[spamdyke-users] Out of contact
Sorry to do this to everyone, but I'll be travelling and out of contact for the next two weeks, returning on 7/17. I'll try to respond to everything when I get back. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Build failure
I'm working to integrate GNU autoconf into the next version, hopefully that will fix issues like this. -- Sam Clippinger CyberLeo Kitsana wrote: CyberLeo Kitsana wrote: Hi! In trying to build SpamDyke for FreeBSD 4.10-RELEASE, I encountered the following issues. I had to modify cflags in the makefile to add '-I/usr/local/include' so that getopt.h could be located. Any suggestions on what I might be able to do to resolve this? Build log: [EMAIL PROTECTED]:~/build/spamdyke-2.6.3/spamdyke $ make bsd make LFLAGS= spamdyke gcc -I/usr/local/include -Wall -O2 -funsigned-char -DTLS -c spamdyke.c gcc -I/usr/local/include -Wall -O2 -funsigned-char -DTLS -c command_line.c gcc -I/usr/local/include -Wall -O2 -funsigned-char -DTLS -c dns.c gcc -I/usr/local/include -Wall -O2 -funsigned-char -DTLS -c environment.c gcc -I/usr/local/include -Wall -O2 -funsigned-char -DTLS -c usage.c gcc -I/usr/local/include -Wall -O2 -funsigned-char -DTLS -c search_fs.c gcc -I/usr/local/include -Wall -O2 -funsigned-char -DTLS -c exec.c gcc -I/usr/local/include -Wall -O2 -funsigned-char -DTLS -c base64.c gcc -I/usr/local/include -Wall -O2 -funsigned-char -DTLS -c tls.c tls.c: In function `tls_end': tls.c:245: storage size of `tmp_timeout' isn't known tls.c:245: warning: unused variable `tmp_timeout' *** Error code 1 Stop in /usr/home/cyberleo/build/spamdyke-2.6.3/spamdyke. *** Error code 1 Stop in /usr/home/cyberleo/build/spamdyke-2.6.3/spamdyke. Solved, kinda. I had to modify LFLAGS to include -L/usr/local/lib -lgnugetopt, and tls.c to #include sys/time.h as well. Now it compiles cleanly and works perfectly. Unfortunately, I have no idea how to conditionally include those flags or headers in the build process. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Checking rcpto first?
(Sorry for not responding faster; I've been out of town for almost 2 weeks.) True, though it will likely appear in the version-after-next (3.1). The next version is focused on the big configuration overhaul. -- Sam Clippinger [EMAIL PROTECTED] wrote: At 11:00 AM 8/2/2007, [EMAIL PROTECTED] wrote: With the rcptto patch, such emails are rejected during the initial smtp conversation, and all is well. However, when spamdyke is running, this doesn't seem to happen. Can I have the best of both worlds? I'm pretty sure that Sam said he is working on just that sort of functionality for v3.0 of Spamdyke. Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] --ip-in-rdns-keyword-file
The only downside would be inadvertently blocking legitimate hosts. For example, if you only searched for the keyword cable, you'd block customermail.cable.example.com, which might be an ISP's mail server. By the same token, only searching for the IP address would block hosts like 11-22-33-44.businessdsl.example.com, which might be a real company's mail server. Finding both the keyword and the IP address seemed to be a reasonable compromise to me. I could certainly add the ability to block only based on keywords but I fear it would be more often misconfigured (and thus cause more problems) than not. -- Sam Clippinger [EMAIL PROTECTED] wrote: At 11:00 AM 8/9/2007, [EMAIL PROTECTED] wrote: You're hitting two different problems. First, remove the trailing dot from the keyword in the file. spamdyke already ensures any keywords it finds are surrounded by non-alphanumeric characters. This is so a keyword like dialup is not found in 11223344.notdialup.example.com. Second, the keyword AND the IP address of the incoming connection must be found in the reverse DNS name to trigger the filter. spamdyke searches the rDNS name for many different possible formats of the IP address. In the example below, the IP address is not part of the name, so the filter wasn't triggered. Thanks. I needed the two weeks you were gone to figure out that it requires *both* to trigger the filter. Is there a downside to having the filter triggered by either (OR) rather than both (AND)? Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke claritication
Correct. spamdyke will only use the filters you enable and everything else will be passed through to qmail, exactly as it was before spamdyke was installed. -- Sam Clippinger davide bozzelli wrote: Hi If i would use spamdyke as graylist only solution does this means i could continue to use all the controls stuff built inside qmail-smtpd (badmailfrom,ecc ecc ecc) ? I mean: does spamdyke in graylist only mode don't affect the normal operations of qmail-smtpd ? Thx in advance, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help to install qmail on debian.
Well, then I'm afraid your only option is to look at the /etc/init.d/qmail file and figure out how it works. Something must be running on your system to start a copy of qmail-smtpd for each incoming connection. On a typical qmail installation, that process is called tcpserver. Once you find the script that starts the listener, you should be able to modify it to start spamdyke instead of qmail-smtpd. Without more information about your setup, that's all I can tell you. Sorry. -- Sam Clippinger night duke wrote: I don't know how it was installed. Thanks anyway Nightduke */Sam Clippinger [EMAIL PROTECTED]/* escribió: How did you install qmail? Was it from a prebuilt package set (like QmailToaster) or following an online guide/book (like QmailRocks or LifeWithQmail)? -- Sam Clippinger night duke wrote: Following this file explains how to install spamdyke but i can't find http://www.spamdyke.org/documentation/INSTALL.txt this: /service/qmail-smtpd/run exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 21 Does anyone know where can i find this file on debian? I just find a file at /etc/init.d/qmail Thanks Nightduke Sé un Mejor Amante del Cine ¿Quieres saber cómo? ¡Deja que otras personas te ayuden! . ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users Sé un Mejor Amante del Cine ¿Quieres saber cómo? ¡Deja que otras personas te ayuden! http://us.rd.yahoo.com/mail/es/tagline/beabetter/*http://advision.webevents.yahoo.com/reto/entretenimiento.html. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Help to install qmail on debian.
I honestly have no idea. Without knowing how your qmail was installed, the commands could be anywhere. I'm hesitant to blindly give advice lest you accidentally break your server. -- Sam Clippinger night duke wrote: I saw at /etc/init.d a few commands of qmail starting. It's there were i must do the changes? I would like to do a howto install spamdyke on a qmail server. I hope this will help every people on internet. Nightduke */Sam Clippinger [EMAIL PROTECTED]/* escribió: Well, then I'm afraid your only option is to look at the /etc/init.d/qmail file and figure out how it works. Something must be running on your system to start a copy of qmail-smtpd for each incoming connection. On a typical qmail installation, that process is called tcpserver. Once you find the script that starts the listener, you should be able to modify it to start spamdyke instead of qmail-smtpd. Without more information about your setup, that's all I can tell you. Sorry. -- Sam Clippinger night duke wrote: I don't know how it was installed. Thanks anyway Nightduke */Sam Clippinger /* escribió: How did you install qmail? Was it from a prebuilt package set (like QmailToaster) or following an online guide/book (like QmailRocks or LifeWithQmail)? -- Sam Clippinger night duke wrote: Following this file explains how to install spamdyke but i can't find http://www.spamdyke.org/documentation/INSTALL.txt this: /service/qmail-smtpd/run exec /usr/local/bin/softlimit -m 200 \ /usr/local/bin/tcpserver -v -R -l $LOCAL -x /etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp /var/qmail/bin/qmail-smtpd 21 Does anyone know where can i find this file on debian? I just find a file at /etc/init.d/qmail Thanks Nightduke Sé un Mejor Amante del Cine ¿Quieres saber cómo? ¡Deja que otras personas te ayuden! . ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users Sé un Mejor Amante del Cine ¿Quieres saber cómo? ¡Deja que otras personas te ayuden! . ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users Sé un Mejor Amante del Cine ¿Quieres saber cómo? ¡Deja que otras personas te ayuden! http://us.rd.yahoo.com/mail/es/tagline/beabetter/*http://advision.webevents.yahoo.com/reto/entretenimiento.html. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] empty subject mail problem
It's likely that some other program on your system is enforcing a timeout without logging it. For example, rblsmtpd imposes an absolute connection limit of 1 minute. qmail itself has a 20 minute idle timeout. Are you using any other filters that might have a 5 minute timeout? -- Sam Clippinger yusuf özbilgin wrote: Thanks for reply, I added -T 0 options to the /var/qmail/service/smtpd/run file empty mail problem solved. But now; int the maillog file there was ALLOWED part. but there is no mail in the mbox. at qmail log also there is no record for this mail. when I log full mail transaction; 08/30/2007 09:44:48 STARTED: To remote host = ; to child process = 08/30/2007 09:44:48 220 smtp.mailserver.org ESMTP 08/30/2007 09:44:48 EHLO mail.sender.org 08/30/2007 09:44:48 250-smtp.mailserver.org 250-AUTH LOGIN CRAM-MD5 PLAIN 250-AUTH=LOGIN CRAM-MD5 PLAIN 250-PIPELINING 250 8BITMIME 08/30/2007 09:44:48 MAIL From:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]adress.com 08/30/2007 09:44:48 250 ok 08/30/2007 09:44:48 RCPT To:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 08/30/2007 09:44:48 250 ok 08/30/2007 09:44:49 DATA 08/30/2007 09:44:49 354 go ahead 08/30/2007 09:49:44 CLOSED thanks. Date: Wed, 29 Aug 2007 19:10:23 -0500 From: [EMAIL PROTECTED] To: spamdyke-users@spamdyke.org Subject: Re: [spamdyke-users] empty subject mail problem For a first attempt, you could increase the timeout limit with -T. If that doesn't work, I recommend enabling full logging with -L to see exactly what's happening during the connections where the data is being lost. -- Sam Clippinger yusuf özbilgin wrote: Hi I have installed spamdyke 2.6.3 my /var/qmail/service/smtpd/run file is below /usr/local/bin/spamdyke -l -d /var/qmail/control/rcpthosts \ --hostname smtp.mailserver.org \ --graylist-min-secs 300 \ --graylist-max-secs 1814400 \ --never-graylist-ip-file /usr/local/vpopmail/etc/never_graylistip \ --never-graylist-rdns-file /usr/local/vpopmail/etc/never_graylistrdns \ --check-dnsrbl sbl-xbl.spamhaus.org \ --check-dnsrbl cbl.abuseat.org \ --ip-whitelist-file /usr/local/vpopmail/etc/spamdyke_whitelist \ --ip-blacklist-file /usr/local/vpopmail/etc/blacklist_ip \ --sender-blacklist-file /usr/local/vpopmail/etc/sender_blacklist \ --recipient-blacklist-file /usr/local/vpopmail/etc/recipient_blacklist \ --ip-in-rdns-keyword-file /usr/local/vpopmail/etc/blacklist_keywords \ --rdns-whitelist-file /usr/local/vpopmail/etc/whitelist_rdns \ --reject-empty-rdns \ --reject-missing-sender-mx \ some mail is coming with empty subject and empty sender. :( But some informations are in mail source. When I look to the maillog the error is timeout. How can I solve this problem? Thanks. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] QMAILTOASTER + SPAMDYKE
The -x flag is for blacklists, not for the access file. Use the --access-file flag instead. Also, spamdyke cannot read CDB files. Just use the plain text version: /etc/tcp.smtp -- Sam Clippinger Raj wrote: hi i followed your suggestions but i am facing problems if i put line -x TCP_CDB below i am not able to smtp authenticate and send any email with my own email id which is on the server. the connection simply terminates. if i remove -x TCP_CDB then i can send emails from this id even if password is not provided ... ie authentication is not checked properly. could you please chk and let me know what is wrong #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/spamdyke \ -l \ -d /var/qmail/control/rcpthosts \ -d /var/qmail/control/morercpthosts \ --reject-missing-sender-mx \ --smtp-auth-command /home/vpopmail/bin/vchkpw /bin/true --hostname ns1.aaaonlinux.com \ $SMTPD $VCHKPW /bin/true 21 raj -- Original Message -- From: Sam Clippinger [EMAIL PROTECTED] Reply-To: spamdyke users spamdyke-users@spamdyke.org Date: Sat, 08 Sep 2007 13:28:31 -0500 To use both rcpthosts and morercpthosts, simply provide the -d flag twice: spamdyke -d /var/qmail/control/rcpthosts -d /var/qmail/control/morercpthosts ... To prevent all mail delivery except by authenticated users, I recommend blacklisting all IP addresses (-B) with an IP blacklist file like this: 0.0.0.0/0.0.0.0 Then use the --smtp-auth-command flag to enable SMTP AUTH. spamdyke will block all senders unless they authenticate. The --access-file flag is only needed when qmail has not been patched to provide SMTP AUTH. In that situation, spamdyke must control relaying because qmail will block remote senders who have authenticated. Because you're running qmail toaster, this isn't necessary for you. Because your password check shows vchkpw doesn't support CRAM-MD5, be sure to use the --smtp-auth-command flag, not --smtp-auth-command-encryption. Most likely, your vpopmail was compiled without cleartext password support, which makes challenge/response authentication impossible. -- Sam Clippinger Raj wrote: hi i have qmail toaster which also incorporates chkuser in it and vpopmail user mysql database for storing passwords. i have disabled chkuser in the tcp.smtp file. i have also disable rblsmtpd and blacklists files since the same is done by spamdyke where i am getting confused pertains to smtp authentication and relaying. -d /var/qmail/control/rcpthosts now qmail installation has rcpthosts and morercpthosts ? how do i handle that ? or should i create a seperate rcpthosts file specially for spamdyke concerning smtp authentication what i need is every email user on my server who sends out emails should smtp authenticate before sending email. do i need to use the flag --access-file /etc/tcp.smtp what should be the content of this file help required please. /var/qmail/supervise/smtp/run file # #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` BLACKLIST=`cat /var/qmail/control/blacklists` SMTPD=/var/qmail/bin/qmail-smtpd TCP_CDB=/etc/tcprules.d/tcp.smtp.cdb RBLSMTPD=/usr/bin/rblsmtpd HOSTNAME=`hostname` VCHKPW=/home/vpopmail/bin/vchkpw REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 1200 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME \ -x $TCP_CDB -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/spamdyke \ -l \ --reject-missing-sender-mx \ --smtp-auth-command-encryption /home/vpopmail/bin/vchkpw /bin/true --hostname ns1.abc.com \ --access-file /var/qmail/spamdyke/tcp.smtp \ $SMTPD $VCHKPW /bin/true 21 # result of my password check Beginning unencrypted password test. Sending data to child process: [EMAIL PROTECTED] Test result: SUCCESS Beginning CRAM-MD5 encrypted password test. Sending data to child process: [EMAIL PROTECTED] ERROR: Child process exited with an undocumented return code: 3 Test result: FAILURE (perhaps /home/vpopmail/bin/vchkpw doesn't support CRAM-MD5) tcp.smtp file 127.:allow,RELAYCLIENT=,DKSIGN=/var/qmail/control/domainkeys/%/private,NOP0FCHECK=1,CHKUSER_START=NONE :allow,BADMIMETYPE=,BADLOADERTYPE=,CHKUSER_RCPTLIMIT=100,CHKUSER_WRONGRCPTLIMIT=10,DKVERIFY=DEGIJKfh,QMAILQUEUE=/var/qmail/bin/simscan,DKQUEUE=/var/qmail/bin/qmail-queue.orig, NOP0FCHECK=1, CHKUSER_START=ALWAYS Thanks
[spamdyke-users] New version: spamdyke 3.0.0
At long, long last, spamdyke 3.0.0 is ready. http://www.spamdyke.org/ MAJOR NEW FEATURES: The amount of information logged to syslog is now configurable. Options can now be read from configuration files instead of the command line. spamdyke can now run tests on its configuration to look for bad filesystem permissions, missing files/folders and other misconfigurations. spamdyke no longer needs to process SMTP AUTH requests itself. If qmail is patched to provide SMTP AUTH, spamdyke will observe the authentication and trust qmail's success/failure response. RHSBLs are now supported. DNS whitelists are now supported (DNS RBLs and RHSBLs that list good servers instead of bad ones). OTHER NEW STUFF: rDNS directory searching now available for never-graylist, always-graylist and rdns-blacklist. Blacklisted rDNS names can now be found in a file (instead of only in a directory structure). Connections from whitelisted clients are now logged. spamdyke now logs a rejection if spamdyke allows a connection but qmail rejects it. Sender and recipient addresses can now be whitelisted (though this is a very bad idea, it was requested). BUG FIXES: Text is now sent to remote clients in whole lines, fixing the broken packet problem with Windows clients. BATV addresses are now processed correctly (finally). Zombie processes are cleaned up faster. Multiple authentication attempts are now allowed. TLS passthrough now works correctly. NOTE: This version is not completely backwards compatible with version 2.x.x. Please read the UPGRADING.txt file for details. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] -d Option
You're running spamdyke on a system with more than 32000 hosted domains? Wow, that's kinda neat to know. :) Yes, it should be possible to make -g search multiple directories -- it would just keep searching until it found one that contains a folder for the recipient's domain name, then proceed as normal. I'll add that to the next version. -- Sam Clippinger Ulrich Eckardt wrote: Good morning all, good morning Sam I have installed spamdyke on our mailservers. The breaking up of the first connection leads to the senders trying to deliver to the secondary mailserver. So I have installed it on the mx2 as well. But on a unix system there can be no more than 32000 directories within the -d directory. On the mx2 we have quiet some more domains than that, so I think it would be great, if you could make it possible to use this option multiple times. Thanks - Ulrich PS.: will install 3.0 now and keep you updated if customers grill me :) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] SMTP Auth Problem.
With the latest version of spamdyke, the smtp-auth-command flag is unnecessary. If qmail already provides SMTP AUTH, spamdyke will honor the authentications automatically. Try these starting arguments: -Rt0 /usr/local/bin/spamdyke -x dnsbl-1.uceprotect.net -x dnsbl-2.uceprotect.net -x dnsbl.sorbs.net -x cbl.abuseat.org -x sbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true -- Sam Clippinger Hikmet Gümüş wrote: I use Plesk and QMAIL. Plesk's qmail has an SMTP AUTH. But i can't run spamdyke with auth. /var/qmail/bin/passwordcheck -u mailaddress mailto:[EMAIL PROTECTED] -p password /var/qmail/bin/smtp_auth /var/qmail/bin/true Beginning unencrypted password test. Sending data to child process: mailaddress\0password\0\0 mailto:[EMAIL PROTECTED] and returns to nothing and return to shell. Could you help me ? Plesk use Xinetd. for starting qmaild. OLD Starting arguments is : -Rt0 /usr/sbin/rblsmtpd -a 85.105.30.4 http://85.105.30.4 -r dnsbl-1.uceprotect.net http://dnsbl-1.uceprotect.net -r dnsbl-2.uceprotect.net http://dnsbl-2.uceprotect.net -r dnsbl.sorbs.net http://dnsbl.sorbs.net -r cbl.abuseat.org http://cbl.abuseat.org -r sbl.spamhaus.org http://sbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] DENIED_SENDER_NO_MX
The easiest solution is to give bcltest.dotio.com an IP address (an A record). When spamdyke finds that, the filter will pass. The other option, of course, is to disable the sender MX filter. -- Sam Clippinger night duke wrote: Sep 26 15:35:33 bcl041 spamdyke[20723]: DENIED_SENDER_NO_MX from: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] to: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] origin_ip: xx..xx.xx.xx origin_rdns: bcl00641.empresas.ya.com auth: (unknown) Does anyone how can i fix this error? It's a local email from the antivirus it's denied because dosen't have mx record. Thanks Nightduke Sé un Mejor Amante del Cine ¿Quieres saber cómo? ¡Deja que otras personas te ayuden! http://us.rd.yahoo.com/mail/es/tagline/beabetter/*http://advision.webevents.yahoo.com/reto/entretenimiento.html. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke-users Digest, Vol 4, Issue 29
It would be very easy to change but I'm not sure DENIED_BY_OTHER would make it more clear. Since all of the other DENIED messages are for spamdyke's filters, DENIED_BY_OTHER could easily mean denied by some other spamdyke filter. To be of real value, any change would have to be very very explicit, like DENIED_BY_SOME_OTHER_PROGRAM_BUT_ALLOWED_BY_SPAMDYKE. That seems a little silly. :) I'm hesitant to make this kind of change anyway, because it will break any monitoring or graphing scripts people may be using; I try to make each release backwards compatible if possible. When I can't do that, I increment the major version number (e.g. 2.6.3 become 3.0.0) to indicate a significant change. If anyone can't figure out what the log messages mean, I'm afraid they'll just have to consult the documentation. -- Sam Clippinger BC wrote: On 9/27/2007 [EMAIL PROTECTED] wrote: DENIED_OTHER means spamdyke did not reject the message; qmail did. spamdyke noticed the rejection and logged it. Hi Sam - Would it be possible to change the above log line info to read DENIED_BY_OTHER to better imply that spamdyke didn't do it? Thanks, Bucky ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] compile spamdyke for solaris
I've never tried to compile spamdyke on Solaris, so the configure script isn't written to detect it. I'll try to get a copy of OpenSolaris installed in VMWare and do some testing. -- Sam Clippinger Limperis Antonis wrote: I try to compile spamdyke 3.0.1 in solaris 8 machine , but the configure terminated with message: checking whether nameserver constants are defined in arpa/nameser.h... no checking whether nameserver constants are defined in arpa/nameser_compat.h... no configure: error: Unable to compile without nameserver constants. See `config.log' for more details. The config.log writes some syntax errors. configure:2478: checking whether nameserver constants are defined in arpa/nameser_compat.h configure:2497: gcc -c -O2 conftest.c 5 In file included from conftest.c:12: /usr/include/arpa/nameser.h:124: error: syntax error before '*' token /usr/include/arpa/nameser.h:126: error: syntax error before '*' token /usr/include/arpa/nameser.h:129: error: syntax error before '*' token /usr/include/arpa/nameser.h:130: error: syntax error before '}' token /usr/include/arpa/nameser.h:148: error: syntax error before 'uint16_t' /usr/include/arpa/nameser.h:150: error: syntax error before 'ttl' /usr/include/arpa/nameser.h:151: error: syntax error before 'rdlength' /usr/include/arpa/nameser.h:152: error: syntax error before '*' token /usr/include/arpa/nameser.h:153: error: syntax error before '}' token /usr/include/arpa/nameser.h:233: error: syntax error before 'uint8_t' /usr/include/arpa/nameser.h:235: error: syntax error before 'r_class' /usr/include/arpa/nameser.h:236: error: syntax error before 'r_type' /usr/include/arpa/nameser.h:237: error: syntax error before 'r_ttl' /usr/include/arpa/nameser.h:238: error: syntax error before '*' token /usr/include/arpa/nameser.h:239: error: syntax error before 'r_size' /usr/include/arpa/nameser.h:245: error: syntax error before 'r_zone' /usr/include/arpa/nameser.h:544: error: syntax error before 'int' /usr/include/arpa/nameser.h:545: error: syntax error before '__ns_get16' /usr/include/arpa/nameser.h:545: error: syntax error before '*' token /usr/include/arpa/nameser.h:546: error: syntax error before '__ns_get32' /usr/include/arpa/nameser.h:546: error: syntax error before '*' token /usr/include/arpa/nameser.h:547: error: syntax error before '*' token /usr/include/arpa/nameser.h:548: error: syntax error before '*' token /usr/include/arpa/nameser.h:549: error: syntax error before '*' token /usr/include/arpa/nameser.h:550: error: syntax error before '*' token /usr/include/arpa/nameser.h:551: error: syntax error before '*' token /usr/include/arpa/nameser.h:552: error: syntax error before '*' token /usr/include/arpa/nameser.h:554: error: syntax error before '*' token /usr/include/arpa/nameser.h:558: error: syntax error before 'char' /usr/include/arpa/nameser.h:559: error: syntax error before 'ulong_t' /usr/include/arpa/nameser.h:560: error: syntax error before '__ns_datetosecs' /usr/include/arpa/nameser.h:561: error: syntax error before '*' token /usr/include/arpa/nameser.h:562: error: syntax error before '*' token I use gcc (GCC) 3.4.6. What is the problem; Whish is the solution; Thank you Antonis ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] compile spamdyke for solaris
Thanks for the offer, let me see if I can find a VMWare appliance first. That way I can use it to test future releases too -- I already test Linux, Mac OS X, NetBSD and OpenBSD, what's one more? :) -- Sam Clippinger davide bozzelli wrote: Sam Clippinger ha scritto: I've never tried to compile spamdyke on Solaris, so the configure script isn't written to detect it. I'll try to get a copy of OpenSolaris installed in VMWare and do some testing. -- Sam Clippinger I've the same problem on a sparc solaris . If you want I can provide you an account on a SPARC Solaris v.10,where you could try to figure out the problem(s). Have fun Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] possible bug whith recipient-whitelist-file
Are you sure the test is failing? When you use recipient-whitelist-file, spamdyke doesn't reject the sender address as soon as it is given. It must wait until the recipient address is given so it can check the whitelist before rejecting the message. When I configure my server to use a recipient whitelist, I see this: . $ telnet iconoclast.silence.org 25 Trying 208.110.65.146... Connected to iconoclast.silence.org. Escape character is '^]'. 220 iconoclast.silence.org ESMTP helo me 250 iconoclast.silence.org mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 421 Refused. The domain of your sender address has no mail exchanger (MX). quit 221 Refused. The domain of your sender address has no mail exchanger (MX). Connection closed by foreign host. $ . This is the expected behavior. -- Sam Clippinger davide bozzelli wrote: Hi Here is my conf: log-level=2 ip-whitelist-file=/var/qmail/control/nospamdykeip sender-whitelist-file=/var/qmail/control/nospamdykefrom recipient-whitelist-file=/var/qmail/control/nospamdyketo local-domains-file=/var/qmail/control/rcpthosts local-domains-file=/var/qmail/control/morercpthosts ip-in-rdns-keyword-file=/var/qmail/control/badrdns never-graylist-ip-file=/var/qmail/control/nograyip reject-empty-rdns reject-unresolvable-rdns reject-missing-sender-mx idle-timeout-secs=300 graylist-dir=/var/qmail/graylist graylist-max-secs=1814400 graylist-min-secs=300 ALL the whitelist files are empty , in particular: recipient-whitelist-file=/var/qmail/control/nospamdyketo So the problem is: spamdyke does not enforce reject-missing-sender-mx when recipient-whitelist-file is enabled, even with an empty file . If I comment the recipient-whitelist-file then it works . I dunno if is a bug or not, it seems it is . Have fun, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] graylisting
To activate graylisting: 1) Create a top-level folder, like /var/qmail/graylisting 2) Create one folder for each domain _you_host_. On my server, I created /var/qmail/graylisting/silence.org. On your server, you don't host silence.org, so you will use your own domain name(s). 3) Configure spamdyke to use the folder by updating the configuration file with: graylist-dir=/var/qmail/graylisting 4) Done. -- Sam Clippinger night duke wrote: If i don't add the domanin manually it's a problem to me. Can not be automactly added? Thanks Nightduke */davide bozzelli [EMAIL PROTECTED]/* escribió: night duke ha scritto: So i must add only my domains there.I must add the domains from where i want to receive? Yes, more precisely the domain(s) you want to enable graylist for. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users Sé un Mejor Amante del Cine ¿Quieres saber cómo? ¡Deja que otras personas te ayuden! http://us.rd.yahoo.com/mail/es/tagline/beabetter/*http://advision.webevents.yahoo.com/reto/entretenimiento.html. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] after I installed spamdyke, nagios get's an odd reply
Are you using spamdyke version 3.0.1? Previous versions had some issues with Nagios and Windows but I thought I had fixed them. -- Sam Clippinger dnk wrote: Hi there, I was wondering if anyone is using nagios to monitor any of their machines that have spamdyke running on it? I had a qmail box I was monitoring just fine, then once I dropped in spamdyke, Nagios started reporting an error along these lines: Unexpected smtp conversation (will post the exact message once I get another one). Now i do not get this all the time, however once I remove spamdyke, the issue disappears all together Dnk ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Cache system
Generally speaking, because spamdyke does not run as a daemon, any kind of caching is very difficult. The cache would have to be disk-based, which can be tricky when the server is very busy and multiple instances of spamdyke are attempting to update the disk. If the server isn't very busy, having a cache won't matter much. For the two things you mentioned, DNS RBL and rDNS lookups, try installing a caching DNS server on the mail server. You can configure it (or use iptables) to only allow queries from the local machine. I think you'll be surprised how much it helps. -- Sam Clippinger Paulo Henrique wrote: Sam, I was wondering if it would be possible to implement a system of cache in spamdyke, I believe that improving the speed in RBL test and rDNS. A spammer usually tries to send messages to more than one account in the same domain, with the system cache, as soon as the first attempt was denied the ip address of origin would be stored in a file or directory and future attempts would be consulted in the cache, if the address is found in the cache the other tests should not be run, if not found the tests continue the normal procedure. I am thinking in a way to do this using bash script + iptables, but I think this would be a point to the spamdyke. What do you think? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] About logging
Plesk changes /etc/syslog.conf to move the mail logs to a different location. Check /usr/local/psa/var/log/maillog. -- Sam Clippinger Yasin inat wrote: Hi all, i ve just discovered spamdyke. its exactly amazing. my domains users are all in turkey. i dont have too big spam problem. all my personal accounts about 10. were getting only 100-150 spam mails in a day. but now. its not more than 5. great success ! i ve installed spamdyke 2 different distro. qmailrocks-guided installation on debian was smooth. done in a few seconds. it started to work without any problem. but i have a lil problem spamdyke on plesk. using ancient redhat 9 upgraded to kernel 2.6 everything is ok but the logging. spamdyke is working. i can see all new smtp connections. i can see the live log of qmail-queue. normally i ve installed spamdyke. controlled /var/log/maillog there was nothing. i thought spamdyke is not working. so i ve cleaned the row in xinetd smtp file. then compiled installed again. i got it at 2th. is there any issue about unable to log ? i m using spamdyke with a config file /etc/spamdyke. in config file log_level=2 /var/log/maillog is writeable by all. thank you again thank you in advance. -- Marmaris Yacht Marina www.yachtmarin.com http://www.yachtmarin.com Bilgi İşlem / ITech. Dep. +90 252 4220094 #185 Fax: +90 252 4220049 www.yasininat.com http://www.yasininat.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Resolving rDNS with CNAME
It looks like spamdyke is functioning correctly. In your log message, it shows origin_rdns: somehost, which means it must have resolved the PTR record. DENIED_RDNS_RESOLVE means that the PTR name (in this case, somehost) does not have an A record. In other words, if you run host somehost, you should see an IP address. NOTE: somehost's IP address does not have to be zzz.yyy.xxx.www (the same as the IP address for the PTR record). It just has to have _any_ IP address. -- Sam Clippinger Hartmut Wernisch wrote: Hello! I seems that spamdyke has a problem resolving PTR records of the form: bash$ host zzz.yyy.xxx.www www.xxx.yyy.zzz.in-addr.arpa is an alias for www-xxx-yyy-zzz.reverse.domain.tld www-xxx-yyy-zzz.reverse.domain.tld domain name pointer somehost.otherdomain.tld Logfile output: spamdyke[12086]: DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: zzz.yyy.xxx.www origin_rdns: somehost. auth: (unknown) The real life example is available but I don't want to post it on the list. I can provide it via email if someone is interessted. Best, Hartmut Wernisch ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] smtp auth relay issues
In order for spamdyke to correctly handle relaying, it needs three things: smtp-auth-command, access-file and local-domains-file. It looks like you're missing the local-domains-file directive. Try adding this to your spamdyke config: local-domains-file=/var/qmail/control/rcpthosts That'll probably do it. -- Sam Clippinger Steve Cole wrote: I have spamdyke working properly with SMTP-AUTH and TLS as far as I can tell. Spamdyke authenticates me and allows me to write to accounts on the system, but when i try to relay to another system (any other system) it denies me even though I've gone through the authentication (sorry, that is not listed in my rcpthosts error message) In the logfile, this is the error I see: Oct 25 16:53:26 zeus spamdyke[4907]: DENIED_OTHER from: [EMAIL PROTECTED] to: spamdyke-users@spamdyke.org origin_ip: 1x9.2x6.xx.77 origin_rdns: XXX..com auth: [EMAIL PROTECTED] Is this expected behaviour? Is the access-list file supposed to be set up specifically to allow relaying to remote systems? Please let me know if there's something I've missed. PS, I used this command: perl -MMIME::Base64 -e 'print encode_base64 ([EMAIL PROTECTED])' to generate the AUTH PLAIN line. In case anyone else runs into the need to test. with config-test there are no errors other than it complaining that vchkpw is not owned by root. Any help is appreciated. My entire config: log-level=2 idle-timeout-secs=60 tls-certificate-file=/usr/lib/courier-imap/share/pop3d.pem smtp-auth-command=/var/vpopmail/bin/vchkpw /bin/true hostname=xxx.xxs.net access-file=/var/vpopmail/etc/sd-access -- Cheers, Steve ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] smtp auth relay issues
You shouldn't need to add anything special to the access file. As long as the remote IP address is allowed to send mail at all (i.e. it matches an :allow line), that should be enough. Try as I might, I can't reproduce what you're seeing. Here's what I tried, using spamdyke 3.0.1 (the IP address is from one of Verizon's mail servers): spamdyke-3.0.1/tests# cat tmp/spamdyke.conf log-level=2 idle-timeout-secs=60 tls-certificate-file=certificates/combined_no_passphrase/server.pem smtp-auth-command=/home/vpopmail/bin/vchkpw /usr/bin/true hostname=xxx.xxs.net access-file=tmp/access.txt local-domains-file=tmp/local_domains.txt spamdyke-3.0.1/tests# cat tmp/local_domains.txt example.net spamdyke-3.0.1/tests# cat tmp/access.txt :allow spamdyke-3.0.1/tests# export TCPREMOTEIP=162.115.228.33 spamdyke-3.0.1/tests# ../spamdyke/spamdyke -f tmp/spamdyke.conf /var/qmail/bin/qmail-smtpd 220 openbsd.silence.org ESMTP ehlo me 250-openbsd.silence.org 250-PIPELINING 250-8BITMIME 250-AUTH LOGIN PLAIN 250 STARTTLS auth plain AH...XI= 235 Proceed. mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok data 354 go ahead To: [EMAIL PROTECTED] Subject: Testing FOO! . 250 ok 1188333446 qp 610 quit 221 openbsd.silence.org spamdyke-3.0.1/tests# tail /var/log/maillog Aug 28 16:37:18 openbsd spamdyke[3592]: ALLOWED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 162.115.228.33 origin_rdns: polaris.verizonwireless.com auth: [EMAIL PROTECTED] spamdyke-3.0.1/tests# I get the same results when I remove example.net from the local_domains.txt file, so clearly spamdyke is allowing the relaying to take place. When I don't authenticate, spamdyke blocks the attempt to relay: spamdyke-3.0.1/tests# ../spamdyke/spamdyke -f tmp/spamdyke.conf /var/qmail/bin/qmail-smtpd 220 openbsd.silence.org ESMTP ehlo me 250-openbsd.silence.org 250-PIPELINING 250-8BITMIME 250-AUTH LOGIN PLAIN 250 STARTTLS mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 554 Refused. Sending to remote addresses (relaying) is not allowed. quit 221 openbsd.silence.org spamdyke-3.0.1/tests# This installation of qmail is netqmail-1.05 with no additional patches applied (other than the netqmail patches). vpopmail is installed, obviously. A little background: a standard installation of qmail will allow relaying if the matching line from the access file sets the RELAYCLIENT environment variable. When spamdyke is configured to handle relaying (by enabling SMTP AUTH and providing the access and local domains files), it fools qmail by _always_ setting the RELAYCLIENT variable and blocking relaying itself. Because you're seeing qmail's relaying error message, I think something else on your system must be unsetting the RELAYCLIENT environment variable before qmail-smtpd runs. Can you send your entire qmail command line? Also, how did you install qmail? What patches are applied? -- Sam Clippinger Steve Cole wrote: On Friday 26 October 2007, Sam Clippinger wrote: I've added these two lines to the config local-domains-file=/var/qmail/control/rcpthosts local-domains-file=/var/qmail/control/morercpthosts I still am unable to relay: AUTH PLAIN AHNoXX1hXXBrbXXubmVXXGdXXG9uaXQh 235 Proceed. MAIL FROM: [EMAIL PROTECTED] 250 ok RCPT TO: [EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser) Is there something which needs to be in my access-file such as AUTH:allow or something of that nature that I missed in the documentation? I spent about two hours in the README and FAQ before posting to the list, please don't shoot me. :) I did also kill and restart the tcpserver process and did one run through with config-test as well to be sure that i had the file paths right, etc. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] installation question
-f is the same as --config-file; it's just the short form of the option. You can use either one. However, your second example is incorrect. The equals sign is not allowed on the command line (spamdyke will assume the configuration file is named =). Just to make things a bit more confusing, the equals sign _is_ required in a configuration file. By using the config-file directive, one configuration file can reference another. In that case, your spamdyke.conf file might contain a line like this: config-file=/etc/spamdyke.secondary.conf -- Sam Clippinger Raj wrote: hi in the install.txt file which comes along with the download the configuration in qmail smtp run file is as such /usr/local/bin/spamdyke -f /etc/spamdyke.conf \ when i look at the forums it is /usr/local/bin/spamdyke --config-file = /etc/spamdyke.conf \ now which is correct ? rajesh ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] permissions for spamdyke binary
The binary does not need special permissions; it only needs to be executable by the mail server user. DO NOT mark it setuid root -- it doesn't need those privileges and it would be a significant security hole. spamdyke uses syslogd's LOG_MAIL facility, so its messages go whereever syslogd is configured to send them. Check /etc/syslog.conf. The upcoming version includes an option to send messages to stderr instead of syslogd so they'll be caught by the multilog process along with the qmail log messages. -- Sam Clippinger Raj wrote: hello what should be permissions for the spamdyke binary if i am using qmailtoaster. also is it possible to log the spamdyke reports to a seperate file instead of /var/log/maillog ? rajesh ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] More robust wildcards in recipient-whitelist-file?
Yes, starting a line with @ is the only available wildcard. I thought about doing more, just like you're asking about, but I got hung up on the complexities. Email addresses allow so many characters that it's hard to find a good way to indicate a wildcard. I was also afraid that no matter what I tried to implement, it wouldn't work for all situations -- the best solution would be to just use full regular expressions. Then I became concerned that using regular expressions would cause problems if someone just filled the file with email addresses and they wound up being matched as regexps. That's where my thinking ended and I went with the current solution. What do you think? I'm open to suggestions. -- Sam Clippinger Marc Van Houwelingen wrote: Thanks for adding the recipient-whitelist-file feature. I have a quick question: Is starting a line with @ the only wildcard ability? What I would like to do is have something like this: #--recipient-blacklist-file:--- @mydomain.com #-- #--recipient-whitelist-file:--- [EMAIL PROTECTED] #-- The intention is for spamdyke to block all email coming in for that domain, except anything matching [EMAIL PROTECTED] (eg [EMAIL PROTECTED], [EMAIL PROTECTED], etc) Is this possible now, or perhaps in future versions? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] More robust wildcards in recipient-whitelist-file?
Actually, brackets are legal in email addresses. The full list of legal characters is (as far as I know): a-z A-Z 0-9 @ / : . # [ ] - \ _ = , ! On my keyboard, that doesn't leave much and I can't guarantee the remaining characters aren't legal either. I'm not sure I want to use a tilde as a wildcard simply because it's available -- it's not very intuitive. This just occurred to me -- what about creating a new flag to allow regular expressions? For example, recipient-whitelist-file would use the existing logic but recipient-whitelist-file-regexp would allow regular expressions and wildcards. That way, nearly everyone would continue using the existing system but if someone needed more flexibility they could create a second file and use the new flag. Or does that sound too complicated? -- Sam Clippinger Marc Van Houwelingen wrote: I'm pretty sure that square brackets are not valid email address characters. Given this, maybe some sort of scheme where [] would delineate wildcards. Regular expressions may not be so easy, since [] are meaningful inside them, but perhaps something simple like and asterisk representing zero or more any char, and a question mark representing a single any char. Like this: [EMAIL PROTECTED] would match: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] but not [EMAIL PROTECTED] and [EMAIL PROTECTED] would match: [EMAIL PROTECTED] but not [EMAIL PROTECTED] etc. Marc - Original Message - From: Sam Clippinger [EMAIL PROTECTED] To: spamdyke users spamdyke-users@spamdyke.org Sent: Monday, October 29, 2007 12:18 PM Subject: Re: [spamdyke-users] More robust wildcards inrecipient-whitelist-file? Yes, starting a line with @ is the only available wildcard. I thought about doing more, just like you're asking about, but I got hung up on the complexities. Email addresses allow so many characters that it's hard to find a good way to indicate a wildcard. I was also afraid that no matter what I tried to implement, it wouldn't work for all situations -- the best solution would be to just use full regular expressions. Then I became concerned that using regular expressions would cause problems if someone just filled the file with email addresses and they wound up being matched as regexps. That's where my thinking ended and I went with the current solution. What do you think? I'm open to suggestions. -- Sam Clippinger Marc Van Houwelingen wrote: Thanks for adding the recipient-whitelist-file feature. I have a quick question: Is starting a line with @ the only wildcard ability? What I would like to do is have something like this: #--recipient-blacklist-file:--- @mydomain.com #-- #--recipient-whitelist-file:--- [EMAIL PROTECTED] #-- The intention is for spamdyke to block all email coming in for that domain, except anything matching [EMAIL PROTECTED] (eg [EMAIL PROTECTED], [EMAIL PROTECTED], etc) Is this possible now, or perhaps in future versions? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] More robust wildcardsin recipient-whitelist-file?
OK, I'll add that to my TODO list. I guess I need to figure out how to parse regexps. :) -- Sam Clippinger Marc Van Houwelingen wrote: I was looking here: http://en.wikipedia.org/wiki/E-mail_address, which does not list the brackets. Either way, the regexp flag sounds perfect. It may be a bit complicated, but of course does not have to be used. - Original Message - From: Sam Clippinger [EMAIL PROTECTED] To: spamdyke users spamdyke-users@spamdyke.org Sent: Tuesday, October 30, 2007 11:40 AM Subject: Re: [spamdyke-users] More robust wildcardsin recipient-whitelist-file? Actually, brackets are legal in email addresses. The full list of legal characters is (as far as I know): a-z A-Z 0-9 @ / : . # [ ] - \ _ = , ! On my keyboard, that doesn't leave much and I can't guarantee the remaining characters aren't legal either. I'm not sure I want to use a tilde as a wildcard simply because it's available -- it's not very intuitive. This just occurred to me -- what about creating a new flag to allow regular expressions? For example, recipient-whitelist-file would use the existing logic but recipient-whitelist-file-regexp would allow regular expressions and wildcards. That way, nearly everyone would continue using the existing system but if someone needed more flexibility they could create a second file and use the new flag. Or does that sound too complicated? -- Sam Clippinger Marc Van Houwelingen wrote: I'm pretty sure that square brackets are not valid email address characters. Given this, maybe some sort of scheme where [] would delineate wildcards. Regular expressions may not be so easy, since [] are meaningful inside them, but perhaps something simple like and asterisk representing zero or more any char, and a question mark representing a single any char. Like this: [EMAIL PROTECTED] would match: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] but not [EMAIL PROTECTED] and [EMAIL PROTECTED] would match: [EMAIL PROTECTED] but not [EMAIL PROTECTED] etc. Marc - Original Message - From: Sam Clippinger [EMAIL PROTECTED] To: spamdyke users spamdyke-users@spamdyke.org Sent: Monday, October 29, 2007 12:18 PM Subject: Re: [spamdyke-users] More robust wildcards inrecipient-whitelist-file? Yes, starting a line with @ is the only available wildcard. I thought about doing more, just like you're asking about, but I got hung up on the complexities. Email addresses allow so many characters that it's hard to find a good way to indicate a wildcard. I was also afraid that no matter what I tried to implement, it wouldn't work for all situations -- the best solution would be to just use full regular expressions. Then I became concerned that using regular expressions would cause problems if someone just filled the file with email addresses and they wound up being matched as regexps. That's where my thinking ended and I went with the current solution. What do you think? I'm open to suggestions. -- Sam Clippinger Marc Van Houwelingen wrote: Thanks for adding the recipient-whitelist-file feature. I have a quick question: Is starting a line with @ the only wildcard ability? What I would like to do is have something like this: #--recipient-blacklist-file:--- @mydomain.com #-- #--recipient-whitelist-file:--- [EMAIL PROTECTED] #-- The intention is for spamdyke to block all email coming in for that domain, except anything matching [EMAIL PROTECTED] (eg [EMAIL PROTECTED], [EMAIL PROTECTED], etc) Is this possible now, or perhaps in future versions? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] New version: spamdyke 3.1.0
After much work, spamdyke 3.1.0 is ready: http://www.spamdyke.org/ NEW FEATURES: Rewritten/refactored DNS query code now allows much faster lookups and timeouts. Testing shows 10x speed improvement in some situations (your mileage may vary). Data reading and writing now moves as much data as possible in each system call (up to 4K), not one byte at a time. This greatly improves performance and reduces system load! Faster option processing -- reduced startup time. The graylist-dir and no-graylist-dir options can now be used multiple times to search multiple graylist folders for a domain folder. The ip-in-rdns-keyword-file now allows top-level domains to be listed. This will allow blocking _some_ country code domains instead of blocking them all with reject-ip-in-cc-rdns. Log messages can now be sent to stderr instead of syslog. NEW CONFIG-TEST FEATURES: spamdyke will now test its own binary and complain if its permissions are incorrect. spamdyke will now test qmail for SMTP AUTH support (and recommend correct options). spamdyke will now test SMTP AUTH command for encryption support (and recommend correct options). The new config-test-user option will change user identities so the tests will run as the mailserver's user (filesystem permission checks will be correct). File types are now correctly reported, even on uncooperative filesystems (XFS on Linux) or uncooperative operating systems (Solaris). MAJOR BUG FIXES: Now compiles on 64 bit Linux and Solaris. Invalid qmail or SMTP AUTH commands (typos) will now fail with an error message instead of failing silently. Frozen/locked/blocked/hung qmail or SMTP AUTH commands will now timeout and be terminated by spamdyke instead of blocking forever. spamdyke will no longer crash if a qmail or SMTP AUTH command exits while spamdyke is sending data. MINOR BUG FIXES: Too numerous to list here -- see the Changelog file for details. Version 3.1.0 is backwards-compatible with version 3.0.1; simply replacing the old binary with the new one should be safe. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke 3.1 - denied relaying
Inside spamdyke, there's only one condition that can trigger the DENIED_RELAYING response. The IP address must not be allowed to relay in the /etc/tcp.smtp file AND the recipient address must not be hosted locally (determined by the rcpthosts file). Your situation matches the first test (relaying not permitted) but not the second test (the recipient domain is local). I can only reproduce this when I use an rcpthosts file that does _not_ contain bardelli.biz. I tried the following test (unable to reproduce your result): .. spamdyke-3.1.0/spamdyke$ cat tmp/access 127.:allow,RELAYCLIENT= 172.17.1.:allow,RELAYCLIENT= spamdyke-3.1.0/spamdyke$ cat tmp/rcpthosts bardelli.biz spamdyke-3.1.0/spamdyke$ export TCPREMOTEIP=81.174.52.83 spamdyke-3.1.0/spamdyke$ ./spamdyke --local-domains-file tmp/rcpthosts --access-file tmp/access -l3 /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 220 iconoclast.silence.org ESMTP helo me 250 iconoclast.silence.org mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 250 ok quit 221 iconoclast.silence.org spamdyke-3.1.0/spamdyke$ tail -1 /var/log/maillog Nov 8 09:51:45 iconoclast spamdyke[14512]: ALLOWED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 81.174.52.83 origin_rdns: m1.bosy71.com auth: (unknown) spamdyke-3.1.0/spamdyke$ .. I then tried the following test (reproducing your result by emptying the rcpthosts file): .. spamdyke-3.1.0/spamdyke$ cat tmp/access 127.:allow,RELAYCLIENT= 172.17.1.:allow,RELAYCLIENT= spamdyke-3.1.0/spamdyke$ rm tmp/rcpthosts spamdyke-3.1.0/spamdyke$ touch tmp/rcpthosts spamdyke-3.1.0/spamdyke$ export TCPREMOTEIP=81.174.52.83 spamdyke-3.1.0/spamdyke$ ./spamdyke --local-domains-file tmp/rcpthosts --access-file tmp/access -l3 /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 220 iconoclast.silence.org ESMTP helo me 250 iconoclast.silence.org mail from:[EMAIL PROTECTED] 250 ok rcpt to:[EMAIL PROTECTED] 554 Refused. Sending to remote addresses (relaying) is not allowed. quit 221 iconoclast.silence.org spamdyke-3.1.0/spamdyke$ tail -1 /var/log/maillog Nov 8 09:59:23 iconoclast spamdyke[27821]: DENIED_RELAYING from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 81.174.52.83 origin_rdns: m1.bosy71.com auth: (unknown) spamdyke-3.1.0/spamdyke$ .. What does your spamdyke configuration file/command line contain? Also, what's the output from config-test? -- Sam Clippinger Walter Russo wrote: The configuration works for spamdyke 3.0.1 but not for 3.1.0. Log file: Nov 8 00:26:33 nodo1 spamdyke[28072]: INFO: found no records for 191.17.42.217.dnsbl.njabl.org Nov 8 00:26:33 nodo1 spamdyke[28072]: INFO: querying 191.17.42.217.zen.spamhaus.org with DNS server 172.17.1.5:53 (attempt 1) Nov 8 00:26:33 nodo1 spamdyke[28072]: INFO: received DNS packet: 481 bytes Nov 8 00:26:33 nodo1 spamdyke[28072]: INFO: received DNS response: TXT Nov 8 00:26:36 nodo1 spamdyke[16655]: INFO: querying bosy71.com with DNS server 172.17.1.5:53 (attempt 1) Nov 8 00:26:36 nodo1 spamdyke[16655]: INFO: received DNS packet: 184 bytes Nov 8 00:26:36 nodo1 spamdyke[16655]: INFO: received DNS response: MX Nov 8 00:26:36 nodo1 spamdyke[16655]: INFO: found MX record for bosy71.com: 10 m1.bosy71.com Nov 8 00:26:36 nodo1 spamdyke[16655]: INFO: querying m1.bosy71.com with DNS server 172.17.1.5:53 (attempt 1) Nov 8 00:26:36 nodo1 spamdyke[16655]: INFO: received DNS packet: 94 bytes Nov 8 00:26:36 nodo1 spamdyke[16655]: INFO: received DNS response: A Nov 8 00:26:36 nodo1 spamdyke[16655]: INFO: found A record for m1.bosy71.com: 81.174.52.83 Nov 8 00:26:36 nodo1 spamdyke[16655]: DENIED_RELAYING from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 81.174.52.83 origin_rdns: m1 .bosy71.com auth: (unknown) The domain bardelli.biz is present in rcpthosts and my /etc/tcp.smtp is: 127.:allow,RELAYCLIENT= 172.17.1.:allow,RELAYCLIENT= Thanks in advance. Best regards Walter Sam Clippinger wrote: If you can provide a few more details, I may be able to help. What do your spamdyke configuration file and command line look like? What is in your /etc/tcp.smtp file? What is in your /var/qmail/control/rcpthosts and /var/qmail/control/morercpthosts files? What is the entire log entry for the rejection? -- Sam Clippinger Walter Russo wrote: Hi all, I have a problem with a new version of spamdyke (3.1.0): when the remote server sends me a message the response of my server is DENIED_RELAYING. The previous version of spamdyke (3.0.1) has not this problem. Thanks in advance. Kind regards, Walter
Re: [spamdyke-users] spamdyke 3.1 - denied relaying
Excellent! I'm glad you got it working. -- Sam Clippinger [EMAIL PROTECTED] wrote: Hi Sam, i find where is the problem. i have changed spamdyke.conf and /service/qmail-smtpd/run. I have deleted line access-file=/home/vpopmail/etc/tcp.smtp in spamdyke.conf and --smtp-auth-command-encryption /home/vpopmail/bin/vchkpw /bin/true --hostname nodo1.horus.it in /service/qmail-smtpd/run. My old configuration works well in the previous release 3.0.1. This is strange thing. Thanks for your support. Kind regards, Walter The output test of spamdyke 3.1.0 and 3.0.1: # ./spamdyke -f /var/qmail/control/spamdyke.conf --config-test -l3 /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true spamdyke 3.1.0+TLS (C)2007 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ Use -h for an option summary or see README.html for complete option details. Testing configuration... WARNING: Running tests as superuser root (0), group wheel (0). These test results may not be valid if the mail server runs as another user. SUCCESS: spamdyke binary (./spamdyke) is not owned by root and/or is not marked setuid. INFO: Running command to test capabilities: /var/qmail/bin/qmail-smtpd SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer TLS support. Continue using the tls-certificate-file flag so spamdyke will be able to filter all traffic. WARNING: /var/qmail/bin/qmail-smtpd appears to offer SMTP AUTH support but the smtp-auth-command, smtp-auth-command-encryption and/or access-file flags are in use. This is not necessary and needlessly creates extra load on the server. INFO(access-file): Testing file read: /home/vpopmail/etc/tcp.smtp SUCCESS(access-file): Opened for reading: /home/vpopmail/etc/tcp.smtp INFO(graylist-dir): Testing graylist directory: /home/vpopmail/greylist ERROR(graylist-dir): No domain directories found in graylist folder: /home/vpopmail/greylist INFO(ip-blacklist-file): Testing file read: /home/vpopmail/blacklist_ip SUCCESS(ip-blacklist-file): Opened for reading: /home/vpopmail/blacklist_ip INFO(ip-in-rdns-keyword-file): Testing file read: /home/vpopmail/blacklist_keywords SUCCESS(ip-in-rdns-keyword-file): Opened for reading: /home/vpopmail/blacklist_keywords INFO(ip-whitelist-file): Testing file read: /home/vpopmail/whitelist_ip SUCCESS(ip-whitelist-file): Opened for reading: /home/vpopmail/whitelist_ip INFO(local-domains-file): Testing file read: /var/qmail/control/rcpthosts SUCCESS(local-domains-file): Opened for reading: /var/qmail/control/rcpthosts INFO(never-graylist-ip-file): Testing file read: /home/vpopmail/nogreylist_ip SUCCESS(never-graylist-ip-file): Opened for reading: /home/vpopmail/nogreylist_ip INFO(rdns-blacklist-dir): Testing rDNS directory: /home/vpopmail/blacklist_rdns.d ERROR(rdns-blacklist-dir): rDNS directory contains no subdirectories: /home/vpopmail/blacklist_rdns.d INFO(rdns-whitelist-file): Testing file read: /home/vpopmail/whitelist_rdns SUCCESS(rdns-whitelist-file): Opened for reading: /home/vpopmail/whitelist_rdns INFO(recipient-blacklist-file): Testing file read: /home/vpopmail/blacklist_recipients SUCCESS(recipient-blacklist-file): Opened for reading: /home/vpopmail/blacklist_recipients INFO(sender-blacklist-file): Testing file read: /home/vpopmail/blacklist_senders SUCCESS(sender-blacklist-file): Opened for reading: /home/vpopmail/blacklist_senders INFO(tls-certificate-file): Testing TLS by initializing SSL/TLS library with certificate and key SUCCESS(tls-certificate-file): Opened for reading: /var/qmail/control/servercert.pem SUCCESS(tls-certificate-file): Certificate and key loaded; SSL/TLS library successfully initialized ERROR: Tests complete. Errors detected. # /usr/local/bin/spamdyke -f /var/qmail/control/spamdyke.conf --config-test -l3 /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true spamdyke 3.0.1+TLS (C)2007 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ Use -h for an option summary or see README.txt for complete option details. Testing configuration... ERROR: Running tests as root user. These test results may not be valid if the mail server runs as another user. INFO(access-file): Testing file read: /home/vpopmail/etc/tcp.smtp SUCCESS(access-file): Opened for reading: /home/vpopmail/etc/tcp.smtp INFO(local-domains-file): Testing file read: /var/qmail/control/rcpthosts SUCCESS(local-domains-file): Opened for reading: /var/qmail/control/rcpthosts INFO(graylist-dir): Testing graylist directory: /home/vpopmail/greylist ERROR(graylist-dir): Found non-regular file in graylist folder where only domain directories should be: /home/vpopmail/greylist/. ERROR(graylist-dir): Found non-regular file in graylist folder where only domain directories should be: /home/vpopmail/greylist/.. ERROR(graylist-dir): No domain directories found in graylist folder: /home/vpopmail/greylist INFO(never-graylist-ip-file
Re: [spamdyke-users] How-to?
A bug! Of 300 test scripts, not one of them tests this specific scenario. Amazing. Well, I don't have time today to create another release of spamdyke (I'll do that first thing next week), so until then you can apply the attached patch. DISCLAIMER: I have not run all of the test scripts against this patch. I don't _think_ it will cause any problems but I can't be sure. Please test it carefully. If in doubt, wait for the new version next week. To use the patch: save the attachment, cd into the spamdyke folder and type: spamdyke-3.1.0/spamdyke$ patch -p0 spamdyke-3.1.0-relayclient_envvar.patch make That should do it. Copy the new spamdyke binary into place. -- Sam Clippinger Steve Cole wrote: I need to offer SMTP-Auth on one server which was previously using POP-before-SMTP and the issue I am running into is this: I'd like to give them 90 days to get themselves moved over to SMTP-Auth, while continuing to use the existing configuration. I am handling the RELAYCLIENT additions in tcpserver as per vpopmail's P-b-S scheme. Where this falls apart is that spamdyke appears to strip RELAYCLIENT out and disallow relaying unless they do AUTH. I've read the documentation and from what I see, if I had the access-file updated with existing P-b-S IPs, I could make it work, however the vpopmail data file is in CDB format. Is there a way to do this or should I just bite the bullet and tell them that at a certain date we will switch? That would be moderately ugly. diff -u ../../spamdyke-3.1.0_orig/spamdyke/spamdyke.c ./spamdyke.c --- ../../spamdyke-3.1.0_orig/spamdyke/spamdyke.c 2007-11-09 15:54:06.0 -0600 +++ ./spamdyke.c2007-11-09 15:54:45.0 -0600 @@ -2831,7 +2831,7 @@ { strlen_envp = strlen(envp[j]); - if (strncasecmp(envp[j], ENVIRONMENT_ALLOW_RELAY, MAXVAL(STRLEN(ENVIRONMENT_ALLOW_RELAY), strlen_envp)) == 0) + if (strncasecmp(envp[j], ENVIRONMENT_ALLOW_RELAY, MINVAL(STRLEN(ENVIRONMENT_ALLOW_RELAY), strlen_envp)) == 0) current_settings-allow_relay = 1; if (((*destination_envp)[j] = malloc(sizeof(char) * (strlen_envp + 1))) != NULL) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] New version: spamdyke 3.1.1
spamdyke version 3.1.1 is now available: http://www.spamdyke.org/ This version fixes a small bug in the relaying code that was blocking users who authenticated using POP3-before-SMTP. A few small changes were also made in the way the logging function is called internally. Version 3.1.1 is backwards-compatible with version 3.1.0; simply replacing the old binary with the new one should be safe. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke forgets to log sometimes ?
A few questions: What version of spamdyke are you using? Older versions didn't log every message, especially if the connection was whitelisted. Newer versions should log everything. Also, how busy is your server? syslogd will drop messages if the server is overloaded; I believe this is why DJB didn't use it for qmail. With the latest version of spamdyke, you can use the log-target directive to make spamdyke avoid syslog. Its messages will appear in the same files as your qmail logs. I'd be very interested to know if that solves the problem. -- Sam CLippinger Seb wrote: I've had twice the following issue with spamdyke : no reference to a message is found in /var/log/mail.info but i can find it in qmail logs... Dunno whether it's syslog losing log lines or a bug in spamdyke ? (there is no way for the message to avoid spamdyke on this server) have a nice day ! ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] config-test does not recognize Plesk SMTP_AUTH
Plesk is such a queer duck. I like its control panel but it sure does some screwy things to the system configuration. I see something in your spamdyke configuration file that could be causing the SMTP AUTH problem. You have the following line commented out: smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true This is actually two commands -- smtp_auth and cmd5checkpw. They should be given on two separate lines and they should offer encrypted authentication: smtp-auth-command-encryption=/var/qmail/bin/smtp_auth /var/qmail/bin/true smtp-auth-command-encryption=/var/qmail/bin/cmd5checkpw /var/qmail/bin/true I suspect the authentication is failing because cmd5checkpw is the program that can actually process your credentials but it's not being started (because your configuration file lists it as a parameter to smtp_auth). However, you're correct that you don't need it with 3.0.0 and later -- spamdyke now automatically detects successful authentication without running the commands itself. Next, your config-test is giving strange results because you probably used this command: spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd Plesk doesn't patch qmail-smtpd to provide SMTP AUTH, so spamdyke can't see it. Instead, Plesk uses relaylock for that purpose. You should really test with: spamdyke -f /etc/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true With that command line, the SMTP AUTH banners will appear and spamdyke won't complain about it any more. So in summary, you can either use Plesk's relaylock OR you can use spamdyke's smtp-auth-command-encryption directive. Using both is unnecessary and wastes server resources. If you have some users (or servers) that need to relay without authenticating, continue using relaylock. If you don't, create an empty access file and use spamdyke's smtp-auth-command-encryption and access-file instead of relaylock. It's a bit more efficient. To answer your last question about qmail-smtpd's command line, it doesn't have one by default. Most of the time, when you see command line options passed to qmail-smtpd, you're looking at a patched version of qmail-smtpd. (In Plesk's case, the extra options are not parameters to qmail-smtpd, they're actually parameters to relaylock.) Typically, any parameters are commands to process SMTP AUTH attempts. The authentication commands always come in pairs -- the auth command and a true command. This is a holdover from DJB's original checkpassword program, which runs the second command if the authentication is successful. I think his intent was that successful authentications could have side-effects, such as logging or unlocking resources. The password-checking program could be generic (i.e. only check the password) and the second command could perform the side-effect. In practice, this hasn't happened. People have simply written password-checking programs that perform the side-effects internally. true is used as the side-effect command because it's small and fast. For more information on checkpassword (but not much more), see DJB's site: http://cr.yp.to/checkpwd/interface.html -- Sam Clippinger Grimmi Meloni wrote: Hi, I've been using spamdyke for about 2 weeks now, and I'm quite satisfied with the results. Thanks for this great tool. As the subject states, I'm running a Plesk 8.1 based system. Today I upgraded from the 2.6.3 version, to the 3.1.0. The good news is: I got everything working so far. But what made me curious are two things: With the old 2.6.3 I could use the --smtp-auth-command option, with the new 3.1.0 this does not work anymore. Not working anymore in this case means, that I have to remove this option or my client gets an error message. In the logs it looks like authentication is tried twice. Really weired, but since Plesk delivers a SMTP_AUTH capable server, this is no problem - at least my relaying tests all failed when not authenticated. So I think I'm still good. During the trial and error phase of this, I ran the --config-test option of spamdyke. Although smtp authentication works, the config-test gives me this warning: WARNING: /var/qmail/bin/qmail-smtpd does not appear to offer SMTP AUTH support. Please use the smtp-auth-command flag or the smtp-auth-command-encryption flag as well as the access-file and local-domains-file flags so spamdyke will be able to authenticate users and correctly allow them to relay. Now I'm wondering why this warning occurs at all. Is it a misconfiguration on my part, or just the config-test failing to detect the SMTP AUTH capabilities of my qmail_smtpd? bye, Michael P.S.: Although offtopic: Can anybody point me to a place where the commandline of qmail_smtpd
Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
Can you send more information about your setup? Could you send the contents of your /etc/xinetd.d/smtp_psa file and your spamdyke configuration file (if you have one)? -- Sam Clippinger david boh wrote: I would like to report that v3.1.0 also suffer from the same issue as described below. So now I am back to v3.0.1, I think many mail will be missing if I continue to test. I believei it should be able to resolve quickly. - Original Message From: david boh [EMAIL PROTECTED] To: spamdyke-users@spamdyke.org Sent: Tuesday, November 13, 2007 11:22:01 PM Subject: [spamdyke-users] Problem in v3.1.1 make it un-usable. I have two server. One I install the latest spamdyke v3.1.1, let's call this server A and the other server B. Both have spamdyke v3.1.1, using plesk. But when I send email via webmail from server A to the server B email, some how the email cannot be delivered. When I check server B the log shows a lot of Broken pipe. How I know as all the email was trap in server A queue, so I force qmail to send and immediately check the server log in server B. Nov 13 22:19:52 manna spamdyke[19583]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19586]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19586]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19587]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19587]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe So I install v3.0.1 in server B (with the same configuration) and did the same thing by forcing qmail to send the trap queue. Now all the email is send through. At this point I have kept v3.1.1 on server A to see if there are other issue. Have to down grade to v3.0.1 as both email send via webmail cannot be transmitted. It seems like v3.1.1 need to resolve this critical issue. I hope some how this report will help to resolve the issue. Send instant messages to your online friends http://uk.messenger.yahoo.com Send instant messages to your online friends http://uk.messenger.yahoo.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke forgets to log sometimes ?
Wow -- 730K daily connections is a pretty busy server. What do your load and CPU utilization numbers look like? Does syslog log to files on the local machine or are you using a network syslog server? Most importantly, are you seeing any other missing messages or is this issue specific to spamdyke? -- Sam Clippinger Seb wrote: What version of spamdyke are you using? Older versions didn't log every message, especially if the connection was whitelisted. Newer versions should log everything. 3.1.1 installed this morning in place of 3.1.0 Also, how busy is your server? syslogd will drop messages if the server is overloaded; I believe this is why DJB didn't use it for qmail. This server is a lot cooler since spamdyke was installed :-) Thanks a lot for spamdyke, sam, it works perfectly on 6+ servers (and counting) and stops loads of spam : 71 smtp connections refused on about 73 incoming connections on the biggest server (a day), not bad at all :-) With the latest version of spamdyke, you can use the log-target directive to make spamdyke avoid syslog. Its messages will appear in the same files as your qmail logs. I'd be very interested to know if that solves the problem. ouch. This would break my munin plugin and a couple of scripts I use to extract statistics. I'll try to modify them to handle multilog log files and tai timestamps one of these days -- Sébastien Guilbaud ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] config-test does not recognize Plesk SMTP_AUTH
relaylock uses the TCPREMOTEIP environment variable (set by tcpserver or tcp_env) to determine the IP address of the remote server. When spamdyke runs its configuration tests, it sets TCPREMOTEIP to 127.0.0.1. relaylock doesn't seem to offer SMTP AUTH to that IP address. Try this -- set TCPREMOTEIP to another value: export TCPREMOTEIP=11.22.33.44 Then run the configuration test one more time. The SMTP AUTH test should succeed. I see this on my Plesk server when I test with your configuration file: spamdyke-3.1.1/spamdyke# cat config.txt log-level=2 local-domains-file=/var/qmail/control/rcpthosts max-recipients=5 idle-timeout-secs=60 graylist-dir=/var/qmail/gray graylist-min-secs=300 graylist-max-secs=1814400 reject-empty-rdns reject-unresolvable-rdns reject-ip-in-cc-rdns greeting-delay-secs=5 check-dnsrbl=zombie.dnsbl.sorbs.net check-dnsrbl=dul.dnsbl.sorbs.net check-dnsrbl=bogons.cymru.com smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true smtp-auth-command=/var/qmail/bin/cmd5checkpw /var/qmail/bin/true local-domains-file=/var/qmail/control/rcpthosts reject-missing-sender-mx hostname=v31616.vierfpeile.de tls-certificate-file=/var/qmail/control/servercert.pem spamdyke-3.1.1/spamdyke# export TCPREMOTEIP=11.22.33.44 spamdyke-3.1.1/spamdyke# ./spamdyke -f config.txt --config-test /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true spamdyke 3.1.1+TLS (C)2007 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ Use -h for an option summary or see README.html for complete option details. Testing configuration... WARNING: Running tests as superuser root (0), group root (0). These test results may not be valid if the mail server runs as another user. INFO: Running command to test capabilities: /var/qmail/bin/relaylock WARNING: command aborted abnormally: /var/qmail/bin/relaylock SUCCESS: /var/qmail/bin/relaylock appears to offer TLS support. Continue using the tls-certificate-file flag so spamdyke will be able to filter all traffic. WARNING: /var/qmail/bin/relaylock appears to offer SMTP AUTH support but the smtp-auth-command, smtp-auth-command-encryption and/or access-file flags are in use. This is not necessary and needlessly creates extra load on the server. ERROR(graylist-dir): Unable to read graylist directory /var/qmail/gray: No such file or directory ERROR: Tests complete. Errors detected. spamdyke-3.1.1/spamdyke# -- Sam Clippinger Grimmi Meloni wrote: Hi Sam, thank you for your very detailed answer. In fact you were right about relaylock. I removed it during my tests and forgot to add it during the config-test. Anyway, I gave it another shot, and I'm still stuck with the same problem. I used loglevel 4 and got a warning saying: WARNING: command aborted abnormally: /var/qmail/bin/relaylock This line is shown directly above the TLS Success and the SMTP-Auth Warning messages of the test: SUCCESS: /var/qmail/bin/relaylock appears to offer TLS support. Continue using the tls-certificate-file flag so spamdyke will be able to filter all traffic. WARNING: /var/qmail/bin/relaylock does not appear to offer SMTP AUTH support. Please use the smtp-auth-command flag or the smtp-auth-command-encryption flag as well as the access-file and local-domains-file flags so spamdyke will be able to authenticate users and correctly allow them to relay. I decided to run strace and see what's happening. To me it seems like something goes wrong during the testing of the SMTP Auth capacities? - strace excerpt - [ creation of the socket .] [pid 19807] select(2, NULL, [1], NULL, {1200, 0}) = 1 (out [1], left {1200, 0}) [pid 19807] write(1, 220 myserver.mydomain.com ESMTP\r\n, 26 unfinished ... [pid 19806] ... select resumed ) = 1 (in [5], left {29, 926000}) [pid 19807] ... write resumed ) = 26 [pid 19806] read(5, 220 myserver.mydomain.com ESMTP\r\n, 4095) = 26 [pid 19806] time(NULL) = 1194975400 [pid 19806] select(5, [], [4], NULL, {30, 0}) = 1 (out [4], left {30, 0}) [pid 19806] write(4, EHLO localhost\r\n, 16) = 16 [pid 19806] time(NULL) = 1194975400 [pid 19806] select(8, [5 7], [], NULL, {30, 0} unfinished ... [pid 19807] select(1, [0], NULL, NULL, {1200, 0}) = 1 (in [0], left {1200, 0}) [pid 19807] read(0, EHLO localhost\r\n, 1024) = 16 [pid 19807] select(2, NULL, [1], NULL, {1200, 0}) = 1 (out [1], left {1200, 0}) [pid 19807] write(1, 250-myserver.mydomain.com\r\n250-STARTTLS..., 64 unfinished ... [pid 19806] ... select resumed ) = 1 (in [5], left {29, 999000}) [pid 19807] ... write resumed ) = 64 [pid 19806] read(5, 250-myserver.mydomain.com\r\n250-STARTTLS..., 4069) = 64 [pid 19806] time(NULL
Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
I got a tip a while back from another Plesk user that you have to run spamdyke before relaylock to avoid these errors. So in your /etc/xinetd.d/smtp_psa file, try changing the server_args line to: server_args = -Rt0 /usr/local/bin/spamdyke --config-file /var/qmail/spamdyke/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true I need to update the documentation to include this. -- Sam Clippinger david boh wrote: Sure my friend. Both server has the same smtp_psa and configure ( both server have 3.0.1 and duplicate/mirror setting) SMTP_PSA { socket_type = stream protocol= tcp wait= no disable = no user= root instances = UNLIMITED server = /var/qmail/bin/tcp-env server_args = -Rt0 /var/qmail/bin/relaylock /usr/local/bin/spamdyke --config-file /var/qmail/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true } SPAMDYKE.CONF log-level=2 local-domains-file=/var/qmail/control/rcpthosts max-recipients=30 idle-timeout-secs=300 graylist-dir=/var/qmail/spamdyke/graylist graylist-min-secs=120 graylist-max-secs=1814400 #greeting-delay-secs = 1 sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients # ip-in-rdns-keyword-file=/var/qmail/spamdyke/blacklist_keywords ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip # rdns-blacklist-dir=/var/qmail/spamdyke/blacklist_rdns.d sender-whitelist-file=/var/qmail/spamdyke/whitelist_recipients # reject-empty-rdns # reject-unresolvable-rdns # reject-ip-in-cc-rdns # rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip reject-missing-sender-mx check-dnsrbl=dul.dnsbl.sorbs.net #check-dnsrbl=sbl.spamhaus.org - Original Message From: Sam Clippinger [EMAIL PROTECTED] To: spamdyke users spamdyke-users@spamdyke.org Sent: Wednesday, November 14, 2007 12:13:44 AM Subject: Re: [spamdyke-users] Problem in v3.1.1 make it un-usable. Can you send more information about your setup? Could you send the contents of your /etc/xinetd.d/smtp_psa file and your spamdyke configuration file (if you have one)? -- Sam Clippinger david boh wrote: I would like to report that v3.1.0 also suffer from the same issue as described below. So now I am back to v3.0.1, I think many mail will be missing if I continue to test. I believei it should be able to resolve quickly. - Original Message From: david boh [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org Sent: Tuesday, November 13, 2007 11:22:01 PM Subject: [spamdyke-users] Problem in v3.1.1 make it un-usable. I have two server. One I install the latest spamdyke v3.1.1, let's call this server A and the other server B. Both have spamdyke v3.1.1, using plesk. But when I send email via webmail from server A to the server B email, some how the email cannot be delivered. When I check server B the log shows a lot of Broken pipe. How I know as all the email was trap in server A queue, so I force qmail to send and immediately check the server log in server B. Nov 13 22:19:52 manna spamdyke[19583]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19585]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19580]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19586]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19586]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19587]: ERROR: unable to write 1542 bytes to file descriptor 1: Broken pipe Nov 13 22:19:52 manna spamdyke[19587]: ERROR: unable to write 36 bytes to file descriptor 1: Broken pipe So I install v3.0.1 in server B (with the same configuration) and did the same thing by forcing qmail to send the trap queue. Now all the email is send through. At this point I have kept v3.1.1 on server A to see if there are other issue. Have to down grade to v3.0.1 as both email send via webmail cannot be transmitted. It seems like v3.1.1 need to resolve this critical issue. I hope some how this report will help to resolve
Re: [spamdyke-users] TCP Read Error
Well, 420 TCP Read Error is not a spamdyke error message. The remote server seems to be running Novell GroupWise -- Google says this error is caused by a slow/flaky connection between the GWIA server and the internet. The only way I can imagine spamdyke being responsible is if you're running a version earlier than 3.0.0, before I implemented the multibyte writes. I can only think of three ways to try to troubleshoot this. First, you could turn on full logging in spamdyke to see what happens when these messages come in. If that doesn't work, you could use a packet sniffer instead. Lastly, you could remove spamdyke entirely to see if the errors stop. -- Sam Clippinger Joe Nelson wrote: I've had an interesting issue recently where I've been unable to receive emails from a particular email server. Unfortunately it's a state email server that many of my users receive email from. They've all reported the following error: 420 TCP Read Error. The server is at 168.180.96.58. I've verified that I can telnet to port 25 from my mail server so I know that there's no firewall blocking going on. I've whitelisted their IP address just to see if that will bypass anything in Spamdyke but users are still reporting the 420 TCP Read Error message. Is this something that others have seen? If so, where should I start looking for a solution? Here's my spamdyke.conf for reference: log-level=3 local-domains-file=/var/qmail/control/rcpthosts rdns-whitelist-file=/var/qmail/control/spamdyke/whitelist_rdns_names ip-whitelist-file=/var/qmail/control/spamdyke/whitelist_ips ip-in-rdns-keyword-file=/var/qmail/control/spamdyke/blacklist_rdns_keywords recipient-whitelist-file=/var/qmail/control/spamdyke/whitelist_recipient sender-whitelist-file=/var/qmail/control/spamdyke/whitelist_sender check-dnsrbl=sbl-xbl.spamhaus.org check-dnsrbl=bl.spamcop.net reject-missing-sender-mx reject-ip-in-cc-rdns reject-empty-rdns ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Problem in v3.1.1 make it un-usable.
This is very strange. When the messages remain in the queue, are you seeing any errors in the qmail logs? Can you enable spamdyke's full logging on the receiving server and send me a log of a failed delivery? -- Sam Clippinger david boh wrote: Hi Sam, Test Step: 1. Re-install spamdyke 3.1.1 in both server 2. Place the spamdyke before relaylock pipe in xinetd.d 3. Restart xinetd 4. Repeat 2 and 3 of the other server. 5. Did the test, using webmail and send from server A to server B. Did the same on the other end. Both email did not leave the server just hang in qmail queue. So I revert both spamdyke to 3.0.1. (position of spamdyke still before relaylock) Force qmail to send qmail queue. All email goes without any problem. So pipe spamdyke before relaylock works. But spamdyke 3.1.1 still have problem with mail send via webmail. Through-out this test no configuration change for spamdyke.conf, whitelist, blacklist all configure file is the same. - Original Message From: Sam Clippinger [EMAIL PROTECTED] To: spamdyke users spamdyke-users@spamdyke.org Sent: Thursday, November 15, 2007 2:09:29 AM Subject: Re: [spamdyke-users] Problem in v3.1.1 make it un-usable. I got a tip a while back from another Plesk user that you have to run spamdyke before relaylock to avoid these errors. So in your /etc/xinetd.d/smtp_psa file, try changing the server_args line to: server_args= -Rt0 /usr/local/bin/spamdyke --config-file /var/qmail/spamdyke/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true I need to update the documentation to include this. -- Sam Clippinger david boh wrote: Sure my friend. Both server has the same smtp_psa and configure ( both server have 3.0.1 and duplicate/mirror setting) SMTP_PSA { socket_type= stream protocol= tcp wait= no disable= no user= root instances = UNLIMITED server = /var/qmail/bin/tcp-env server_args= -Rt0 /var/qmail/bin/relaylock /usr/local/bin/spamdyke --config-file /var/qmail/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true } SPAMDYKE.CONF log-level=2 local-domains-file=/var/qmail/control/rcpthosts max-recipients=30 idle-timeout-secs=300 graylist-dir=/var/qmail/spamdyke/graylist graylist-min-secs=120 graylist-max-secs=1814400 #greeting-delay-secs = 1 sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients # ip-in-rdns-keyword-file=/var/qmail/spamdyke/blacklist_keywords ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip # rdns-blacklist-dir=/var/qmail/spamdyke/blacklist_rdns.d sender-whitelist-file=/var/qmail/spamdyke/whitelist_recipients # reject-empty-rdns # reject-unresolvable-rdns # reject-ip-in-cc-rdns # rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip reject-missing-sender-mx check-dnsrbl=dul.dnsbl.sorbs.net #check-dnsrbl=sbl.spamhaus.org - Original Message From: Sam Clippinger [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: spamdyke users spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org Sent: Wednesday, November 14, 2007 12:13:44 AM Subject: Re: [spamdyke-users] Problem in v3.1.1 make it un-usable. Can you send more information about your setup? Could you send the contents of your /etc/xinetd.d/smtp_psa file and your spamdyke configuration file (if you have one)? -- Sam Clippinger david boh wrote: I would like to report that v3.1.0 also suffer from the same issue as described below. So now I am back to v3.0.1, I think many mail will be missing if I continue to test. I believei it should be able to resolve quickly. - Original Message From: david boh [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org Sent: Tuesday, November 13, 2007 11:22:01 PM Subject: [spamdyke-users] Problem in v3.1.1 make it un-usable. I have two server. One I install the latest spamdyke v3.1.1, let's call this server A and the other server B. Both have spamdyke v3.1.1, using plesk. But when I send email via webmail from server A to the server B email, some how the email cannot be delivered. When I check server B the log shows a lot of Broken pipe. How I know as all the email was trap in server
Re: [spamdyke-users] option to not look up any dns information on connections?
Yes. I'm already planning to make the DNS behavior completely configurable in the next version, so this would be an easy thing to add. I'll put it on the list. -- Sam Clippinger Steve Cole wrote: For those of us not using any of the DNS/reverse DNS features of spamdyke, is it possible to add a bypass all DNS checks feature? This would be useful for those of us using spamdyke only for AUTH/TLS capabilities and an IP address accept/deny list. I wish I had the programming skill to supply a patch. :/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Strange error
It means spamdyke is attempting to write data to the remote server but the remote server has already disconnected, probably when it received a rejection message. Don't worry about it, this message is just informational. With spamdyke version 3.1.0 or later, you can hide this message by turning down your log-level to 2 or less. -- Sam Clippinger George Zica wrote: Hello , I have spamdyke installed on a server with a huge number of spams per day . Since I've installed spamdyke (96 hours) i have a number of 16859 emails blocked ( until now, when i'm writing) . The problem i have is this one: spamdyke[2731]: ERROR: unable to write 27 bytes to file descriptor 1: Broken pipe slackware 12 + qmail i don't know what is causing this problem and what is meaning. Please help Thanks in advance ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Strange error
Personally, I recommend upgrading to 3.1.1. It's completely backwards-compatible with 3.0.1, so you should just be able to compile it and copy the new binary over the old one. See the Changelog for details of what changed. -- Sam Clippinger night duke wrote: Currently i have installed spamdyke 3.0.1+TLS it's ok or i must upgrade? Thanks Jose - Mensaje original De: Sam Clippinger [EMAIL PROTECTED] Para: spamdyke users spamdyke-users@spamdyke.org Enviado: jueves, 15 de noviembre, 2007 21:16:23 Asunto: Re: [spamdyke-users] Strange error It means spamdyke is attempting to write data to the remote server but the remote server has already disconnected, probably when it received a rejection message. Don't worry about it, this message is just informational. With spamdyke version 3.1.0 or later, you can hide this message by turning down your log-level to 2 or less. -- Sam Clippinger George Zica wrote: Hello , I have spamdyke installed on a server with a huge number of spams per day . Since I've installed spamdyke (96 hours) i have a number of 16859 emails blocked ( until now, when i'm writing) . The problem i have is this one: spamdyke[2731]: ERROR: unable to write 27 bytes to file descriptor 1: Broken pipe slackware 12 + qmail i don't know what is causing this problem and what is meaning. Please help Thanks in advance ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ¡Descubre una nueva forma de obtener respuestas a tus preguntas! Entra en Yahoo! Respuestas http://us.rd.yahoo.com/mail/es/tagline/answers/*http://es.answers.yahoo.com/;_ylc=X3oDMTEzNWwxbTZtBF9TAzIxMTQ3MTQxOTAEc2VjA01haWwEc2xrA3RhZ2xpbmVz. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylisted denied
The second is true. The file should contain a list of rDNS names that should never be graylisted. The never-graylist-rdns-file option does not consider the sender address. So, for example, if the file contained: .google.com Email coming from a server named rv-out-0910.google.com (one of the gmail.com servers) will never be graylisted. Other filters may still block the connection, however. Basically, the never-graylist-* options work just like the whitelist-* options except they only bypass the graylist filter. The whitelist-* options bypass all of the filters. -- Sam Clippinger Davide Bozzelli wrote: Sam Clippinger ha scritto: If there are any domains you don't want graylisted, just list them in a file and use the never-graylist-rdns-file option. I'm confused about this option. If i put for example in the file something like domain.com And you say: domains you don't want graylisted, you mean that i can whitelist for graylist ALL mail comes with mail from: [EMAIL PROTECTED] , or just i can whitelist connections coming from an host with whatever.domain.com ? thx for help, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Graylisted denied
Do not add your own domains to the file you use with never-graylist-rdns-file. The file should contain reverse DNS names, not recipient domain names. Why do you want to bypass graylisting anyway? It only introduces a delay the _first_ time mail is delivered from a sender to a recipient. After that, there is no delay. If the initial delay is a problem, you should just disable graylisting. -- Sam Clippinger night duke wrote: Ok pardon me, but the idea is if the server is correctly configured from where i want to receive will retry again to send then will be granted to send email and will be added to allowed domains? I have about 5000 domains to add it's a good idea to add to never-graylist-rdns-file ? Thanks a lot for your help. Nightduke - Mensaje original De: Sam Clippinger [EMAIL PROTECTED] Para: spamdyke users spamdyke-users@spamdyke.org Enviado: sábado, 17 de noviembre, 2007 1:17:17 Asunto: Re: [spamdyke-users] Graylisted denied No, it won't block anything. Any rDNS names listed in that file will be excluded from graylisting. Other filters may still block email from those servers. All of this is covered (exhaustively) in the documentation: http://www.spamdyke.org/documentation/README.html#GRAYLISTS -- Sam Clippinger night duke wrote: This file never-graylist-rdns-file will block forever those domains?right? Nightduke - Mensaje original De: Sam Clippinger [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Para: spamdyke users spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org Enviado: sábado, 17 de noviembre, 2007 1:02:29 Asunto: Re: [spamdyke-users] Graylisted denied If there are any domains you don't want graylisted, just list them in a file and use the never-graylist-rdns-file option. -- Sam Clippinger night duke wrote: Ok but if i want to force manually to add some domains from where i want to receive? After a while it's fixed i received the email from google,spamdyke is wonderfull software and antispam solution. Thanks a lot. Nightduke - Mensaje original De: Sam Clippinger [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Para: spamdyke users spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org Enviado: sábado, 17 de noviembre, 2007 0:43:15 Asunto: Re: [spamdyke-users] Graylisted denied You're not lost, there is nothing to fix. This is correct -- it indicates spamdyke graylisted the connection from google.com. Later, google.com will retry delivery and you will see ALLOWED. -- Sam Clippinger night duke wrote: Nov 17 00:16:12 00641 relaylock: /var/qmail/bin/relaylock: mail from 209.85.198.189:11632 (rv-out-0910.google.com) Nov 17 00:16:14 00641 spamdyke[19267]: DENIED_GRAYLISTED from: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] to: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] origin_ip: 209.85.198.189 origin_rdns: rv-out-0910.google.com auth: (unknown) So finally i'm lost with graylisting. I have at my graylisting dir -rw--- 1 root root 38 2007-11-17 00:23 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 00641:/var/qmail/graylist/mydomain.com/othermail# Does anyone how can i fix this? Thanks Nightduke ¡Descubre una nueva forma de obtener respuestas a tus preguntas! Entra en Yahoo! Respuestas http://us.rd.yahoo.com/mail/es/tagline/answers/*http
Re: [spamdyke-users] strange email created with graylisting.
spamdyke doesn't have the ability to reject email for nonexistent recipients. I intend to add that feature in a future version. http://www.spamdyke.org/documentation/FAQ.html#SUGGESTION4 -- Sam Clippinger night duke wrote: Also i wish to comment with if i don't have an email like [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] spamdyke creates at graylisting directory mydomain.com/p/[EMAIL PROTECTED] mailto:mydomain.com/p/[EMAIL PROTECTED] It's strange.If the email dosen't exist will give an error saying this email dosen't exist... Nightduke ¡Descubre una nueva forma de obtener respuestas a tus preguntas! Entra en Yahoo! Respuestas http://us.rd.yahoo.com/mail/es/tagline/answers/*http://es.answers.yahoo.com/;_ylc=X3oDMTEzNWwxbTZtBF9TAzIxMTQ3MTQxOTAEc2VjA01haWwEc2xrA3RhZ2xpbmVz. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke auth
Plesk already supports SMTP AUTH. spamdyke will automatically disable its filters when authentication is successful; no additional configuration is necessary. -- Sam Clippinger night duke wrote: Hi i want to enable spamdyke with smtp auth. But i don't have vpopmail,i don't have checkpassword at /etc/password dosen't appears qmail users I'm lost i need to enable smtp auth... Can anyone help me? Thanks ¡Descubre una nueva forma de obtener respuestas a tus preguntas! Entra en Yahoo! Respuestas http://us.rd.yahoo.com/mail/es/tagline/answers/*http://es.answers.yahoo.com/;_ylc=X3oDMTEzNWwxbTZtBF9TAzIxMTQ3MTQxOTAEc2VjA01haWwEc2xrA3RhZ2xpbmVz. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] servercert.pem error
Your SSL certificate may be damaged. Please post the output from running config-test. -- Sam Clippinger night duke wrote: Now appears an error... Nov 20 13:52:42 00641 spamdyke[14687]: ERROR: unable to start SSL/TLS connection: The operation failed due to an I/O error, Unexpected EOF found Nightduke - Mensaje original De: night duke [EMAIL PROTECTED] Para: spamdyke users spamdyke-users@spamdyke.org Enviado: martes, 20 de noviembre, 2007 1:07:59 Asunto: Re: [spamdyke-users] servercert.pem error It's strange i have changed into two lines, i have tried to send email and was allowed,but i'm trying to send another email and dosen't sent... Thanks anyway. Nightduke - Mensaje original De: Sam Clippinger [EMAIL PROTECTED] Para: spamdyke users spamdyke-users@spamdyke.org Enviado: lunes, 19 de noviembre, 2007 20:58:58 Asunto: Re: [spamdyke-users] servercert.pem error Your configuration file is formatted incorrectly; you have two options on the same line. To fix it, open the file, find tls-certificate-file and look for policy-url on the same line. Separate the two options into two lines and this error should disappear. Also try the config-test feature -- it will find errors like this. -- Sam Clippinger night duke wrote: Nov 19 13:57:29 641 spamdyke[9642]: ERROR: unable to load SSL/TLS certificate from file: (/var/qmail/control/servercert.pem policy-url= http://www.spamhaus.org/): The operation failed due to an I/O errorerror:02001002:lib(2):func(1):reason(2), error:20074002:lib(32):func(116):reason(2), error:140DC002:lib(20):func(220):reason(2), Unexpected EOF found Nov 19 13:57:29 641 spamdyke[9642]: ERROR: incorrect SSL/TLS private key password or SSL/TLS certificate/privatekey mismatch (/var/qmail/control/servercert.pem policy-url= http://www.spamhaus.org/): A protocol or library failure occurrederror:140A80B1:lib(20):func(168):reason(177) Nov 19 13:57:29 641 spamdyke[9642]: ERROR: unable to initialize SSL/TLS library Hi i have found this error at my maillog.Does anyone how can i fix this? Thanks Nightduke ¡Descubre una nueva forma de obtener respuestas a tus preguntas! Entra en Yahoo! Respuestas http://us.rd.yahoo.com/mail/es/tagline/answers/*http://es.answers.yahoo.com/;_ylc=X3oDMTEzNWwxbTZtBF9TAzIxMTQ3MTQxOTAEc2VjA01haWwEc2xrA3RhZ2xpbmVz. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ¿Chef por primera vez? - Sé un mejor Cocinillas. Entra en Yahoo! Respuestas http://es.rd.yahoo.com/evt:51361/*http://es.answers.yahoo.com/dir/index;_ylc=X3oDMTE4ZWhyZjU0BF9TAzIxMTQ3MTQzMjIEc2VjA0Jhbm5lcgRzbGsDQWNxdWlzaXRpb24-?link=oversid=396545367. ¿Chef por primera vez? - Sé un mejor Cocinillas. Entra en Yahoo! Respuestas http://es.rd.yahoo.com/evt:51361/*http://es.answers.yahoo.com/dir/index;_ylc=X3oDMTE4ZWhyZjU0BF9TAzIxMTQ3MTQzMjIEc2VjA0Jhbm5lcgRzbGsDQWNxdWlzaXRpb24-?link=oversid=396545367. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] servercert.pem error
Please run the following command and post the output: /usr/local/bin/spamdyke -f /var/qmail/spamdyke/spamdyke.conf -l3 --config-test /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail-bin/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin -- Sam Clippinger night duke wrote: cat smtp_psa service smtp { socket_type = stream protocol= tcp wait= no disable = no user= root instances = UNLIMITED server = /var/qmail/bin/tcp-env server_args = -Rt0 /usr/local/bin/spamdyke -f /var/qmail/spamdyke/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true I can't send email This is my original smtp_psa file here is what it has server = /var/qmail/bin/tcp-env server_args = /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true I can send email sucesfully. I have compiled spamdyke without tls spamdyke 3.1.1 (C)2007 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ How can i send email with spamdyke and with smtpauth? if i try to send email it gives me an error telling to me my ip it's listed on a rbl list... How can i do config-test with smtpauth? Thanks Nightduke - Mensaje original De: Sam Clippinger [EMAIL PROTECTED] Para: spamdyke users spamdyke-users@spamdyke.org Enviado: martes, 20 de noviembre, 2007 16:12:43 Asunto: Re: [spamdyke-users] servercert.pem error Your SSL certificate may be damaged. Please post the output from running config-test. -- Sam Clippinger night duke wrote: Now appears an error... Nov 20 13:52:42 00641 spamdyke[14687]: ERROR: unable to start SSL/TLS connection: The operation failed due to an I/O error, Unexpected EOF found Nightduke - Mensaje original De: night duke [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Para: spamdyke users spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org Enviado: martes, 20 de noviembre, 2007 1:07:59 Asunto: Re: [spamdyke-users] servercert.pem error It's strange i have changed into two lines, i have tried to send email and was allowed,but i'm trying to send another email and dosen't sent... Thanks anyway. Nightduke - Mensaje original De: Sam Clippinger [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Para: spamdyke users spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org Enviado: lunes, 19 de noviembre, 2007 20:58:58 Asunto: Re: [spamdyke-users] servercert.pem error Your configuration file is formatted incorrectly; you have two options on the same line. To fix it, open the file, find tls-certificate-file and look for policy-url on the same line. Separate the two options into two lines and this error should disappear. Also try the config-test feature -- it will find errors like this. -- Sam Clippinger night duke wrote: Nov 19 13:57:29 641 spamdyke[9642]: ERROR: unable to load SSL/TLS certificate from file: (/var/qmail/control/servercert.pem policy-url= http://www.spamhaus.org/): The operation failed due to an I/O errorerror:02001002:lib(2):func(1):reason(2), error:20074002:lib(32):func(116):reason(2), error:140DC002:lib(20):func(220):reason(2), Unexpected EOF found Nov 19 13:57:29 641 spamdyke[9642]: ERROR: incorrect SSL/TLS private key password or SSL/TLS certificate/privatekey mismatch (/var/qmail/control/servercert.pem policy-url= http://www.spamhaus.org/): A protocol or library failure occurrederror:140A80B1:lib(20):func(168):reason(177) Nov 19 13:57:29 641 spamdyke[9642]: ERROR: unable to initialize SSL/TLS library Hi i have found this error at my maillog.Does anyone how can i fix this? Thanks Nightduke ¡Descubre una nueva forma de obtener respuestas a tus preguntas! Entra en Yahoo! Respuestas http://us.rd.yahoo.com/mail/es/tagline/answers/*http://es.answers.yahoo.com/;_ylc=X3oDMTEzNWwxbTZtBF9TAzIxMTQ3MTQxOTAEc2VjA01haWwEc2xrA3RhZ2xpbmVz. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users
Re: [spamdyke-users] rdns-whitelist-file
The file used with rdns-whitelist-file can only contain the reverse DNS names of remote servers, not email addresses. See the online documentation for full details: http://www.spamdyke.org/documentation/README_rdns_file_format.html -- Sam Clippinger night duke wrote: Hi i wish to know which format must be used in this file. with domains [EMAIL PROTECTED] or mydomain.com or [EMAIL PROTECTED] Which one is the best one? Thanks a lot. Nightduke __ ¿Chef por primera vez? Sé un mejor Cocinillas. http://es.answers.yahoo.com/info/welcome ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Rcpt address check
Actually, spamdyke already does this. If qmail rejects the recipient, spamdyke logs the rejection as DENIED_OTHER. Unfortunately, qmail doesn't check recipients by default, though there are some patches available to add that ability. Instead, qmail accepts all incoming mail and bounces invalid recipients later. I'll get this one added eventually, probably by allowing spamdyke to run an external program that can check the recipient. That way it could be configured to work with any qmail setup. -- Sam Clippinger Ton van Rosmalen wrote: I've been reading SUGGESTION4 and thinking on it for a couple of days. I've not dived into the internals of spamdyke's graylisting feature but at some point spamdyke has a connection with qmail to pass the incoming data. Theoretically it should be possible to use this connection the do part of the smtp conversation with qmail and intercept it's errorcode in case the (local) recipient does not exist or when relaying isn't allowed. Ton Sam Clippinger schreef: spamdyke doesn't have the ability to reject email for nonexistent recipients. I intend to add that feature in a future version. http://www.spamdyke.org/documentation/FAQ.html#SUGGESTION4 -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] stats or statistics mrtg spamdyke
If you want to create graphs from spamdyke's logs, take a look at the Munin plugin created by Sebastien Guilbaud: http://muninexchange.projects.linpro.no/?searchcid=21pid=171 -- Sam Clippinger night duke wrote: It's possible to make stats of spam with maillog. It's easy to do with mrtg? Thanks Nightduke __ ¿Chef por primera vez? Sé un mejor Cocinillas. http://es.answers.yahoo.com/info/welcome ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] rdns-whitelist-file
You only need to use rdns-whitelist-file to bypass filters for specific remote servers. If those servers aren't being filtered, there's no need to use this file. You cannot list email addresses in the rDNS whitelist file. It is only for reverse DNS names. If you want to whitelist sender email addresses, you should use sender-whitelist-file. http://www.spamdyke.org/documentation/README.html#WHITELISTING_ADDRESSES NOTE: Whitelisting sender addresses is a BAD IDEA. Sender addresses are VERY easy to forge and if a spammer forges an address on your whitelist, spamdyke won't stop it. -- Sam Clippinger night duke wrote: So if i want to receive from a domain i will add thatdomain.com and if i want to receive from gw.otherdomain.com Both of them are correctly added. And also i can add emails there like [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Thanks a lot. Nightduke */Sam Clippinger [EMAIL PROTECTED]/* escribió: The file used with rdns-whitelist-file can only contain the reverse DNS names of remote servers, not email addresses. See the online documentation for full details: http://www.spamdyke.org/documentation/README_rdns_file_format.html -- Sam Clippinger night duke wrote: Hi i wish to know which format must be used in this file. with domains [EMAIL PROTECTED] or mydomain.com or [EMAIL PROTECTED] Which one is the best one? Thanks a lot. Nightduke __ ¿Chef por primera vez? Sé un mejor Cocinillas. http://es.answers.yahoo.com/info/welcome ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ¿Chef por primera vez? - Sé un mejor Cocinillas. Entra en Yahoo! Respuestas http://es.rd.yahoo.com/evt:51361/*http://es.answers.yahoo.com/dir/index;_ylc=X3oDMTE4ZWhyZjU0BF9TAzIxMTQ3MTQzMjIEc2VjA0Jhbm5lcgRzbGsDQWNxdWlzaXRpb24-?link=oversid=396545367. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Rcpt address check
I don't think those two suggestions are mutually exclusive. #1 is actually more complicated however, since DIR/DOMAIN/USER isn't always enough. vpopmail aliases can look like this: DIR/DOMAIN/.qmail-USER If those two don't exist, sometimes a catchall address can exist, which looks like this: DIR/DOMAIN/.qmail-default However, the difference between a catchall address and a delete bounced address is the contents of the .qmail-default file. That's all for standard vpopmail. vpopmail can also store its user information in a database. Standard (vanilla) qmail stores its user information in a CDB file. Plesk uses a database. See how quickly this becomes complicated? -- Sam Clippinger Davide Bozzelli wrote: Sam Clippinger ha scritto: Actually, spamdyke already does this. If qmail rejects the recipient, spamdyke logs the rejection as DENIED_OTHER. Unfortunately, qmail doesn't check recipients by default, though there are some patches available to add that ability. Instead, qmail accepts all incoming mail and bounces invalid recipients later. I'll get this one added eventually, probably by allowing spamdyke to run an external program that can check the recipient. That way it could be configured to work with any qmail setup. Yes this is a must-have feature for spamdyke . I suggest to use two approaches: 1) check recipients from a dir tree like $base_dir/$domain/$username (assuming that the recipient address will be splitted in $username and $domain ) 2) check recicpients by executing an external helper which returns 1 (no such user) or 0 (user found) I think 1) gives the best performance, and 2) the best flexibility Of course they are mutually exclusive, use 1) or 2) not both . Have fun, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Whitelist and gray/greylisting
Some spam will inevitably get through the graylist filter. It's not a perfect solution but it does stop a lot of spam. As spammers adopt better methods, graylisting will eventually become useless. -- Sam Clippinger night duke wrote: Well for a strange reason a few emails from spammers are graylisted and i will receive emails from them... How can i remove those domains?How can i check mx feature it's working? Thanks Nightduke */Sam Clippinger [EMAIL PROTECTED]/* escribió: I think I understand your suggestion now. However, adding flags to keep the whitelists from overriding all filters would probably make spamdyke so complicated it would be difficult or impossible to install. Once the new configuration system is in place, you should be able to disable the rDNS tests for specific recipients or remote servers as needed. If it still doesn't do what you need, we can discuss further enhancements. -- Sam Clippinger Ton van Rosmalen wrote: Hi Sam, I didn't mean a separate whitelist for each filter. As it is now some connections are terminated with |DENIED_RDNS_MISSING or ||DENIED_RDNS_RESOLVE |from valid but misconfigured mailservers. I'd like to allow these connections but AFAIK the only option available is whitelisting them apart from disabling the general rdns checks. The same would happen when whitelisting the recipient address. What I suggested is an option to use graylisting even when a whitelist-test succeeded. E.g. an option: graylist-when-whitelisted That way at least some level of protection is available in case of abuse of a whitelisted address. Or perhaps I could achieve the same result using: no-graylist-dir always-graylist-* But again, what I read with whitelisting (as it should) in the docs is and skip all filters if it is found. Skipping all filters I interpret as also skipping graylisting. If I'm wrong please correct me. When I look at your description of the upcoming addition I could create the set-up I would like, so we'll leave this as it is. Should you require some help (testing and/or development) of a (pre-)release do not hesitate to contact me. Ton Sam Clippinger schreef: If I understand you correctly, you want a separate whitelist file for each filter? That sounds similar to the never-graylist-* and always-graylist-* options -- whitelists and blacklists that only affect the graylist feature. Keep in mind, adding white/blacklists for just the graylist feature created 7 new options. I'm a little hesitant to repeat that effort for every filter; spamdyke would gain hundreds of options! Configuring spamdyke would become nearly impossible. I'm currently working on adding a system to allow spamdyke to be reconfigured per IP, rDNS, sender and/or recipient. When it's ready, you should be able to accomplish what you're trying to do by creating new configuration files with specific names. For example, you would be able to have a global configuration file that activates all the filters, then create some local configuration files that deactivate some of the filters for specific IP addresses or rDNS names or whatever. Potentially, you (or someone) could then create a control panel to allow users to edit the filters affecting just their mail (or perhaps all mail for their domain). Every user could (potentially) have their own whitelists, DNS RBLs, etc that are only used when mail is delivered to them. That system should be ready soon, hopefully in the next version. -- Sam Clippinger Ton van Rosmalen wrote: Hi all, I've been using spamdyke for a couple of weeks now and I'm very happy with it. As always customers start questioning us about not receiving e-mails from certain senders. After checking the logs the conclusion is always that no rdns is found or that the found name doesn't resolve. The problem that arises is that our customer start complaining about this because they can't receive orders etc. For now I've put a couple of the senders ip-addresses on a whitelist to prevent the denial because of their misconfiguration. I've also tried to add greylisting for the domain to provide some degree of anti-spam control. What I (think I) observe is that because of the whitelisting all checks, including greylisting, are skipped. Would
Re: [spamdyke-users] rdns-whitelist-file
If messages from the other machines are being blocked by spamdyke, add them to the rdns-whitelist-file. If they aren't being blocked, you don't need to do anything. -- Sam Clippinger night duke wrote: Ok but where i must add a localname of a machine from where i want to receive emails from... Like cron jobs...clamav updates...no more... Thanks Nightduke */Sam Clippinger [EMAIL PROTECTED]/* escribió: You only need to use rdns-whitelist-file to bypass filters for specific remote servers. If those servers aren't being filtered, there's no need to use this file. You cannot list email addresses in the rDNS whitelist file. It is only for reverse DNS names. If you want to whitelist sender email addresses, you should use sender-whitelist-file. http://www.spamdyke.org/documentation/README.html#WHITELISTING_ADDRESSES NOTE: Whitelisting sender addresses is a BAD IDEA. Sender addresses are VERY easy to forge and if a spammer forges an address on your whitelist, spamdyke won't stop it. -- Sam Clippinger night duke wrote: So if i want to receive from a domain i will add thatdomain.com and if i want to receive from gw.otherdomain.com Both of them are correctly added. And also i can add emails there like [EMAIL PROTECTED] Thanks a lot. Nightduke */Sam Clippinger /* escribió: The file used with rdns-whitelist-file can only contain the reverse DNS names of remote servers, not email addresses. See the online documentation for full details: http://www.spamdyke.org/documentation/README_rdns_file_format.html -- Sam Clippinger night duke wrote: Hi i wish to know which format must be used in this file. with domains [EMAIL PROTECTED] or mydomain.com or [EMAIL PROTECTED] Which one is the best one? Thanks a lot. Nightduke __ ¿Chef por primera vez? Sé un mejor Cocinillas. http://es.answers.yahoo.com/info/welcome ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ¿Chef por primera vez? - Sé un mejor Cocinillas. Entra en Yahoo! Respuestas . ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ¿Chef por primera vez? - Sé un mejor Cocinillas. Entra en Yahoo! Respuestas http://es.rd.yahoo.com/evt:51361/*http://es.answers.yahoo.com/dir/index;_ylc=X3oDMTE4ZWhyZjU0BF9TAzIxMTQ3MTQzMjIEc2VjA0Jhbm5lcgRzbGsDQWNxdWlzaXRpb24-?link=oversid=396545367. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke hangs at restart
Are you looking in the correct file? Plesk moves the maillog messages to /usr/local/psa/var/log/maillog. If that doesn't help, are you seeing any errors logged anywhere? What do you see if you telnet to your server's SMTP port? Is any mail being delivered at all? -- Sam Clippinger night duke wrote: Hi i have a problem when i do a restart of xinetd and qmail for a strange reason spamdyke dosen't start again.I have added a new ip at my whilelist ip file then i do a restart of qmail and xinetd... but... /etc/init.d/xinetd restart Stopping internet superserver: xinetd. Starting internet superserver: xinetd. cat smtp_psa service smtp { socket_type = stream protocol= tcp wait= no disable = no user= root instances = UNLIMITED server = /var/qmail/bin/tcp-env server_args = -Rt0 /usr/local/bin/spamdyke -f /var/qmail/spamdyke/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true Doe anyone how can i fix this problem? Spamdyke dosen't appears again at maillog... Thanks Nightduke ¿Chef por primera vez? - Sé un mejor Cocinillas. Entra en Yahoo! Respuestas http://es.rd.yahoo.com/evt:51361/*http://es.answers.yahoo.com/dir/index;_ylc=X3oDMTE4ZWhyZjU0BF9TAzIxMTQ3MTQzMjIEc2VjA0Jhbm5lcgRzbGsDQWNxdWlzaXRpb24-?link=oversid=396545367. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamdyke hangs at restart
I'm confused. If mail is being delivered and the spamdyke binary is in use, why do you think it isn't running? You should be able to see it in a process list. Is your log-level set to at least 2? Is your log-target set to 1? -- Sam Clippinger night duke wrote: Yes i'm looking at /usr/local/psa/var/log# ls -lah total 22M drwxr-xr-x 3 root root 4,0K 2007-11-26 06:26 . drwxr-xr-x 9 psaadm psaadm 4,0K 2007-08-07 16:25 .. drwxr-xr-x 2 root root 4,0K 2007-11-22 16:49 3 -rw-r- 1 root adm 18M 2007-11-26 16:57 maillog I dosen't see spamdyke running at maillog, i can connect to smtp port sucessfully and answer correctly. I have tried to restart /etc/init.d/xinetd restart and /etc/init.d/qmail restart but spamdyke dosen't start.Also i have mail waiting at my queue. ./qmail-qstat messages in queue: 244 messages in queue but not yet preprocessed: 219 I have tried to copy form my compiled source of spamdyke to /usr/loca/bin and told me it's been used... Nightduke */Sam Clippinger [EMAIL PROTECTED]/* escribió: Are you looking in the correct file? Plesk moves the maillog messages to /usr/local/psa/var/log/maillog. If that doesn't help, are you seeing any errors logged anywhere? What do you see if you telnet to your server's SMTP port? Is any mail being delivered at all? -- Sam Clippinger night duke wrote: Hi i have a problem when i do a restart of xinetd and qmail for a strange reason spamdyke dosen't start again.I have added a new ip at my whilelist ip file then i do a restart of qmail and xinetd... but... /etc/init.d/xinetd restart Stopping internet superserver: xinetd. Starting internet superserver: xinetd. cat smtp_psa service smtp { socket_type = stream protocol = tcp wait = no disable = no user = root instances = UNLIMITED server = /var/qmail/bin/tcp-env server_args = -Rt0 /usr/local/bin/spamdyke -f /var/qmail/spamdyke/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true Doe anyone how can i fix this problem? Spamdyke dosen't appears again at maillog... Thanks Nightduke ¿Chef por primera vez? - Sé un mejor Cocinillas. Entra en Yahoo! Respuestas . ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ¿Chef por primera vez? - Sé un mejor Cocinillas. Entra en Yahoo! Respuestas http://es.rd.yahoo.com/evt:51361/*http://es.answers.yahoo.com/dir/index;_ylc=X3oDMTE4ZWhyZjU0BF9TAzIxMTQ3MTQzMjIEc2VjA0Jhbm5lcgRzbGsDQWNxdWlzaXRpb24-?link=oversid=396545367. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Config-test Returns command aborted abnormally
I wouldn't worry too much about the command aborted abnormally -- it just means that qmail-smtpd didn't exit after spamdyke sent it the QUIT command. spamdyke had to kill it instead. However, it was obviously working because spamdyke reported it offers TLS and SMTP AUTH. qmail-smtpd should exit after it sees the QUIT command but it's possible one of the Toaster patches has changed that behavior. It's equally possible there's a bug in spamdyke. Unless you see a lot of stale qmail-smtpd processes when your server gets busy, it's not a problem. You indicated spamdyke doesn't work on this machine -- what does it do (or fail to do)? -- Sam Clippinger Ken Schweigert wrote: I'm trying to get Spamdyke-3.1.1 to install on another mailserver. I've successfully got it to install on three other boxes but am having trouble with this one. The box I'm trying to install on is: [EMAIL PROTECTED] vpopmail]# cat /etc/redhat-release Red Hat Enterprise Linux ES release 4 (Nahant Update 6) [EMAIL PROTECTED] vpopmail]# [EMAIL PROTECTED] vpopmail]# uname -a Linux rsmail.mydomain.tld 2.6.9-42.0.10.EL #1 Fri Feb 16 17:03:28 EST 2007 x86_64 x86_64 x86_64 GNU/Linux The difference between this one and the successful installs is that this box is a 64-bit box. It's been running qmail for almost 2 years now (installed as a Shupp Toaster) and has been working great. Spamdyke compiles fine and without warnings, however when I run the config-test I get: [EMAIL PROTECTED] vpopmail]# /usr/local/bin/spamdyke -f /etc/spamdyke.conf --config-test --config-test-user=89 /var/qmail/bin/qmail-smtpd spamdyke 3.1.1+TLS (C)2007 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ Use -h for an option summary or see README.html for complete option details. Testing configuration... SUCCESS: Set current user to vpopmail (89). INFO: Running command to test capabilities: /var/qmail/bin/qmail-smtpd WARNING: command aborted abnormally: /var/qmail/bin/qmail-smtpd SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer TLS support. Continue using the tls-certificate-file flag so spamdyke will be able to filter all traffic. SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer SMTP AUTH support. spamdyke will observe any authentication and trust its response. ERROR(graylist-dir): No domain directories found in graylist folder: /home/vpopmail/graylist ERROR: Tests complete. Errors detected. [EMAIL PROTECTED] vpopmail]# The part that worries me is the command aborted abnormally. I don't think there is a problem with qmail-smtpd since it has been working for two years now. Could it be that I didn't actually compile spamdyke as a 64-bit app? Is there any easy way to tell? Is there a configure option that I was supposed to pass? Thanks! -ken ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Running spamdyke on an older Linux
Thanks for the tip! I'll add REMOTE_HOST to the list of environment variables spamdyke searches. -- Sam Clippinger Venkat Iyer wrote: We were trying to run spamdyke on an older linux box and it always showed the origin_ip as 0.0.0.0 [xxx]# uname -a Linux xxx.com 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686 unknown [xxx]# cat /etc/redhat-release Red Hat Linux release 7.1 (Seawolf) After some investigation, found out that xinetd used to set a different environment variable name. Hope this saves someone some time: --- ../../tmp/spamdyke-3.1.0/spamdyke/spamdyke.hThu Oct 25 20:39:25 2007 +++ spamdyke.h Thu Dec 6 09:48:00 2007 @@ -54,7 +54,8 @@ #define SELECT_USECS_NO_TIMEOUT 0 #define ENVIRONMENT_DELIMITER '=' -#define ENVIRONMENT_REMOTE_IP TCPREMOTEIP +// #define ENVIRONMENT_REMOTE_IP TCPREMOTEIP +#define ENVIRONMENT_REMOTE_IP REMOTE_HOST #define ENVIRONMENT_REMOTE_NAME TCPREMOTEHOST #define ENVIRONMENT_REMOTE_INFO TCPREMOTEINFO #define ENVIRONMENT_LOCAL_PORT TCPLOCALPORT @@ -522,7 +523,8 @@ #define LOG_MESSAGE_DNS_TYPE_TXTTXT #define CONFIG_TEST_ENVIRONMENT_LOCAL_PORT TCPLOCALPORT=25 -#define CONFIG_TEST_ENVIRONMENT_REMOTE_IP TCPREMOTEIP=127.0.0.1 +// #define CONFIG_TEST_ENVIRONMENT_REMOTE_IP TCPREMOTEIP=127.0.0.1 +#define CONFIG_TEST_ENVIRONMENT_REMOTE_IP REMOTE_HOST=127.0.0.1 #define CONFIG_TEST_ENVIRONMENT_REMOTE_NAME TCPREMOTEHOST=localhost #define CONFIG_TEST_BAD_CONFIG_DIR_EXEC ERROR(%s): Impossible test condition (DIR_EXEC). Please report this error to the author. - Venkat ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Skip graylisting for specific domains don't work
The never-graylist-rdns-file option bypasses graylisting based on the reverse DNS name of the remote server, not the domain name of the sender or recipient. For example, you may receive an email from [EMAIL PROTECTED] but the remote server's name could be 11-22-33-44.business.dsl.someprovider.com. In that case, adding .somesmallbusiness.com to the file will do nothing. Instead, you should add .someprovider.com (or something more specific) to the file. Note that would disable graylisting for all senders coming from that server. If the server hosts many domains, this may not be what you want. Unfortunately, disabling graylisting for specific senders or recipients is not possible at this time. I'm working on it though. -- Sam Clippinger Marc Stiebich wrote: Hi Ton, Using this option the rdns-entry for the sending mailserver is checked... - thats what i want. All incoming Mail should be graylisted first, expect a few Domains should not graylisted and forwarded direct to the receiving Domain without graylisting . This doesn't work for me. Marc Ton van Rosmalen wrote: Hi Marc, Using this option the rdns-entry for the sending mailserver is checked not the receiving domain. I myself use 'graylist-dir' which contains folders for each domain that I want graylisted. Ton Marc Stiebich schreef: Hi all, i wan't to skip graylisting for specific domains but making several tests it did not work for me. In the spamdyke.conf i have the entry never-graylist-rdns-file=/home/vpopmail/spamdyke/never-graylist-rdns and in the never-graylist-rdns file i have the entry for the specific Domain ..com But Mails from this Domain are graylisted anyway. What's wrong? Thanks for the help. Marc ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] SMTP AUTH and relaying problem
Let's see... 1: I'm not sure why this is. Are you using tcpserver or xinetd? Can you post the script that's starting spamdyke? 2: Check your permissions. DJB's checkpassword requires root permissions to run correctly, so you may need to mark the binary setuid root. spamdyke's config-test option can test this for you. 3: This is correct -- spamdyke will block relaying unless the recipient's domain is listed in your rcpthosts file OR your /etc/tcp.smtp file allows relaying OR the remote server authenticates. If your remote servers weren't being blocked before, your server must have been running as an open relay. -- Sam Clippinger Ernesto Vega wrote: Hi Everyone. I have a working qmail server and i decided to stop the spam and also to implement SMTP AUTH. So i installed spamdyke version 3.1.1. And I´ve had some problens: 1.- SMTP AUTH only starts on localhost connections ... [EMAIL PROTECTED] etc]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 myserver.mydomain ESMTP ehlo 250-myserver.mydomain 250-PIPELINING 250-8BITMIME 250 AUTH LOGIN PLAIN If i connect from somewhre else it does not show the last line, telling that it can let me send mail if i authenticate. 2.- Authentication fails always, but I´m using the same password validation startegy (checkpassword) than the pop server (which works perfectly). I use SMTP AUTH LOGIN PLAIN. 3.- It does not exchange mail with other servers (could you believe that ??) I keep getting : DENIED_RELAYING from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] Any Ideas ??? This is my /etc/tcp.smtp: 127.0.0.1:allow,RELAYCLIENT= :allow This is my spamdyke.conf: hostname=myserver.mydomain log-level=4 max-recipients=5 idle-timeout-secs=60 greeting-delay-secs=5 local-domains-file=/var/qmail/control/rcpthosts access-file=/etc/spamdyke/access smtp-auth-command=/bin/checkpassword /bin/true Thanks in advance for the help!!! Regards Ernesto ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] [Fwd: Re: ports/119579: New port: mail/spamdyke A filter for monitoring and intercepting SMTP connections on qmail]
Excellent! Good work! -- Sam Clippinger Peter Kieser wrote: Should have a FreeBSD port for spamdyke soon! -Peter Subject: Re: ports/119579: New port: mail/spamdyke A filter for monitoring and intercepting SMTP connections on qmail From: [EMAIL PROTECTED] Date: Fri, 11 Jan 2008 23:10:03 GMT To: Peter Kieser [EMAIL PROTECTED] To: Peter Kieser [EMAIL PROTECTED] Thank you very much for your problem report. It has the internal identification `ports/119579'. The individual assigned to look at your report is: freebsd-ports-bugs. You can access the state of your problem report at any time via this link: http://www.freebsd.org/cgi/query-pr.cgi?pr=119579 Category: ports Responsible:freebsd-ports-bugs Synopsis: New port: mail/spamdyke A filter for monitoring and intercepting SMTP connections on qmail Arrival-Date: Fri Jan 11 23:10:03 UTC 2008 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Disable Spamdyke for some users ?
Adding the address to the recipient whitelist file is the correct way to disable spamdyke for that user. However, I don't see any difference between the two logs you sent. spamdyke isn't filtering the email when the user isn't in the whitelist file. -- Sam Clippinger [EMAIL PROTECTED] wrote: Is it possible to disable spamdyke for somes users or domains ? I add [EMAIL PROTECTED] in the *recipient-whitelist-file * and I think spamdyke dont skip all filters if email is found. I've done a full dir log and look contents, I have same result. Could you explain to me ? Maybe its not the right way to disable spamdyke to some users.(?) Thanks. I ve done a full dir log WITH [EMAIL PROTECTED] in the recipient-whitelist-file 01/15/2008 00:12:11 220 mail.noonet.com ESMTP 01/15/2008 00:12:11 EHLO relay-cv.club-internet.fr 01/15/2008 00:12:11 250-mail.noonet.com 250-PIPELINING 250 8BITMIME 01/15/2008 00:12:11 MAIL FROM:[EMAIL PROTECTED] RCPT TO:[EMAIL PROTECTED] DATA 01/15/2008 00:12:11 250 ok 250 ok 354 go ahead WITHOUT [EMAIL PROTECTED] in the recipient-whitelist-file 01/15/2008 00:17:49 220 mail.noonet.com ESMTP 01/15/2008 00:17:49 EHLO relay-av.club-internet.fr 01/15/2008 00:17:49 250-mail.domain.com 250-PIPELINING 250 8BITMIME 01/15/2008 00:17:49 MAIL FROM:[EMAIL PROTECTED] RCPT TO:[EMAIL PROTECTED] DATA 01/15/2008 00:17:49 250 ok 250 ok 354 go ahead ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke disable smtp auth
If you don't configure spamdyke's SMTP AUTH (smtp-auth-command in the configuration file), spamdyke will not offer SMTP AUTH. If your qmail provides SMTP AUTH on its own, spamdyke will silently observe the authentication and disable its filters for authenticated users. I've already added a feature to the next version of spamdyke to disable SMTP AUTH entirely -- even patched qmail installations will can be blocked from authenticating. -- Sam Clippinger Alexander Ilichev wrote: How can i disable smtp auth in Spamdyke? My users authenticate without SMTP AUTH. Can i still use spamdyke? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] follow up on spamdyke tls accept problem.
It sounds like a bug. I've seen several complaints about TLS passthrough but I've been unable to reproduce it myself. Out of curiosity, why do you want qmail to do the TLS instead of spamdyke? During my (very) little free time over the past week, I've been trying to fix the 100% CPU bug (reported by Pablo González on 1/11). I haven't been able to reproduce it yet, despite trying a number of different things. There are still more ideas to try. Hopefully Real Life(tm) will slow down this week and I'll have more time for spamdyke. -- Sam Clippinger Davide Bozzelli wrote: Is it a bug ? I'll summarize the problem: Spamdyke , when tls is disabled, seems to require every time a tls connetion, and so forece the remote mta to talk tls. I understand that the problem could be fixed by enabling the tls support in spamdyke, but if i want to use the tls on qmail-smtpd side i need to disable tls on the spamdyke side. So, is a problem that could be solved ? Thx in advance, Davie ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] follow up on spamdyke tls accept problem.
Yes, the 100% CPU bug seems to be TLS-related but it is separate from the bug with TLS passthrough. The two functions use different portions of the code, so fixing one will not necessarily fix the other. By disabling TLS, you've simply switched bugs. Sorry about that. :( -- Sam Clippinger Paolo wrote: Hello, I think the 100% cpu bug is related to TLS. I disabled TLS on spamdyke and the 100% bug disappeared, but now I see that qmail-smtpd TLS is broken too: openssl s_client -starttls smtp -crlf -connect localhost:25 CONNECTED(0003) 6570:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:567: This was an old issue documented at shupp.org but I can't solve it . my /var/qmail/control: /var/qmail/control# ls -l tls* -rw-r--r-- 1 root root 386 2008-01-01 10:44 tlsclientciphers -rw-r--r-- 1 root root 386 2008-01-01 10:44 tlsserverciphers /var/qmail/control# ls -l *.pem -rw-r- 1 vpopmail qmail 2189 2007-12-12 15:53 clientcert.pem -rw-r- 1 vpopmail qmail 245 2008-01-16 01:01 dh1024.pem -rw-r- 1 vpopmail qmail 156 2008-01-16 01:01 dh512.pem -rw-r- 1 vpopmail qmail 493 2008-01-16 01:01 rsa512.pem -rw-r- 1 vpopmail qmail 2189 2007-12-12 15:53 servercert.pem # dpkg -l openssl openssl0.9.8c-4etch1 I hope you can give me some hints. Il giorno 16 gen 2008, alle ore 18:26, Sam Clippinger ha scritto: It sounds like a bug. I've seen several complaints about TLS passthrough but I've been unable to reproduce it myself. Out of curiosity, why do you want qmail to do the TLS instead of spamdyke? During my (very) little free time over the past week, I've been trying to fix the 100% CPU bug (reported by Pablo González on 1/11). I haven't been able to reproduce it yet, despite trying a number of different things. There are still more ideas to try. Hopefully Real Life(tm) will slow down this week and I'll have more time for spamdyke. -- Sam Clippinger Davide Bozzelli wrote: Is it a bug ? I'll summarize the problem: Spamdyke , when tls is disabled, seems to require every time a tls connetion, and so forece the remote mta to talk tls. I understand that the problem could be fixed by enabling the tls support in spamdyke, but if i want to use the tls on qmail-smtpd side i need to disable tls on the spamdyke side. So, is a problem that could be solved ? Thx in advance, Davie ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Stray LF
Yes, you can install spamdyke with no options in its configuration file. It will silently fix the bare LFs for you without filtering any connections. -- Sam Clippinger J-P Raymond wrote: Hi, I've just discover this program yesterday ! I have a question I've a qmail server and stray LF 450 bouce message cause me some problems I've read spamdyke add the appropriate end of line to the messages ! Is it possible to add only this feature for now ? The other feature seams really interesting but I would like to implement them later ! Or may be just a small amount of feature like blacklist (spamcop spamhaus) Thanks for your time ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] reject-missing-sender-mx problem
Correct. spamdyke returns 4xx codes for filters that are triggered by missing DNS records (missing MX, missing rDNS, unresolvable rDNS). This is because spamdyke can't know if the record truly doesn't exist or if the DNS servers are just slow. Using a 4xx code will cause the remote server to try again. If the problem was a slow DNS server, a second attempt may be successful. Other filters use 5xx codes because the answers are definite (rDNS keywords, blacklists, earlytalkers). The line you found in spamdyke.h is the one you want. If you change REJECT_SEVERITY_TEMPORARY to REJECT_SEVERITY_PERMANENT, spamdyke will return a 5xx code for the missing MX test. Be aware, however, that a slow or overloaded DNS server could cause some of your mail to be rejected incorrectly. In your setup, is server 1 running qmail? It would be better to install spamdyke there if possible. -- Sam Clippinger J-P Raymond wrote: I think I found my answer : spamdyke.h #define REJECTION_DATA_SENDER_NO_MX { REJECT_SEVERITY_TEMPORARY, ERROR_SENDER_NO_MX, STRLEN(ERROR_SENDER_NO_MX), DENIED_SENDER_NO_MX } REJECT_SEVERITY_TEMPORARY Why temporary because DNS could failed to answer and this email would be bounced for no reason ? Thanks From: [EMAIL PROTECTED] To: spamdyke-users@spamdyke.org Date: Fri, 18 Jan 2008 15:10:05 -0500 Subject: Re: [spamdyke-users] reject-missing-sender-mx problem Hi, I'm having problems with this rule ! It will be a bit difficult to explain so stay with me: Setup : 2 servers server 1 is filtering mail for server 2 server 2 is running spamdyke with qmail If qmail refuse a message (sent by server1) with a non permanent error code 4XX, server 1 keep that email in queue until it can be sent again or timeout ! (fine) (That was my problem with the bare LF because stray LF is always 4xx on qmail not 55X permanent.) But server 1 don't deliver the other message received after the one with the 4xx error until this message timout. (bad) So basicaly queue to that domain can build up until this message is bounce or timeout. If qmail sends a 550 permanent error no problem the email is discarded and the other emails can be delivered. That beeing said, Now I've tried to activate the reject-missing-sender-mx setting on spamdyke but this rule did the same thing. I've check my log (server1) and I saw : 554 Refused. The domain of your sender address has no mail exchanger (MX). So fine 554 is a permanent error but why my other server act like a 4XX error code. I would like to know if their is an error in the error code sent by spamdyke on that particular filter ? I know it's really specific and not many of you will experience something like that but it's worth asking Thanks http:/// ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke ip-in-rdns-keyword-file
Yes, that would be very easy to add. I'll put it in the next version. Thanks for the suggestion! -- Sam Clippinger Andreas Galatis wrote: Hello, I am using spamdyke on several servers and think it is a great tool to battle against spam. I am just missing one thing in spamdyke: There is a keyword-file to determine dialin-connections in rdns-responses. Many of my clients get mail from servers with static (fix) IPs that resolve a RDNS with it's IP and a keyword static or fixed_IP. Could it be possible to add a ip-in-rdns-keyword-whitelist- file to allow those static-ip-Servers to send mail without having to list all of them in a whitelist-file? Maybe in an upcoming version? Thanks for the great work on that tool. Andreas ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] A little webmail problem
You probably just need to whitelist your localhost IP address. Use the ip-whitelist-file option and list 127.0.0.1 in the file. -- Sam Clippinger Ben Mills wrote: Hardly anybody uses webmail on the two domains I host, so this problem went unnoticed until a fellow, who was vacationing in FL, tried to send a message via squirrelmail got an error. I checked it out and it gives an error 4.x.x you have no rDNS. I hashed the rdns stuff in the Spamdyke config file, but it then gave me a 4.x.x error that read I was graylisted and should try later. Do I have something messed-up in apache? Has anybody else had this sort of problem? It's a CentOS toaster machine, and I'm still in the learning phase. Thanks, Ben ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Feature request don't Graylist ESMTP ! possible ?
Technically it's possible, yes. However, I don't agree that spammers don't use ESMTP. I think this feature would not have the effect you want. Also, qmail does support ESMTP, even without patches. -- Sam Clippinger J-P Raymond wrote: Question, Would it be difficult/possible to add a feature to graylist only non ESMTP hosts ? I know qmail is not esmtp but most spammer don't use esmtp so no need to graylist them ! Le me know ! ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] New log feature
That should be pretty easy to do. I'll add it to my list for the next version. I think I'm adding items to the TODO list faster than I can remove them these days... :) -- Sam Clippinger Davide Bozzelli wrote: I see now is it possisibile to log on syslog OR stderr. Would be useful if i could log on both syslog AND stderr at the same time, so with stderr log i could mantain ALL the smtp stuff in multilog files, and with syslog i could manage the archival of log and something like that (via syslog-ng) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] greeting-delay-check does not work properly ?
If you're right about this, it's a bug. I'll work on reproducing it. As for the blocking, the delay is supposed to end as soon as the first characters are sent. This is by design -- if the remote server isn't going to follow the SMTP protocol, there's no point to making them wait (and consume server resources). In your case, you won't see an error message until after the recipient is specified because spamdyke has to check the recipient whitelist file before it rejects the message. -- Sam Clippinger Davide Bozzelli wrote: Davide Bozzelli ha scritto: First config: --- log-level=2 log-target=0 ip-whitelist-file=/var/qmail/control/nospamdykeip sender-whitelist-file=/var/qmail/control/nospamdykefrom tls-certificate-file=/var/qmail/control/servercert.pem recipient-whitelist-file=/var/qmail/control/nospamdyketo local-domains-file=/var/qmail/control/rcpthosts ip-in-rdns-keyword-file=/var/qmail/control/badrdns never-graylist-ip-file=/var/qmail/control/nograyip reject-missing-sender-mx reject-empty-rdns reject-unresolvable-rdns #reject-ip-in-cc-rdns #check-rhsbl=blackhole.securitysage.com #check-dnsrbl=zen.spamhaus.org greeting-delay-secs=30 - END SNIP - Result: The delay is enforced. As side note i've noticed that the delay is in act but if a try to type something spamdyke does not block me . Have fun, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] greeting-delay-check does not work properly ?
I can't reproduce this with version 3.1.5. One thought: is it possible you're seeing no delay because the connection matched one of the three filters you're disabling? For example, if the remote server were listed on the zen.spamhaus.org DNS RBL, spamdyke would not delay the greeting banner. This is by design -- it's better to send the rejection and close the connection and free your server's resources as fast as possible. Otherwise, high spam traffic could quickly become a DoS attack. If that explanation doesn't fit, could you send more details about the connections that aren't delayed? A full log would be perfect. -- Sam Clippinger Davide Bozzelli wrote: Sam Clippinger ha scritto: If you're right about this, it's a bug. I'll work on reproducing it. As for the blocking, the delay is supposed to end as soon as the first characters are sent. This is by design -- if the remote server isn't going to follow the SMTP protocol, there's no point to making them wait (and consume server resources). In your case, you won't see an error message until after the recipient is specified because spamdyke has to check the recipient whitelist file before it rejects the message. I can confirm you, the bug goes up when the following options are enabled: reject-ip-in-cc-rdns check-rhsbl=blackhole.securitysage.com check-dnsrbl=zen.spamhaus.org The issue affect the sparc manchine where you had logged in, and other one. Have fun, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Strange situation - please help!
I'm not sure I understand the problem or the strace output. You're seeing a single spamdyke process remain running and never exit? I need more information before I can help. Are you using the latest version of spamdyke? How much CPU is it using? Are you seeing any errors in your log files? Can you send a full log of a message that causes this behavior? Can you send your spamdyke configuration file? -- Sam Clippinger N.Novozhilov wrote: From yesterday I discover very strange behavior of spamdyke, all time before all was good: First running copy stay resident and listen network. Short log: host# strace -p 12787 -e trace=network Process 12787 attached - interrupt to quit accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted) --- SIGCHLD (Child exited) @ 0 (0) --- accept(3, {sa_family=AF_INET, sin_port=htons(4430), sin_addr=inet_addr (88.229.222.135)}, [16]) = 0 accept(3, {sa_family=AF_INET, sin_port=htons(3953), sin_addr=inet_addr(83.166.219.102)}, [16]) = 0 accept(3, {sa_family=AF_INET, sin_port=htons(2396), sin_addr=inet_addr (189.0.199.23)}, [16]) = 0 accept(3, {sa_family=AF_INET, sin_port=htons(13776), sin_addr=inet_addr(122.164.34.160)}, [16]) = 0 accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted) --- SIGCHLD (Child exited) @ 0 (0) --- accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted) --- SIGCHLD (Child exited) @ 0 (0) --- accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted) --- SIGCHLD (Child exited) @ 0 (0) --- accept(3, {sa_family=AF_INET, sin_port=htons(58206), sin_addr=inet_addr (123.248.102.135)}, [16]) = 0 accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted) --- SIGCHLD (Child exited) @ 0 (0) --- accept(3, {sa_family=AF_INET, sin_port=htons(2693), sin_addr=inet_addr (85.104.38.223)}, [16]) = 0 accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted) --- SIGCHLD (Child exited) @ 0 (0) --- accept(3, {sa_family=AF_INET, sin_port=htons(4269), sin_addr=inet_addr (83.166.219.102)}, [16]) = 0 accept(3, {sa_family=AF_INET, sin_port=htons(2788), sin_addr=inet_addr(85.104.38.223)}, [16]) = 0 accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted) --- SIGCHLD (Child exited) @ 0 (0) --- accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted) --- SIGCHLD (Child exited) @ 0 (0) --- accept(3, {sa_family=AF_INET, sin_port=htons(2852), sin_addr=inet_addr (85.104.38.223)}, [16]) = 0 accept(3, {sa_family=AF_INET, sin_port=htons(4547), sin_addr=inet_addr(83.166.219.102)}, [16]) = 0 accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted) --- SIGCHLD (Child exited) @ 0 (0) --- accept(3, 0xbfffc050, [16]) = ? ERESTARTSYS (To be restarted) --- SIGCHLD (Child exited) @ 0 (0) --- accept(3, {sa_family=AF_INET, sin_port=htons(2894), sin_addr=inet_addr (85.104.38.223)}, [16]) = 0 accept(3, {sa_family=AF_INET, sin_port=htons(1268), sin_addr=inet_addr(200.88.97.100)}, [16]) = 0 accept(3, {sa_family=AF_INET, sin_port=htons(1269), sin_addr=inet_addr (200.88.97.100)}, [16]) = 0 and so on... What is it - some bug in configuration of qmail (I didn't change anything in a work spamdyke conf) or new hacker attack? P.S. I'm sorry about previous mail - I didn't wait for full stop of all smtp processes. ~~ Regards Nicholas A. Novozhilov, NAN6-RIPE NTR Lab System administrator ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] ERROR: unable to find protocol number with getprotobyname()
Wow -- I never expected anyone would see that error message. getprotobyname() is a library function that finds the ID number for the UDP protocol. (spamdyke needs that ID number so it can perform DNS queries.) Protocols and their IDs are typically listed in /etc/protocols (you can confirm this by looking at the man page for getprotobyname() on your system). In that file, look for a line like this: udp 17 UDP If you're getting this error, I'd be amazed if any UDP-based services work correctly on your server (including DNS resolutions). -- Sam Clippinger Stefan Rüdiger wrote: Hi :) i have searched allready the archives and the net but did not find anything .. i get the following error when i run spamdyke on one server: ERROR: unable to find protocol number with getprotobyname() Spamdyke works very well on 4 other servers (3 time opensuse and 1 time Debian 3.x) But on my new Server Debian 4.0 AMD64 2 GB Ram i get every time when i put spamdyke in my conf (/service/qmail-smtpd/run): QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` exec /usr/local/bin/softlimit -m 1200 \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.smtp.cdb -c $MAXSMTPD \ -u $QMAILDUID -g $NOFILESGID 0 smtp \ /usr/local/bin/spamdyke -f /etc/spamdyke.conf \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 21 the error... i use netqmail-1.05/simscan/spamassassin/clamav with the latest spamdyke version my conf for spamdyke: log-target=0 log-level=2 local-domains-file=/var/qmail/control/rcpthosts max-recipients=5 idle-timeout-secs=60 graylist-dir=/home/vpopmail/graylist graylist-min-secs=300 graylist-max-secs=1814400 sender-blacklist-file=/home/vpopmail/blacklist_senders recipient-blacklist-file=/home/vpopmail/blacklist_recipients ip-in-rdns-keyword-file=/home/vpopmail/blacklist_keywords ip-blacklist-file=/home/vpopmail/blacklist_ip rdns-blacklist-dir=/home/vpopmail/blacklist_rdns.d reject-empty-rdns reject-unresolvable-rdns reject-ip-in-cc-rdns rdns-whitelist-file=/home/vpopmail/whitelist_rdns ip-whitelist-file=/home/vpopmail/whitelist_ip greeting-delay-secs=5 check-dnsrbl=zombie.dnsbl.sorbs.net check-dnsrbl=dul.dnsbl.sorbs.net check-dnsrbl=bogons.cymru.com reject-missing-sender-mx tls-certificate-file=/var/qmail/control/servercert.pem any idea how i can fix that error? or how i can find out more about it? when i remove the line in the run conf file the error is gone .. Thanks for any help and answer :-) regards Stefan ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke passes partial emails to qmail after timeout
Most likely, this is a virus/spam filter issue. Some qmail installations pass the incoming email to Spamassassin or ClamAV before acknowledging the delivery. When that happens, spamdyke's idle timeout can trigger a disconnection if the scanner takes too long (this is common for large attachments). The best way to be sure is to enable full logging (with full-log-dir) and examine the logs for disconnected deliveries. The log will contain timestamps that will show long each response was delayed. Of course, it's also possible you've found a bug. :) In that case, I'll need to find a way to reproduce it, so I may need you to (privately) send me a few full logs along with details of your spamdyke configuration. -- Sam Clippinger Chris Robinson wrote: Hi Everyone, I run mail servers for about 30 companies (qmail /spamdyke 3.1.0 / Fedora 2.4.21) and started experiencing a problem whereby some users complained that they could send an email and it was received by the recipient corrupted multiple times in varying sizes until eventually the final version would arrive correct in full. To cut a long story short I eventually tracked it down from a string in a user's Outlook log Talk faster next time. A google revealed all. It wasn't coming from qmail but from spamdyke, which explained why I couldn't grep it in the qmail source. I've probably fixed it by setting idle-timeout-secs=1200. But what worries me is why the recipient got anything except the final good email. If spamdyke issues that 421 error then breaks the connection, the user's Outlook can justifiably assume that the email won't have been accepted by the server, nor sent to the recipient. But what seems to happen is that the part that has been received down the pipe so far has been passed by spamdyke to qmail-smtpd which has passed it to qmail-queue and thence to the local or remote recipient. Surely no 250 OK 123 qp 456 has come out of qmail? Is this a spamdyke issue or a qmail issue? Cheers, Chris Robinson ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke passes partial emails to qmailafter timeout
The changes to sendrecv aren't related to this -- sendrecv is a program I wrote only for testing spamdyke (as part of the testing scripts). It isn't involved in spamdyke's operation at all. The changes to sendrecv in 3.1.4 were needed because spamdyke was corrupting the SSL handshake. sendrecv contained a matching bug that covered the corruption and allowed the SSL handshake to proceed correctly. You're seeing this behavior because when spamdyke disconnects a remote client due to a timeout (either idle timeout or maximum connection time), it sends a terminating dot and a QUIT command to qmail. This was a judgement call on my part -- I felt that it was better to close qmail correctly and deliver whatever data had been sent than to potentially lose it if the client didn't retry. Not all clients correctly handle errors during/after the DATA command. I also assumed qmail already behaved this way, though I didn't test it. If that assumption is wrong and this is causing problems, I can easily change it. -- Sam Clippinger Chris Robinson wrote: Thanks Hartmut, I think you may be right about the sendrecv changes, specially if the child process somehow closed the connection to qmail in a way that satisfied qmail-smtpd. Could it be that the child was actually sending the SMTP terminating dot without receiving it from the departed client? Whatever. Chris - Original Message - *From:* Andreas mailto:[EMAIL PROTECTED] *To:* spamdyke users mailto:spamdyke-users@spamdyke.org *Sent:* Thursday, February 07, 2008 14:15 *Subject:* Re: [spamdyke-users] Spamdyke passes partial emails to qmailafter timeout Hi Hartmut, I had the same phenomen on 1 of my qmail-servers as long as I had a nameserver related problem. I had up to 750 processes of spamdyke. I had to reboot the server to get rid of those processes, just killing them was not enough, they immediately reappeared. Sind my nemserver works properly I have, on the same machine, just 10-20 processes of spamdyke and it works fine now. My spamdyke- version is 3.15. Bye Andreas Am Donnerstag, den 07.02.2008, 08:36 +0100 schrieb Hartmut Wernisch: I hade customers which got emails again and again in spamdyke version prior to 3.1.4. The maximum timeout I have been setting was 600. Whitelisting didn't help. Version 3.1.4 of spamdyke fixed this behaviour for me. Maybe because of the changes of sendrecv in release 3.1.4? On 06 Feb 08, Chris Robinson wrote: Maybe I didn't express myself properly. Spamdyke was timeing out the connection perfectly correctly because the client was inactive for more than 60 seconds which was spamdyke's default idle timeout. So the client's Outlook sees the disconnection and retries, often resulting in another partial copy of the same message. That is why I've probably fixed it by setting idle-timeout-secs=1200, which should handle even the slowest clients. But it's not the cause, it's the effect that concerns me. The partial message received before the disconnection (e.g. 50 Kb of a 200Kb email) has been piped to qmail-smtpd which then actually delivers it. How could qmail-smtpd deliver a message that has not been properly terminated? Does spamdyke simply close the pipe to qmail-smtpd, as would happen if qmail-smtpd were connected directly to the client and qmail-smtpd initiated the timeout? Somehow a fundamental principle of SMTP MTAs is being breached, namely that an incomplete session will never result in delivery, local or remote, of a partial message. My details: xinetd.d - server = /var/qmail/bin/tcp-env server_args = -Rt0 /usr/local/bin/spamdyke -f /usr/np/mail/spamdyke/spamdyke.conf /var/qmail/bin/qmail-smtpdauth /var/qmail/bin/checkpassword /bin/true Clamav and Spamassassin are only run after qmail-local pipes it to procmail via the .qmail file, so they can't be affecting the issue. Of course neither of those programs are run when the recipient is remote and qmail-remote handles it. But even remote recipients are receiving multiple, partial copies of the same message Cheers and thanks for the response, Chris Robinson - Original Message - From: Sam Clippinger [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] To: spamdyke users spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org Sent: Wednesday, February 06, 2008 18:11 Subject: Re: [spamdyke-users] Spamdyke passes partial emails to qmail after
Re: [spamdyke-users] Spamdyke passes partial emails to qmailafter timeout
Well as I said, I assumed qmail would send the first part of the message if the remote server disconnected without completing it but I never tested it. If that's not what qmail does, I'll remove it from spamdyke. Inserting carriage returns is a different kettle of fish, however. I personally disagree with DJB's position about strictly interpreting the RFCs -- I believe software should strictly follow RFCs when producing output and loosely follow them when accepting it. I think his position on this has created more problems than it has solved. Among other things, it really annoys me that I can't test a qmail server with a telnet session. There are only two situations I can imagine where inserting the carriage returns could possibly cause a problem. First, ESMTP allows the sender to specify the size of the message body within the DATA command. Inserting carriage returns may cause the message to be bigger than the number indicates, which may cause the mail server to truncate the message. Second, cryptographic software (e.g. PGP, GPG) work by producing a checksum from the message content. Inserting carriage returns may invalidate the signature. I haven't tested either of those things. -- Sam Clippinger Chris Robinson wrote: OK that explains everything. I honestly admire spamdyke enormously; for its clean, readable and efficient code, and for the way it turned my servers into racehorses rather than donkeys labouring under a load average around 8 to 10. I don't know what I'd do without it now. But I must honestly say that I think spamdyke should not interfere with the data stream once it's done it's job on the envelope and headers. The first thing in the README is the About Spamdyke which says ... It acts as a transparent middleman, observing the conversation without interference ..., and I feel it should honour this strictly. To be honest I'm even have my doubts about it silently inserting a carriage return before any bare line feed characters it sees. Maybe all this could be an option such as strict-transparency in the config file? Chris Robinson - Original Message - *From:* Sam Clippinger mailto:[EMAIL PROTECTED] *To:* spamdyke users mailto:spamdyke-users@spamdyke.org *Sent:* Thursday, February 07, 2008 17:14 *Subject:* Re: [spamdyke-users] Spamdyke passes partial emails to qmailafter timeout The changes to sendrecv aren't related to this -- sendrecv is a program I wrote only for testing spamdyke (as part of the testing scripts). It isn't involved in spamdyke's operation at all. The changes to sendrecv in 3.1.4 were needed because spamdyke was corrupting the SSL handshake. sendrecv contained a matching bug that covered the corruption and allowed the SSL handshake to proceed correctly. You're seeing this behavior because when spamdyke disconnects a remote client due to a timeout (either idle timeout or maximum connection time), it sends a terminating dot and a QUIT command to qmail. This was a judgement call on my part -- I felt that it was better to close qmail correctly and deliver whatever data had been sent than to potentially lose it if the client didn't retry. Not all clients correctly handle errors during/after the DATA command. I also assumed qmail already behaved this way, though I didn't test it. If that assumption is wrong and this is causing problems, I can easily change it. -- Sam Clippinger Chris Robinson wrote: Thanks Hartmut, I think you may be right about the sendrecv changes, specially if the child process somehow closed the connection to qmail in a way that satisfied qmail-smtpd. Could it be that the child was actually sending the SMTP terminating dot without receiving it from the departed client? Whatever. Chris - Original Message - *From:* Andreas mailto:[EMAIL PROTECTED] *To:* spamdyke users mailto:spamdyke-users@spamdyke.org *Sent:* Thursday, February 07, 2008 14:15 *Subject:* Re: [spamdyke-users] Spamdyke passes partial emails to qmailafter timeout Hi Hartmut, I had the same phenomen on 1 of my qmail-servers as long as I had a nameserver related problem. I had up to 750 processes of spamdyke. I had to reboot the server to get rid of those processes, just killing them was not enough, they immediately reappeared. Sind my nemserver works properly I have, on the same machine, just 10-20 processes of spamdyke and it works fine now. My spamdyke- version is 3.15. Bye Andreas Am Donnerstag, den 07.02.2008, 08:36 +0100 schrieb Hartmut Wernisch
Re: [spamdyke-users] Caching nameservers?
Yes. If your server uses 127.0.0.1 as its primary name server, you have (at least) a caching name server installed. It can also do other things, such as hosting domains, but what's important is that spamdyke's queries don't have to travel across the network. -- Sam Clippinger BC wrote: On 2/8/2008 [EMAIL PROTECTED] wrote: actually we had dnscache running on the mailservers, but an external bind nameserver (okay, one hop) answers faster the dnscache - just for the knowledge base :) I may be showing my ignorance here... I'm using djbdns configured as an external forwarding caching nameserver. It polls my ISP's (Comcast) nameserver cache which is located in the metro Denver area (I live nearby.) The responses from it are almost instantaneous. Is this the sort of thing you are talking about? ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Spamdyke passes partial emails to qmailafter timeout
I keep saying I can't test qmail with telnet -- I mean to say the command line. I can't run qmail-smtpd from the command line and give it a message. Piping a text file through it can also fail if the file isn't in DOS format. That's one of the first reasons I wrote the sendrecv program that's used by the spamdyke testing scripts. Sorry for the misstatement. -- Sam Clippinger Sam Clippinger wrote: Since I've received several complaints about the . insertion when timeouts occur, I'll remove it. It was an error on my part. As for inserting carriage returns, I stand by what I said before. Since RFC 2821 doesn't elaborate on the additional problems that have been created, I can't take its vague statement at face value. RFCs are not the law, they are documents written to describe how the internet should work in a perfect world. As a result, many SMTP servers violate RFCs in order to accommodate badly written clients. It's a matter of picking your battles; trying to force everyone to send carriage returns by rejecting their email doesn't work. It only punishes innocent users who don't know or care about RFCs. I don't believe inserting carriage returns causes any problems. If anyone can demonstrate that it does, I'll remove the feature immediately. However, if you feel strongly about it, you are free to remove it. Just change line 339 in spamdyke.c to an else instead of an else if. Then remove the final else block starting on line 344. That's it. -- Sam Clippinger PS: I can't test qmail from a telnet prompt because Linux doesn't end its lines with CRLF, just LF. I can issue the HELO, MAIL, RCPT and DATA commands but as soon as I try to type any message text, qmail cuts me off with an error message. Chris Robinson wrote: If qmail-smtpd gets a timeout it simply issues the 451 and exits without invoking qmail-queue. To pretend it had got a CRLF.CRLF would break RFC 821 and 2821. Here's exactly what it does: - qmail-sptpd.c snip -- void die_alarm() { out(451 timeout (#4.4.2)\r\n); flush(); _exit(1); } int saferead(fd,buf,len) int fd; char *buf; int len; { r = timeoutread(timeout,fd,buf,len); if (r == -1) if (errno == error_timeout) die_alarm(); } --- This is all done from within the DATA function blast() (I'm not sure if that's explosive or invective :-)) Incidentally RFC 2821 states: The custom of accepting lines ending only in LF, as a concession to non-conforming behavior on the part of some UNIX systems, has proven to cause more interoperability problems than it solves, and SMTP server systems MUST NOT do this... I'm surprised you can't test qmail with telnet. I used to do it quite regularly to check out users' complaints. Now we use SMTPAUTH it's too much of a pain to type all that encoded username/password stuff. Chris Robinson CRLF.CRLF - Original Message - *From:* Sam Clippinger mailto:[EMAIL PROTECTED] *To:* spamdyke users mailto:spamdyke-users@spamdyke.org *Sent:* Friday, February 08, 2008 07:02 *Subject:* Re: [spamdyke-users] Spamdyke passes partial emails to qmailafter timeout Well as I said, I assumed qmail would send the first part of the message if the remote server disconnected without completing it but I never tested it. If that's not what qmail does, I'll remove it from spamdyke. Inserting carriage returns is a different kettle of fish, however. I personally disagree with DJB's position about strictly interpreting the RFCs -- I believe software should strictly follow RFCs when producing output and loosely follow them when accepting it. I think his position on this has created more problems than it has solved. Among other things, it really annoys me that I can't test a qmail server with a telnet session. There are only two situations I can imagine where inserting the carriage returns could possibly cause a problem. First, ESMTP allows the sender to specify the size of the message body within the DATA command. Inserting carriage returns may cause the message to be bigger than the number indicates, which may cause the mail server to truncate the message. Second, cryptographic software (e.g. PGP, GPG) work by producing a checksum from the message content. Inserting carriage returns may invalidate the signature. I haven't tested either of those things. -- Sam Clippinger Chris Robinson wrote: OK that explains everything. I honestly admire spamdyke enormously; for its clean, readable and efficient code, and for the way it turned my servers into racehorses rather than donkeys labouring under a load average around 8 to 10. I don't know what I'd do without it now
Re: [spamdyke-users] Spamdyke - DNS - SMTP port
When spamdyke decides to filter a remote connection, it does not disconnect until there is no chance the message could be allowed. For example, even if a remote connection has no rDNS entry, it may still authenticate. In that situation, a premature disconnection will block legitimate mail, so spamdyke must wait until the SMTP conversation has moved past the point where authentication takes place. Similarly, if you are using a sender (or recipient) whitelist, spamdyke must wait until after the sender (or recipient) has been identified so the whitelist can be consulted. Within spamdyke, each filter/option postpones the disconnection until it has had a chance to run. The end result is that spamdyke will not disconnect until all the enabled options have been exhausted. DNS is definitely an issue. It's the #1 thing that causes spamdyke to run slowly. Installing a caching name server on each of your mail servers is the best way to make spamdyke run faster. You can also reduce the number of DNS RBLs and RHSBLs, since each one of those generates multiple queries. The DNS code in spamdyke is intended to resolve names as fast as possible. It constructs and sends DNS packets itself so the timeouts can be more tightly controlled (using the libc DNS functions can result in delays of 90 seconds or more per query). In current versions, the DNS behavior is not configurable. In the upcoming version, I've already modified the code to allow most of the DNS system to be controlled from the configuration file (including deactivating it completely). This includes number of retries, time between retries, name servers to use and number of simultaneous queries to perform. If you're seeing 6 DNS retries in your logs, your name servers are swamped. A retry indicates no response was received at all, most likely because the query packets were dropped. -- Sam Clippinger Ulrich Eckardt wrote: Just for statistical reasons, if it might interest. :/var/log# cat /var/log/mail.log.0 | grep DENIED | wc 1225875 19624962 233116876 :/var/log# cat /var/log/mail.log.0 | grep ALLOWED | wc 11055 176880 1993518 That gives us a 99%+ spam ratio on that machine. Spamdyke is a great software, these numbers really show it. But since we had some problems, I digged a bit more into it to find out why/what, etc.. The main reason is that the smtp port on the server is sometimes just not responding. This might be due to a hardware issue on a switch. We will change that and report back, if that solved the problem. Anyway I found some things that could be worsening the problem or just be things that could run smoother (or maybe I just don´t unerstand them and think in a wrong direction :)) Okay: First we have Timeouts ... which is, what our clients report, when they can´t reach the smtp port: :/var/log# cat /var/log/mail.log.0 | grep TIMEOUT | wc 14245 256332 2705232 This is more timeouts than ALLOWED. Feb 10 09:39:23 mail4 spamdyke[25798]: DENIED_RDNS_MISSING from: xxx mailto:[EMAIL PROTECTED] to: xxx origin_ip: 85.108.22.13 origin_rdns: (unknown) auth: (unknown) Feb 10 09:40:24 mail4 spamdyke[25798]: TIMEOUT from: xxx to: xxx origin_ip: 85.108.22.13 origin_rdns: (unknown) auth: (unknown) reason: DENIED_RDNS_MISSING This is just one example line, the others look the same. When spamdyke decided that the connection will be denied ... does it make any sense to wait for a relpy and so reach the spamdyke default timeout of 60 seconds. Isn´t that binding a slot for nothing useful? Or is it an RFC thing and you have to do it for proper handling it? Here some more of the DNS handling. Between each attempt are 10 seconds wait time ... Okay, but shouldn´t 4 times be enough? This give a minute until the connection is finally closed. :/var/log# cat /var/log/mail.log.0 | grep 'attempt 2' | wc 762537 10675518 96348031 :/var/log# cat /var/log/mail.log.0 | grep 'attempt 3' | wc 15234 213276 2025077 :/var/log# cat /var/log/mail.log.0 | grep 'attempt 4' | wc 13287 186018 1770517 :/var/log# cat /var/log/mail.log.0 | grep 'attempt 5' | wc 11268 157752 1503633 :/var/log# cat /var/log/mail.log.0 | grep 'attempt 6' | wc 5768064 70596 :/var/log# cat /var/log/mail.log.0 | grep 'attempt 7' | wc 0 0 0 And last, this is one average mailserver out of 5, which is doing 2.75 mio queries a day. Makes 13.75 queries for all 5, which is an 150 per second on average. This probably means that it will be up to 1500 per second in peak times. Is there a limit on dns queries per second on the dns servers itself or is a limit on the rootservers only allowing a certain amount of queries per server per second? Does anybody know about any limit on the dns this or the other way. xxx:~# cat /var/log/mail.log.0 | grep querying | wc 2751492 38520890 339239494
[spamdyke-users] New version: spamdyke 3.1.6
spamdyke version 3.1.6 is now available: http://www.spamdyke.org/ This version fixes two separate bugs that were corrupting messages under specific (obscure) circumstances. These were not easy to track down or reproduce -- many thanks to Andreas Galatis and Dragomir Denev for all their help with troubleshooting this one. Version 3.1.6 is backwards-compatible with version 3.1.5; simply replacing the old binary with the new one should be safe. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Another doubt
Yes. local-domains-file can be used multiple times, for exactly this reason. I can't answer your other question about simscan, sorry -- I don't use it. -- Sam Clippinger Thiago Cesar wrote: I have two files one rcpthosts with 50 domains and another file is more rcpthosts with more 200 domains, I can use two entries of local-domains-files? Example: local-domains-files=/var/qmail/control/rcpthosts local-domains-files=/var/qmail/control/morercpthosts Thanks for all, Thiago Cesar Email: [EMAIL PROTECTED] MSN: [EMAIL PROTECTED] Telefone: +55 45 35205865 http://www.kionux.com.br br http://kionux.com.br ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Multiple Zombie/Defunct qmail-smtpd Processes
Sorry for the late reply -- I'm currently on the road so email is a low priority this week. This is all very strange. If the debug version was running, I don't understand why the debug symbols didn't show up in the stack trace you sent. I also can't think of any other reasons why the OpenSSL library would hang on a read() call; I can only think to blame the 64 bit libraries but that's just a reflex, not an explanation. Without some way to reproduce this behavior, I'm not sure what else I can do to fix it. Are there any other commonalities you can find with these stalled processes? Do they seem to come from the same remote server(s)? Can you tell if the remote server(s) are running the same mail server software? Are the messages all small/large/junk/legitimate? Are the recipients the same each time? Anything along these lines? To answer your question: yes, if spamdyke is compiled without TLS support it will ignore the TLS options. -- Sam Clippinger Ken Schweigert wrote: On Mon, Feb 25, 2008 at 4:49 PM, Sam Clippinger [EMAIL PROTECTED] wrote: Hmmm. Well, it looks like the spamdyke process you attached to isn't running the binary with the debugging symbols; it probably started before you copied the new binary into place, but it doesn't matter. There's enough information to show what's going on. I did compile with the debug symbols. The resulting binary was 200K larger than the original so I knew there was something extra in there. Also it wouldn't let me overwrite the existing spamdyke binary because it was busy so I had to kill any processes that were running to put it in to place. The process is stuck inside the OpenSSL library, trying to negotiate an initial TLS connection with the remote host (gdb shows ssl23_get_client_hello() from /lib64/libssl.so.4). The negotiation is attempting to read data from the network (__read_nocancel() from /lib64/tls/libc.so.6) but there's no data available, so it's blocked forever, waiting on data that (apparently) never comes. If you enable full logging and examine the log from one of these sleeping processes, I'm sure you'd see a STARTTLS command followed by a Proceed response and nothing else. Obviously, this isn't supposed to happen -- the OpenSSL library has a timeout feature that defaults to 5 minutes. Since that's not working, I suspect there's something else going on. First, I'd check to make sure you've got the latest version of the OpenSSL library installed and the installed header files came from that version. In other words, check the version numbers on your openssl and openssl-dev RPM packages. I use Redhat's up2date utility and all packages are up to date. I've had times where features in the newest source weren't in the RPMs and had to compile openssl from source. Something I'm not afraid of doing and may consider doing in the future. Next, I notice your mail server is running a 64 bit RedHat release. Did you compile spamdyke on this machine? I recall once answering a report similar to yours where the spamdyke binary had been compiled on a 32 bit system and copied to the 64 bit system. If you're compiling elsewhere, both machines need to be 64 bit with the same version of the OpenSSL library. Yes, compiled on the server that it is running on. Not sure if there are any specific 64-bit flags that need to be set in 'configure' but I imagine they would have been picked up auto-magically. Lastly, are you using spamdyke for SMTPS (port 465)? It doesn't work well with SMTPS connections at the moment unless you run it from something like stunnel and remove the tls-certificate-file option from the configuration file. Not running on SMTPS. My users send through authenticated SMTP on 587. I have spamdyke protecting incoming smtp 25 but not on the 587 instance. My only other suggestion would be to compile spamdyke without TLS support (or remove the tls-certificate-file option) so that spamdyke doesn't attempt to accept the TLS connection itself. That would mean spamdyke wouldn't fully filter TLS connections but at least these sleeping processes would go away. I just recompiled spamdyke with './configure --disable-tls' . Is it safe to assume that since it's compiled this way that any configuration options about SSL will be ignored? Thanks for all your help! -ken I hope that helps! -- Sam Clippinger Ken Schweigert wrote: I've recompiled with debug symbols and have attached the output of what 'gdb' has. I have to admit that I don't really understand what is exactly is represented, but it doesn't look like a lot. [EMAIL PROTECTED] ~]# gdb /usr/local/bin/spamdyke GNU gdb Red Hat Linux (6.3.0.0-1.153.el4_6.2rh) Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you
Re: [spamdyke-users] SMTP AUTH Question
Actually, port 587 is what QT refers to as the submission port. I'm not entirely sure why it was created (or who created it), but QT doesn't check DNS RBLs for connections received on that port. In all other ways, it is the same as port 25. SMTPS (SMTP over SSL) uses port 465 by default. All connections to the SMTPS port must negotiate an SSL connection before any SMTP data is exchanged (just like an HTTPS connection to a web server). TLS is another name for SSL started half-way through the SMTP protocol (in other words, a partial plaintext SMTP conversation takes place before the SSL encryption begins). TLS can take place on any port. Technically speaking, TLS could take place over SMTPS but I don't know of any MUA with that capability. SMTP AUTH is separate from any encryption. It can take place on any port, no matter whether SMTPS or TLS (or neither or both) are in use. So Chris, to answer your question, spamdyke will support/honor SMTP AUTH on any port, with or without TLS. When you install spamdyke on QT, be sure to remove rblsmtpd or your roaming users will still be blocked. spamdyke will check DNS RBLs for you, so rblsmtpd is not necessary anyway. To the best of my knowledge, QT will accept SMTP AUTH on port 25. You can test this by using telnet to connect to port 25 on your mail server and looking for the AUTH banner. For example, here's a test of my server: $ telnet iconoclast.silence.org 25 Trying 208.110.65.146... Connected to iconoclast.silence.org. Escape character is '^]'. 220 iconoclast.silence.org ESMTP ehlo test 250-iconoclast.silence.org 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 0 250 AUTH LOGIN PLAIN CRAM-MD5 quit 221 iconoclast.silence.org Connection closed by foreign host. $ The 250 AUTH line indicates that my server will allow SMTP AUTH. The 250-STARTTLS line indicates TLS is supported. -- Sam Clippinger David Stiller wrote: Hi Chris, Port 587 ist the Port using TLS. Spamdyke will should on both ports. From the offical FAQ: As of version 2.6.0, spamdyke supports TLS (which is just another name for SSL). spamdyke will detect TLS and pass it through seamlessly. Obviously, none of its post-connect filters will work (e.g. graylisting) because the traffic will all be encrypted. Port 25, ist the the usual Port for SMTP, but without TLS. Dave Chris Bird schrieb: Hi, May sound like a daft question but thought I’d ask anyway, im thinking of installing spamdyke into my qmailtoaster installation for many reasons but one pressing issue in particular. We have a problem with our firewall and I cant add any rules to it until our security guys fix it which could take weeks, I need to allow roaming users to send through my mail server and therefore want to use SMTP_AUTH, however qmailtoaster’s SMTP_AUTH port is 587, is this a standard port for SMTP_AUTH or does SpamDyke set it for something different? Or does it use port 25? I know this might sound a daft question but I’ve had a long day trying to fix a broken Plesk server and my brain is fried! Thanks Chris ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] feature requests :)
rather do it correctly the first time. I plan to implement real recipient validation in the version-after-next. Enough people have asked for this that it's time to bite the bullet and reverse engineer the qmail and vpopmail authentication systems. * GeoIP support would be nice, and reading custom spamdyke.conf files based on the geoip lookup (such as spamdyke.cc.conf if it exists, then fall back to spamdyke.conf if it doesn't). I'll make a note of this one but it could be a while before I get to it. I've been considering adding a feature to spamdyke to run external scripts for checking values, to allow for situations I can't anticipate. For example, someone may want to authenticate their users with an LDAP server. If spamdyke can call an external script to do that, the administrator only has to provide the script. Perhaps geolocation could work the same way. * Likewise, custom configfiles based on the value of an environment variable like SPAMDYKECONF=/etc/spamdyke/myclientclass.config? I think the new configuration system in the next version will do what you want here. Take a look at the next version (when it's ready) and suggest this again if it doesn't meet your needs. * About using a database instead of the filesystem to store some information: I agree with most of what the FAQ has to say about this, but regarding efficiency, if the database support were built into a separate daemon process, the overhead could be kept to a minimum (the per-connection spamdyke process would only need to support a very simple query interface that would allow it to talk to the database backend daemon). This modularity would also allow arbitrary databases to be supported without modifying spamdyke. True. I'm already planning on turning spamdyke into a daemon (to replace tcpserver) and this could be done at that time. On the other hand, if I add the ability to call external scripts (as described above), those scripts could make the necessary database calls. That way, each administrator could decide for themselves if they want database support. * Could RBL/RHSBL lookups be speeded up by doing them in parallel using e.g. libadns? Or are they done in parallel already? Starting with version 3.1.0, spamdyke performs its own DNS queries (it doesn't use the system resolver library for queries) and sends some (not all) queries in parallel. Specifically, it sends A, TXT and CNAME queries to each DNS RBL/RHSBL in parallel although it still checks the DNS RBLs/RHSBLs sequentially. In the next version, I've changed that code. All DNS RBLs/RHSBLs are queried simultaneously for all response types (A, TXT and CNAME). Several DNS servers can be queried simultaneously. DNS servers, retries and timeouts are configurable. spamdyke no longer uses any part of the system resolver library. Because some DNS servers (and network hardware) become unstable when queried too aggressively, I've also added a flag to make spamdyke imitate the system resolver's behavior (one query at a time, one server at a time). * check-rhsbl tests two separate things: whether the rdns of the client is blacklisted, and whether the envelope from domain is blacklisted. I may want the latter without the former (which would also save DNS lookups). I can add this if it's something people want. I made spamdyke check both because that was how DNS RHSBLs were described everywhere I read about them. Personally, I couldn't envision a scenario where one check would be desirable but the other would not. It would be easy to separate though. * Log messages could be more succint, like for example: Accept: S:208.110.65.146:ns.silence.org H:iconoclast.silence.org F:[EMAIL PROTECTED] T:[EMAIL PROTECTED] I've tried to design the log messages to be both easily parsable by scripts and easily readable by humans. I think the current format does that reasonably well -- space separated fields are simple to break apart with perl/awk/sed/cut and the verbose labels make it easy to read. I'm not sure there's much to gain by cutting out a few dozen characters. Thanks again for all of the suggestions! -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] New version: spamdyke 3.1.7
spamdyke version 3.1.7 is now available: http://www.spamdyke.org/ This version fixes a bug in the white/blacklist file processor that was incorrectly matching domains when wildcards were used. Thanks to Tom for reporting this one. Version 3.1.7 is backwards-compatible with version 3.1.6; simply replacing the old binary with the new one should be safe. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] 3.1.6 Install.txt step 3 fails
It looks like you're missing a header file named krb5.h. On my Fedora system, that file is part of the krb5-devel package. Is that package installed on your server? -- Sam Clippinger [EMAIL PROTECTED] wrote: I am running Red Hat Enterprise Linux ES release 3 (Taroon Update 9) and unpacked spamdyke3.1.6. I get the following: [EMAIL PROTECTED] 16:12:11 spamdyke]# ./configure checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for strip... strip spamdyke checking for RSA_sign in -lcrypto... yes checking for SSL_library_init in -lssl... yes checking for OpenSSL libraries (for TLS support)... yes checking for res_search in -lresolv... yes checking for bind in -lsocket... no checking for __bind in -lsocket... no checking for inet_ntoa in -lnsl... yes checking whether anonymous inner functions are supported by default... yes checking whether nameserver constants are defined in arpa/nameser.h... yes checking whether readdir() returns the file type... yes checking whether readdir() and stat() understand whiteout files... no checking whether pid_t is an unsigned int or an unsigned long... unsigned int checking whether uid_t is an unsigned int or an unsigned long... unsigned int checking whether gid_t is an unsigned int or an unsigned long... unsigned int configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: config.h is unchanged Then the following happens: [EMAIL PROTECTED] 16:12:23 spamdyke]# make gcc -Wall -O2 -funsigned-char -c spamdyke.c In file included from /usr/include/openssl/ssl.h:179, from spamdyke.h:26, from spamdyke.c:33: /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory In file included from /usr/include/openssl/ssl.h:179, from spamdyke.h:26, from spamdyke.c:33: /usr/include/openssl/kssl.h:134: syntax error before krb5_enctype /usr/include/openssl/kssl.h:136: syntax error before '*' token /usr/include/openssl/kssl.h:137: syntax error before '}' token /usr/include/openssl/kssl.h:149: syntax error before kssl_ctx_setstring /usr/include/openssl/kssl.h:149: syntax error before '*' token /usr/include/openssl/kssl.h:150: syntax error before '*' token /usr/include/openssl/kssl.h:151: syntax error before '*' token /usr/include/openssl/kssl.h:151: syntax error before '*' token /usr/include/openssl/kssl.h:152: syntax error before '*' token /usr/include/openssl/kssl.h:153: syntax error before kssl_ctx_setprinc /usr/include/openssl/kssl.h:153: syntax error before '*' token /usr/include/openssl/kssl.h:155: syntax error before kssl_cget_tkt /usr/include/openssl/kssl.h:155: syntax error before '*' token /usr/include/openssl/kssl.h:157: syntax error before kssl_sget_tkt /usr/include/openssl/kssl.h:157: syntax error before '*' token /usr/include/openssl/kssl.h:159: syntax error before kssl_ctx_setkey /usr/include/openssl/kssl.h:159: syntax error before '*' token /usr/include/openssl/kssl.h:161: syntax error before context /usr/include/openssl/kssl.h:162: syntax error before kssl_build_principal_2 /usr/include/openssl/kssl.h:162: syntax error before context /usr/include/openssl/kssl.h:165: syntax error before kssl_validate_times /usr/include/openssl/kssl.h:165: syntax error before atime /usr/include/openssl/kssl.h:167: syntax error before kssl_check_authent /usr/include/openssl/kssl.h:167: syntax error before '*' token /usr/include/openssl/kssl.h:169: syntax error before enctype In file included from spamdyke.h:26, from spamdyke.c:33: /usr/include/openssl/ssl.h:909: syntax error before KSSL_CTX /usr/include/openssl/ssl.h:931: syntax error before '}' token make: *** [spamdyke.o] Error 1 The document says you shouldn't see any errors or warnings. Obviously I have a disconnect here. Can someone offer some suggestions. I am running a patched Qmail with TLS enabled. Bruce ___ .mdEmail and .mdSecureIM allow tramsmission of PHI in compliance with HIPAA. Each is included when you register a .md Domain Name. http://www.max.md/register.php?affid=footer1 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Black/whitelists first?
In the current version, you'd have to edit the source and it's not a small change. In the upcoming version, I've already reordered the tests this way. Changing the order will still require editing the source but the changes will be much smaller (I've refactored the filter code quite a bit). spamdyke checks DNS RBLs first because it tries to find a way to reject the incoming connection as quickly as possible. For example, if the connection matches a DNS RBL and you're not using sender/recipient whitelist files or SMTP AUTH, spamdyke will not start qmail at all -- it will imitate an SMTP server long enough to reject the connection. When I wrote that code, I judged it was more important to close qmail than to prevent DNS queries. Because so many spamdyke installations are using sender/recipient whitelists and SMTP AUTH, this logic has become outdated. -- Sam Clippinger Marc Van Houwelingen wrote: I have a domain that is constantly bombarded with incoming spam. The spam comes in by the thousands, all to random names @mydomain.com. Spamdyke is successfully blocking all of them using recipient-blacklist-file to block the domain and recipient-whitelist-file to allow the 10 or 15 actual legit exceptions. This works great - but the problem is Spamdyke usually rejects most of this incoming junk for other reasons (RDNS, RBL, etc) before even checking the blacklist file. The net result is the same of course, but my mail server ends up having done a bunch of extra DNS/RBL lookup work when it could have rejected the email simply based on the recipient. My question is: Is there a way to make Spamdyke check the recipient-[black|white]list-files before doing the other resource-costly lookups? -Marc ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] let qmail decide if it accepts a recipient before doing RHSBL?
The RHSBL filter checks rDNS names and sender addresses, not recipient addresses. It also produces permanent rejection codes, not temporary ones. If you're seeing the same sender rejected repeatedly, it's because the remote server is sending repeatedly. Also, spamdyke should be disconnecting (and killing) qmail as soon as the blacklisted sender is given (depending on your configuration -- if you're using a recipient whitelist, qmail is disconnected after the RCPT command). After that, all SMTP traffic is answered by spamdyke (with rejection codes). So at least for that short time, spamdyke is saving resources. However, with regard to blacklisted recipients, the reason spamdyke runs its filters before passing the RCPT command to qmail is because there may be multiple recipients. Once a recipient has been passed to qmail, it cannot be removed. Passing the RCPT command just to check the status code would effectively defeat spamdyke. For example, imagine an unpatched qmail server. The remote server names a blacklisted recipient, spamdyke passes it to qmail, checks the status code, then sends a rejection to the remote server. Then the remote server names a second recipient that is not blacklisted. spamdyke must allow the message to pass through because the second recipient is legitimate. However, because the first recipient was already sent to qmail, that recipient will also receive the message. -- Sam Clippinger Andras Korn wrote: Hi, since I installed spamdyke my logs are inundated with messages like this one: DENIED_RHSBL_MATCH from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 85.179.173.120 origin_rdns: e179173120.adsl.alicedsl.de auth: (unknown) The recipient address is bogus and my (patched) qmail-smtpd would reject it permanently. Apparently, since it matches a RHSBL, spamdyke rejects the message temporarily, and the same client keeps trying for a while, always costing me some resources. I think this is wasteful; it would be better to only do the RHSBL lookup after the backend qmail-smtpd accepted the recipient address. If the backend qmail-smtpd throws a permanent rejection, spamdyke could just pass it on to the client. Andras ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Feature request
The next version of spamdyke already includes this feature. -- Sam Clippinger Paolo wrote: Hi, sorry I was not clear. I mean to enable reject-empty-rdns only for some recipients domains . Thank you Ciao Paolo Il giorno 14 apr 2008, alle ore 10:30, Andras Korn ha scritto: On Mon, Apr 14, 2008 at 09:49:11AM +0200, Paolo wrote: I really think mail servers shoud reject connections from IP without rdns, I was tryng to impose it to my customers but I think I must desist for too much good mail being rejected. I't could be useful to have a per domain reject-empty-rdns, to gradually implement this feature. How do you mean, per-domain? If the IP has no rdns, there is no domain. Andras -- Andras Korn korn at chardonnay.math.bme.hu http://chardonnay.math.bme.hu/~korn/ QOTD: Bad command or file name! Go stand in the corner. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] let qmail decide if it accepts a recipient before doing RHSBL?
Andras Korn wrote: On Sun, Apr 13, 2008 at 02:55:16PM -0500, Sam Clippinger wrote: Most qmail servers run a stock version of qmail-smtpd, which will only reject recipients for relaying. They shouldn't, as stock qmail is liable to causing backscatter. No self-respecting admin should run qmail as distributed by DJB today. Mail to bogus recipients must not be accepted and then bounced later. Some mechanism must be in place to ensure that mail to bogus recipients is never accepted at all. I agree. But regardless of what /should/ be the case, the fact is that most qmail servers run the stock version of qmail-smtpd. I can't justify making a change that will make spamdyke less efficient for the majority and only slightly more efficient for the minority. I think you should always wait for RCPT TO, even if it's not necessary for whitelist decisions, because then you can log whose mail you're rejecting. rblsmtpd's inability to do this is one of its major shortcomings. spamdyke does always wait for RCPT, so that it can log the recipient. But it does not keep qmail running the entire time, if there is no chance the message will be accepted. If a recipient whitelist is not in use, there's no reason to wait. I suspect we're debating fractional efficiencies here anyway -- I've never benchmarked either scenario. Well, fwiw, I just ran a quick test: querying the handful of RBLs I have configured in parallel takes about 10 seconds (as long as it takes for the slowest of them to reply). Rejecting a mail based on the local list of valid recipients takes a good deal less than a second. Of course local file accesses are faster than DNS queries. That's not what I meant. To find real numbers, you would have to consider how many connections are accepted, how many are rejected and for what reasons. Then look at the popularity of different spamdyke features and specifically the popularity of different DNS RBLs. Use all that to find out what percentage of rejected connections could avoid the DNS queries due to local tests. Lastly, find a way to evaluate the real cost (wall time, server load and network load) of spamdyke's DNS queries versus the additional load generated by passing the extra SMTP traffic to qmail. That last step is the part I don't know how to measure. If all of those numbers were available, my instinct says the advantage of your proposed change would be very small at best. -- Sam Clippinger ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] let qmail decide if it accepts a recipient before doing RHSBL?
Yes, this is certainly possible. Right now spamdyke identifies the RBL in its message to the remote server but not in the logs. Good idea! What would be a good way to log this information (preferably without breaking existing scripts)? I'm thinking as I type here, but spamdyke already follows the rejection reason with parenthesis (when the log level is high enough) to indicate which file/line matched for file-based filters... perhaps the same could be done for RBLs/RHSBLs. Something like this: DENIED_RBL_MATCH(rbl.example.com) As for reordering the RBLs to put the often-matched ones first, the next version of spamdyke will make that less necessary. By default, it will query all RBLs simultaneously, regardless of their order. (That behavior can be prevented with a new flag -- ordering would be important in that case.) -- Sam Clippinger Michael Colvin wrote: To find real numbers, you would have to consider how many connections are accepted, how many are rejected and for what reasons. Then look at the popularity of different spamdyke features and specifically the popularity of different DNS RBLs. Use all that to find out what percentage of rejected connections could avoid the DNS queries due to local tests. Along those lines, is it possible, or can it be possible, to have spamdyke's logs indicate which DNS RBL caused a message to be rejected? I'm assuming that once a reason for rejection is found, IE, the IP is listed in a particular RBL, further tests against other RBL's in the list are not performed? Knowing, statistically, which ones have a higher rejection rate, and queuing those first in the list of RBLS might save some time. Or course, multiple RBLS could reject the same message, and the one first in line would have the higher percentage, but this would give us a way to move them around and check the results... Just a thought from a newbie to spamdyke. BTW, I LOVE Spamdyke! What a difference it has made in my system's ability to filter spam and save resources! It's a God send! Mike ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] let qmail decide if it accepts a recipient before doing RHSBL?
The aggressive DNS queries will definitely increase the momentary load on the DNS servers, because they will get a burst of simultaneous queries each time a remote server connects. However, the overall load won't go up because the long-term rate of DNS queries is determined by the rate of SMTP connections. I believe most sites will only notice an increase in spamdyke's speed with no new load on their DNS servers. The new DNS behavior is configurable though, including an option to return to the behavior used by the standard system resolver. That way, if the DNS servers are having trouble, spamdyke can be made less demanding. -- Sam Clippinger Michael Colvin wrote: Great! Of course, this feature could also be used to determine if a specific RBL is causing to many false-positives too... Running all the checks simultaneously certainly will negate the need to order them in any specific order and should make the overall process that much faster, especially if you're using multiple RBL's. What kind of effect will that have on server load? Many RBL lookups sequencially versus many RBL lookups simultaneously? Seems like the process might be faster, but will take more resources on the server? Which would likely mean a basic Push with the net result being faster handling of the session? Thanks again! Mike -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sam Clippinger Sent: Monday, April 14, 2008 9:40 AM To: spamdyke users Subject: Re: [spamdyke-users] let qmail decide if it accepts a recipient before doing RHSBL? Yes, this is certainly possible. Right now spamdyke identifies the RBL in its message to the remote server but not in the logs. Good idea! What would be a good way to log this information (preferably without breaking existing scripts)? I'm thinking as I type here, but spamdyke already follows the rejection reason with parenthesis (when the log level is high enough) to indicate which file/line matched for file-based filters... perhaps the same could be done for RBLs/RHSBLs. Something like this: DENIED_RBL_MATCH(rbl.example.com) As for reordering the RBLs to put the often-matched ones first, the next version of spamdyke will make that less necessary. By default, it will query all RBLs simultaneously, regardless of their order. (That behavior can be prevented with a new flag -- ordering would be important in that case.) -- Sam Clippinger Michael Colvin wrote: To find real numbers, you would have to consider how many connections are accepted, how many are rejected and for what reasons. Then look at the popularity of different spamdyke features and specifically the popularity of different DNS RBLs. Use all that to find out what percentage of rejected connections could avoid the DNS queries due to local tests. Along those lines, is it possible, or can it be possible, to have spamdyke's logs indicate which DNS RBL caused a message to be rejected? I'm assuming that once a reason for rejection is found, IE, the IP is listed in a particular RBL, further tests against other RBL's in the list are not performed? Knowing, statistically, which ones have a higher rejection rate, and queuing those first in the list of RBLS might save some time. Or course, multiple RBLS could reject the same message, and the one first in line would have the higher percentage, but this would give us a way to move them around and check the results... Just a thought from a newbie to spamdyke. BTW, I LOVE Spamdyke! What a difference it has made in my system's ability to filter spam and save resources! It's a God send! Mike ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] let qmail decide if it accepts a recipient before doing RHSBL?
Probably not, at least not in the next version. spamdyke's DNS system sends its queries simultaneously and accepts the first positive response it receives. The rest are discarded. In order to log them all, spamdyke would have to wait for all responses to come back, which would slow down the DNS system quite a bit (it would make spamdyke only as fast as the slowest RBL instead of the fastest). If you're just wanting to evaluate the RBLs you're using, I think you could probably do that more effectively from a daily script that analyzes the mail log, requeries RBLs and generates statistics. -- Sam Clippinger Eric Shubert wrote: I like having specific RBLs logged. I just installed spamdyke on a few qmail-toasters yesterday (replacing rblsmtpd), and was going to as about this. Michael beat me to it! ;) If simultaneous queries are being done, can all RBLs that match be logged? Perhaps a comma separated list within parenthesis. This would make it possible to gather stats on the effectiveness of the RBLs being used. Sam Clippinger wrote: Yes, this is certainly possible. Right now spamdyke identifies the RBL in its message to the remote server but not in the logs. Good idea! What would be a good way to log this information (preferably without breaking existing scripts)? I'm thinking as I type here, but spamdyke already follows the rejection reason with parenthesis (when the log level is high enough) to indicate which file/line matched for file-based filters... perhaps the same could be done for RBLs/RHSBLs. Something like this: DENIED_RBL_MATCH(rbl.example.com) As for reordering the RBLs to put the often-matched ones first, the next version of spamdyke will make that less necessary. By default, it will query all RBLs simultaneously, regardless of their order. (That behavior can be prevented with a new flag -- ordering would be important in that case.) -- Sam Clippinger Michael Colvin wrote: To find real numbers, you would have to consider how many connections are accepted, how many are rejected and for what reasons. Then look at the popularity of different spamdyke features and specifically the popularity of different DNS RBLs. Use all that to find out what percentage of rejected connections could avoid the DNS queries due to local tests. Along those lines, is it possible, or can it be possible, to have spamdyke's logs indicate which DNS RBL caused a message to be rejected? I'm assuming that once a reason for rejection is found, IE, the IP is listed in a particular RBL, further tests against other RBL's in the list are not performed? Knowing, statistically, which ones have a higher rejection rate, and queuing those first in the list of RBLS might save some time. Or course, multiple RBLS could reject the same message, and the one first in line would have the higher percentage, but this would give us a way to move them around and check the results... Just a thought from a newbie to spamdyke. BTW, I LOVE Spamdyke! What a difference it has made in my system's ability to filter spam and save resources! It's a God send! Mike ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Backscatter Spam Question
You're not alone in wanting this feature -- recipient validation is at the top of my TODO list for spamdyke's version-after-next. I'm trying my best to get the next version (4.0.0) tested and documented so I can release it, hopefully this month. Once that's done, I'll be tackling recipient validation. Checking an LDAP directory is probably not going to be possible in my first attempt, however. -- Sam Clippinger Bruce Schreiber wrote: I am receiving complaints about backscatter spam from my mail service. I would like to add a filter to block mail addressed to users that are not in my LDAP directory and drop them before Qmail starts its process. I do not seem to see any filters in the configuration that fit what I want. Does anyone have any suggestions? Thank you, Bruce ___ .mdEmail and .mdSecureIM allow tramsmission of PHI in compliance with HIPAA. Each is included when you register a .md Domain Name. http://www.max.md/register.php?affid=footer1 ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users