Re: [spamdyke-users] Spamdyke answers with incomplete SMTP message

2015-02-05 Thread Heiko Bornholdt via spamdyke-users 
To avoid this problem I’ve created the following patch:
> --- spamdyke-5.0.0.orig/spamdyke/spamdyke.c
> +++ spamdyke-5.0.0/spamdyke/spamdyke.c
> @@ -2368,6 +2368,11 @@ void middleman(int *inbound_fd, int *out
>  output_writeln(current_settings, LOG_ACTION_FILTER_FROM, 
> STDOUT_FD, SMTP_EHLO_SUCCESS, STRLEN(SMTP_EHLO_SUCCESS));
>  output_writeln(current_settings, LOG_ACTION_FILTER_FROM, 
> STDOUT_FD, SMTP_STR_CONTINUATION, STRLEN(SMTP_STR_CONTINUATION));
>  output_writeln(current_settings, LOG_ACTION_FILTER_FROM, 
> STDOUT_FD, SMTP_EHLO_TLS_INSERT, STRLEN(SMTP_EHLO_TLS_INSERT));
> +
> +/* The server said "250-STARTTLS". Add something bogus 
> because the previous line was a continuation. */
> +output_writeln(current_settings, LOG_ACTION_FILTER_FROM, 
> STDOUT_FD, SMTP_EHLO_SUCCESS, STRLEN(SMTP_EHLO_SUCCESS));
> +output_writeln(current_settings, LOG_ACTION_FILTER_FROM, 
> STDOUT_FD, SMTP_STR_DONE, STRLEN(SMTP_STR_DONE));
> +output_writeln(current_settings, LOG_ACTION_FILTER_FROM, 
> STDOUT_FD, SMTP_EHLO_NOTHING_INSERT, STRLEN(SMTP_EHLO_NOTHING_INSERT));
>  }
>else if ((filter_return & FILTER_MASK_TLS) == 
> FILTER_FLAG_TLS_REMOVE)
>  filter_return ^= FILTER_FLAG_TLS_REMOVE;

I can not guarantee that this patch won't break other components, but It seems 
to work with my configuration.

smime.p7s
Description: S/MIME cryptographic signature
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Spamdyke answers with incomplete SMTP message

2015-02-04 Thread Gary Gendel via spamdyke-users 

Sam,

I tripped over this bug but thought I didn't set things up properly.  
You've been teasing us with the next release for a while. Thanks for 
letting us know it's still on it's way.


Gary

On 02/03/2015 08:04 PM, Sam Clippinger via spamdyke-users wrote:
You're quite correct -- this is a bug in version 5.0.0.  I've got it 
fixed in the next version, hopefully to be released very soon.


-- Sam Clippinger




On Feb 2, 2015, at 1:38 PM, Heiko Bornholdt via spamdyke-users 
mailto:spamdyke-users@spamdyke.org>> wrote:



Hi,

I’m trying to replace my Spamdyke 4.3 with 5.0. I want to disable 
SSLv3 because of POODLE.


I’m using Ubuntu 12.04 LTS and have Spamdyke compiled from source 
without any special configuration.



root@andromeda:~# spamdyke --version
spamdyke 5.0.0+TLS+CONFIGTEST+DEBUG (C)2014 Sam Clippinger, samc 
(at) silence (dot) org

http://www.spamdyke.org/


This is my run-script:

root@andromeda:~# cat /etc/service/qmail-relay-submit/run
#!/bin/sh
QMAILUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
exec tcpserver -v -HPR -u $QMAILUID -g $NOFILESGID 0 587 spamdyke -f 
/etc/spamdyke-587.conf /usr/sbin/qmail-smtpd 2>&1



I have problems with submitting messages via SMTP. I have debugged 
the problem with swaks and tcpdump, and so I have discovered, that 
with my configuration Spamdyke is sending incomplete SMTP answers.


From my local computer I run:
[heiko@dhcp-172-21-37-9 ~]$ swaks -t he...@bornholdt.it 
 -f he...@andromeda.bornholdt.it 
 --server 
andromeda.bornholdt.it :587 --auth 
--auth-user=heiko

Password: s3cr3t
=== Trying andromeda.bornholdt.it 
:587...
=== Connected to andromeda.bornholdt.it 
.

<-  220 andromeda.bornholdt.it  ESMTP
-> EHLO dhcp-172-21-37-9.wlan.uni-hamburg.de.local
<** Timeout (30 secs) waiting for server response
-> HELO dhcp-172-21-37-9.wlan.uni-hamburg.de.local
<-  250 andromeda.bornholdt.it 
*** Host did not advertise authentication
-> QUIT
<-  221 andromeda.bornholdt.it 
=== Connection closed with remote host.


And on the server:

root@andromeda:~# tcpflow -i any -C -e port 587
tcpflow[9428]: listening on any
220 andromeda.bornholdt.it  ESMTP

EHLO dhcp-172-21-37-9.wlan.uni-hamburg.de.local

250-andromeda.bornholdt.it 

250-PIPELINING
250-8BITMIME
250-AUTH LOGIN PLAIN
250-STARTTLS



Nothing happens for 30 seconds and then the client aborts because of 
a timeout.


My configuration:

root@andromeda:~# cat /etc/spamdyke-587.conf
log-level=verbose
log-target=stderr
smtp-auth-level=always
smtp-auth-command=/usr/bin/checkvpw 
/usr/local/bin/heiko-smtp-auth-logger maildir

hostname-file=/var/lib/qmail/control/me
tls-level=smtp
tls-certificate-file=/etc/qmail/servercert.pem
tls-privatekey-file=/etc/qmail/servercert.pem
tls-cipher-list=kEDH:AESGCM:HIGH:+MEDIUM:TLSv1:+ALL:!RC4:!SEED:!IDEA:!RC2:!3DES:!DES:!MD5:!DSS:!aNULL:!eNULL:!ECDSA:!ECDH:!PSK:!SRP
tls-dhparams-file=/etc/ssl/private/dhparam2048.pem
qmail-morercpthosts-cdb=/var/lib/qmail/control/morercpthosts.cdb
qmail-rcpthosts-file=/dev/null



Log:
root@andromeda:~# cat /var/log/qmail/qmail-relay-submit/current | 
tai64nlocal

2015-02-02 18:33:29.206085500 tcpserver: status: 1/40
2015-02-02 18:33:29.206143500 tcpserver: pid 11591 from 134.100.17.1
2015-02-02 18:33:29.212386500 tcpserver: ok 11591 
static.199.121.76.144.clients.your-server.de 
::::144.76.121.199:587 
::::134.100.17.1::57359
2015-02-02 18:33:29.213511500 spamdyke[11591]: 
ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable 
nameserver found: 2a01:4f8:0:a111::add:9898
2015-02-02 18:33:29.213579500 spamdyke[11591]: 
ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable 
nameserver found: 2a01:4f8:0:a102::add:
2015-02-02 18:33:29.213609500 spamdyke[11591]: 
ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable 
nameserver found: 2a01:4f8:0:a0a1::add:1010

2015-02-02 18:33:59.323577500 tcpserver: end 11591 status 0
2015-02-02 18:33:59.323578500 tcpserver: status: 0/40


I think, the problem is, that the server will send “250-STARTTLS” and 
not “250 STARTTLS” (missing hyphen). So the client thinks, that the 
message is not complete and waits for the next line.


Best regards,
Heiko
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org 
http://www.spamdyke.org/mailman/listinfo/spamdyke-users




___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users




smime.p7s
Description: S/MIME Cryptographic Signature
___
spamdyke-users maili

Re: [spamdyke-users] Spamdyke answers with incomplete SMTP message

2015-02-03 Thread Sam Clippinger via spamdyke-users 
You're quite correct -- this is a bug in version 5.0.0.  I've got it fixed in 
the next version, hopefully to be released very soon.

-- Sam Clippinger




On Feb 2, 2015, at 1:38 PM, Heiko Bornholdt via spamdyke-users 
 wrote:

> Hi,
> 
> I’m trying to replace my Spamdyke 4.3 with 5.0. I want to disable SSLv3 
> because of POODLE.
> 
> I’m using Ubuntu 12.04 LTS and have Spamdyke compiled from source without any 
> special configuration.
> 
>> root@andromeda:~# spamdyke --version
>> spamdyke 5.0.0+TLS+CONFIGTEST+DEBUG (C)2014 Sam Clippinger, samc (at) 
>> silence (dot) org
>> http://www.spamdyke.org/
> 
> This is my run-script:
>> root@andromeda:~# cat /etc/service/qmail-relay-submit/run
>> #!/bin/sh
>> QMAILUID=`id -u qmaild`
>> NOFILESGID=`id -g qmaild`
>> exec tcpserver -v -HPR -u $QMAILUID -g $NOFILESGID 0 587 spamdyke -f 
>> /etc/spamdyke-587.conf /usr/sbin/qmail-smtpd 2>&1
> 
> 
> I have problems with submitting messages via SMTP. I have debugged the 
> problem with swaks and tcpdump, and so I have discovered, that with my 
> configuration Spamdyke is sending incomplete SMTP answers.
> 
> From my local computer I run:
>> [heiko@dhcp-172-21-37-9 ~]$ swaks -t he...@bornholdt.it -f 
>> he...@andromeda.bornholdt.it --server andromeda.bornholdt.it:587 --auth 
>> --auth-user=heiko
>> Password: s3cr3t
>> === Trying andromeda.bornholdt.it:587...
>> === Connected to andromeda.bornholdt.it.
>> <-  220 andromeda.bornholdt.it ESMTP
>> -> EHLO dhcp-172-21-37-9.wlan.uni-hamburg.de.local
>> <** Timeout (30 secs) waiting for server response
>> -> HELO dhcp-172-21-37-9.wlan.uni-hamburg.de.local
>> <-  250 andromeda.bornholdt.it
>> *** Host did not advertise authentication
>> -> QUIT
>> <-  221 andromeda.bornholdt.it
>> === Connection closed with remote host.
> 
> And on the server:
>> root@andromeda:~# tcpflow -i any -C -e port 587
>> tcpflow[9428]: listening on any
>> 220 andromeda.bornholdt.it ESMTP
>> 
>> EHLO dhcp-172-21-37-9.wlan.uni-hamburg.de.local
>> 
>> 250-andromeda.bornholdt.it
>> 
>> 250-PIPELINING
>> 250-8BITMIME
>> 250-AUTH LOGIN PLAIN
>> 250-STARTTLS
> 
> 
> Nothing happens for 30 seconds and then the client aborts because of a 
> timeout.
> 
> My configuration:
>> root@andromeda:~# cat /etc/spamdyke-587.conf
>> log-level=verbose
>> log-target=stderr
>> smtp-auth-level=always
>> smtp-auth-command=/usr/bin/checkvpw /usr/local/bin/heiko-smtp-auth-logger 
>> maildir
>> hostname-file=/var/lib/qmail/control/me
>> tls-level=smtp
>> tls-certificate-file=/etc/qmail/servercert.pem
>> tls-privatekey-file=/etc/qmail/servercert.pem
>> tls-cipher-list=kEDH:AESGCM:HIGH:+MEDIUM:TLSv1:+ALL:!RC4:!SEED:!IDEA:!RC2:!3DES:!DES:!MD5:!DSS:!aNULL:!eNULL:!ECDSA:!ECDH:!PSK:!SRP
>> tls-dhparams-file=/etc/ssl/private/dhparam2048.pem
>> qmail-morercpthosts-cdb=/var/lib/qmail/control/morercpthosts.cdb
>> qmail-rcpthosts-file=/dev/null
> 
> 
> Log:
>> root@andromeda:~# cat /var/log/qmail/qmail-relay-submit/current | tai64nlocal
>> 2015-02-02 18:33:29.206085500 tcpserver: status: 1/40
>> 2015-02-02 18:33:29.206143500 tcpserver: pid 11591 from 134.100.17.1
>> 2015-02-02 18:33:29.212386500 tcpserver: ok 11591 
>> static.199.121.76.144.clients.your-server.de::::144.76.121.199:587 
>> ::::134.100.17.1::57359
>> 2015-02-02 18:33:29.213511500 spamdyke[11591]: 
>> ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable nameserver 
>> found: 2a01:4f8:0:a111::add:9898
>> 2015-02-02 18:33:29.213579500 spamdyke[11591]: 
>> ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable nameserver 
>> found: 2a01:4f8:0:a102::add:
>> 2015-02-02 18:33:29.213609500 spamdyke[11591]: 
>> ERROR(load_resolver_file()@search_fs.c:752): invalid/unparsable nameserver 
>> found: 2a01:4f8:0:a0a1::add:1010
>> 2015-02-02 18:33:59.323577500 tcpserver: end 11591 status 0
>> 2015-02-02 18:33:59.323578500 tcpserver: status: 0/40
> 
> I think, the problem is, that the server will send “250-STARTTLS” and not 
> “250 STARTTLS” (missing hyphen). So the client thinks, that the message is 
> not complete and waits for the next line.
> 
> Best regards,
> Heiko
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users