here: http://www.spamdyke.org/documentation/README.html#CONFIGURATION_DIR However I see this line in the logs: Mar 12 16:22:07 p1 spamdyke[15693]: ERROR: Option not allowed in configuration file, found in file /etc/spamdyke/conf.d/_ip_/84/xx/yy/zz on line 2: tls-level Why in this cas the tls-level option is not allowed? Thank you. It says in the documentation (http://www.spamdyke.org/documentation/README.html#USAGE) that the tls-level option is not valid within configuration directories. I expect it's because in the case of smtps the option needs to be evaluated before the IP address is known. I think it'd be feasible though to implement the option values for TLS at a later stage so that they could be included in configuration directories. SamC will need to say for sure on this. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Problems with Spam and TLS
Magnus Ringdahl wrote: Hi guys. I have problems with spam coming through my filters. Here is my spamdyke configs (one for smtp and one for smtps). # SMTP CONFIG /etc/spamdyke-smtp.conf # log-level=verbose filter-level=normal local-domains-file=/var/qmail/control/rcpthosts max-recipients=20 idle-timeout-secs=60 graylist-level=only graylist-dir=/var/qmail/spamdyke/greylist graylist-min-secs=300 graylist-max-secs=1814400 recipient-whitelist-file=/var/qmail/spamdyke/whitelisted_recipients sender-whitelist-file=/var/qmail/spamdyke/whitelisted_senders rdns-whitelist-file=/var/qmail/spamdyke/whitelisted_rdns ip-whitelist-file=/var/qmail/spamdyke/whitelisted_ip sender-blacklist-file=/var/qmail/spamdyke/blacklisted_senders recipient-blacklist-file=/var/qmail/spamdyke/blacklisted_recipients ip-blacklist-file=/var/qmail/spamdyke/blacklisted_ip ip-in-rdns-keyword-blacklist-file=/var/qmail/spamdyke/blacklisted_words dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=b.barracudacentral.org reject-empty-rdns reject-unresolvable-rdns greeting-delay-secs=5 reject-missing-sender-mx reject-ip-in-cc-rdns policy-url=https://www.mydomain.com/files/spam_policy.html # SMTP CONFIG /etc/spamdyke-smtps.conf # log-level=verbose filter-level=normal local-domains-file=/var/qmail/control/rcpthosts max-recipients=20 idle-timeout-secs=60 tls-level=smtps tls-certificate-file=/var/qmail/control/servercert.pem graylist-level=only graylist-dir=/var/qmail/spamdyke/greylist graylist-min-secs=300 graylist-max-secs=1814400 recipient-whitelist-file=/var/qmail/spamdyke/whitelisted_recipients sender-whitelist-file=/var/qmail/spamdyke/whitelisted_senders rdns-whitelist-file=/var/qmail/spamdyke/whitelisted_rdns ip-whitelist-file=/var/qmail/spamdyke/whitelisted_ip sender-blacklist-file=/var/qmail/spamdyke/blacklisted_senders recipient-blacklist-file=/var/qmail/spamdyke/blacklisted_recipients ip-blacklist-file=/var/qmail/spamdyke/blacklisted_ip ip-in-rdns-keyword-blacklist-file=/var/qmail/spamdyke/blacklisted_words dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-blacklist-entry=b.barracudacentral.org reject-empty-rdns reject-unresolvable-rdns greeting-delay-secs=5 reject-missing-sender-mx reject-ip-in-cc-rdns policy-url=https://www.mydomain.com/files/spam_policy.html Paste from /var/log/mail.info Mar 1 22:43:21 web01 spamdyke[27052]: TLS_ENCRYPTED from: (unknown) to: (unknown) origin_ip: 189.73.84.88 origin_rdns: 189-73-84-88.jvece702.dsl.brasiltelecom.net.br auth: (unknown) Mar 1 22:43:23 web01 qmail-queue-handlers[27057]: Handlers Filter before-queue for qmail started ... Mar 1 22:43:23 web01 qmail-queue-handlers[27057]: from=eluqeja3...@brasiltelecom.net.br Mar 1 22:43:23 web01 qmail-queue-handlers[27057]: to=i...@domain.com Mar 1 22:43:23 web01 spf filter[27058]: Starting spf filter... Mar 1 22:43:23 web01 spf filter[27058]: SPF result: neutral Mar 1 22:43:23 web01 spf filter[27058]: SPF status: PASS Mar 1 22:43:23 web01 qmail: 1267479803.850047 new msg 4252044 Mar 1 22:43:23 web01 qmail: 1267479803.850047 info msg 4252044: bytes 2010 from eluqeja3...@brasiltelecom.net.br qp 27059 uid 2020 Mar 1 22:43:23 web01 qmail-local-handlers[27060]: Handlers Filter before-local for qmail started ... Mar 1 22:43:23 web01 qmail-local-handlers[27060]: from=eluqeja3...@brasiltelecom.net.br Mar 1 22:43:23 web01 qmail-local-handlers[27060]: to=i...@domain.com Mar 1 22:43:23 web01 qmail-local-handlers[27060]: mailbox: /var/qmail/mailnames/domain.com/info Mar 1 22:43:23 web01 qmail: 1267479803.870047 starting delivery 26208: msg 4252044 to local 9-i...@domain.com Mar 1 22:43:23 web01 qmail: 1267479803.870047 status: local 1/10 remote 0/20 Mar 1 22:43:23 web01 qmail: 1267479803.874047 delivery 26208: success: did_0+0+2/ Mar 1 22:43:23 web01 qmail: 1267479803.874047 status: local 0/10 remote 0/20 Mar 1 22:43:23 web01 qmail: 1267479803.878047 end msg 4252044 Im running Plesk 9.3 and Qmail. psa-qmail - 1:1.03-debian5.0.build92091105.14 What can i do about this? Kind Regards Magnus I don't see anything here that's indicative of a problem. If you're getting spam that you think spamdyke should have blocked, please post the headers from that particular message and we'll have a look at it. Of course, spamdyke will not block 100% of all spam. 80+% is not uncommon though. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke-users Digest, Vol 34, Issue 4
t...@uncon.org wrote: Quoting o...@uni-c.dk: On 03/11/2010 07:00 PM, Kris Van Hees ae...@alchar.org wrote: Message: 1 Date: Wed, 10 Mar 2010 16:51:19 -0500 Hi, I am currently running spamdyke 4.0.10, and I am experiencing very frequent cases of hanging spamdyke processes, eating up connections and often causing tcpserver to start refusing connections. I am still trying to figure our where it might be happening and why. So far, it mostly seems to be after there was either a DNS timeout or a command timeout. I've got that too, but I decided to workaround and kill spamdyke processes when they age beyond 10 hours. Thus, in my crontab: You need to supply some debugging info. At an absolute minimum a trace of a stuck process (strace on linux), and preferably a backtrace from gdb (that requires changing the spamdyke build process to add '-g' to the compile options, and remove the 'strip' command from the Makefile). -trog I believe this is related to the TLS bug. See thread: Spamdyke 4.0.10 - frequent hanging processes. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] TLS and blocking IO
Teodor Milkov wrote: Hello, It seems the way spamdyke implements TLS is prone to infinite hangs due to SSL_* functions blocking on IO operations. There are already some reported cases although no enough debug information was provided: http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg00797.html http://www.mail-archive.com/spamdyke-users@spamdyke.org/msg01313.html The simplest test case is connecting to spamdyke with telnet, then issue starttls and just wait here forever. At this time SSL_accept waits for input and there's no timeout mechanism to guard against this. There are more places in spamdyke where SSL_read, SSL_shutdown etc. are not well guarded. AFAIK there are two ways to handle this situation: 1. set inbound_fd/outbound_fd to non-blocking mode with fctnl(2) and then use SSL_* in a non-blocking manner[1] 2. use alarm() and signal handler to guard against such cases 1 is probably better way to do it while 2 is quicker (and dirtier?). What do you think? [1] http://www.openssl.org/support/faq.html#PROG10 I think I wish I would have paid closer attention to this when it was posted. :( I believe this is undoubtedly a bug. Kudos to Teodor for having nailed it so thoroughly. He identified the problem accurately, and provided suggested solutions (I agree that #1 is a cleaner solution, fwiw). Nice work Teodor. To be clear about this, the symptom/result of this bug is defunct qmail-spamd processes. Their parents are spamdyke processes that are waiting for TLS ended and closed events that never occur. This is typically after a TIMEOUT error message that is issued after any one of the spamdyke DENIED_* rejections. Killing the parent spamdyke processes clears things up effectively. http://www.spamdyke.org/documentation/README.html#TLS says While it's true spammers aren't using TLS and therefore any client that does use it is unlikely to be a spammer, there's no reason to assume that will be true forever. Looks like the day has come when this is no longer true. It appears that some spammers have begun using TLS in an effort to bypass spam filters (which does indeed defeat some spamdyke filters if TLS is implemented in qmail and not spamdyke). This increased use of TLS by spammers has made this bug more prevalent recently, especially on servers which host a large number (50+) of domains and accounts (hundreds). Hey Sam, do you suppose it's time to get this fixed? I maintain a server that's getting several of these per hour now, and will be happy to test when you have the code ready. Thanks to everyone who has wrestled with this elusive bug. Special thanks to Teodor. And Sam of course. ;) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Hanging spamdyke process causing problems?
t...@uncon.org wrote: Quoting Eric Shubert e...@shubes.net: On a high volume server, defunct processes are much more frequent. They all appear to be sessions with a spamdyke:TIMEOUT message, although there are also many TIMEOUTs which do not result in defunct processes. The defunct sessions vary as to the type of rejection, some rDNS, some RBLs, but they all eventually get a TIMEOUT message, but no subsequent tcpserver:end message. I'm not sure you understand what a defunct process is. You should read-up on it. When a process is defunct, it has exited successfully, and is waiting for its parent process to collect its return code. If 'ps' is listing the processes as defunct, you need to look into why their parent process isn't reaping them. -trog I think I understand defunct processes well enough, but perhaps I wasn't very clear in my description. The qmail-spamd process is defunct, and the parent spamdyke process is hung. Spamdyke is apparently waiting for i/o from openssl, but that's somewhat of a guess. In my description I was lumping the two processes together, as a logical unit of work, which was perhaps erroneous. Thanks for clearing this up. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] [patch] was: Re: TLS and blocking IO
t...@uncon.org wrote: Quoting Eric Shubert e...@shubes.net: Does this patch activate a timeout effects all (subsequent) read commands? If not, it won't solve the problem. spamdyke usually hangs long after the STARTTLS when it does, and the STARTTLS is successful. The patch needs a bit more work. I also need to look at changing how the SSL_shutdown works, as there is a hang-up there too. I believe that SSL_shutdown is likely where spamdyke is hung most often. I can send you some detail logs if you'd like to see them. I did see just a few (over a period of a few months on a relatively light traffic server) that appeared to hang early in the smtp session though (perhaps on the starttls - I only had the info logs to go on). As far as reads go, spamdyke does currently protect those, however, I'm not convinced that there being data available necessarily means that SLL_read won't block (i.e. does 1-byte of encrypted data always equate to 1-byte of non-encrypted data). Is is feasible to use SSL_* in a non-blocking manner as Teodor wrote (first post in this thread), or is there a problem with doing things that way? So even with this patch, using TLS with no idle-timeout-secs setting leaves a server vulnerable. Is there some way of requiring an idle-timeout-secs value when TLS is used? Perhaps giving it a relatively high (300) default? If nothing else, --config-test should at least give a warning when TLS is in use and there's no idle-timeout-secs setting. Personally, I'd like to see the idle-timeout-secs setting activated by default. It's not just TLS though - not using idle-timeout-secs means your server is vulnerable to a DoS. I agree, the default settings should enable it. This should probably be discussed under a different thread. I'll start one up. Thanks. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] idle-timeout-secs default vulnerability
The idle-timeout-secs setting is 0 by default, which defeats the setting. This leaves the server vulnerable to a DoS, per trog in a recent post. The use of this settings is thus highly recommended, and we feel that the default should be something other than 0 (iow, enabled). I think 300 is a reasonable default (although not necessarily optimal). I'm sure Sam had reason to choose 0 as a default, but I can't imagine what that would have been, other than not being able to determine what an appropriate default value would be. Sam? Does anyone have any thoughts on this that they'd like to share? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting
David Milholen wrote: I just a need a little primer to understand which method of graylisting i need to use. I have it set to always and those domain folders have are huge with entries. I am configuring a new server with qtp using centos5.4. All of the installation went smooth. I am thinking of using dovecot instead of courier on this one. I just dont want those huge graylist entries lingering around. If the sender in not on my domain and has no rdns or ip then they need to be graylisted. --Dave As far as senders in your domain go, if you have them use port 587 (submission) they will not be subject to spamdyke at all. That's perhaps the simplest (and recommended) way to handle submissions. As for cleaning up graylist entries, there's a qtp-prune-graylist script in QTP that does this for you. It may not be in the QTP RPM yet, as I don't think we've cut a QTP release since it was added. You can download and run it from the QTP subversion repo though. It's self contained and has no dependent (sub)scripts. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting
t...@uncon.org wrote: Quoting David Milholen dmilho...@wletc.com: I just a need a little primer to understand which method of graylisting i need to use. I just dont want those huge graylist entries lingering around. Graylist pruning has always been a problem with spamdyke. You have a few options: 1. Use 'find' to delete old entries, as detailed in the FAQ. Problems: I/O Intensive, very slow 2. Delete your whole graylist history and start again. Problems: (usually) I/O Intensive, slow, lose graylist history 3. Use a loopback filesystem to host your graylist directory, and umount/format it to clear history Problems: lose graylist history, requires manual intervention (unless you don't mind formatting filesystems from a script) 4. There is a mysql patch (I believe), haven't tested it. I quickly moved from doing option 1 to option 3, but I got a bit bored with doing that after a while, so started thinking of alternative schemes that don't require a spamdyke daemon to be running. I finally came up with the following answer: add a new option to spamdyke (graylist-weeks) and rotate the graylist directories on a weekly basis, with automatic migration, so that old entries automatically age. So if you have graylist-weeks=3, you end up with a directory structure like: graylist_dir/my.do.main/201009 graylist_dir/my.do.main/201010 graylist_dir/my.do.main/201011 -- current week dir all three of these directories will be checked for entries, and if found, migrated to the current week directory if required. On the fourth week you'll get a structure like: graylist_dir/my.do.main/201009 -- expired entries graylist_dir/my.do.main/201010 graylist_dir/my.do.main/201011 graylist_dir/my.do.main/201012 -- current week dir You can then simply delete the whole directory containing the expired entries. I wrote a small program that prints out the directories that need to be removed, which can be fed to rm with xargs. If anyone's interested, I can post the patch. Thanks, -trog I think this is more complicated than it needs to be, and not any more efficient than the qtp-prune-graylist script (http://qtp.qmailtoaster.com/trac/browser/bin/qtp-prune-graylist). The script is admittedly a little i/o intensive, but a) some of it is typically cached, and b) it's not all that slow. Besides which, what's the problem? It's typically run once a day, and I don't see it impacting the performance of anything else. To each his own though. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting
t...@uncon.org wrote: Quoting Eric Shubert e...@shubes.net: I think this is more complicated than it needs to be, and not any more efficient than the qtp-prune-graylist script (http://qtp.qmailtoaster.com/trac/browser/bin/qtp-prune-graylist). The script is admittedly a little i/o intensive, but a) some of it is typically cached, and b) it's not all that slow. Besides which, what's the problem? It's typically run once a day, and I don't see it impacting the performance of anything else. Depends on the scale of your mail server. See this entry from the ChangeLog: NOT BACKWARDS COMPATIBLE: Changed the graylist system to create a deeper directory structure by creating folders for the senders' domain names. This will allow busy servers to use graylisting even when the number of sender addresses could exceed the number of entries allowed in a folder. Thanks to Trog for suggesting this one. My mail servers graylisting was hitting filesystem limits in less than 24 hours. Which limit(s) of which filesystem? The qtp-prune-graylist script would take much longer than a day to run on my mail server. Did you run it? In 'silent' mode? The first large server it ran on, it processed over 1.1M entries. I don't recall the run time, but I believe it was less than an hour. This was on a filesystem that had run out of inodes. I'd basically have to run it continuously on my server - it would certainly impact performance. How many graylist entries do you have? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting
David Milholen wrote: Eric Shubert wrote: t...@uncon.org wrote: Quoting Eric Shubert e...@shubes.net: I think this is more complicated than it needs to be, and not any more efficient than the qtp-prune-graylist script (http://qtp.qmailtoaster.com/trac/browser/bin/qtp-prune-graylist). The script is admittedly a little i/o intensive, but a) some of it is typically cached, and b) it's not all that slow. Besides which, what's the problem? It's typically run once a day, and I don't see it impacting the performance of anything else. Depends on the scale of your mail server. See this entry from the ChangeLog: NOT BACKWARDS COMPATIBLE: Changed the graylist system to create a deeper directory structure by creating folders for the senders' domain names. This will allow busy servers to use graylisting even when the number of sender addresses could exceed the number of entries allowed in a folder. Thanks to Trog for suggesting this one. My mail servers graylisting was hitting filesystem limits in less than 24 hours. Which limit(s) of which filesystem? The qtp-prune-graylist script would take much longer than a day to run on my mail server. Did you run it? In 'silent' mode? The first large server it ran on, it processed over 1.1M entries. I don't recall the run time, but I believe it was less than an hour. This was on a filesystem that had run out of inodes. I'd basically have to run it continuously on my server - it would certainly impact performance. How many graylist entries do you have? Eric, Here are those results after using the script.. It was still running after 10pm but it got the job done it looks like. qtp-prune-graylist processing graylist tree at /var/spamdyke/graylist ... qtp-prune-graylist pruning entries older than 1209600 seconds ... qtp-prune-graylist processing domain hhinc.net ... qtp-prune-graylist hhinc.net - 80118 entries found qtp-prune-graylist hhinc.net - 75815 entries removed qtp-prune-graylist hhinc.net - 56689 empty directories removed qtp-prune-graylist hhinc.net - 4314 graylisting entries remain qtp-prune-graylist processing domain test.com ... qtp-prune-graylist test.com - 1 entries found qtp-prune-graylist test.com - 1 entries removed qtp-prune-graylist test.com - 1 empty directories removed qtp-prune-graylist test.com - 0 graylisting entries remain qtp-prune-graylist processing domain wletc.com ... qtp-prune-graylist wletc.com - 1164192 entries found qtp-prune-graylist wletc.com - 1127660 entries removed qtp-prune-graylist wletc.com - 439585 empty directories removed qtp-prune-graylist wletc.com - 37315 graylisting entries remain qtp-prune-graylist processing domain localhost ... qtp-prune-graylist localhost - 0 entries found qtp-prune-graylist localhost - 0 entries removed qtp-prune-graylist localhost - 0 empty directories removed qtp-prune-graylist localhost - 0 graylisting entries remain qtp-prune-graylist total - 4 domains processed qtp-prune-graylist total - 1244311 entries found qtp-prune-graylist total - 1203476 entries removed qtp-prune-graylist total - 496275 empty directories removed qtp-prune-graylist total - 41629 graylisting entries remain The wletc domain is my largest domain. I am having trouble with a customer who was using smtp-auth to send a 1MB attachment and it is timing out. Typically only takes a few seconds and its done but this is the first I have seen this. We are sending someone to check it out from his end to see whats up. Have any ideas on where I should check to see why its timing out. Sometimes they will send but its taking a long time around 8mins or more. --Dave Interesting numbers, Dave. Thanks for sharing. How long does the script take to run now that the initial pruning is done? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting
t...@uncon.org wrote: Here's some stats: 1062951 59.03% DENIED_GRAYLISTED 565115 31.38% DENIED_LOCAL_FROM_TO 1529108.49% ALLOWED 108260.60% TIMEOUT 61420.34% DENIED_OTHER 24620.13% DENIED_TOO_MANY_RECIPIENTS 2460.01% ERROR Summary Allowed: 1529108.49% Timeout:108260.60% Errors : 2460.01% Denied : 1636670 90.89% Total : 1800652 100.00% Spamdyke is knocking out 90% of the mail that's trying to get in. Mailing list traffic is a small proportion of the remaining 10%. (DENIED_LOCAL_FROM_TO is mail that is addressed both To and From a local user, which I also reject as that should never occur on this server.) Thanks, Trog. That's interesting. Not knowing how you're calculating the stats, I'm guessing that some portion of the ALLOWED messages are also included in the DENIED_GRAYLISTED figure, as one message will generate both log messages the first time through. The figures are a good ballpark though. What's the time period for these stats? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] how to whitelist
Good advice, Sebastian. In addition, you might want to whitelist a particular sender/domain. If that's the case, you can add cri...@tegado.ro (for the sender) or @tegado.ro (for the domain) to the whitelist_senders file. Keep in mind though, that senders are very easy to spoof. On a side note, if all of your your users use your server to submit emails (and they always authenticate, which they should), a good way to eliminate spam that spoofs your domain is to blacklist your own domain(s) in the blacklist_senders file. This is a bit counter intuitive, but it works nicely. Since spamdyke bypasses all filters for authenticated connections, any message that claims to be from your domain but fails to authenticate will be rejected. Legitimate messages from your domain will authenticate, and pass. Nice. -- -Eric 'shubes' Sebastian Grewe wrote: Hey Istvan, Take a look in the documentation for the whitelist_rdns and whitelist_ip file. For that particular match you could use the IP 95.64.115.3 inside the whitelist_ip or use part of the RDNS (more specific, add .netserv.ro to the file) which will whitelist that connection based on the reverse DNS. Please keep in mind that things that are denied usually get so for a reason. In this case you might have mail authentication turned off so the connection gets dropped. Cheers, Sebastian On Tue, 2010-04-13 at 17:48 +0300, Istvan Köpe wrote: Hello, I just installed spamdyke and is something totally different compared to spamassassin. This is good. I like it, but I can't control it. I have this mail rejected: 04-13 17:12:15 CHKUSER accepted sender: from cri...@tegado.ro:: remote hosting.ateck.ro:unknown:95.64.115.3 rcpt : sender accepted 04-13 17:12:15 spamdyke[2033]: DENIED_RDNS_RESOLVE from: cri...@tegado.ro to: m.ja...@hidraulica.ro origin_ip: 95.64.115.3 origin_rdns: 95-64-115-3.netserv.ro auth: (unknown) I want to whitelist but I don't know how. The documentation says where are the files we have to modify, but it doesn't say how do we have to modify these files. I know I have to modify whitelist_rdns , but I don't know what to write in it. Please help... Thank you! Istvan ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] how to whitelist
That's a very good description Faris. Thank you. Faris Raouf wrote: When you installed spamdyke, you specified the location of the configuration file, spamdyke.conf And I presume that you have looked at this file, and modified it to your needs. In this case, your user is being rejected because 95-64-115-3.netserv.ro does not resolve to an IP address and you have put the following in spamdyke.conf reject-unresolvable-rdns To whitelist someone who would be blocked by this rule, you could add the following line to spamdyke.conf rdns-whitelist-file=/path/to/whitelist_rdns (where /path/to/ is the real path to the file - usually same place as spamdyke.conf) And you would create a whitelist_rdns file in the directory described above. Now, in this file you can add: 95-64-115-3.netserv.ro Which would allow ONLY connections with an RDNS of 95-64-115-3.netserv.ro to bypass spamdyke's tests. However, if you want to allow all of netserv.ro then you would add this instead .netserv.ro Notice the dot (.) at the start. This is like wildcarding in a way, and say anything ending in .netserv.ro But as Sebastian says, are you sure you want to do this? This looks like it is a broadband or dial-up internet access account, and should not be attempting to send email to your mailserver. If it is one of your users who you allow to relay through your mailserver then again something is wrong, because when they authenticate with a username and password when sending email, spamdyke should allow them to do so without filtering them. The alternative method is to enable the submission port (587) and only allow relaying of authenticated users on that port, with no spamdyke blocking on that port at all. I'm sorry if this is not what you are asking and if I've misunderstood your question. Faris. I want to whitelist but I don't know how. The documentation says where are the files we have to modify, but it doesn't say how do we have to modify these files. I know I have to modify whitelist_rdns , but I don't know what to write in it. Please help... Thank you! Istvan -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke reject local users.
Leszek wrote: Hi, I've search spamdyke_lists but didn't find the aswer. I'm using spamdyke on Plesk installed on Debian 4.0. The problem is taht the local users sending e-mail are blocked by spamdyke: spamdyke[10333]: DENIED_RBL_MATCH from: u...@mydomain.pl mailto:u...@mydomain.pl to: u...@mydomain.pl mailto:u...@mydomain.pl - user tried to send message to itself. This user was authenticated but still blocked by spamdyke. I doubt that this is true. All filters are bypassed for authenticated sessions. I would turn on spamdyke's detailed logging (a very nice feature) to see what's happening with this session. I expect that authentication for this user is failing for some reason. My conf file: greeting-delay-secs=0 reject-missing-sender-mx log-level=debug idle-timeout-secs=300 ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip ip-whitelist-file=/var/qmail/spamdyke/pop-before-smtp rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns dns-blacklist-entry=zen.spamhaus.org http://zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net http://bl.spamcop.net graylist-level=always-create-dir graylist-dir=/var/qmail/spamdyke/greylist graylist-max-secs=1814400 graylist-min-secs=600 smtp-auth-level=ondemand-encrypted smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /bin/true tls-certificate-file=/var/qmail/control/servercert.pem local-domains-file=/var/qmail/control/rcpthosts rejection-text-graylist=temporary envelope failure (#4.3.0) Any suggestions ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke reject local users.
I don't see any authentication coming from the client in the logs. The client needs to be configured to authenticate. Also, David did mean blacklist. Blacklisting the domains you host is counter intuitive, but effectively blocks spam that spoofs/forges your domain name. -- -Eric 'shubes' Leszek wrote: There is a sample o log when the local user blocked: serwer.pl http://serwer.pl - default domain for serwer domain.pl http://domain.pl - domain of user account 05/17/2010 12:00:29 - Remote rDNS = (unknown) 05/17/2010 12:00:29 LOG OUTPUT DEBUG(filter_ip_whitelist()@filter.c:1127): searching IP whitelist file(s); ip: 196.36.218.170^M DEBUG(filter_ip_blacklist()@filter.c:1177): searching IP blacklist file(s); ip: 196.36.218.170^M DEBUG(filter_dns_rbl()@filter.c:1527): checking DNS RBL(s); ip: 196.36.218.170^M FILTER_RBL_MATCH ip: 196.36.218.170 rbl: bl.spamcop.net http://bl.spamcop.net^M 05/17/2010 12:00:29 FROM CHILD TO REMOTE: 23 bytes 220 domain.pl http://domain.pl ESMTP^M 05/17/2010 12:00:30 FROM REMOTE TO CHILD: 15 bytes HELO TSHIDIM1^M 05/17/2010 12:00:30 FROM CHILD TO REMOTE: 17 bytes 250 serwer.pl http://serwer.pl^M 05/17/2010 12:00:30 FROM REMOTE TO CHILD: 42 bytes MAIL FROM: u...@domain.pl mailto:u...@domain.pl^M 05/17/2010 12:00:30 FROM SPAMDYKE TO REMOTE: 66 bytes 250 Blocked - see http://www.spamcop.net/bl.shtml?196.36.218.170^M 05/17/2010 12:00:37 FROM REMOTE TO CHILD: 40 bytes RCPT TO: u...@domain.pl mailto:u...@domain.pl^M 05/17/2010 12:00:37 LOG OUTPUT DEBUG(filter_recipient_relay()@filter.c:2183): checking relaying; relay-level: 0 recipient: u...@domain.pl mailto:u...@domain.pl ip: 196.36.218.170 rdns: (unknown) local_recipient: true relaying_allowed: false^M 05/17/2010 12:00:37 FROM SPAMDYKE TO REMOTE: 66 bytes 554 Blocked - see http://www.spamcop.net/bl.shtml?196.36.218.170^M 05/17/2010 12:00:37 LOG OUTPUT DENIED_RBL_MATCH from: u...@domain.pl mailto:u...@domain.pl to: u...@domain.pl mailto:u...@domain.pl origin_ip: 196.36.218.170 origin_rdns: (unknown) auth: (unknown)^M 05/17/2010 12:00:37 CLOSED -- Leszek Bal 2010/5/17 Leszek keff...@gmail.com mailto:keff...@gmail.com Blacklist? You probably mean white-list. It's impossible, there are about 250 domains. Users are login from several countries. I've check debug level and see the log when I find some time to do this. Strange thing is that the not all users are blocked. Thanks for the answers -- Leszek Bal 2010/5/15 David Stiller david.stil...@blackbit.de mailto:david.stil...@blackbit.de It looks like there's missing the authorization info. Did you follow our hint to blacklist all your local domains? If yes, check that auth is successfull. On 14.05.2010 09:57, Leszek wrote: Hi, I've search spamdyke_lists but didn't find the aswer. I'm using spamdyke on Plesk installed on Debian 4.0. The problem is taht the local users sending e-mail are blocked by spamdyke: spamdyke[10333]: DENIED_RBL_MATCH from: u...@mydomain.pl mailto:u...@mydomain.pl to: u...@mydomain.pl mailto:u...@mydomain.pl - user tried to send message to itself. This user was authenticated but still blocked by spamdyke. My conf file: greeting-delay-secs=0 reject-missing-sender-mx log-level=debug idle-timeout-secs=300 ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip ip-whitelist-file=/var/qmail/spamdyke/pop-before-smtp rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns dns-blacklist-entry=zen.spamhaus.org http://zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net http://bl.spamcop.net graylist-level=always-create-dir graylist-dir=/var/qmail/spamdyke/greylist graylist-max-secs=1814400 graylist-min-secs=600 smtp-auth-level=ondemand-encrypted smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /bin/true tls-certificate-file=/var/qmail/control/servercert.pem local-domains-file=/var/qmail/control/rcpthosts rejection-text-graylist=temporary envelope failure (#4.3.0) Any suggestions ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org
Re: [spamdyke-users] whitelist_senders skipping smpt auth ?
Boris Hinzer wrote: Hello, can anybody verify this behavior? We are facing the situation, that if we whiteliste local emailadresse the smtp auth is completely skipped. Server is then acting like an open relay for these mailaddresses. In spamdyke.conf we have the following: smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /bin/true smtp-auth-level=ondemand-encrypted Best regards, Boris I can't verify, but this is the behavior I would expect. If something is whitelisted, all filters are bypassed. Likewise if a session is authenticated. Whitelisting can be dangerous, especially whitelisting your own domain(s). Whitelisting is intended more for getting around trusted mail servers that are misconfigured (rDNS issues typically). If your local users all authenticate (which they should), you can *blacklist* your local domains, which effectively blocks spam which spoofs/forges your domains. This is counter intuitive, but since your users authenticate, they will not be affected by the blacklist. What circumstance lead you to whitelist your local domain in the first place? Difficulty authenticating? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] whitelist_senders skipping smpt auth ?
I believe Sebastian's right. Greylisting won't come into play if the sender is authenticating successfully. Your problem is that authentication isn't happening, for whatever reason. In order to track down the problem, we need to know a bit more about your configuration. Are you using any particular 'flavor' of qmail? In your client configuration, there should be a server requires authentication or use username and password setting of some sort (varies by client program). Be sure that's checked. -- -Eric 'shubes' Sebastian Grewe wrote: Hey, I think there is an issue somewhere else. We are using SMTP Auth on Qmail Level and it works fine with Greylisting. Users are not being rejected when sending mail through the servers after SMTP authentication. I have no experience with Spamdyke doing the authentication. But make sure the users are actually doing the authentication process. Cheers, Sebastian On Thu, 2010-05-20 at 19:03 +0200, Boris Hinzer wrote: Am 20.05.2010 um 18:15 schrieb Eric Shubert e...@shubes.net: Boris Hinzer wrote: Hello, can anybody verify this behavior? We are facing the situation, that if we whiteliste local emailadresse the smtp auth is completely skipped. Server is then acting like an open relay for these mailaddresses. In spamdyke.conf we have the following: smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/ qmail/bin/cmd5checkpw /bin/true smtp-auth-level=ondemand-encrypted Best regards, Boris I can't verify, but this is the behavior I would expect. If something is whitelisted, all filters are bypassed. Likewise if a session is authenticated. Whitelisting can be dangerous, especially whitelisting your own domain(s). Whitelisting is intended more for getting around trusted mail servers that are misconfigured (rDNS issues typically). If your local users all authenticate (which they should), you can *blacklist* your local domains, which effectively blocks spam which spoofs/forges your domains. This is counter intuitive, but since your users authenticate, they will not be affected by the blacklist. What circumstance lead you to whitelist your local domain in the first place? Difficulty authenticating? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users Actually if we don't whitelist our local users they also run into greylisting process. This leads to very annoying messages in Outlook, which our users don't understand. At the moment we removed senders from whitelist and started an ip based whitelist, which is IMHO second best solution (thinking of cell phones, ipad, etc.). We are also facing the fact that mails where senders are faked and equal to receivers are getting through. Best regards, Boris ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] whitelist_senders skipping smpt auth ?
Sorry, I can't answer this. I use qmail-toaster, not plesk. Perhaps a plesk user (or a plesk list) would be helpful. -- -Eric 'shubes' b.hinzer wrote: Could this be, because of the fact that the settings are wrong in /etc/xinet.d/smtp_psa are wrong (or even in wrong order)? server_args = -Rt0 /var/qmail/bin/relaylock /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true Eric Shubert e...@shubes.net hat am 20. Mai 2010 um 20:09 geschrieben: Right-o, Sebastian. :) Boris, once you have all your users authenticating, you'll want to *blacklist* your local domains. This will block emails where the senders are faked with your domain. -- -Eric 'shubes' Sebastian Grewe wrote: That would still require your clients to actually enable SMTP authentication on their end to do the process of authentication. They have to send the username and password and once approved they are allowed to send. On Thu, 2010-05-20 at 19:58 +0200, Boris Hinzer wrote: We are running standard Plesk qmail and also have SMTP auth enabled. Am 20.05.2010 um 19:40 schrieb Eric Shubert e...@shubes.net: I believe Sebastian's right. Greylisting won't come into play if the sender is authenticating successfully. Your problem is that authentication isn't happening, for whatever reason. In order to track down the problem, we need to know a bit more about your configuration. Are you using any particular 'flavor' of qmail? In your client configuration, there should be a server requires authentication or use username and password setting of some sort (varies by client program). Be sure that's checked. -- -Eric 'shubes' Sebastian Grewe wrote: Hey, I think there is an issue somewhere else. We are using SMTP Auth on Qmail Level and it works fine with Greylisting. Users are not being rejected when sending mail through the servers after SMTP authentication. I have no experience with Spamdyke doing the authentication. But make sure the users are actually doing the authentication process. Cheers, Sebastian On Thu, 2010-05-20 at 19:03 +0200, Boris Hinzer wrote: Am 20.05.2010 um 18:15 schrieb Eric Shubert e...@shubes.net: Boris Hinzer wrote: Hello, can anybody verify this behavior? We are facing the situation, that if we whiteliste local emailadresse the smtp auth is completely skipped. Server is then acting like an open relay for these mailaddresses. In spamdyke.conf we have the following: smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true / var/ qmail/bin/cmd5checkpw /bin/true smtp-auth-level=ondemand-encrypted Best regards, Boris I can't verify, but this is the behavior I would expect. If something is whitelisted, all filters are bypassed. Likewise if a session is authenticated. Whitelisting can be dangerous, especially whitelisting your own domain(s). Whitelisting is intended more for getting around trusted mail servers that are misconfigured (rDNS issues typically). If your local users all authenticate (which they should), you can *blacklist* your local domains, which effectively blocks spam which spoofs/forges your domains. This is counter intuitive, but since your users authenticate, they will not be affected by the blacklist. What circumstance lead you to whitelist your local domain in the first place? Difficulty authenticating? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users Actually if we don't whitelist our local users they also run into greylisting process. This leads to very annoying messages in Outlook, which our users don't understand. At the moment we removed senders from whitelist and started an ip based whitelist, which is IMHO second best solution (thinking of cell phones, ipad, etc.). We are also facing the fact that mails where senders are faked and equal to receivers are getting through. Best regards, Boris ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman
Re: [spamdyke-users] question
Arvydas wrote: Hello, Jun 1 12:16:41 sun spamdyke[10110]: ALLOWED from: *vlgsham* to: niwtonsilva1...@oi.com.br mailto:niwtonsilva1...@oi.com.br is it possible to block non fully qualified senders ? a I don't know off hand of a spamdyke filter that would do this. I believe that chkuser would catch it though. Or you could try these 3 lines in your badmailfrom file: *\ @* !...@*.* *%* I believe the 2nd line would be what you're looking for. Note, chkuser and these badmailfrom settings are in the 'stock' qmail-toaster implementation. (http://qmail-toaster.com) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Genreal question
spamd...@guymerritt.com wrote: I am an extremely half-baked, amateur sysadmin - I really design web sites and host them myself, and, just barely keep a mail server running as a courtesy for a few design clients. My point is that perhaps I'm missing something in the docs (because I'm a dope). I wanted to start with the easiest possible setup. If I read everything correctly you can set up configuration files with white, gray, and black lists and do all sorts of things but this should work - to an extent - by simply compiling, copying the binary to /usr/local/bin and adding a line to your qmail-smtpd/run file (I am using Slackware 12.1 and that file is located at /var/qmail/supervise/qmail-smtpd/run). If I add the line suggested in the INSTALL instructions to my smtpd-run file I get tcp errors - ps -aux shows problems which I am not smart enough to interpret... At any rate, it does not work. I am using a call to spamhaus - would that be a conflict? My current smtpd-run file looks like this: #!/bin/sh QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue; export QMAILQUEUE QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z $QMAILDUID -o -z $NOFILESGID -o -z $MAXSMTPD -o -z $LOCAL ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo No /var/qmail/control/rcpthosts! echo Refusing to start SMTP listener because it'll create an open relay exit 1 fi exec /usr/local/bin/softlimit -m 5000 \ /usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp rblsmtpd -r sbl-xbl.spamhaus.org \ /var/qmail/bin/qmail-smtpd mail.myserver.com \ /home/vpopmail/bin/vchkpw /usr/bin/true 21 As I've said, I simply did ./configure and make and copied the binary to /usr/local/bin. The I add the line detailed in the docs to the file above and it broke the mail server. Any suggestions are appreciated. Thanks, Guy Merritt Flint, MI Hey Guy, Thanks for setting the stage. Your configuration appears to be similar to qmailrocks, so this should be easy, as I'm very familiar with qmail-toaster (http://qmailtoaster.com) which is also a qmailrocks derivative (although much easier to deal with than QMR). You should indeed get rid of rblsmtpd, because spamdyke will do the same thing for you. Try this for you exec command lines: exec /usr/local/bin/softlimit -m 5000 \ /usr/local/bin/tcpserver -v -R -l $LOCAL \ -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/spamdyke --config-file /etc/spamdyke.conf \ /var/qmail/bin/qmail-smtpd mail.myserver.com \ /home/vpopmail/bin/vchkpw /usr/bin/true 21 I'm not sure why you have mail.myserver.com in there as a parameter to qmail-smtpd. QMT doesn't have that, so keep it in if it works, and you might try removing it if there's still a problem. You'll need a spamdyke configuration file with this setup. In this case, I've specified it as /etc/spamdyke.conf but you can make it whatever suits you. In that file, you should have (among other things): dns-blacklist-entry=sbl-xbl.spamhaus.org that will replace what you had in the run file for spamhaus. If you have any further problems, please post the run file you tried, as well as your spamdyke.conf file. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] allow cron jobs
Eric Shubert wrote: nightduke wrote: Hi i have cron jobs daily for backup, freshclam,etc... it's strange i have received emails sucesfully but now not allowed... May 30 19:27:02 vps qmail: 1275272822.712321 info msg 23823869: bytes 2951 from anonym...@vps.vps qp 7551 uid 0 May 30 19:27:02 vps qmail: 1275272822.721100 starting delivery 335: msg 23823869 to remote m...@gmail.com May 30 19:27:02 vps qmail: 1275272822.721157 status: local 0/10 remote 1/60 May 30 19:27:03 vps qmail: 1275272823.714034 delivery 335: success: User_and_password_not_set,_continuing_without_authentication./m...@gmail.com_74.125.xxx.xx_accepted_message./Remote_host_said:_250_2.0.0_OK_1275272823_d4si11263527vcx.92/ May 30 19:27:03 vps qmail: 1275272823.714124 status: local 0/10 remote 0/60 May 30 19:27:03 vps qmail: 1275272823.714141 end msg 23823869 May 30 21:37:50 vps spamdyke[19956]: FILTER_OTHER: response: 553 sorry, your envelope sender has been denied (#5.7.1) May 30 21:37:50 vps spamdyke[19956]: DENIED_OTHER from: nob...@localhost to: m...@gmail.com origin_ip: 127.0.0.1 origin_rdns: localhost auth: (unknown) May 31 01:23:35 vps qmail: 1275294215.021451 status: exiting May 31 01:23:37 vps qmail: 1275294217.189474 status: local 0/10 remote 0/60 i have at whitelistip file 127.0.0.1 How can i fix local cron jobs output by email? Thanks Jose Something (chkuser?) doesn't like the sender address: nob...@localhost. Rightly so. Edit your /etc/hosts file so that 127.0.0.1 resolves to a legitimate host name (as opposed to localhost), and that should fix things up. Something like: 127.0.0.1 myhost.mydomain.com localhost.localdomain localhost Be sure to leave the localhost.localdomain and localhost portions so that these names still resolve to 127.0.0.1. I believe I was wrong about this solution. Check in your /var/qmail/control/ that your me and defaultdomain files have the appropriate value. Sorry about that. :( -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] [patch01] TLS hung processes
Hartmut Wernisch wrote: On 22 Mar 10, Mirko Buffoni wrote: At 13.10 19/03/2010 +0100, you wrote: At 13.39 19/03/2010 +1100, you wrote: On 19/03/2010 07:15, t...@uncon.org wrote: Started a new thread for this improved patch. This should fix the SSL_accept, SSL_shutdown and SSL_read issues. It temporarily sets the socket to non-blocking and timesout after the configured time. This is a replacement for the previous patch, apply to a clean spamdyke-4.0.10 code base. So far, with the new patch, no sign of hung or defunct processes has been noticed. I also shortened the default qmail timeoutsmtpd to 600 (10 minutes) Survived a good amount of spam in the 11:00-12:00 time range. Good sign. After 3 days and several spam storms (that can be seen from collected statistics) no hanged up spamdyke process, nor defunct qmail-smtpd process have been noticed. IMO, I'd say your latest patch is stable enough to be included in the official trunk since it corrected a very annoying behavior. Thank you for your support, Trog. yes me too. no more idle spamdyke processes or defunc qmail process since using this patch. best, Hartmut Wernisch Sam, Any guess as to when this patch will be rolled into the next version? Many thanks. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] skip RBL check for specific recipients or domains
Daniel wrote: Hi! Is it possible to skip RBL checks and automatically deny requests for a specific domain or addresses? I think the denial is with this option: recipient-blacklist-ent...@domain.tld But the above only starts blacklisting after the RBL-lookup. It would be nice if the RBL-lookup would not be processed somehow for the entry. Thanks in advance! Regards, Daniel spamdyke configuration can be tailored according to recipient domain and/or address using Configuration Directories. See http://www.spamdyke.org/documentation/README.html#CONFIGURATION_DIR -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] --config-test slow with graylist
I notice that the --config-test option is painfully slow with a graylist of any size. I just ran it with a graylist of 5000 entries, and it took several minutes. It did finally finish fine, so it's not much of a problem. In comparison, qtp-prune-graylist ran against the same graylist in 8 seconds, although to be fair some entries were undoubtedly still cached. Just wanted to let folks know that it is indeed slow, so give it some time. I did notice at the time that top showed a high cpu wait percentage, so it's I/O bound no doubt. Sam, you might want to have a look at this when you get a chance. Low priority though. Thanks. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting/greylisting behavior, bug or feature?
I believe that behavior is normal. Will you please explain why you think this is a problem? Note, a successful gray listing isn't necessarily a whitelist. Other filtering rules are still applied to subsequent messages, but if a message from a 2nd IP address passes other filters, it will not trigger a new graylist entry when an active graylist entry exists. If this were not the case, emails from large email providers who have pools of outbound servers would require graylisting each outbound server, which would be undesirable. -- -Eric 'shubes' Demetrio López wrote: Hello. I have a problem with greylisting. When an email is accepted by the sender sen...@domain-from.com to the recipient recipi...@domain-rcpt.com from an IP then all mail sent to that same sender and recipient are accepted from any IP. Software: Qmail-LDAP Spamdyke 4.1.0 (from source) Debian GNU/Linux 5.0.5 Spamdyke options: filter-level=normal greeting-delay-secs=1 log-level=info log-target=stderr graylist-level=always graylist-dir=/var/spamdyke/greylisting graylist-max-secs=86400 graylist-min-secs=600 -- Atentamente, Demetrio López. Departamento de Sistemas, IdecNet S.A. Centro de Gestión de Red. Edificio IdecNet. C/Juan XXIII 44. E-35004, Las Palmas de Gran Canaria, Islas Canarias - España. Tfn: +34 828 111 000 Ext: 340 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] --config-test slow with graylist
That what I suspected. Now that you mention it, I did have some write inefficiencies configured (lacked write caching) that have since been corrected. I just tested again, and results were much better, more like what I would expect. I think the writes were what was clobbering performance. If you have a look and don't see any inefficiency, I'd leave it alone. I like thorough integrity checks. :) Thanks for everything, Sam. -- -Eric 'shubes' Sam Clippinger wrote: I'll take a look at the code to see if there's anything wrong, but it's likely there's not a lot I can do about this (except make the test less comprehensive). The graylist test looks at every folder and file individually, examines permissions and tests writeability. Since the goal is to identify problems with the folder structure, I tried to make it as thorough as possible. The pruning script, by comparison, is only looking at the dates on the files and folders, so it can run much faster. -- Sam Clippinger On 7/9/10 11:23 AM, Eric Shubert wrote: I notice that the --config-test option is painfully slow with a graylist of any size. I just ran it with a graylist of5000 entries, and it took several minutes. It did finally finish fine, so it's not much of a problem. In comparison, qtp-prune-graylist ran against the same graylist in 8 seconds, although to be fair some entries were undoubtedly still cached. Just wanted to let folks know that it is indeed slow, so give it some time. I did notice at the time that top showed a high cpu wait percentage, so it's I/O bound no doubt. Sam, you might want to have a look at this when you get a chance. Low priority though. Thanks. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Problem with TLS and SSL
Les Fenison wrote: I am having trouble doing smtp and smtps both. I am only able to do one or the other. If I set tls-level=smtp, smtps on port 465 will not connect but I can do tls on port 25 if I set tls-level=smtps I can do smtps but can not do tls on port 25. Shouldn't I be able to run both? Am I missing something? I haven't done smtps (which is deprecated btw), so I don't know for sure. That being said, I believe you would need a separate instance of qmail-smtp and spamdyke running on port 465 for smtps. To run both, simply add the tls-level option to the appropriate command line that invokes spamdyke (in the run file instead of a config file). -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting - Recipient address not added to domain directory ...
t...@uncon.org wrote: Quoting Eric Shubert e...@shubes.net: Anthony Ercolano wrote: Well I think I might have my own answer to my question. It *appears* as though the messages that weren't getting graylisted were sent using tls. Very interesting. Upon what are you basing this observation? It depends upon where you implement your TLS. If your qmail implements TLS, and spamdyke passes it through, then spam over TLS will get through. -trog Good catch, trog. I'd bet that's exactly what's happening. Anthony, see http://spamdyke.org/documentation/README.html#TLS If you add: tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp to your spamdyke configuration, that should fix your problem, providing that you compiled spamdyke with TLS support. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] control spam
Also, there is a qtp-install-spamdyke script which is part of the qmailtoaster-plus package (http://qtp.qmailtoaster.com). Just run the script after installing the package, and that's all there is to it. You can tailor the /etc/spamdyke/spamdyke.conf file to your liking, per the link sanjeev referenced. sanjeev rao wrote: It is pretty clear and straight forward devrajnp http://www.spamdyke.org/documentation/README.html#CONFIGURATION_FILE --- On *Tue, 8/10/10, devra...@fewanet.com.np /devra...@fewanet.com.np/* wrote: From: devra...@fewanet.com.np devra...@fewanet.com.np Subject: [spamdyke-users] control spam To: spamdyke-users@spamdyke.org Date: Tuesday, August 10, 2010, 9:12 AM dear sir, i have installed qmailtoaster on centos5.3.how to setup spamdkye config file.pls help me. _ __ -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] hello
Noel Rivera (Border Less) wrote: Hello list this is my first post. I have the problem with 1 of my 6 domains in my qmail server with spamdyke. I need to configure separated options for this domain, I need don’t block example this options: reject-empty-rdns reject-ip-in-cc-rdns reject-missing-sender-mx reject-unresolvable-rdns but only in one of my 6 domains, this domais has prefix domain.com.mx what can I do to make this changes, thanks for all. http://spamdyke.org/documentation/README.html#CONFIGURATION_DIR -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] use spamdyke with fetchmail
nightduke wrote: i want to clean spam from an email i have on a mail server, i want to chech each our that email account, spamdyke will check rbl and all emails that match rbl will be deleted. Can this be done with spamdyke? or i can't do that with spamdyke. Thanks spamdyke relies on the sending server's IP address for its effectiveness. Since the sending server is different than the original in a fetchmail situation, spamdyke would not be effective (e.g. everything would appear to be be coming from localhost, not the original sending server). If all you want to do is an rbl lookup, the simplest solution might be to write a shell script to do this. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Filtering order when reject-identical-sender-recipient in use
Marcin Orlowski wrote: On Mon, 20 Sep 2010 21:01:39 +0200, Marcin Orlowski car...@wfmh.org.pl wrote: I'd rather expect DENIED_IDENTICAL_SENDER_RECIPIENT to appear in logs, as such filter definitely costs less than DNS queries. I tried to find filter chain described in the manual, but seems there's no such information. Sam, wouldn't be much better to have order reversed here? I now also spotted that when you enablie any BLs, these are also queried before reject-identical-sender-recipient is checked - so I second myself :) reject-identical-sender-recipient shall be evaluated prior performing any other blocking filters simply for faster processing Regards, I expect that Sam will have some words of wisdom here, but I'll chime in beforehand. The most efficient balance overall for filtering efficiency cannot be done by doing the least costly filters first. While that's a simple approach (and simplicity has its merits), it's not necessarily optimal. I expect that the RBL and DNS checks are being done as soon as possible in the process (when the sender's IP address is first known), which is at a point when the sender and recipient addresses aren't yet available. In order to do the DENIED_IDENTICAL filter, the smtp session must progress to the point of having that information, which also uses resources (a few more send/receive transmissions into the session). In order process the DENIED_IDENTICAL filter first, resources would need to be used to get the sender and recipient addresses for *all* messages, including those that are rejected based on one of the IP filters. I believe that this extra overhead would outweigh the potential savings of applying the DENIED_IDENTICAL filter before RBL and DNS filters. In addition, I think the RBL and DNS filters have a higher probability of rejecting a given message than the DENIED_IDENTICAL filter, which also weighs into the equation. Is that about right, Sam? (FWIW, I don't use this filter, so it doesn't really matter to me. I just blacklist local domains instead). -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Running Spamdyke with qmail-ldap
Are you sure you're connecting to the same server from the outside?
Is it possible that you're connecting to some other server?
If spamdyke runs from a local connection but not from an outside
connection, then the problem would most likely be outside of your host.
Joy wrote:
i am not having any firewall or no service stopping my telnet to 25
only options defined in spamdyke.conf is not working from outside.
On Sun, Sep 19, 2010 at 7:56 PM, Eric Shubert e...@shubes.net wrote:
If telnet to port 25 works ok from your server but not from an external
host, then your problem would appear to be with some aspect of
networking, such as routing or firewall.
Is iptables running? If so, is it blocking port 25?
Is an external router blocking traffic? The problem might be external to
your server.
--
-Eric 'shubes'
Joy wrote:
Here is my spamdyke.conf script :-
log-level=error
local-domains-file=/var/qmail/control/rcpthosts
tls-certificate-file=/var/qmail/control/cert.pem
greeting-delay-secs=10
dns-blacklist-entry=zen.spamhaus.org
I have changes the permission of spamdyke binary file so that the same
can be executed with qmaild user. now if i test the same from my
server by make a telnet connection to my smtp server it delays the
connection as per greeting delay but if i use the same from remote
systems this doesn't work for me.
Here is server details :-
OS - Debian lenny
Version - 5.0.5
I am not getting any error.
My mail server is accepting all mails.
I have installed qmail as per http://www.lifewithqmail.org/ldap/ URL.
Please suggest me how to trace the issue.
On Tue, Sep 14, 2010 at 1:41 AM, Demetrio López
demetrio.lo...@idecnet.com wrote:
I agree with Sam. It's probably a permissions problem.
Run your script (first stop qmail-smtpd service with svc) in a shell and
edit /etc/spamdyke.conf to send errors to stderr.
Anyway, could you provide more information?
El 13/09/2010 19:46, Sam Clippinger escribió:
I don't see anything wrong with this file. My guess is that it's a
permission problem; is it possible the qmaild user can't run the
spamdyke binary?
Could you provide a little more information about the problem? Are you
seeing any error messages? Does your server stop accepting mail
entirely? What OS and version are you using? How was qmail installed
(e.g. OS package, QMT, QmailRocks, LifeWithQmail, Plesk)?
-- Sam Clippinger
On 9/13/10 12:14 AM, Joy wrote:
I have tried your script but it doesn't work for me, Here is my run
file:-
#!/bin/sh
exec 21
#
# SMTP service
#
QMAIL=/var/qmail
ME=`head -1 $QMAIL/control/me`
CONCURRENCY=${CONCURRENCY:=50}
QUSER=qmaild
PATH=$QMAIL/bin:$PATH
# source the environemt in ./env
eval `env - PATH=$PATH envdir ./env awk '\
BEGIN { for (i in ENVIRON) \
if (i != PATH) { \
printf export %s=\%s\\\n, i, ENVIRON[i] \
} \
}'`
# enforce some sane defaults
QUSER=${QUSER:=qmaild}
PBSTOOL=${PBSTOOL:=$QMAIL/bin/pbscheck}
if [ X${NOPBS+true} = Xtrue ]; then
unset PBSTOOL
fi
exec \
envuidgid $QUSER \
tcpserver -v -HURl $ME -x$QMAIL/control/qmail-smtpd.cdb \
${CONCURRENCY:+-c$CONCURRENCY} ${BACKLOG:+-b$BACKLOG}
0 smtp \
$PBSTOOL \
/usr/local/bin/spamdyke -f /etc/spamdyke.conf \
$QMAIL/bin/qmail-smtpd 21
Please let me know what's wrong with the run file.
On Mon, Sep 13, 2010 at 3:58 AM, Demetrio López
demetrio.lo...@idecnet.com wrote:
Hi. This is the script that I use to run qmail-smtpd with daemontools:
#!/bin/sh
exec 21
#
# SMTP service
#
if [ -f env/CONCURRENCY~ ]
then
rm env/CONCURRENCY~
fi
USER=qmaild
QMAIL=/var/qmail
ME=$(head -1 $QMAIL/control/me)
CONCURRENCY=${CONCURRENCY:=50}
PATH=$PATH:$QMAIL/bin
# source the environemt in ./env
eval `env - /usr/local/bin/envdir ./env awk '\
BEGIN { for (i in ENVIRON) printf %s=\%s\\n, i,
ENVIRON[i] }'`
exec /usr/local/bin/envdir ./env \
envuidgid $USER \
tcpserver -v -URl $ME -x$QMAIL/control/qmail-smtpd.cdb \
${CONCURRENCY+-c$CONCURRENCY} ${BACKLOG+-b$BACKLOG} 0
smtp \
/usr/local/bin/spamdyke -f /etc/spamdyke.conf \
$QMAIL/bin/qmail-smtpd 21
In my case I do not use PBS because this server only acts as MX. Users
read their mailboxes on another server.
In your script, Which is the value of $PBSTOOL variable?
El 10/09/10 12:07, Joy escribió:
Hello Everyone,
This is my first post to this list so please
apologies me for any mistake.
I am running qmail server with ldap support. Installed spamdyke on my
server and also set up my run file as suggested in your website but my
smtp server is not using spamdyke, while running spamdyke from command
line with the same options working well so there is no issue in
installation just let me know how
Re: [spamdyke-users] Problem with RHSBL's
On 10/29/2010 02:38 AM, David Stiller wrote: Hi all, by accident i have used the entry rhs-blacklist-entry=block.rhs.mailpolice.com in my config. That list is down sind June 2010, but spamdyke blocked all incoming mails. The list still responds to the subdomain rhs.mailpolice.com: ;; ANSWER SECTION: block.rhs.mailpolice.com. 80855 IN A 75.125.118.227 Spamdyke asked it for entries and blocked ALL incoming mails, instead of letting the mails through to the next filters, as the list told no domain name. So double-check your mail-log if you use any RHSBL's or RBL's. Regards, David Thanks for the heads up, David. Regarding RHSBLs, here's what wikipedia says about them: URI DNSBLs are often confused with RHSBLs (Right Hand Side BLs). But they are different. A URI DNSBL lists domain names and IPs found in the body of the message. An RHSBL lists the domain names used in the from or reply-to e-mail address. RHSBLs are not very effective because most spams either use forged from addresses or use from addresses containing popular freemail domain names, such as @gmail.com, @yahoo.com, or @hotmail.com addresses. In contrast to marginally effective and not-often-used RHSBLs, URI DNSBLs are very effective and are used by the majority of spam filters. Due to their relative ineffectiveness, I don't use RHSBLs at all, and recommend the same. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] using spamdyke with anti spam solution dspam vs mailscanner
On 10/31/2010 08:44 AM, Angus McIntyre wrote: nightduke wrote: I'm tired of spam, i want to use spamdyke with dspam or mailscanner. I don't want to receive virus, i want to block spam with spamdyke but also i want to have more features like dspam or mailscanner have, after the mail server is a lotus domino server. What's your opinion about my idea? Most anti-spam solutions involve several levels. No one tool will give you everything you need. For instance, I use Spamdyke, SpamAssassin, ClamAV and some custom scanning tools. If you're looking at Spamdyke, presumably you're running qmail as your mail transport agent (because Spamdyke is a plugin for qmail). There are several guides that will tell you how to integrate anti-spam and anti-virus tools with qmail. I've found that one of the simplest is Qmailrocks (http://qmailrocks.org/). Not everyone likes Qmailrocks: purists will tell you that not all the advice given is good and the guide hasn't been updated in a while. On the other hand, it is easy to follow and, in my experience at least, gives good results. I can also confirm that adding Spamdyke to a Qmailrocks installation is easy (thanks to Sam's clearly-written instructions). An alternative is Qmailtoaster (http://www.qmailtoaster.com/). Angus Good advice, Angus. Hey nightduke, I thought you had a qmailtoaster going. That's really the simplest route to go IMO, and I doubt that (along with spamdyke) you'll find anything more effective when it comes to fighting spam. I expect that version 2 of QMT will be even better, as it will be yum/rpm based for all package management, instead of having to build qmail (et al) from source, and spamdyke will be included in the 'stock' configuration. Installing spamdyke on QMT is as simple as running the qtp-install-spamdyke script. I don't think you'll find dspam or mailscanner to be significantly more effective than spamassassin, in conjunction with spamdyke. If I had to choose only one piece of software for fighting spam, it'd be spamdyke hands down. FWIW. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting Question
On 11/16/2010 02:37 PM, psotnic wrote: Dear Sirs! First of all I would like to thank You for Your time! My question: Is it possible to disable greylisting when sending e-mails between two users on the same domain? (ex. m...@example.com mailto:m...@example.com to a...@example.com mailto:a...@example.com) Thank You in advance! If the sender (mark) authenticates with an account name and password when sending, no filtering (including greylisting) will take place. As a general rule, it's best if all senders always authenticate. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting Question
I'm not sure about that. I suppose that would depend on how you have pb4s implemented. As long as spamdyke is configured to use an authentication mechanism which supports pb4s (spamdyke is very flexible with authentication), I don't expect there would be a problem. Are you having a problem, or are you just investigating? -- -Eric 'shubes' On 11/17/2010 02:42 AM, psotnic wrote: How would that apply in case of a pop3 before smtp? On 17 November 2010 02:07, Eric Shubert e...@shubes.net mailto:e...@shubes.net wrote: On 11/16/2010 02:37 PM, psotnic wrote: Dear Sirs! First of all I would like to thank You for Your time! My question: Is it possible to disable greylisting when sending e-mails between two users on the same domain? (ex. m...@example.com mailto:m...@example.com mailto:m...@example.com mailto:m...@example.com to a...@example.com mailto:a...@example.com mailto:a...@example.com mailto:a...@example.com) Thank You in advance! If the sender (mark) authenticates with an account name and password when sending, no filtering (including greylisting) will take place. As a general rule, it's best if all senders always authenticate. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Greylisting Question
Ever so true. Anyone using qmail who is not using Qmail-Toaster is making things harder than they need to be. :) However, the stock QMT configuration does not support pb4s. It could be modified to do so, but pb4s is not a preferred authentication mechanism, for good reasons. On 11/17/2010 07:26 AM, Carlos Herrera Polo wrote: If you have Qmail-Toaster you have the solution. 2010/11/17 psotnic psot...@gmail.com mailto:psot...@gmail.com How would that apply in case of a pop3 before smtp? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] TLS/SSL error w/ Spamdyke 4.1.0
On 11/20/2010 12:22 PM, Dossy Shiobara wrote: OK, I think I figured out the issue! Similarly, I did a ton of Googling with very little success in finding a solution. Hopefully this will be in the archive and help someone down the line ... My setup is a hand-rolled Qmail + Spamdyke setup. I run everything under Daemontools. My Spamdyke config lives in /etc/qmail -- here is where it gets interesting. I had regular SMTP and SMTPS managed separately under Daemontools. The SMTP one pointed Spamdyke at /etc/qmail/spamdyke, and the SMTPS one used /etc/qmail/spamdyke-ssl. The two configs were identical *except* the SMTPS one had the following three lines at the top: tls-level=smtps tls-certificate-file=/etc/ssl/certs/dovecot.pem tls-privatekey-file=/etc/ssl/private/dovecot.pem This worked great, except making config changes meant having to make them *twice* ... annoying, and potentially error prone. I decided to try and unify things into one config file, so I moved the tls-*-file config directives into /etc/qmail/spamdyke, and added --tls-level=smtps to the Daemontools run file. The default for tls-level is smtp ... which, when I misread (or misremembered) the documentation, I confused it for what is actually the none setting. I didn't realize that smtp would be SMTP+STARTTLS ... turns out if you specify tls-certificate-file and tls-privatekey-file and tls-level=smtp, you get STARTTLS ... oops. This is why after moving those two config settings into my /etc/qmail/spamdyke (which my SMTP config would now share), I ran into problems. Why? Here's the relevant snippet of what my SMTP run file used to be -- exec envuidgid qmaild \ tcpserver -v -R -c $MAXSMTPD -u $QMAILDUID -g $NOFILESGID \ -x /etc/tcprules/smtprules.cdb 0 25 \ /usr/bin/fixcrio /usr/bin/recordio \ /var/qmail/bin/spamdyke -f /var/qmail/control/spamdyke -- \ /var/qmail/bin/qmail-smtpd `hostname` \ /usr/bin/checkpassword /bin/true 21 At first glance, I totally didn't spot the problem. Of course, it was because I had *assumed* that the default tls-level of smtp meant what none actually provides (NB: it'd be nice if the default for tls-level was actually none and not smtp ... but, that's just my $0.02) -- so, why would I be seeing SSL errors, right? Then it dawned on me that if I'm seeing SSL errors, then it MUST be trying to do SSL somehow, despite what I (incorrectly) thought tls-level=smtp was supposed to do. That's when it dawned on me: the fixcrio/recordio is going to much with the bytestream, which it's supposed to do and works well for qmail-smtpd ... but I had them *upstream* from Spamdyke! OOPS. I moved those two commands on the one line to *after* spamdyke, and everything appears to be working just fine. Alternatively, I guess I could have left things the way they were and set tls-level=none, so that I could use recordio to capture SMTP sessions *before* spamdyke hands control over like I had previously. Perhaps I should put keep recordio before spamdyke, and fixcrio to after it. In theory, that would provide me the logging I want but not muck with the potential SSL session. Thoughts? Why do you need recordio when spamdyke has such a nice detailed logging facility? Doesn't spamdyke take care of what fixcrio does, making fixcrio unnecessary? On 11/20/10 2:01 PM, Sam Clippinger wrote: After doing some Googling, two thoughts occur to me. First, is it possible you have a firewall or some kind of filtering appliance that is blocking the SSL traffic? Second, are you using ulimit (or something similar) to restrict spamdyke's memory usage? If that limit is set too low, it can cause strange problems like this. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] TLS/SSL error w/ Spamdyke 4.1.0
I'm betting that you won't ever want to do w/out spamdyke. :) FWIW, if you want a qmail server that just works, you should try out http://qmailtoaster.com/. It might make a good reference as well if you're doing a custom setup. -- -Eric 'shubes' On 11/20/2010 08:50 PM, Dossy Shiobara wrote: If you're referring to full-log-dir, I don't want separate files -- I want things to get output to stderr so they can get logged with multilog. Plus, the format that recordio emits is more useful for parsing, etc. I didn't realize that spamdyke takes care of fixcrio, but I'm leaving it in (1) just in case, and (2) in case I replace spamdyke with something else, so I don't forget to re-add it. On 11/20/10 8:46 PM, Eric Shubert wrote: Why do you need recordio when spamdyke has such a nice detailed logging facility? Doesn't spamdyke take care of what fixcrio does, making fixcrio unnecessary? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Fwd: RELAYCLIENT setting when spamdyke is authenticating
This appears to me to be a deficiency in qmail-scanner more so than spamdyke. Simscan, as opposed to qmail-scanner, has a compile option which turns off scanning for authenticated users, and works fine with the present spamdyke. Simscan is what the current QMail-Toaster utilizes, although QMTv2 is slated to use amavis-new instead. I see 3 possibly solutions for Bgs's problem: .) replace qmail-scanner with simscan .) replace qmail-scanner with amavis-new .) replace the entire host with QMT Personally, I'd rather see Sam working on a SPF implementation than this enhancement. ;) -- -Eric 'shubes' On 11/26/2010 02:32 AM, Bgs wrote: No, you misunderstood. I'm not asking about removing RC anytime later. I want to disable SA for authenticated users only. The problem is that both of you (spamdyke/spamassassin) have you own logic that works well alone, but do not work well together. The solution could be some way of communication between the two that can override the default behaviours. This is why I thought about adding another env var (the main way of communication) that could relay the information. So: Spamdyke sets RC for all mail it thinks by its rules, that must be handled and overrides qmail. qmail-scanner only filters mail that's not local and RC is not set. This way I'm forced to override qmail-scanner by setting QS_SPAMASSASSIN from my smtp.conf and by this scanning authenticated mail as well. A possible solution is to add a logic to spamdyke which is able to set a new env var and also add a logic to qmail-scanner takes it into consideration when scanning mail. This needs only minor changes in both software and enables them to peacefully coexist. The logic I was thinking of: - spamdyke acts as normal with average config - Add and env var SCAN_SPAM which can be set to 'on' or 'off' - qmail-scanner acts as normal without the env var (or wrongly set) - qmail-scanner overrides spam scanning rules if the env var tells it explicitly to set it on/off - Add a rule to spamdyke's config: external-spam-scan-on-auth which takes on or off as arguments and sets the env var to that. The same could be used for other spam scan disable/enable scenarios not just authentication and as a plain env var, other downstream scanning modules can utilize it, not just qmail-scanner. What to you think Sam? Regards Bgs On 11/25/2010 06:10 PM, Sam Clippinger wrote: I'm not sure this can be resolved. Environment variables can't be altered once the qmail-smtpd process has been started: http://www.spamdyke.org/documentation/FAQ.html#SUGGESTION7 spamdyke always sets the RELAYCLIENT variable because it needs to override qmail's filters when a client meets spamdyke's criteria for relaying. Specifically, if a client authenticates or matches a whitelist, spamdyke needs to prevent qmail from blocking the message later. I suppose I could change spamdyke to not set the RELAYCLIENT variable if authentication is turned off and no whitelists are enabled... but the method to trigger/stop the variable would be so complex I think it would cause more confusion than it's worth. What does the rest of your spamdyke configuration look like? Could you use it with no whitelists, no configuration directories and smtp-auth set to none or observe? -- Sam Clippinger On 11/23/10 3:01 PM, Bgs wrote: Trying again, it didn't show up on the list... Original Message Subject:RELAYCLIENT setting when spamdyke is authenticating Date: Sun, 21 Nov 2010 14:52:14 +0100 From: Bgsb...@bgs.hu To: spamdyke usersspamdyke-users@spamdyke.org Hi, I might be the one misinterpreting the docs, but something is strange for me. The setup: spamdyke with auth/access file + qmail-scanner with spamassassin In my access file I have localhost with RELAYCLIENT and no qmail-scanner, all other without RELAYCLIENT and qmail-scanner. I have relay-level set to 'normal' which according to the docs, does the following: |normal|: Prevent relaying unless the sender authenticates, the access file allows relaying or an environment variable allows relaying. Requires |local-domains-entry| or |local-domains-file| and |access-file|. So I was expecting the following: - Normal mail arrives for relay - denied (does this) - Normal mail arrives for domain in rcpthost - do NOT set relayclient, pass to q-s and further to qmail-smtpd which will handle it (it doesn't do this) - Authenticated user sends mail - spamdyke sets RELAYCLIENT, q-s skips checks, qmail-smtpd processes mail The second buffles me: - access file does not set RELAYCLIENT - there is no environment variable passed to spamdyke - the user does not authenticate Apparently spamdyke also sets RELAYCLIENT when the domain is in rcpthosts. This means that spamdyke disables spam filtering. If I override qmail-scanner (with explicit QS_SPAMASSASSIN environment
Re: [spamdyke-users] Greylisting entries won't update
I believe that the --test-config option interrogates the greylist tree for problems there. I would run spamdyke with this option (separately, from the CLI) to see if it finds a problem. Here's a script that does this on qmail-toaster: # set variables for qmail-smtpd using harmless test values, # so we don't get warnings about qmail-smtpd export PROTO=TCP export TCPLOCALHOST=$(hostname --fqdn) export TCPLOCALIP=127.0.0.1 export TCPLOCALPORT=25025 /usr/local/bin/spamdyke \ --config-file $CONF_LINK/spamdyke.conf \ --config-test \ --run-as-user vpopmail:vchkpw \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true \ 21 You might need to tweak a few things for this to work on plesk. -- -Eric 'shubes' On 12/14/2010 06:21 AM, Roland Moelle wrote: Hello, I was running spamdyke 4.1.0 for months now without any issue on my ubuntu/plesk 9.5 server. Due to a qmail problem I had to reinstall qmail, yesterday. After modification of /etc/xinetd.d/smtp_psa and /etc/xinetd.d/smtps_psa, everything seemed to work fine again, but: I now can see that a mail from a certain sender (i...@redcoon.de) keeps getting rejected and the corresponding entries in /var/qmail/spamdyke/greylist/moelle.biz/roland.moelle/redcoon.de is not beeing updated (directory it is dated Oct 25). In the directory there is a file with the name info: -rw--- 1 qmaild nofiles 0 Oct 25 10:14 info. Other messages are processed fine (greylisted, rejected, accepted as desired). Where can I look at to find the reason for this behaviour? Any hintw will be appreciated! Regards, Roland The entries in /etc/xinetd.d./smtp_psa are like this: server_args = -Rt0 /var/qmail/bin/relaylock /usr/local/bin/spamdyke -f /etc/spamdyke. conf /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5ch eckpw /var/qmail/bin/true And my spamdyke.conf looks like this: (I'm not sure if relaylock should be there but, worked fine so far and with other messages): #für das Plesk-Addon von Haggybear: log-level=info local-domains-file=/var/qmail/control/rcpthosts tls-certificate-file=/var/qmail/control/servercert.pem #CopyPaste from xinetd-conf smtp-auth-command=/var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true smtp-auth-level=ondemand-encrypted #wichtiger Timeout: idle-timeout-secs=300 graylist-level=always graylist-dir=/var/qmail/spamdyke/greylist #600 Sek. = 10 Min. graylist-min-secs=600 #1814400 Sek. = 6 Wochen graylist-max-secs=3628800 sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients ip-in-rdns-keyword-blacklist-file=/var/qmail/spamdyke/blacklist_keywords ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip sender-whitelist-file=/var/qmail/spamdyke/whitelist_senders greeting-delay-secs=5 #ggf. auskommentieren: #ns-blacklist-entry=zen.spamhaus.org #ns-blacklist-entry=list.dsbl.org #ns-blacklist-entry=zombie.dnsbl.sorbs.net #ns-blacklist-entry=dul.dnsbl.sorbs.net #ns-blacklist-entry=bogons.cymru.com config-dir=/var/qmail/spamdyke/conf.d config-dir=/var/qmail/spamdyke/conf.s #dns-blacklist-entry=ix.dnsbl.manitu.net reject-ip-in-cc-rdns reject-empty-rdns reject-unresolvable-rdns reject-missing-sender-mx ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Limit Spamdyke to receive mails from a single IP
On 01/07/2011 08:53 AM, Christian Schramm wrote: Hello, I'm having a simple question. I've integrated spamdyke into qmail. What I'd like to do is to limit spamdyke to accept mail just from one or several IP adresses and block all the rest. Is there a simple way to implement this? Thanks in advance. Kind regards Christian Schramm I would not use spamdyke to do this (which is not to say it couldn't be done with spamdyke). /etc/tcprules.d/tcp.smtp can do this quite simply. (I'm a little lost as to why you would need spamdyke in this situation.) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Limit Spamdyke to receive mails from a single IP
I don't know Plesk (I use QmailToaster), so I'm not much help there. Plesk apparently uses xinetd. I'd look to see if you can limit connections with xinetd before trying to change over to tcpserver. I'd be surprised if xinetd can't handle it. -- -Eric 'shubes' On 01/07/2011 09:13 AM, Christian Schramm wrote: Well I don't have tcpserver installed, so before installing something new I wanted to check if there's perhaps an easy way doing this in spamdyke. I'll have a look at tcpserver and how to integrate it with Plesk. Kind regards Christian Schramm Le 07/01/2011 17:03, Eric Shubert a écrit : On 01/07/2011 08:53 AM, Christian Schramm wrote: Hello, I'm having a simple question. I've integrated spamdyke into qmail. What I'd like to do is to limit spamdyke to accept mail just from one or several IP adresses and block all the rest. Is there a simple way to implement this? Thanks in advance. Kind regards Christian Schramm I would not use spamdyke to do this (which is not to say it couldn't be done with spamdyke). /etc/tcprules.d/tcp.smtp can do this quite simply. (I'm a little lost as to why you would need spamdyke in this situation.) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] SpamAssassin not getting Invoked
You're correct. I didn't read it thoroughly. Sorry. -- -Eric 'shubes' On 01/12/2011 04:56 PM, Michael Colvin wrote: Did you try using Upper Case ALLOW (not shouting)? That's what's shown in the documentation. In any case, I would expect Spamdyke to show some sort of error if/when configuration parameters aren't quite kosher. No, because that's not what I'm seeing in the documentation. Taken from here: http://www.spamdyke.org/documentation/README.html#RELAYING Each line in the access file should use one of the following formats: remote_i...@remote_ip:ACCESS remote_i...@=remote_name:ACCESS REMOTE_IP:ACCESS REMOTE_NAME:ACCESS :ACCESS ... ACCESS is the permission setting -- either allow or deny. Connections are allowed by default (if no match is found). If access is denied, no mail is accepted at all, whether relayed or not. ... For example, if the remote server's IP address is 11.22.33.44 and its rDNS name is mail.example.com, each of the following lines will match, allow connections and set several environment variables: 11.22.33.44:allow,FOOVAR=foovalue,BARVAR=.barvalue.,BAZVAR=-bazvalue- 11.20-100.33.44:allow,FOOVAR=foovalue,BARVAR=.barvalue.,BAZVAR=-bazvalue- 11.22.:allow,FOOVAR=foovalue,BARVAR=.barvalue.,BAZVAR=-bazvalue- 11.22.33.0/24:allow,FOOVAR=foovalue,BARVAR=.barvalue.,BAZVAR=-bazvalue- 11.22.0.0/255.255.0.0:allow,FOOVAR=foovalue,BARVAR=.barvalue.,BAZVAR=-bazvalue- =mail.example.com:allow,FOOVAR=foovalue,BARVAR=.barvalue.,BAZVAR=-bazvalue- =.example.com:allow,FOOVAR=foovalue,BARVAR=.barvalue.,BAZVAR=-bazvalue- =.com:allow,FOOVAR=foovalue,BARVAR=.barvalue.,BAZVAR=-bazvalue- :allow,FOOVAR=foovalue,BARVAR=.barvalue.,BAZVAR=-bazvalue- So, in the docs, it shows ACCESS in uppercase, but ACCESS appears to me to be a representation of either allow or deny, depending on the usage. The group of examples also show allow or deny in lowercase, but they also show additional information that I don't believe I need in my case... Unless I'm misreading something. :-) Michael J. Colvin NorCal Internet Services www.norcalisp.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] configure can't find OpenSSL libraries
On 02/25/2011 09:14 PM, Shane Bywater wrote: Hi, I'm trying to install Spamdyke 4.2 with TLS support but the configure script shows: checking if openssl/ssl.h will include without additional include directories... no checking Checking if openssl/ssl.h will include correctly... no configure: Unable to include openssl/ssl.h (required by OpenSSL), TLS support disabled and therefore TLS support isn't added. OpenSSL is installed: I think it's version 0.9.8e-rhel5 (found by running man openssl) on Linux version 2.6.18-164.6.1.el5 (mockbu...@builder16.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) What do I have to do to get the configure script to find whatever it is it is looking for? Thanks for your assistance, Shane Bywater # yum install openssl-devel -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] False DENIED_SENDER_NO_MX error?
On 02/26/2011 01:32 PM, Sam Clippinger wrote: I can't reproduce this; when I try those addresses it works fine for me. Can you try two things? First, run host reply.ticketmaster.com to see if your server can find the MX record there -- the records for ticketmaster.com aren't actually checked. # host reply.ticketmaster.com reply.ticketmaster.com has address 209.104.37.129 reply.ticketmaster.com mail is handled by 10 reply.ticketmaster.com. # Second, can you enable excessive output and full logging to see what's happening during these deliveries? Excessive output should show all of the DNS packets that are sent and received. I'll see about setting this up when I get a chance. I'd like to clear out some space on that server to make room for the logs first. Hope to have that done by the end of this week at the latest. In the meantime, I wonder, is it possible that perhaps spamdyke is simply showing the wrong error message? IOW, is there some other filter that's kicking in, but the SENDER_NO_MX message is showing instead of the appropriate one? Sam, can you give the code a once over to see if this might be happening? Thanks. P.S. It's a little relief to me that I'm not the only one who has apparently seen this problem. Thanks Shane. ;) -- Sam Clippinger On 2/25/11 3:05 PM, Eric Shubert wrote: Running the latest spamdyke 4.2.0+TLS+CONFIGTEST+DEBUG on CentOS5.4 x86, Using caching-nameserver on localhost, and I'm not seeing any named errors in the system log. I just happened to notice this in my smtp log: 02-25 13:54:30 spamdyke[32582]: DENIED_SENDER_NO_MX from: ntf-330906_53-9098559-ticketmaster_=_shubes@reply.ticketmaster.com to: ticketmas...@shubes.net origin_ip: 209.104.37.138 origin_rdns: vg138.ntf.els4.ticketmaster.com auth: (unknown) encryption: TLS Seemed odd, so I checked: # host ticketmaster.com ticketmaster.com has address 209.104.34.32 ticketmaster.com has address 209.104.41.32 ticketmaster.com has address 209.104.45.32 ticketmaster.com has address 209.104.56.26 ticketmaster.com has address 209.104.58.151 ticketmaster.com has address 209.104.59.96 ticketmaster.com mail is handled by 10 mx.chi.ticketmaster.com. ticketmaster.com mail is handled by 10 mx.els.ticketmaster.com. Am I missing something, or is there a bug? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] SMTP TLS flaw
This came across on the Dovecot list recently: http://marc.info/?l=postfix-usersm=129952854117623w=2 Eric B on the QMT list has done some testing, and it appears that both spamdyke and qmail-smtpd presently contain this flaw. Sam, will you have a look into this? The link explains the situation in good detail. While I wouldn't call this a severe bug, it is a real vulnerability none the less. Also, I'm not familiar at all with the qmail-smtpd code. QMT presently uses these TLS patches: http://erresea.arda.homeunix.net/store/qmail/ http://inoa.net/qmail-tls/ Do you have any words of wisdom regarding these patches? I hope that someone in the QMT community (myself, if nobody else steps up) can get this code fixed as well. Thanks Sam, for all you do. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] False DENIED_SENDER_NO_MX error?
I did a detail log, and captured one of these. It says: ERROR: DNS response for bounce-mx.exacttarget.com: expected type A, CNAME but received type MX FILTER_SENDER_NO_MX domain: bounce.e.groupon.com From the spamassassin host, I get: [shubes@tacs-mail ~]$ host bounce-mx.exacttarget.com bounce-mx.exacttarget.com has address 66.231.91.236 bounce-mx.exacttarget.com mail is handled by 10 bounce-mx.exacttarget.com. [shubes@tacs-mail ~]$ I don't see anything wrong here (but could be misunderstanding something). Is spamdyke getting an MX record back before a type A (or CNAME) record? Is a wildcard perhaps involved somehow? One other thing. I'm under the impression (from the dyndns.com site) that MX records can (should?) not point to CNAME records. If this is indeed true, then I would think that spamdyke shouldn't be looking for a CNAME record which corresponds to the MX (as indicated in the message). As always, thanks Sam. -- -Eric 'shubes' On 02/26/2011 01:32 PM, Sam Clippinger wrote: I can't reproduce this; when I try those addresses it works fine for me. Can you try two things? First, run host reply.ticketmaster.com to see if your server can find the MX record there -- the records for ticketmaster.com aren't actually checked. Second, can you enable excessive output and full logging to see what's happening during these deliveries? Excessive output should show all of the DNS packets that are sent and received. -- Sam Clippinger On 2/25/11 3:05 PM, Eric Shubert wrote: Running the latest spamdyke 4.2.0+TLS+CONFIGTEST+DEBUG on CentOS5.4 x86, Using caching-nameserver on localhost, and I'm not seeing any named errors in the system log. I just happened to notice this in my smtp log: 02-25 13:54:30 spamdyke[32582]: DENIED_SENDER_NO_MX from: ntf-330906_53-9098559-ticketmaster_=_shubes@reply.ticketmaster.com to: ticketmas...@shubes.net origin_ip: 209.104.37.138 origin_rdns: vg138.ntf.els4.ticketmaster.com auth: (unknown) encryption: TLS Seemed odd, so I checked: # host ticketmaster.com ticketmaster.com has address 209.104.34.32 ticketmaster.com has address 209.104.41.32 ticketmaster.com has address 209.104.45.32 ticketmaster.com has address 209.104.56.26 ticketmaster.com has address 209.104.58.151 ticketmaster.com has address 209.104.59.96 ticketmaster.com mail is handled by 10 mx.chi.ticketmaster.com. ticketmaster.com mail is handled by 10 mx.els.ticketmaster.com. Am I missing something, or is there a bug? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] False DENIED_SENDER_NO_MX error?
Thanks a bunch, Sam. BTW, what are the chances of getting in an enhancement to the DENIED_RBL_MATCH log messages that would include the name of the BL which matched? I'd really like to glean this from the logs on a regular basis, so I'd rather not increase the log verbosity. Something like: DENIED_RBL_MATCH at: zen.spamhaus.org from: ... What do you think? Thanks again. -- -Eric 'shubes' On 03/11/2011 12:45 PM, Sam Clippinger wrote: Interesting... I think I understand what's happening. spamdyke is trying to find the MX record for bounce.e.groupon.com and receives an MX response that says bounce-mx.exacttarget.com. Then it tries to find an IP address for bounce-mx.exacttarget.com by searching for A or CNAME records. Or rather, that's what it should do. Due to an oversight on my part, it searches for A, CNAME and MX records because I was lazy and sent the same list of types to the function that tries to find the IP that was used to find the MX. As it happens, bounce-mx.exacttarget.com has both an A and a MX record associated with it, which is legal (but stupid). When spamdyke receives the MX record it asked for but didn't expect, it assumes the remote nameserver is broken and stops with an error. Due to a second oversight on my part, that error triggers the filter instead of failing gracefully. So, two bugs. I'll get them fixed. :) Thanks for reporting this! -- Sam Clippinger On 3/11/11 10:51 AM, Eric Shubert wrote: I did a detail log, and captured one of these. It says: ERROR: DNS response for bounce-mx.exacttarget.com: expected type A, CNAME but received type MX FILTER_SENDER_NO_MX domain: bounce.e.groupon.com From the spamassassin host, I get: [shubes@tacs-mail ~]$ host bounce-mx.exacttarget.com bounce-mx.exacttarget.com has address 66.231.91.236 bounce-mx.exacttarget.com mail is handled by 10 bounce-mx.exacttarget.com. [shubes@tacs-mail ~]$ I don't see anything wrong here (but could be misunderstanding something). Is spamdyke getting an MX record back before a type A (or CNAME) record? Is a wildcard perhaps involved somehow? One other thing. I'm under the impression (from the dyndns.com site) that MX records can (should?) not point to CNAME records. If this is indeed true, then I would think that spamdyke shouldn't be looking for a CNAME record which corresponds to the MX (as indicated in the message). As always, thanks Sam. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] No MX: bug, misunderstanding or DNS failure?
I didn't realize that. Don't you need to be registered to post (thus giving you access to the archive)? -- -Eric 'shubes' On 05/12/2011 12:19 PM, Dossy Shiobara wrote: Eric, FWIW, the archive is private ... On 5/12/11 1:24 PM, Eric Shubert wrote: This is a known bug (2 actually): http://www.spamdyke.org/mailman/private/spamdyke-users/2011q1/003111.html It will be fixed in the next release, which we're hoping to see very soon. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] ipv6 and spamdyke not work
FWIW, I think that being able to use spamdyke with other mail servers (I have my eye on postfix) would be a big boon. Solving the IPV6 problem at the same time would be a bonus. -- -Eric 'shubes' On 05/12/2011 02:48 PM, Sam Clippinger wrote: It's true spamdyke doesn't handle IPv6, but it's equally likely the first problem is in tcpserver or xinetd. Because spamdyke is started by another process (tcpserver or xinetd, depending on your setup) after the incoming connection has been accepted, spamdyke can't discover the remote IP address on its own. Instead, it relies on that other process to set the environment variable TCPREMOTEIP to a dotted-quad IPv4 address, which it reads on startup. If that variable isn't set or isn't a dotted-quad, spamdyke assumes an IP address of 0.0.0.0 and moves on. In the short term, I'll consider making spamdyke skip rDNS-related tests if the IP address is 0.0.0.0. That way, IPv6 addresses simply won't be checked (by those filters) but they'll still work for IPv4. I've been considering this problem for a little while now, specifically thinking about the number of installed (ancient) qmail servers whose administrators are scared to upgrade (I'm in that group). After all, if a running server has an IPv4 address, there's little incentive to (potentially) break the entire thing by trying to patch/recompile part of qmail to handle IPv6 addresses. Some external force is needed to overcome that resistance (e.g. a paying client can't receive email from a customer whose mail server uses IPv6). I think the only way to really solve the problem is to handle IPv6 AND implement one of the longest-standing items on my TODO list -- make spamdyke run as a daemon and accept incoming connections itself. That would allow a nervous sysadmin to replace tcpserver entirely and retain the option of switching it back if anything goes wrong. It would also allow spamdyke to forward incoming connections to another host/port so it would work for more than just qmail servers (e.g. sendmail, postfix, Exchange). I'll see what I can do after I get this next version out. I still need to learn more about supporting IPv6 myself... -- Sam Clippinger On 5/12/11 8:49 AM, Daniel Anliker wrote: hi list, as i see spamdyke and ipv6 is not working. first problem is this one: May 12 15:45:31 john spamdyke[19276]: DENIED_RDNS_MISSING from: dan...@danliker.ch to: info-T21eQE/xtcismel7j9a...@public.gmane.org origin_ip: 0.0.0.0 origin_rdns: (unknown) auth: (unknown) encryption: TLS it gives a ip 0.0.0.0 if the sender is a ipv6 address best regards daniel ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
On 06/08/2011 09:53 AM, ron wrote: Here is the log of the client that spamdyke is blocking: 06/08/2011 12:42:45 STARTED: VERSION = 4.2.0+TLS+CONFIGTEST+DEBUG, PID = 31888 06/08/2011 12:42:45 CURRENT ENVIRONMENT PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin PWD=/var/qmail/supervise/smtp SHLVL=0 PROTO=TCP TCPLOCALIP=65.116.220.139 TCPLOCALPORT=25 TCPLOCALHOST=mail2.nsii.net TCPREMOTEIP=64.58.208.13 TCPREMOTEPORT=59400 BADMIMETYPE= BADLOADERTYPE=M CHKUSER_RCPTLIMIT=50 CHKUSER_WRONGRCPTLIMIT=10 DKSIGN=/var/qmail/control/domainkeys/%/private 06/08/2011 12:42:45 CURRENT CONFIG config-file=/etc/spamdyke/spamdyke.conf connection-timeout-secs=3600 dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net full-log-dir=/var/log/spamdyke graylist-dir=/var/spamdyke/graylist graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 idle-timeout-secs=120 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip local-domains-file=/var/qmail/control/rcpthosts log-level=debug max-recipients=50 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns=1 reject-ip-in-cc-rdns=1 reject-missing-sender-mx=1 reject-unresolvable-rdns=1 sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem 06/08/2011 12:42:45 - Remote IP = 64.58.208.13 06/08/2011 12:42:45 CURRENT CONFIG config-file=/etc/spamdyke/spamdyke.conf connection-timeout-secs=3600 dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net dns-server-ip=205.171.3.65 dns-server-ip-primary=8.8.8.8 full-log-dir=/var/log/spamdyke graylist-dir=/var/spamdyke/graylist graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 idle-timeout-secs=120 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip local-domains-file=/var/qmail/control/rcpthosts log-level=debug max-recipients=50 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns=1 reject-ip-in-cc-rdns=1 reject-missing-sender-mx=1 reject-unresolvable-rdns=1 sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem 06/08/2011 12:42:45 - Remote rDNS = mail-out-01.healthways.com 06/08/2011 12:42:45 LOG OUTPUT DEBUG(filter_rdns_missing()@filter.c:897): checking for missing rDNS; rdns: mail-out-01.healthways.com DEBUG(filter_ip_in_rdns_cc()@filter.c:928): checking for IP in rDNS +country code; rdns: mail-out-01.healthways.com DEBUG(filter_rdns_whitelist_file()@filter.c:1005): searching rDNS whitelist file(s); rdns: mail-out-01.healthways.com DEBUG(filter_rdns_blacklist_file()@filter.c:1108): searching rDNS blacklist file(s); rdns: mail-out-01.healthways.com DEBUG(filter_ip_whitelist()@filter.c:1176): searching IP whitelist file(s); ip: 64.58.208.13 FILTER_WHITELIST_IP ip: 64.58.208.13 file: /etc/spamdyke/whitelist_ip(2) 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 48 bytes 220 mail2.nsii.net - Welcome to nsii.net ESMTP 06/08/2011 12:42:45 FROM REMOTE TO CHILD: 33 bytes EHLO mail-out-01.healthways.com 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 42 bytes 250-mail2.nsii.net - Welcome to nsii.net 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 14 bytes 250-STARTTLS 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 16 bytes 250-PIPELINING 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 14 bytes 250-8BITMIME 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 19 bytes 250-SIZE 20971520 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 31 bytes 250 AUTH LOGIN PLAIN CRAM-MD5 06/08/2011 12:42:46 FROM REMOTE TO CHILD: 10 bytes STARTTLS 06/08/2011 12:42:46 FROM SPAMDYKE TO REMOTE: 14 bytes 220 Proceed. 06/08/2011 12:42:47 - TLS negotiated and started 06/08/2011 12:42:47 FROM REMOTE TO CHILD: 33 bytes TLS EHLO mail-out-01.healthways.com 06/08/2011 12:42:47 FROM CHILD TO REMOTE: 42 bytes TLS 250-mail2.nsii.net - Welcome to nsii.net 06/08/2011 12:42:47 FROM CHILD, FILTERED: 14 bytes TLS 250-STARTTLS 06/08/2011 12:42:47 FROM CHILD TO REMOTE: 16 bytes TLS 250-PIPELINING 06/08/2011 12:42:47 FROM CHILD TO REMOTE: 14 bytes TLS 250-8BITMIME 06/08/2011 12:42:47
Re: [spamdyke-users] Help with spamdyke...
On 06/08/2011 10:19 AM, ron wrote: Received: from unknown (HELO mail-out-01.healthways.com) (64.58.208.13) by mail2.nsii.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jun 2011 16:48:56 - I'm not familiar enough with TLS to know exactly what DHE-RSA-AES256-SHA is, but it appears that qmail is working with TLS and no spamdyke. Perhaps there something errant in spamdyke's implementation of this particular combination of encryption options? I think it's time for Sam to have a look at this. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
No, simply use: tls-level=none This will prohibit qmail from using TLS, which would defeat many of spamdyke's filters. -- -Eric 'shubes' On 06/08/2011 10:25 AM, ron wrote: To turn off TLS, I would remark out the following lines in my config file? tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp These are the only 2 lines that show TLS It appears that TLS starts, the remote says EHLO, qmail sends back 250- replies, and the remote never replies back. Hmmm. My guess is that the implementation of TLS is somehow incompatible between the remote and spamdyke. When you test with no spamdyke, does qmail receive email from the remote with TLS? The received email header would show this somewhere, perhaps referred to as SSL. If so, I suspect there's a but in spamdyke's implementation of TLS that causes the remote to not recognize the 250- replies with TLS is active. As a temporary workaround, I expect that turning off TLS will work. Then you wouldn't need to disable spamdyke entirely. Let us know if this works too. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
On 06/08/2011 10:59 AM, Eric Shubert wrote: On 06/08/2011 10:19 AM, ron wrote: Received: from unknown (HELO mail-out-01.healthways.com) (64.58.208.13) by mail2.nsii.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jun 2011 16:48:56 - I'm not familiar enough with TLS to know exactly what DHE-RSA-AES256-SHA is, but it appears that qmail is working with TLS and no spamdyke. Perhaps there something errant in spamdyke's implementation of this particular combination of encryption options? I think it's time for Sam to have a look at this. Just re-read http://www.spamdyke.org/documentation/README.html#TLS: Rarely, some situations will require specifying the list of encryption algorithms (ciphers) to be used during TLS. In those cases, the tls-cipher-list option can be used to pass a list of ciphers in the format expected by the OpenSSL library. The vast majority of spamdyke installations will not need this option -- the default list of ciphers is usually fine. To see the full list of available ciphers, run the command openssl ciphers. The default value for for the tls-cipher-list option is unfortunately not listed. I wonder, is this a spamdyke default, or the openssl default? Sam? Ron, what do you get from: # rpm -q openssl # openssl ciphers ? -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
The first cipher listed is the same one that qmail used with a successful transmission. Looks to me from all of this that there is a bug in spamdyke with regards to that particular remote server software and TLS. I think this is the point where Sam can best continue helping to debug this situation. Sam? -- -Eric 'shubes' On 06/08/2011 11:23 AM, ron wrote: # rpm -q openssl openssl-0.9.8e-12.el5_5.7 # openssl ciphers DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:KRB5-DES-CBC3-MD5:KRB5-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:RC2-CBC-MD5:KRB5-RC4-MD5:KRB5-RC4-SHA:RC4-SHA:RC4-MD5:RC4-MD5:KRB5-DES-CBC-MD5:KRB5-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC2-CBC-MD5:EXP-KRB5-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-RC4-MD5:EXP-RC4-MD5 On 6/8/2011 2:19 PM, Eric Shubert wrote: On 06/08/2011 10:59 AM, Eric Shubert wrote: On 06/08/2011 10:19 AM, ron wrote: Received: from unknown (HELO mail-out-01.healthways.com) (64.58.208.13) by mail2.nsii.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jun 2011 16:48:56 - I'm not familiar enough with TLS to know exactly what DHE-RSA-AES256-SHA is, but it appears that qmail is working with TLS and no spamdyke. Perhaps there something errant in spamdyke's implementation of this particular combination of encryption options? I think it's time for Sam to have a look at this. Just re-read http://www.spamdyke.org/documentation/README.html#TLS: Rarely, some situations will require specifying the list of encryption algorithms (ciphers) to be used during TLS. In those cases, the tls-cipher-list option can be used to pass a list of ciphers in the format expected by the OpenSSL library. The vast majority of spamdyke installations will not need this option -- the default list of ciphers is usually fine. To see the full list of available ciphers, run the command openssl ciphers. The default value for for the tls-cipher-list option is unfortunately not listed. I wonder, is this a spamdyke default, or the openssl default? Sam? Ron, what do you get from: # rpm -q openssl # openssl ciphers ? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
arch ? # uname -a On 06/09/2011 05:13 AM, ron wrote: OS is Centos 5.6 Linux kernel is 2.6.18-238.9.1.el5 Server is a DL380 G4 Centos runs under VMWare ESXi 4.0 Here is the run file. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE=/usr/local/bin/spamdyke SPAMDYKE_CONF=/etc/spamdyke/spamdyke.conf SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 2000 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 21 On 6/8/2011 4:50 PM, Sam Clippinger wrote: OK, I'll try to run back through this thread and respond to the various questions in one email... To turn off TLS in spamdyke, you can do one of several things. You can prohibit both spamdyke and qmail from using TLS by using this option: tls-level=none Or you can simply remove/comment out the tls-certificate-file option to allow spamdyke to pass encrypted traffic through to qmail. That will bypass some of spamdyke's filters but would allow you to continue to receive encrypted email. spamdyke does not implement TLS or SSL on its own, it just calls the installed OpenSSL library for encryption/decryption as needed. The version you have installed looks fine to me (my own server has 0.9.7f installed) and since TLS works with qmail, it should work with spamdyke. From the headers you sent, it looks like the remote server is running Windows Server 2003, probably with Exchange 2003. I correspond regularly with clients on that same setup (as you did before installing spamdyke), so I doubt the remote server is at fault. By default, spamdyke specifies the cipher list as DEFAULT (unless you override that with the tls-cipher-list option). The meaning of DEFAULT depends on your version of OpenSSL and the way it was compiled. Typically, it includes all of the usable ciphers that aren't known to be too weak or too computationally expensive. See this page for more details: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS Overall, I don't see anything wrong with your configuration file. I'm curious to know what OS, version and architecture you're using. My #1 suspicion is that spamdyke is running out of memory. Can you check your run file where the spamdyke command line is located and look for the softlimit command? Try doubling/tripling that number and see if this problem persists (don't forget to restart tcpserver after you change the run file). http://www.spamdyke.org/documentation/FAQ.html#TROUBLE9 -- Sam Clippinger On 6/8/11 3:03 PM, Eric Shubert wrote: The first cipher listed is the same one that qmail used with a successful transmission. Looks to me from all of this that there is a bug in spamdyke with regards to that particular remote server software and TLS. I think this is the point where Sam can best continue helping to debug this situation. Sam? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
Ron, Can you do a little testing and see what's adequate? I expect that 128M is a bit overkill. We'll need to get the QMT defaults bumped up a bit depending on your results. Thanks. On 06/09/2011 07:42 AM, ron wrote: Ok, That seems to have done the trick. I received an email from the client. I bumped it up to 128M. Thanks Ron On 6/9/2011 10:12 AM, Sam Clippinger wrote: 20M seems kinda low for softlimit. Try increasing the number to see if that makes a difference -- for example, add another zero (200M) and retest. On my own server, softlimit is set to 80M. Don't forget to restart the service after making the change. :) -- Sam Clippinger On 6/9/11 7:13 AM, ron wrote: OS is Centos 5.6 Linux kernel is 2.6.18-238.9.1.el5 Server is a DL380 G4 Centos runs under VMWare ESXi 4.0 Here is the run file. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE=/usr/local/bin/spamdyke SPAMDYKE_CONF=/etc/spamdyke/spamdyke.conf SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 2000 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 21 On 6/8/2011 4:50 PM, Sam Clippinger wrote: OK, I'll try to run back through this thread and respond to the various questions in one email... To turn off TLS in spamdyke, you can do one of several things. You can prohibit both spamdyke and qmail from using TLS by using this option: tls-level=none Or you can simply remove/comment out the tls-certificate-file option to allow spamdyke to pass encrypted traffic through to qmail. That will bypass some of spamdyke's filters but would allow you to continue to receive encrypted email. spamdyke does not implement TLS or SSL on its own, it just calls the installed OpenSSL library for encryption/decryption as needed. The version you have installed looks fine to me (my own server has 0.9.7f installed) and since TLS works with qmail, it should work with spamdyke. From the headers you sent, it looks like the remote server is running Windows Server 2003, probably with Exchange 2003. I correspond regularly with clients on that same setup (as you did before installing spamdyke), so I doubt the remote server is at fault. By default, spamdyke specifies the cipher list as DEFAULT (unless you override that with the tls-cipher-list option). The meaning of DEFAULT depends on your version of OpenSSL and the way it was compiled. Typically, it includes all of the usable ciphers that aren't known to be too weak or too computationally expensive. See this page for more details: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS Overall, I don't see anything wrong with your configuration file. I'm curious to know what OS, version and architecture you're using. My #1 suspicion is that spamdyke is running out of memory. Can you check your run file where the spamdyke command line is located and look for the softlimit command? Try doubling/tripling that number and see if this problem persists (don't forget to restart tcpserver after you change the run file). http://www.spamdyke.org/documentation/FAQ.html#TROUBLE9 -- Sam Clippinger On 6/8/11 3:03 PM, Eric Shubert wrote: The first cipher listed is the same one that qmail used with a successful transmission. Looks to me from all of this that there is a bug in spamdyke with regards to that particular remote server software and TLS. I think this is the point where Sam can best continue helping to debug this situation. Sam? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
.healthways.com 06/09/2011 12:46:53 FROM CHILD TO REMOTE: 42 bytes TLS 250-mail2.nsii.net - Welcome to nsii.net 06/09/2011 12:46:53 FROM CHILD, FILTERED: 14 bytes TLS 250-STARTTLS 06/09/2011 12:46:53 FROM CHILD TO REMOTE: 16 bytes TLS 250-PIPELINING 06/09/2011 12:46:53 FROM CHILD TO REMOTE: 14 bytes TLS 250-8BITMIME 06/09/2011 12:46:53 FROM CHILD TO REMOTE: 19 bytes TLS 250-SIZE 20971520 06/09/2011 12:46:53 FROM CHILD TO REMOTE: 31 bytes TLS 250 AUTH LOGIN PLAIN CRAM-MD5 06/09/2011 12:51:53 LOG OUTPUT TLS ERROR: unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found 06/09/2011 12:51:53 - TLS ended and closed 06/09/2011 12:51:53 CLOSED *Ron Olds * *National Service Information * 145 Baker St Marion, Ohio 43302 _ron@nsii.net_ 800-235-0337 X122 On 6/9/2011 12:26 PM, Eric Shubert wrote: I'm not really concerned about the former. Will you care to elaborate on the latter? I would think that the -c option (maxsmtpd) on tcpserver would mitigate that. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Olds guy
Here's the name/address of a real guy I'm doing a little troubleshooting with: Ron Olds National Service Information 145 Baker St Marion, Ohio 43302 Made me think of you, twice. (Your work address is Baker street, right?) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Olds guy
On 06/09/2011 10:04 AM, Eric Shubert wrote: Here's the name/address of a real guy I'm doing a little troubleshooting with: Ron Olds National Service Information 145 Baker St Marion, Ohio 43302 Made me think of you, twice. (Your work address is Baker street, right?) (Sorry for this post - misaddressed) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
:36 FROM CHILD, FILTERED: 14 bytes TLS 250-STARTTLS 06/09/2011 13:42:36 FROM CHILD TO REMOTE: 16 bytes TLS 250-PIPELINING 06/09/2011 13:42:36 FROM CHILD TO REMOTE: 14 bytes TLS 250-8BITMIME 06/09/2011 13:42:36 FROM CHILD TO REMOTE: 19 bytes TLS 250-SIZE 20971520 06/09/2011 13:42:36 FROM CHILD TO REMOTE: 31 bytes TLS 250 AUTH LOGIN PLAIN CRAM-MD5 06/09/2011 13:47:36 LOG OUTPUT TLS ERROR: unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found 06/09/2011 13:47:36 - TLS ended and closed 06/09/2011 13:47:36 CLOSED On 6/9/2011 1:07 PM, Eric Shubert wrote: I hadn't read your non-fixed post yet. :( (I use threaded view) Can you try removing softlimit entirely? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
You can have her send something to me. e...@shubes.net My setup (current QMT) appears to be pretty close to yours. -- -Eric 'shubes' On 06/09/2011 11:09 AM, ron wrote: Does anyone else have a spamdyke setup? I can try to get her to send an email to see if there are the same issues as what I am getting? *Ron Olds * *National Service Information * 145 Baker St Marion, Ohio 43302 _ron@nsii.net_ 800-235-0337 X122 On 6/9/2011 11:45 AM, Sam Clippinger wrote: Remember that the softlimit program only limits the maximum amount of memory a process can use; it doesn't dictate how much it *will* use. It was written as a last resort for stopping processes that were out of control and leaking memory. It's big flaw is that you never get a simple out of memory error -- all you see are inexplicable bugs like the one Ron has been battling because (in this case) OpenSSL can't allocate a buffer or whatever. Given the number of problems it seems to create, I'd vote for simply removing it. -- Sam Clippinger On 6/9/11 10:28 AM, Eric Shubert wrote: Ron, Can you do a little testing and see what's adequate? I expect that 128M is a bit overkill. We'll need to get the QMT defaults bumped up a bit depending on your results. Thanks. On 06/09/2011 07:42 AM, ron wrote: Ok, That seems to have done the trick. I received an email from the client. I bumped it up to 128M. Thanks Ron On 6/9/2011 10:12 AM, Sam Clippinger wrote: 20M seems kinda low for softlimit. Try increasing the number to see if that makes a difference -- for example, add another zero (200M) and retest. On my own server, softlimit is set to 80M. Don't forget to restart the service after making the change. :) -- Sam Clippinger On 6/9/11 7:13 AM, ron wrote: OS is Centos 5.6 Linux kernel is 2.6.18-238.9.1.el5 Server is a DL380 G4 Centos runs under VMWare ESXi 4.0 Here is the run file. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE=/usr/local/bin/spamdyke SPAMDYKE_CONF=/etc/spamdyke/spamdyke.conf SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 2000 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 21 On 6/8/2011 4:50 PM, Sam Clippinger wrote: OK, I'll try to run back through this thread and respond to the various questions in one email... To turn off TLS in spamdyke, you can do one of several things. You can prohibit both spamdyke and qmail from using TLS by using this option: tls-level=none Or you can simply remove/comment out the tls-certificate-file option to allow spamdyke to pass encrypted traffic through to qmail. That will bypass some of spamdyke's filters but would allow you to continue to receive encrypted email. spamdyke does not implement TLS or SSL on its own, it just calls the installed OpenSSL library for encryption/decryption as needed. The version you have installed looks fine to me (my own server has 0.9.7f installed) and since TLS works with qmail, it should work with spamdyke. From the headers you sent, it looks like the remote server is running Windows Server 2003, probably with Exchange 2003. I correspond regularly with clients on that same setup (as you did before installing spamdyke), so I doubt the remote server is at fault. By default, spamdyke specifies the cipher list as DEFAULT (unless you override that with the tls-cipher-list option). The meaning of DEFAULT depends on your version of OpenSSL and the way it was compiled. Typically, it includes all of the usable ciphers that aren't known to be too weak or too computationally expensive. See this page for more details: http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS Overall, I don't see anything wrong with your configuration file. I'm curious to know what OS, version and architecture you're using. My #1 suspicion is that spamdyke is running out of memory. Can you check your run file where the spamdyke command line is located and look for the softlimit command? Try doubling/tripling that number and see if this problem persists (don't forget to restart tcpserver after you change the run file). http://www.spamdyke.org/documentation/FAQ.html#TROUBLE9 -- Sam Clippinger On 6/8/11 3:03 PM, Eric Shubert wrote: The first cipher listed is the same one that qmail used with a successful transmission. Looks to me from all of this that there is a bug in spamdyke with regards to that particular remote server software and TLS. I think this is the point where Sam can best continue helping to debug this situation. Sam
Re: [spamdyke-users] Help with spamdyke...
Ron eliminated softlimit entirely, and still has the error. Thanks for the suggestion though. -- -Eric 'shubes' On 06/10/2011 05:11 AM, BC wrote: There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
Please read through the previous posts on the subject. Thanks for helping. On 06/10/2011 08:57 AM, Jose Galvez wrote: Ok so turn off tls, how can we help you? How can we see what's going on if we can see only. It's not working Just That TLS is the problem Please don't get angry with me, my english is bad. Regards Jose 2011/6/10 Eric Shuberte...@shubes.net: It's been established already that TLS is the problem. No cert, no TLS. Am I missing something? On 06/10/2011 08:15 AM, Jose Galvez wrote: But the first thing is to know where dosen't work. Keep out certificate, try to send email and if it works qmail and spamdyke configuration it's correct. And then try to use the certificate... It's my opinion. Jose 2011/6/10 Eric Shuberte...@shubes.net: I think Ron's in the process of trying a cert signed by a registered CA instead of using a self signed cert. On 06/10/2011 07:50 AM, Jose Galvez wrote: Have you used your mail server without ssl certificate? What message appears at the side of your customer? Can you share that with us? Jose 2011/6/10 Eric Shuberte...@shubes.net: Ron eliminated softlimit entirely, and still has the error. Thanks for the suggestion though. -- -Eric 'shubes' On 06/10/2011 05:11 AM, BC wrote: There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
I'm under the impression that if you use tls-level=none in your spamdyke config, then it works. If you haven't tried this, please do. On 06/10/2011 09:11 AM, ron wrote: When I disable spamdyke, qmail accepts the emails just fine, its when spamdyke is enabled that the emails can not be received. Cert or no cert I wouldnt think makes a difference, right? On 6/10/2011 11:15 AM, Jose Galvez wrote: But the first thing is to know where dosen't work. Keep out certificate, try to send email and if it works qmail and spamdyke configuration it's correct. And then try to use the certificate... It's my opinion. Jose 2011/6/10 Eric Shuberte...@shubes.net: I think Ron's in the process of trying a cert signed by a registered CA instead of using a self signed cert. On 06/10/2011 07:50 AM, Jose Galvez wrote: Have you used your mail server without ssl certificate? What message appears at the side of your customer? Can you share that with us? Jose 2011/6/10 Eric Shuberte...@shubes.net: Ron eliminated softlimit entirely, and still has the error. Thanks for the suggestion though. -- -Eric 'shubes' On 06/10/2011 05:11 AM, BC wrote: There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
Thanks for verifying this. And thanks to Dossy for delving into this. He appears to have a good handle on the situation. I'm eager to hear what he finds. On 06/10/2011 09:49 AM, ron wrote: Yes, it does work. Dossy has been doing work with the client directly, she has been emailing him as tests also and so far he has confirmed that the issue is with spamdyke TLS from what I have gathered. On 6/10/2011 12:20 PM, Eric Shubert wrote: I'm under the impression that if you use tls-level=none in your spamdyke config, then it works. If you haven't tried this, please do. On 06/10/2011 09:11 AM, ron wrote: When I disable spamdyke, qmail accepts the emails just fine, its when spamdyke is enabled that the emails can not be received. Cert or no cert I wouldnt think makes a difference, right? On 6/10/2011 11:15 AM, Jose Galvez wrote: But the first thing is to know where dosen't work. Keep out certificate, try to send email and if it works qmail and spamdyke configuration it's correct. And then try to use the certificate... It's my opinion. Jose 2011/6/10 Eric Shuberte...@shubes.net: I think Ron's in the process of trying a cert signed by a registered CA instead of using a self signed cert. On 06/10/2011 07:50 AM, Jose Galvez wrote: Have you used your mail server without ssl certificate? What message appears at the side of your customer? Can you share that with us? Jose 2011/6/10 Eric Shuberte...@shubes.net: Ron eliminated softlimit entirely, and still has the error. Thanks for the suggestion though. -- -Eric 'shubes' On 06/10/2011 05:11 AM, BC wrote: There is something else amiss here, from my reading of the logs. If there is gobs of memory available, then do as Sam suggests and allocate a LOT - say 300mb to the softlimit and retest. I'd wager there will still be troubles. On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote: So instead of hitting the spamdyke timeout, it hit a timeout on the i/o operation. Still doesn't point to the root cause. :( Why softlimit doesn't issue some sort of error message is beyond me. I'm still inclined to ditch it. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
I'll answer for Ron, as he's using QMT, which I'm familiar with. On 06/10/2011 10:13 AM, Dossy Shiobara wrote: It depends, is Qmail using a different cert than Spamdyke is? No. (per config file) When you say you're doing TLS directly in Qmail, I'm assuming that you're using a Qmail that has the Qmail-TLS patch applied? http://inoa.net/qmail-tls/ That is correct. Qmail-TLS appears to use $QMAILDIR/control/servercert.pem and uses 512- and 1024-bit DH param files, as well. I can see that Ron's Spamdyke configuration is pointing at the same certificate, but doesn't support a separate DH param PEM as far as I can see. You mean spamdyke doesn't support a separate DH param PEM? This last bit (the DH params) is the only major difference I can see between Qmail-TLS and Spamdyke. Going to test a few things ... ;) Great, thanks. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
On 06/10/2011 10:42 AM, Dossy Shiobara wrote: On 6/10/11 1:30 PM, Eric Shubert wrote: Qmail-TLS appears to use $QMAILDIR/control/servercert.pem and uses 512- and 1024-bit DH param files, as well. I can see that Ron's Spamdyke configuration is pointing at the same certificate, but doesn't support a separate DH param PEM as far as I can see. You mean spamdyke doesn't support a separate DH param PEM? Not that I could find. However, I *should* just be able to concat the DH param PEM onto the end of the certificate PEM, and OpenSSL should Do The Right Thing(tm) with it. I'm sure you know more about SSL than I do, and I'm just wondering. Why does TLS work with some servers and not others? Is it due to a particular cipher that's being used? Of course, I'm making a bit of a presumption here. My server is configured very close if not identically to Ron's, and I'm seeing smtp sessions with TLS (non-authenticated) fairly regularly. Chase, Discover, gmail and ebay (among others) are sending to me using TLS with no problem. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help with spamdyke...
On 06/10/2011 11:59 AM, Dossy Shiobara wrote: I suspect there's an interop issue between MS Exchange's Edge Transport server SSL/TLS implementation and Spamdyke's SSL/TLS implementation. I think that's a good hunch. MS occasionally (at least) has their own way of doing things. :( Reviewing the Spamdyke code now, there's a few technical issues I'd like to raise ... in a separate post, perhaps. Great. Yeah, this thread's getting a little long (again). -- -Eric 'shubes' On 6/10/11 2:20 PM, Eric Shubert wrote: I'm sure you know more about SSL than I do, and I'm just wondering. Why does TLS work with some servers and not others? Is it due to a particular cipher that's being used? Of course, I'm making a bit of a presumption here. My server is configured very close if not identically to Ron's, and I'm seeing smtp sessions with TLS (non-authenticated) fairly regularly. Chase, Discover, gmail and ebay (among others) are sending to me using TLS with no problem. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Whitelists...
Putting your domain's addresses in whitelist_recipients pretty much defeats the purpose of spamdyke. Putting your domain's addresses in whitelist_senders would create a nearly open relay, allowing anyone to use your sever as a relay by simply knowing one of the addresses. Very bad idea. Something that's counter intuitive but very effective is to *blacklist* your local domain(s) in the blackist_senders file, as such: @mydomain.com Since all of your users authenticate (they do authenticate, don't they?), they pass through spamdyke (or better yet use port 587). Anyone attempting to spoof an address at your domain is blocked. This accomplishes what the reject-identical-sender-recipient is intended to remedy and then some, while still allowing users to send email to themselves (which I have a few who do - there's no good reason they shouldn't be able to). This works like a charm. -- -Eric 'shubes' On 06/13/2011 06:12 AM, ron wrote: That is kind of what I was seeing in the log files, once it hit the whitelist_recipients, then it seemed that the mail was accepted, even if it was spam. Not sure where I saw it at, but I remember reading about putting all recipients into that whitelist. On 6/13/2011 9:05 AM, Angus McIntyre wrote: ron wrote: Whats the consensus, good or bad idea to whitelist all email addresses within your company in spamdykes whitelist_recipients? Wouldn't that be rather counter-productive? If you whitelist all recipients at your company (and assuming that your mail server accepts mail only for people at your company) then you've essentially switched off spamdyke for all incoming mail. Or am I missing something? Whitelisting sender addresses at your company is also a poor idea, because spammers like to forge mail to make it appear to come from someone at the same domain. In other words, if the spammer's list includes 'f...@example.com' and 'bob-hcdggtzh8xnbdgjk7y7...@public.gmane.org', they'll often send mail to 'f...@example.com' with 'bob-hcdggtzh8xnbdgjk7y7...@public.gmane.org' in the 'From' line, and vice-versa. Angus ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke ignoring my blacklists.
I would suspect that your spamdyke.conf file somehow isn't the one being used. Just a guess. What does your run file contain? On 06/13/2011 01:00 PM, li...@deltatechnicalservices.com wrote: In my /etc/spamdyke.conf I have these two lines... ip-blacklist-file=/etc/spamdyke.d/ip-blacklist.conf sender-blacklist-file=/etc/spamdyke.d/sender-blacklist.conf In the file /etc/spamdyke.d/ip-blacklist.conf I have this... 64.40.96.0/19 64.135.0.0/17 And as if that wasn't enough, I added to the /etc/spamdyke.d/sender-blacklist.conf news...@reply.newsmax.com mailto:news...@reply.newsmax.com news...@newsmax.com mailto:news...@newsmax.com The above should have stopped the message either by sender address or by IP address but.. NO, Spamdyke allows it. In my log spamdyke says this.. ( domain names of recipients changed to xxx for privacy reasons ) Jun 13 10:06:19 echo spamdyke[25509]: ALLOWED from: news...@reply.newsmax.com mailto:news...@reply.newsmax.com to: j...@xx.com mailto:j...@xx.com origin_ip: 64.40.119.232 origin_rdns: mta232.reply.newsmax.com auth: (unknown) encryption: (none) Jun 13 10:24:05 echo spamdyke[32128]: ALLOWED from: news...@reply.newsmax.com mailto:news...@reply.newsmax.com to: m...@xxx.net mailto:m...@xxx.net origin_ip: 64.40.120.201 origin_rdns: mta201c.reply.newsmax.com auth: (unknown) encryption: (none) Jun 13 11:40:51 echo spamdyke[30476]: ALLOWED from: news...@reply.newsmax.com mailto:news...@reply.newsmax.com to: va...@.net mailto:va...@.net origin_ip: 64.40.119.236 origin_rdns: mta236.reply.newsmax.com auth: (unknown) encryption: (none) Jun 13 12:10:17 echo spamdyke[10883]: ALLOWED from: news...@reply.newsmax.com mailto:news...@reply.newsmax.com to: l...@x.org mailto:l...@x.org origin_ip: 64.40.120.210 origin_rdns: mta210c.reply.newsmax.com auth: (unknown) encryption: (none) Jun 13 12:11:37 echo spamdyke[11302]: ALLOWED from: news...@reply.newsmax.com mailto:news...@reply.newsmax.com to: c...@x.org mailto:c...@x.org origin_ip: 64.40.113.227 origin_rdns: mta227b.newsmax.com auth: (unknown) encryption: (none) Jun 13 12:11:46 echo spamdyke[11369]: ALLOWED from: news...@reply.newsmax.com mailto:news...@reply.newsmax.com to: st...@.com mailto:st...@.com origin_ip: 64.40.120.207 origin_rdns: mta207c.reply.newsmax.com auth: (unknown) encryption: (none) Jun 13 12:13:05 echo spamdyke[12003]: ALLOWED from: news...@reply.newsmax.com mailto:news...@reply.newsmax.com to: sa...@x.com mailto:sa...@x.com origin_ip: 64.40.120.208 origin_rdns: mta208c.reply.newsmax.com auth: (unknown) encryption: (none) Jun 13 12:20:16 echo spamdyke[16254]: ALLOWED from: news...@reply.newsmax.com mailto:news...@reply.newsmax.com to: m...@x.net mailto:m...@x.net origin_ip: 64.40.113.202 origin_rdns: mta202a.newsmax.com auth: (unknown) encryption: (none) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke ignoring my blacklists.
Bad guess. :(
Is there some (other) whitelist parameter that's being satisfied?
--
-Eric 'shubes'
On 06/13/2011 01:43 PM, Spamdyke User wrote:
service smtp
{
disable = no
socket_type = stream
protocol = tcp
wait = no
user = root
instances = UNLIMITED
env = SMTPAUTH=1
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /usr/local/bin/spamdyke -f /etc/spamdyke.conf
/var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd
/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw
/var/qmail/bin/true
}
On Mon, 13 Jun 2011 13:23:31 -0700, Eric Shubert wrote:
I would suspect that your spamdyke.conf file somehow isn't the one being
used. Just a guess. What does your run file contain?
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke ignoring my blacklists.
On 06/13/2011 04:12 PM, Spamdyke User wrote: There isn't much in the receivers whitelist but, since I have so little in these files, I will include them here... My entire spamdyke.conf was attached to a previous message so now you have it all except my version info which is spamdyke 4.2.0+TLS+CONFIGTEST+DEBUG receivers_whitelist.conf # # This is a list of our customers to exempt from spamdyke # postmaster@ abuse@ submission@ I don't think this form of wildcard is valid, at least I don't see it in the documentation. The only wildcard capability I see in the the documentation is for all addresses at a domain, such as @mydomain.com I would expect what you have to match nothing, but perhaps it's matching everything instead. Try using the full email address here. If you have more than one domain, include separate records for each domain. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke ignoring my blacklists.
Nice catch, Dave! Sooo many comments to weed through. It'd be nice if posters would eliminate comments from their configuration files they post: # cat spamdyke.conf | grep -v '^#' -- -Eric 'shubes' On 06/13/2011 05:07 PM, David Mitchell wrote: Here's your problem: dns-whitelist-entry=list.dnswl.org All of the IPs shown in the log from your first post are listed in DNSWL, eg. http://dnswl.org/search.pl?s=64.40.120.207 Cheers, Dave On 14/06/2011 07:53, Spamdyke User wrote: I can't think of one.. With spamdyke working this way, I am having to use my firewall to block certain senders which is not a good thing.. I will attach my spamdyke.conf.There isn't much of anything in the files in /etc/spamdyke.d/just a small list of 5 addresses in the ip_whiltelist.conf file ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Problems with outgoing SPAM
Do you know for sure that they're coming from an external source? Could it be an infected machine that's sending them? In either case, I don't know of a way to throttle a user's activity. I would check the logs for the offending account(s), and change the password(s). Also, be sure that no passwords are ever sent in the clear. I wouldn't expect that fail2ban would be of much help, as there's no failure. I could be wrong about this though. I like the way that gmane.org handles this sort of thing. It throttles user submissions such that it only allows one message to be relayed every 5 minutes per account. It does accept them, but simply queues them up and sends them on at a slower pace. I'd like to see a patch to qmail-remote that would do such a thing, but I'm not aware of one. Wouldn't be too terribly difficult to code I would think. -- -Eric 'shubes' On 07/18/2011 07:32 PM, Carlos Herrera Polo wrote: fail2ban maybe ? With special rules I think it can help you 2011/7/18, BCbc...@purgatoire.org: Is this what the tar pit option in qmail is suppose to do? On 7/18/2011 11:00 AM, spamdyke-users-requ...@spamdyke.org wrote: I would like to know if spamdyke can block relay if the client is trying to send a lot of email in a small period of time or something else that can ease this problem. ___ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] 100% CPU utilization and stuck spamdyke processes (4.2.0)
Is it spamdyke that's using the CPU, or another process? clamav had a problem doing this sort of thing a couple versions back (0.95.x iirc). Other than that, I haven't heard of anything like this. I'd look at processes related to queuing (scanners?) and see if there's a problem in that area. Given your volume, I'd suspect that there's a resource constraint that a little configuration tweaking might remedy. -- -Eric 'shubes' On 08/17/2011 10:33 PM, Chris Boulton wrote: We're seeing a lot of spamdyke processes on our servers getting stuck in some sort of state where they'll hang, and use 100% CPU until we kill -9 them. Anyone else seeing this with 4.2.0? From what it looks like, it occurs once spamdyke has done its job and Qmail has accepted the message. There'll always be open network descriptors stuck in CLOSE_WAIT: spamdyke 32096 root txt REG8,6 2752241731152 /usr/bin/spamdyke spamdyke 32096 root mem REG8,6 935041730437 /usr/lib/libz.so.1.2.3.3 spamdyke 32096 root mem REG8,6 14616 54944903 /lib/libdl-2.7.so http://libdl-2.7.so spamdyke 32096 root mem REG8,6 16671761733359 /usr/lib/libcrypto.so.0.9.8 spamdyke 32096 root mem REG8,6 1375536 54944893 /lib/libc-2.7.so http://libc-2.7.so spamdyke 32096 root mem REG8,6 3359361733360 /usr/lib/libssl.so.0.9.8 spamdyke 32096 root mem REG8,6 119288 54944779 /lib/ld-2.7.so http://ld-2.7.so spamdyke 32096 root0u IPv4 477462833 TCP [US]:smtp-[THEM]:62593 (CLOSE_WAIT) spamdyke 32096 root1u IPv4 477462833 TCP [US]:smtp-[THEM]:62593 (CLOSE_WAIT) spamdyke 32096 root2u IPv4 477462833 TCP [US]:smtp-[THEM]:62593 (CLOSE_WAIT) spamdyke 32096 root3u IPv4 477462971 UDP *:56058 spamdyke 32096 root4u unix 0x88005cac9500 477464597 socket spamdyke 32096 root5w FIFO0,8 477463023 pipe spamdyke 32096 root6r FIFO0,8 477463024 pipe An strace on the process shows that absolutely nothing is happening: $ strace -p 32096 Process 32096 attached - interrupt to quit ^CProcess 32096 detached Version: $ spamdyke -v spamdyke 4.2.0+TLS+CONFIGTEST+DEBUG (C)2011 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ We're receiving around 80,000 connections to spamdyke a day, and out of that end up with about 8 hung processes. I've just enabled the full-log-dir option in spamdyke to try and get some internal logs, but I can't leave it enabled for long due to the amount of mail we receive. Regards, Chris Boulton Lead Engineer BigCommerce Web: http://www.bigcommerce.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Long delay on connection (before SMTP prompt appear)
On 09/02/2011 11:34 AM, Marcin Orlowski wrote:
hi,
I got odd issue with one of my smtp box and I got some problems
finding the culprit out. The problem is that it takes
ages for smptd prompt to appear:
# telnet localhost 25
Trying 127.0.0.1...
[... wait, wait, wait ...]
Connected to localhost.
Escape character is '^]'.
220 Welcome to mail delivery server ESMTP
The wait time vary but is often 60+ secs, so MUA with default 60 secs
timeout complain.
All is started that way:
${TCPSERVER} -v -l ${HOSTNAME} -H -R -c 500 -u 1004 -g 1003 0 smtp
${SPAMDYKE} ${SMTPD} ${MYNAME} ${CHECKPASSSMTP} /bin/true 21 | cat
/dev/null
(Variables are fine), my name is `hostname` output and resolves both
ways. Sometimes (frequently enough to not ignore it) I also see
max number of instances of app invoked by tcpserver (usually
503) but at the same time the log does not indicate such
increase of traffic (usually there are 30-40). At the same time there's
said delay, launching ./qmail-smtp by hand shows no delay, so I suspect
tcpserver or spamdyke steps (or something they relay on). My first guess
was dns, but there's caching dns running locally plus I disabled
whatever I could to make tcpserver staying away from resolving anything.
Spamdyke config holds dns-level=none for the same purpose. Any ideas?
Regards,
I'd suspect DNS as well. Did you double check your /etc/resolv.conf
file, and be sure that dns requests are handled locally?
--
-Eric 'shubes'
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Question about Greylisting and deleting Zero-Length-Entries
On 11/02/2011 03:11 AM, t...@uncon.org wrote: Quoting Eric Shuberte...@shubes.net: I've been wondering though about perhaps using tmpfs for the graylist tree. That might be a potential solution as well for hosts that process huge amounts of email. Of course the whole tree would be lost on rebooting, but if that was a problem it could be copied off periodically and restored. If I get some time one day, I may do some test comparisons. The thought of using up RAM for the graylist data doesn't fit well with me. I'd much rather have the RAM used as file cache, for both the mail itself, and for things like AV signatures. -trog Me too, but it depends on the amount. We're only talking inodes really. Might not take up all that much space. You're running a huge amount of messages though, so it might be a significant amount. Just a thought. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] whitelist_senders file format
On 11/21/2011 04:23 AM, turgut kalfaoğlu wrote: Hi there. what is the correct format for the whitelist_senders file? I want to whitelist an entire domain with a borked DNS in the whitelist.. Do I do *@abc.com or just abc.com in this file? Thanks -t I use @abc.com -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New version: spamdyke 4.2.1
On 01/04/2012 10:58 AM, Sam Clippinger wrote: Just when you thought it was safe to go back to your Inbox, spamdyke version 4.2.1 is now available: http://www.spamdyke.org/ This version extends the log messages to show why a blacklist is matched. It also fixes a few minor bugs. Version 4.x is NOT backwards compatible with 3.x; be sure to read the documentation before upgrading. Version 4.2.1 is backwards-compatible with version 4.2.0; simply replacing the old binary with the new one should be safe. -- Sam Clippinger Thanks for the updates, Sam. When I upgraded on my test machine (which is a bit of a mess at times), I noticed this when running tests: ERROR(graylist-level): Found domain directory for a domain that is not in the list of local domains; ... INFO(graylist-level): Local domain has no domain directory; ... The summary at the end says: SUCCESS: Tests complete. No errors detected. I'm wondering, shouldn't the first message (ERROR) be INFO instead, like the 2nd one? Thanks again. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] junkemailfilter.com
Has anyone here used junkemailfilter.com's DNS blacklist or (more significantly) whitelist (http://wiki.junkemailfilter.com/index.php/Spam_DNS_Lists) in conjunction with spamdyke? Just wondering if it's compatible, given the multiple return statuses that junkemailfilter uses. If so, sample configuration file entries would be helpful. TIA. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] need to insert a special rule..
Too bad. I'm not suggesting you switch from plesk, but I use http://wiki.qmailtoaster.com which has eMPF built in, and is pretty simple to admin so long as you're comfortable with the CLI. -- -Eric 'shubes' On 01/07/2012 03:57 PM, turgut kalfaoglu wrote: Unfortunately my plesk-qmail does not seem to have that patch installed. It's a huge pain to recompile qmail with plesk's patches, plus the empf.. -t On 07.01.2012 18:02, Eric Shubert wrote: On 01/07/2012 07:39 AM, turgut kalfaoğlu wrote: For some reason, we have massive amounts of mail coming from facebook, to one local user. I am unable to stop it, because the From is different every time, there are hundreds of users in the To: header, and the local recipient is always one local poor guy. I'm good at C programming and I'd like to put something like if (strstr(sender,facebook)strstr(recipient,localsucker)) rejectmail++; into spamdyke.. I'd appreciate any *pointers where to place a such code and how it should read. Many thanks, -turgut Do you have the eMPF patch (http://www.inter7.com/?page=empf-install) applied to qmail? If you do, I believe that can be used to accomplish such a rule (and more). FWIW. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] need to insert a special rule..
On 01/07/2012 07:39 AM, turgut kalfaoğlu wrote: For some reason, we have massive amounts of mail coming from facebook, to one local user. I am unable to stop it, because the From is different every time, there are hundreds of users in the To: header, and the local recipient is always one local poor guy. I'm good at C programming and I'd like to put something like if (strstr(sender,facebook) strstr(recipient,localsucker)) rejectmail++; into spamdyke.. I'd appreciate any *pointers where to place a such code and how it should read. Many thanks, -turgut Have you suggested that the local user change their notification preferences in facebook? When they're logged in, there's a drop down menu you can click in the top right corner. Select Account Settings, then click Notifications in the left column. This is where each user can control which emails are sent to them, and which are not. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Encryption policy enforcement
On 01/27/2012 04:38 PM, Sam Clippinger wrote: Interesting suggestions. The first one, logging how many users authenticate without TLS/SSL, is basically already there. Since the log messages already show both the authenticated user and the encryption status, you should be able to parse through them to find people who authenticated in the clear. That percentage is probably going to be pretty high, especially among Outlook users. I hadn't thought of that. You're right, it's in there. :) Outlook'03 doesn't support TLS, so I'm sure you're right there as well. Implementing a filter to require TLS for authentication shouldn't be too hard. Lots of servers already do this -- they either don't advertise authentication until after TLS starts OR only advertise challenge/response authentication until after TLS starts. spamdyke could do that too, as well as stripping out (and blocking) cleartext authentication offered by a patched qmail. I'd love to see this. It would certainly help to enforce a good security policy (no clear text passwords). Of course this would also require spamdyke to be installed on the submission port 587, but that's something I'd be willing to do if this option were available. Having spamdyke on port 587 will be needed also for some other future enhancements such as auto-whitelisting, so I don't think this is a big deal. Implementing a filter to require TLS for every connection could be problematic. Remote servers (as opposed to mail clients) wouldn't understand the problem and a lot of mail would bounce. Even if a remote server is capable of doing TLS for outbound connections (many aren't), convincing the admins of those remote servers to make the change would be a nightmare (to say the least). If always-on encryption is really what you want, why not just use SMTPS? This was somewhat of an afterthought. Enforcing this would indeed be a little impractical, but I'm a little surprised at how many servers are actually using TLS already (msn, gmail, as well as many small ones). Since the log messages have all the data required already to do analysis, this isn't a high priority. I just thought it might be a nice feature for companies who need a high degree of security. If the filter would be easy to code, I think it'd be a nice touch (not that it'd get much use). If the code would be troublesome, then forget it. Of course smtps (465) could be used internally, but there's no way to enforce an encryption policy externally (unless you write the filter). ;) Thanks again Sam for your great work with spamdyke. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Recipient blacklist vs. RDNS checks
Very nice explanation Sam. Thanks for all you do. -- -Eric 'shubes' On 02/14/2012 06:53 PM, Sam Clippinger wrote: Yes and no. From a purely academic standpoint, it takes less work/time for spamdyke to reject a blacklisted recipient than to perform the DNS tests because searching a file is faster than sending and receiving network data (assuming the file isn't huge). And yes, spamdyke re-reads all of its files (config files, whitelist, blacklist, graylist) for every incoming connection. Because the OS caches disk access, this doesn't incur much actual overhead. However, several factors make this a non-issue. First, your DNS server is caching the results for the frequent senders, so there's actually very little traffic being generated for those queries. Second, spamdyke runs its filters in a specific order (listed in the FAQ) in order to disqualify a connection as quickly as possible. This is because qmail must remain running as long as there is a chance the message will be accepted. As soon as spamdyke is sure the message will be rejected, it tells qmail to quit and continues talking to the remote server by itself. From a performance standpoint, closing the process and freeing the memory is a bigger win than the file/DNS comparison. Third, and most importantly, spamdyke is going to run the DNS queries whether you add the recipients to your blacklist or not. In order to try to reject a message as soon as possible, spamdyke runs its filters as soon as the required information is available: rDNS tests are run as soon as spamdyke starts, MX checks are run as soon as the sender is given, etc. However, even if those tests are positive, spamdyke refrains from sending a rejection until it's sure the message cannot possibly be accepted. For example, if you use a recipient whitelist, spamdyke can't reject a message until it sees the recipient address -- otherwise it might reject a message too early when the recipient is actually on the whitelist. The recipient is identified pretty late in the SMTP protocol, so spamdyke may have to hold its rejection for a while for safety. (In reality, a while is typically hundredths of a second.) So by the time the recipient address is given and spamdyke /could/ check the recipient blacklist, it's already done the DNS work. If the DNS tests triggered a filter, the recipient blacklist won't be checked at all. So there's really no point in using your spamdyke rejection messages to create a recipient blacklist -- it'll never be used anyway. Caveat: the third point above doesn't apply if configuration directories are in use. In that scenario, spamdyke doesn't run any tests until the recipient address is given, so it can first load the config files from the correct configuration directory(s). When that happens, the recipient blacklist is checked before the DNS tests are run. Overall, my advice is: don't worry about it. If your server is so heavily loaded that a few milliseconds of processing time are critical, you should upgrade the hardware or get a second server (or both). -- Sam Clippinger On Feb 14, 2012, at 4:58 PM, Angus McIntyre wrote: Watching the logs on my new mail server, I'm having the pleasure of seeing spamdyke knocking lots of incoming spam on the head. In most cases, the incoming messages are getting taken out by RBL_MATCH, SENDER_NO_MX or RDNS_MISSING rules. A lot of the messages would eventually fail anyway because they're being sent to non-existent recipients. My question is, should I bother adding those non-existent recipients to the recipient blacklist file? Does Spamdyke do less work/take less time to reject a message if it finds the recipient in a blacklist than if it has to do an RBL or RDNS check? I imagine that simple string-matching should be faster and more efficient than doing a network-check (RBL or RDNS), but it probably depends on the order in which Spamdyke does the checks, and whether it re-reads the blacklist file for each message it processes. Any recommendations? Angus ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] smtp-auth-command not seen?
On 03/20/2012 03:00 PM, Eric Shubert wrote: I did a little testing, and this appears to be just a bug in the config-test. With these settings, cram-md5 is not advertised, and authentication does work. After a little more testing, I discovered that qmail-smtpd (w/chkuser) is rejecting non-local emails, because it doesn't realize that the sender has authenticated. If I set the RELAYCLIENT variable in the tcp.smtp file (which would normally create an open relay), will spamdyke still honor the relay-level=normal (default) setting, and reject unauthenticated attempts to relay? I ask this because the documentation about spamdyke's access-file says this: Remote servers are allowed to relay if the environment variable RELAYCLIENT is set to any value. Most qmail guides recommend an entry like this one: 11.22.33.44:allow,RELAYCLIENT= and it's not clear to me if spamdyke would see this variable set by tcp.smtp and allow access based on this. As always, thanks Sam. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] smtp-auth-command not seen?
Yes, this is the same setup. Here are my configuration settings: dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net graylist-dir=/var/spamdyke/graylist graylist-level=always graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=5 idle-timeout-secs=180 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip local-domains-file=/var/qmail/control/rcpthosts log-level=info log-target=stderr max-recipients=15 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns reject-ip-in-cc-rdns reject-unresolvable-rdns sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders smtp-auth-command=/home/vpopmail/bin/vchkpw /bin/true smtp-auth-level=always tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp As you can see, I do have local-domains-file, but I have not specified any access-file. Is the access-file required? I presumed not, as the doc says it may be given, and connections are allowed by default. When I tested authentication (using telnet), I got a Proceed message after authentication, so I presumed authentication worked ok and I didn't test any further (my bad). My qmail-smtpd is (still) patched with smtp-auth though, and it doesn't appear to recognize that authentication has taken place. I want to have spamdyke control authentication entirely, but it appears that spamdyke isn't setting RELAYCLIENT when authentication has taken place. I presume that spamdyke doesn't start qmail-smtpd until after authentication has taken place, otherwise RELAYCLIENT could not be set, right? Let me know if I can give you anything else to go on. Thanks Sam. -- -Eric 'shubes' On 03/21/2012 04:46 PM, Sam Clippinger wrote: Umm, no. If this is the same setup you described in your previous email (which I haven't had a chance to investigate yet, sorry), it looks like you're not supplying the local-domains-file or access-file options, so spamdyke doesn't have enough information to control relaying (i.e. it doesn't know which domains are local or who has permission to relay, so it has to trust qmail to control relaying). If those options are given, spamdyke will always set the RELAYCLIENT variable and control relaying itself. That will fix the problem: spamdyke will prevent relaying from non-authenticated senders and qmail-smtpd will accept non-local recipients passed by spamdyke. -- Sam Clippinger On Mar 21, 2012, at 5:49 PM, Eric Shubert wrote: On 03/20/2012 03:00 PM, Eric Shubert wrote: I did a little testing, and this appears to be just a bug in the config-test. With these settings, cram-md5 is not advertised, and authentication does work. After a little more testing, I discovered that qmail-smtpd (w/chkuser) is rejecting non-local emails, because it doesn't realize that the sender has authenticated. If I set the RELAYCLIENT variable in the tcp.smtp file (which would normally create an open relay), will spamdyke still honor the relay-level=normal (default) setting, and reject unauthenticated attempts to relay? I ask this because the documentation about spamdyke's access-file says this: Remote servers are allowed to relay if the environment variable RELAYCLIENT is set to any value. Most qmail guides recommend an entry like this one: 11.22.33.44:allow,RELAYCLIENT= and it's not clear to me if spamdyke would see this variable set by tcp.smtp and allow access based on this. As always, thanks Sam. -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
