There is something else amiss here, from my reading of the logs. If
there is gobs of memory available, then do as Sam suggests and
allocate a LOT - say 300mb to the softlimit and retest. I'd wager
there will still be troubles.
On 6/9/2011 11:54 AM, spamdyke-users-requ...@spamdyke.org wrote:
Ron eliminated softlimit entirely, and still has the error.
Thanks for the suggestion though.
--
-Eric 'shubes'
On 06/10/2011 05:11 AM, BC wrote:
There is something else amiss here, from my reading of the logs. If
there is gobs of memory available, then do as Sam suggests and
allocate a LOT
Have you used your mail server without ssl certificate?
What message appears at the side of your customer? Can you share that with us?
Jose
2011/6/10 Eric Shubert e...@shubes.net:
Ron eliminated softlimit entirely, and still has the error.
Thanks for the suggestion though.
--
-Eric 'shubes'
Please read through the previous posts on the subject.
Thanks for helping.
On 06/10/2011 08:57 AM, Jose Galvez wrote:
Ok so turn off tls, how can we help you?
How can we see what's going on if we can see only.
It's not working
Just
That TLS is the problem
Please don't get angry with me, my
I'm under the impression that if you use
tls-level=none
in your spamdyke config, then it works. If you haven't tried this,
please do.
On 06/10/2011 09:11 AM, ron wrote:
When I disable spamdyke, qmail accepts the emails just fine, its when
spamdyke is enabled that
the emails can not be
Yes, it does work.
Dossy has been doing work with the client directly, she has been
emailing him
as tests also and so far he has confirmed that the issue is with
spamdyke TLS
from what I have gathered.
On 6/10/2011 12:20 PM, Eric Shubert wrote:
I'm under the impression that if you use
Thanks for verifying this.
And thanks to Dossy for delving into this.
He appears to have a good handle on the situation. I'm eager to hear
what he finds.
On 06/10/2011 09:49 AM, ron wrote:
Yes, it does work.
Dossy has been doing work with the client directly, she has been
emailing him
as
It depends, is Qmail using a different cert than Spamdyke is?
When you say you're doing TLS directly in Qmail, I'm assuming that
you're using a Qmail that has the Qmail-TLS patch applied?
http://inoa.net/qmail-tls/
Qmail-TLS appears to use $QMAILDIR/control/servercert.pem and uses 512-
and
I have downloaded and installed the current version of qmailtoaster if
that helps with
what I have installed.
On 6/10/2011 1:13 PM, Dossy Shiobara wrote:
It depends, is Qmail using a different cert than Spamdyke is?
When you say you're doing TLS directly in Qmail, I'm assuming that
you're
I'll answer for Ron, as he's using QMT, which I'm familiar with.
On 06/10/2011 10:13 AM, Dossy Shiobara wrote:
It depends, is Qmail using a different cert than Spamdyke is?
No. (per config file)
When you say you're doing TLS directly in Qmail, I'm assuming that
you're using a Qmail that has
On 6/10/11 1:30 PM, Eric Shubert wrote:
Qmail-TLS appears to use $QMAILDIR/control/servercert.pem and uses 512-
and 1024-bit DH param files, as well. I can see that Ron's Spamdyke
configuration is pointing at the same certificate, but doesn't support a
separate DH param PEM as far as I
On 06/10/2011 10:42 AM, Dossy Shiobara wrote:
On 6/10/11 1:30 PM, Eric Shubert wrote:
Qmail-TLS appears to use $QMAILDIR/control/servercert.pem and uses 512-
and 1024-bit DH param files, as well. I can see that Ron's Spamdyke
configuration is pointing at the same certificate, but doesn't
I suspect there's an interop issue between MS Exchange's Edge Transport
server SSL/TLS implementation and Spamdyke's SSL/TLS implementation.
Reviewing the Spamdyke code now, there's a few technical issues I'd like
to raise ... in a separate post, perhaps.
On 6/10/11 2:20 PM, Eric Shubert
On 06/10/2011 11:59 AM, Dossy Shiobara wrote:
I suspect there's an interop issue between MS Exchange's Edge Transport
server SSL/TLS implementation and Spamdyke's SSL/TLS implementation.
I think that's a good hunch. MS occasionally (at least) has their own
way of doing things. :(
Reviewing
arch ?
# uname -a
On 06/09/2011 05:13 AM, ron wrote:
OS is Centos 5.6
Linux kernel is 2.6.18-238.9.1.el5
Server is a DL380 G4
Centos runs under VMWare ESXi 4.0
Here is the run file.
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat
Linux mail2.nsii.net 2.6.18-238.9.1.el5 #1 SMP Tue Apr 12 18:10:56 EDT
2011 i686 i686 i386 GNU/Linux
**
On 6/9/2011 10:04 AM, Eric Shubert wrote:
arch ?
# uname -a
On 06/09/2011 05:13 AM, ron wrote:
OS is Centos 5.6
Linux kernel is 2.6.18-238.9.1.el5
Server is a DL380 G4
Centos runs under
20M seems kinda low for softlimit. Try increasing the number to see
if that makes a difference -- for example, add another zero (200M) and
retest. On my own server, softlimit is set to 80M.
Don't forget to restart the service after making the change. :)
-- Sam Clippinger
On 6/9/11 7:13 AM,
Ok, That seems to have done the trick. I received an email from the client.
I bumped it up to 128M.
Thanks
Ron
On 6/9/2011 10:12 AM, Sam Clippinger wrote:
20M seems kinda low for softlimit. Try increasing the number to see
if that makes a difference -- for example, add another zero (200M) and
Ron,
Can you do a little testing and see what's adequate? I expect that 128M
is a bit overkill. We'll need to get the QMT defaults bumped up a bit
depending on your results.
Thanks.
On 06/09/2011 07:42 AM, ron wrote:
Ok, That seems to have done the trick. I received an email from the client.
Don't forget that softlimit not only prevents misbehaving software from
running away and degrading the system's performance, but it ALSO
prevents resource starvation denial of service attacks.
On 6/9/11 11:45 AM, Sam Clippinger wrote:
Remember that the softlimit program only limits the
Right after I said everything was ok, I went to lunch all fat dumb
happy thinking it was all fixed.
While out to lunch I remembered that I left all the TLS stuff commented
out, so I uncommented them
and had her send me another test, it didnt go. So its not fixed.
*Ron Olds *
*National Service
Ok, I went in and extended the idle time out to 5mins and had her send
me another email.
Following is the log file that I got from that test:
06/09/2011 12:46:52 STARTED: VERSION = 4.2.0+TLS+CONFIGTEST+DEBUG, PID =
15900
06/09/2011 12:46:52 CURRENT ENVIRONMENT
I'm not concerned about the former, either. I pretty much exclusively
use softlimit to prevent the latter - DoS attacks.
The concern isn't about the NUMBER of concurrent connections - a
resource starvation attack can be done with very few, even 1 single
connection, depending on the
So instead of hitting the spamdyke timeout, it hit a timeout on the i/o
operation. Still doesn't point to the root cause. :(
Why softlimit doesn't issue some sort of error message is beyond me. I'm
still inclined to ditch it.
Thanks Ron.
--
-Eric 'shubes'
On 06/09/2011 09:52 AM, ron wrote:
Can you please share your daemontools run file with us?
Also, Sam - could this be related to the change in 4.2.0 that's
described by:
[4.2.0] fixes a number of bugs, including an TLS/SSL issue that can
cause spamdyke to hang forever.
From Ron's logs, it seems like after TLS/SSL has been
Ok, I removed softlimit completely and here is the log file:
Doesnt appear to be any changes
06/09/2011 13:42:34 STARTED: VERSION = 4.2.0+TLS+CONFIGTEST+DEBUG, PID =
18709
06/09/2011 13:42:34 CURRENT ENVIRONMENT
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
PWD=/var/qmail/supervise/smtp
Does anyone else have a spamdyke setup? I can try to get her to send an
email to see if there
are the same issues as what I am getting?
*Ron Olds *
*National Service Information *
145 Baker St
Marion, Ohio 43302
_ron@nsii.net_
800-235-0337 X122
On 6/9/2011 11:45 AM, Sam Clippinger wrote:
Where would I find the file if its not the one I already posted?
Can you please share your daemontools run file with us?
Also, Sam - could this be related to the change in 4.2.0 that's
described by:
[4.2.0] fixes a number of bugs, including an TLS/SSL issue that can
cause spamdyke to
I'd say that eliminates softlimit as being involved then. ;)
Everything seems to point to a bug in spamdyke. Dossy's post appears to
have a few clues.
Sam?
--
-Eric 'shubes'
On 06/09/2011 10:55 AM, ron wrote:
Ok, I removed softlimit completely and here is the log file:
Doesnt appear to be
Could you downgrade back to Spamdyke 4.1.0 from 4.2.0, and see if the
problem persists?
On 6/9/11 1:55 PM, ron wrote:
Ok, I removed softlimit completely and here is the log file:
Doesnt appear to be any changes
--
Dossy Shiobara | He realized the fastest way to change
You can have her send something to me. e...@shubes.net
My setup (current QMT) appears to be pretty close to yours.
--
-Eric 'shubes'
On 06/09/2011 11:09 AM, ron wrote:
Does anyone else have a spamdyke setup? I can try to get her to send an
email to see if there
are the same issues as what I
Just confirmed that the SSL interop problem that Ron's seeing is also a
problem in Spamdyke 4.1.0.
Going to turn all knobs to 11 and see what's really going on, here ...
On 6/9/11 2:29 PM, Eric Shubert wrote:
I'd say that eliminates softlimit as being involved then. ;)
Everything seems to
With EXCESSIVE logging turned on, the SMTP session looks like this --
06/09/2011 16:59:09 LOG OUTPUT
EXCESSIVE(middleman()@spamdyke.c:2398): read 10 bytes from network
input file descriptor 0, buffer contains 10 bytes, current position is 0
06/09/2011 16:59:09 FROM REMOTE TO CHILD: 10 bytes
I am having an issue with one of our clients sending us an email. Spamdyke
does very well with everyone else except this one domain and it blocks or
stops all mail from them. I have had to disable spamdyke because of this.
I have white listed the ip address, but it did not help. Can anyone give
me
On 06/08/2011 09:53 AM, ron wrote:
Here is the log of the client that spamdyke is blocking:
06/08/2011 12:42:45 STARTED: VERSION = 4.2.0+TLS+CONFIGTEST+DEBUG, PID =
31888
06/08/2011 12:42:45 CURRENT ENVIRONMENT
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
PWD=/var/qmail/supervise/smtp
Attached is the header of an email I received from the client while
spamdyke is disabled:
From - Wed Jun 08 12:51:38 2011
X-Account-Key: account1
X-UIDL: 1307551736.32139.mail2.nsii.net,S=2800
X-Mozilla-Status: 0011
X-Mozilla-Status2:
X-Mozilla-Keys:
To turn off TLS, I would remark out the following lines in my config file?
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp
These are the only 2 lines that show TLS
It appears that TLS starts, the remote says EHLO, qmail sends back
250- replies, and the remote never replies
On 06/08/2011 10:19 AM, ron wrote:
Received: from unknown (HELO mail-out-01.healthways.com) (64.58.208.13)
by mail2.nsii.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jun 2011
16:48:56 -
I'm not familiar enough with TLS to know exactly what DHE-RSA-AES256-SHA
is, but it appears
No, simply use:
tls-level=none
This will prohibit qmail from using TLS, which would defeat many of
spamdyke's filters.
--
-Eric 'shubes'
On 06/08/2011 10:25 AM, ron wrote:
To turn off TLS, I would remark out the following lines in my config file?
On 06/08/2011 10:59 AM, Eric Shubert wrote:
On 06/08/2011 10:19 AM, ron wrote:
Received: from unknown (HELO mail-out-01.healthways.com) (64.58.208.13)
by mail2.nsii.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jun 2011
16:48:56 -
I'm not familiar enough with TLS to know exactly
turning off TLS, I was able to receive clients email, but had an issue
with replying to her
as qmail would not accept my reply because TLS was turned off. I
disabled spamdyke for
now. Here is the log for the client when TLS was turned off:
06/08/2011 14:36:20 STARTED: VERSION =
The first cipher listed is the same one that qmail used with a
successful transmission.
Looks to me from all of this that there is a bug in spamdyke with
regards to that particular remote server software and TLS.
I think this is the point where Sam can best continue helping to debug
this
OK, I'll try to run back through this thread and respond to the various
questions in one email...
To turn off TLS in spamdyke, you can do one of several things. You can
prohibit both spamdyke and qmail from using TLS by using this option:
tls-level=none
Or you can simply remove/comment
43 matches
Mail list logo
