Re: [spamdyke-users] Weird behavior with TLS and auth-level=always
Sam, I compiled spamdyke myself instead of using the pkgsrc binary for Illumos and that solved the problem. I'm getting the feeling that the gcc compiler used for creating the binaries is broken. Both netqmail and spamdyke pkgsrc installations behave badly on OmniOS. My personally compiled qmail and spamdyke seem to behave as expected. Gary On 08/25/2015 08:15 PM, Sam Clippinger via spamdyke-users wrote: I'm having trouble reproducing this problem. I've tried running spamdyke with this config against both patched qmail and my own smtpdummy (in the tests folder) and both of them show the AUTH lines in every case. How did you install qmail? Is this netqmail or Plesk or QTP or? -- Sam Clippinger On Aug 24, 2015, at 11:42 AM, Gary Gendel via spamdyke-users spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org wrote: Sam, Yes I'm on 5.0.1. I've paired the configuration file down to: qmail-rcpthosts-file=/var/qmail/control/rcpthosts recipient-validation-command=/usr/local/bin/spamdyke-qrv reject-recipient=invalid max-recipients=5 idle-timeout-secs=300 tls-level=smtp-no-passthrough tls-certificate-file=/usr/local/etc/ssl/certs/dovecot.pem tls-privatekey-file=/usr/local/etc/ssl/private/dovecot.pem filter-level=require-auth smtp-auth-level=always smtp-auth-command=/usr/local/bin/checkpassword-pam -s smtp /bin/true If I comment out the smpt-auth-level so it uses qmail, I get the STARTTLS, this way I don't. I'm still trying to figure out the qmail auth failure. This one is a real head-stratcher. It's timing out so it looks like the pipe isn't connecting to checkpasswd-pam. I tried hard-coding the string that was sent (and works fine on external checkpasswd-pam tests) but it still times out. However, spamdyke's auth works fine which is how I discovered the above problem. Gary On 08/24/2015 12:26 PM, Sam Clippinger via spamdyke-users wrote: What version of spamdyke are you using? I fixed a bug related to this in 5.0.1... that doesn't mean there isn't another bug, I just want to make sure you're on that version before I spend time chasing a bug that's already fixed. :) If you are on 5.0.1, could you post your configuration file that shows how to reproduce this? That'll probably save me quite a bit of time. -- Sam Clippinger On Aug 21, 2015, at 1:54 PM, Gary Gendel via spamdyke-users spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org wrote: Sam, If I use qmail with smtp auth, then spamdyke announces STARTTLS capabilities, but if I have spamdyke do it then it doesn't. It's there and works, but it isn't announced in the ehlo response. gary@abby ~ openssl s_client -starttls smtp -crlf -connect tardis.genashor.com http://tardis.genashor.com/:587 -starttls smtp CONNECTED(0003) didn't found starttls in server response, try anyway... depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA I'm trying to use spamdyke for auth because qmail auth doesn't seem to work for me. If I test checkpassword-pam outside it works, but from qmail it just hangs for a few seconds than then fails. I'll figure it out but I wanted to report this quirk. Gary ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users smime.p7s Description: S/MIME Cryptographic Signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Weird behavior with TLS and auth-level=always
I'm having trouble reproducing this problem. I've tried running spamdyke with this config against both patched qmail and my own smtpdummy (in the tests folder) and both of them show the AUTH lines in every case. How did you install qmail? Is this netqmail or Plesk or QTP or? -- Sam Clippinger On Aug 24, 2015, at 11:42 AM, Gary Gendel via spamdyke-users spamdyke-users@spamdyke.org wrote: Sam, Yes I'm on 5.0.1. I've paired the configuration file down to: qmail-rcpthosts-file=/var/qmail/control/rcpthosts recipient-validation-command=/usr/local/bin/spamdyke-qrv reject-recipient=invalid max-recipients=5 idle-timeout-secs=300 tls-level=smtp-no-passthrough tls-certificate-file=/usr/local/etc/ssl/certs/dovecot.pem tls-privatekey-file=/usr/local/etc/ssl/private/dovecot.pem filter-level=require-auth smtp-auth-level=always smtp-auth-command=/usr/local/bin/checkpassword-pam -s smtp /bin/true If I comment out the smpt-auth-level so it uses qmail, I get the STARTTLS, this way I don't. I'm still trying to figure out the qmail auth failure. This one is a real head-stratcher. It's timing out so it looks like the pipe isn't connecting to checkpasswd-pam. I tried hard-coding the string that was sent (and works fine on external checkpasswd-pam tests) but it still times out. However, spamdyke's auth works fine which is how I discovered the above problem. Gary On 08/24/2015 12:26 PM, Sam Clippinger via spamdyke-users wrote: What version of spamdyke are you using? I fixed a bug related to this in 5.0.1... that doesn't mean there isn't another bug, I just want to make sure you're on that version before I spend time chasing a bug that's already fixed. :) If you are on 5.0.1, could you post your configuration file that shows how to reproduce this? That'll probably save me quite a bit of time. -- Sam Clippinger On Aug 21, 2015, at 1:54 PM, Gary Gendel via spamdyke-users spamdyke-users@spamdyke.org wrote: Sam, If I use qmail with smtp auth, then spamdyke announces STARTTLS capabilities, but if I have spamdyke do it then it doesn't. It's there and works, but it isn't announced in the ehlo response. gary@abby ~ openssl s_client -starttls smtp -crlf -connect tardis.genashor.com:587 -starttls smtp CONNECTED(0003) didn't found starttls in server response, try anyway... depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA I'm trying to use spamdyke for auth because qmail auth doesn't seem to work for me. If I test checkpassword-pam outside it works, but from qmail it just hangs for a few seconds than then fails. I'll figure it out but I wanted to report this quirk. Gary ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Weird behavior with TLS and auth-level=always
What version of spamdyke are you using? I fixed a bug related to this in 5.0.1... that doesn't mean there isn't another bug, I just want to make sure you're on that version before I spend time chasing a bug that's already fixed. :) If you are on 5.0.1, could you post your configuration file that shows how to reproduce this? That'll probably save me quite a bit of time. -- Sam Clippinger On Aug 21, 2015, at 1:54 PM, Gary Gendel via spamdyke-users spamdyke-users@spamdyke.org wrote: Sam, If I use qmail with smtp auth, then spamdyke announces STARTTLS capabilities, but if I have spamdyke do it then it doesn't. It's there and works, but it isn't announced in the ehlo response. gary@abby ~ openssl s_client -starttls smtp -crlf -connect tardis.genashor.com:587 -starttls smtp CONNECTED(0003) didn't found starttls in server response, try anyway... depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA I'm trying to use spamdyke for auth because qmail auth doesn't seem to work for me. If I test checkpassword-pam outside it works, but from qmail it just hangs for a few seconds than then fails. I'll figure it out but I wanted to report this quirk. Gary ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Weird behavior with TLS and auth-level=always
Sam, Yes I'm on 5.0.1. I've paired the configuration file down to: qmail-rcpthosts-file=/var/qmail/control/rcpthosts recipient-validation-command=/usr/local/bin/spamdyke-qrv reject-recipient=invalid max-recipients=5 idle-timeout-secs=300 tls-level=smtp-no-passthrough tls-certificate-file=/usr/local/etc/ssl/certs/dovecot.pem tls-privatekey-file=/usr/local/etc/ssl/private/dovecot.pem filter-level=require-auth smtp-auth-level=always smtp-auth-command=/usr/local/bin/checkpassword-pam -s smtp /bin/true If I comment out the smpt-auth-level so it uses qmail, I get the STARTTLS, this way I don't. I'm still trying to figure out the qmail auth failure. This one is a real head-stratcher. It's timing out so it looks like the pipe isn't connecting to checkpasswd-pam. I tried hard-coding the string that was sent (and works fine on external checkpasswd-pam tests) but it still times out. However, spamdyke's auth works fine which is how I discovered the above problem. Gary On 08/24/2015 12:26 PM, Sam Clippinger via spamdyke-users wrote: What version of spamdyke are you using? I fixed a bug related to this in 5.0.1... that doesn't mean there isn't another bug, I just want to make sure you're on that version before I spend time chasing a bug that's already fixed. :) If you are on 5.0.1, could you post your configuration file that shows how to reproduce this? That'll probably save me quite a bit of time. -- Sam Clippinger On Aug 21, 2015, at 1:54 PM, Gary Gendel via spamdyke-users spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org wrote: Sam, If I use qmail with smtp auth, then spamdyke announces STARTTLS capabilities, but if I have spamdyke do it then it doesn't. It's there and works, but it isn't announced in the ehlo response. gary@abby ~ openssl s_client -starttls smtp -crlf -connect tardis.genashor.com http://tardis.genashor.com:587 -starttls smtp CONNECTED(0003) didn't found starttls in server response, try anyway... depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA I'm trying to use spamdyke for auth because qmail auth doesn't seem to work for me. If I test checkpassword-pam outside it works, but from qmail it just hangs for a few seconds than then fails. I'll figure it out but I wanted to report this quirk. Gary ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users smime.p7s Description: S/MIME Cryptographic Signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Weird behavior with TLS and auth-level=always
Sam, If I use qmail with smtp auth, then spamdyke announces STARTTLS capabilities, but if I have spamdyke do it then it doesn't. It's there and works, but it isn't announced in the ehlo response. gary@abby ~ openssl s_client -starttls smtp -crlf -connect tardis.genashor.com:587 -starttls smtp CONNECTED(0003) didn't found starttls in server response, try anyway... depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA I'm trying to use spamdyke for auth because qmail auth doesn't seem to work for me. If I test checkpassword-pam outside it works, but from qmail it just hangs for a few seconds than then fails. I'll figure it out but I wanted to report this quirk. Gary smime.p7s Description: S/MIME Cryptographic Signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
