On 06/08/2011 09:53 AM, ron wrote: > Here is the log of the client that spamdyke is blocking: > 06/08/2011 12:42:45 STARTED: VERSION = 4.2.0+TLS+CONFIGTEST+DEBUG, PID = > 31888 > > 06/08/2011 12:42:45 CURRENT ENVIRONMENT > PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin > PWD=/var/qmail/supervise/smtp > SHLVL=0 > PROTO=TCP > TCPLOCALIP=65.116.220.139 > TCPLOCALPORT=25 > TCPLOCALHOST=mail2.nsii.net > TCPREMOTEIP=64.58.208.13 > TCPREMOTEPORT=59400 > BADMIMETYPE= > BADLOADERTYPE=M > CHKUSER_RCPTLIMIT=50 > CHKUSER_WRONGRCPTLIMIT=10 > DKSIGN=/var/qmail/control/domainkeys/%/private > > 06/08/2011 12:42:45 CURRENT CONFIG > config-file=/etc/spamdyke/spamdyke.conf > connection-timeout-secs=3600 > dns-blacklist-entry=zen.spamhaus.org > dns-blacklist-entry=bl.spamcop.net > full-log-dir=/var/log/spamdyke > graylist-dir=/var/spamdyke/graylist > graylist-level=always > graylist-max-secs=2678400 > graylist-min-secs=180 > greeting-delay-secs=5 > idle-timeout-secs=120 > ip-blacklist-file=/etc/spamdyke/blacklist_ip > ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords > ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords > ip-whitelist-file=/etc/spamdyke/whitelist_ip > local-domains-file=/var/qmail/control/rcpthosts > log-level=debug > max-recipients=50 > rdns-blacklist-file=/etc/spamdyke/blacklist_rdns > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > recipient-blacklist-file=/etc/spamdyke/blacklist_recipients > recipient-whitelist-file=/etc/spamdyke/whitelist_recipients > reject-empty-rdns=1 > reject-ip-in-cc-rdns=1 > reject-missing-sender-mx=1 > reject-unresolvable-rdns=1 > sender-blacklist-file=/etc/spamdyke/blacklist_senders > sender-whitelist-file=/etc/spamdyke/whitelist_senders > tls-certificate-file=/var/qmail/control/servercert.pem > > 06/08/2011 12:42:45 - Remote IP = 64.58.208.13 > > 06/08/2011 12:42:45 CURRENT CONFIG > config-file=/etc/spamdyke/spamdyke.conf > connection-timeout-secs=3600 > dns-blacklist-entry=zen.spamhaus.org > dns-blacklist-entry=bl.spamcop.net > dns-server-ip=205.171.3.65 > dns-server-ip-primary=8.8.8.8 > full-log-dir=/var/log/spamdyke > graylist-dir=/var/spamdyke/graylist > graylist-level=always > graylist-max-secs=2678400 > graylist-min-secs=180 > greeting-delay-secs=5 > idle-timeout-secs=120 > ip-blacklist-file=/etc/spamdyke/blacklist_ip > ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords > ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords > ip-whitelist-file=/etc/spamdyke/whitelist_ip > local-domains-file=/var/qmail/control/rcpthosts > log-level=debug > max-recipients=50 > rdns-blacklist-file=/etc/spamdyke/blacklist_rdns > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > recipient-blacklist-file=/etc/spamdyke/blacklist_recipients > recipient-whitelist-file=/etc/spamdyke/whitelist_recipients > reject-empty-rdns=1 > reject-ip-in-cc-rdns=1 > reject-missing-sender-mx=1 > reject-unresolvable-rdns=1 > sender-blacklist-file=/etc/spamdyke/blacklist_senders > sender-whitelist-file=/etc/spamdyke/whitelist_senders > tls-certificate-file=/var/qmail/control/servercert.pem > > 06/08/2011 12:42:45 - Remote rDNS = mail-out-01.healthways.com > > 06/08/2011 12:42:45 LOG OUTPUT > DEBUG(filter_rdns_missing()@filter.c:897): checking for missing rDNS; > rdns: mail-out-01.healthways.com > DEBUG(filter_ip_in_rdns_cc()@filter.c:928): checking for IP in rDNS > +country code; rdns: mail-out-01.healthways.com > DEBUG(filter_rdns_whitelist_file()@filter.c:1005): searching rDNS > whitelist file(s); rdns: mail-out-01.healthways.com > DEBUG(filter_rdns_blacklist_file()@filter.c:1108): searching rDNS > blacklist file(s); rdns: mail-out-01.healthways.com > DEBUG(filter_ip_whitelist()@filter.c:1176): searching IP whitelist > file(s); ip: 64.58.208.13 > FILTER_WHITELIST_IP ip: 64.58.208.13 file: /etc/spamdyke/whitelist_ip(2) > > 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 48 bytes > 220 mail2.nsii.net - Welcome to nsii.net ESMTP > > 06/08/2011 12:42:45 FROM REMOTE TO CHILD: 33 bytes > EHLO mail-out-01.healthways.com > > 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 42 bytes > 250-mail2.nsii.net - Welcome to nsii.net > > 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 14 bytes > 250-STARTTLS > > 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 16 bytes > 250-PIPELINING > > 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 14 bytes > 250-8BITMIME > > 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 19 bytes > 250-SIZE 20971520 > > 06/08/2011 12:42:45 FROM CHILD TO REMOTE: 31 bytes > 250 AUTH LOGIN PLAIN CRAM-MD5 > > 06/08/2011 12:42:46 FROM REMOTE TO CHILD: 10 bytes > STARTTLS > > 06/08/2011 12:42:46 FROM SPAMDYKE TO REMOTE: 14 bytes > 220 Proceed. > > 06/08/2011 12:42:47 - TLS negotiated and started > > 06/08/2011 12:42:47 FROM REMOTE TO CHILD: 33 bytes TLS > EHLO mail-out-01.healthways.com > > 06/08/2011 12:42:47 FROM CHILD TO REMOTE: 42 bytes TLS > 250-mail2.nsii.net - Welcome to nsii.net > > 06/08/2011 12:42:47 FROM CHILD, FILTERED: 14 bytes TLS > 250-STARTTLS > > 06/08/2011 12:42:47 FROM CHILD TO REMOTE: 16 bytes TLS > 250-PIPELINING > > 06/08/2011 12:42:47 FROM CHILD TO REMOTE: 14 bytes TLS > 250-8BITMIME > > 06/08/2011 12:42:47 FROM CHILD TO REMOTE: 19 bytes TLS > 250-SIZE 20971520 > > 06/08/2011 12:42:47 FROM CHILD TO REMOTE: 31 bytes TLS > 250 AUTH LOGIN PLAIN CRAM-MD5 > > 06/08/2011 12:44:48 FROM SPAMDYKE TO REMOTE: 37 bytes TLS > 421 Timeout. Talk faster next time. > > 06/08/2011 12:44:48 LOG OUTPUT TLS > TIMEOUT from: (unknown) to: (unknown) origin_ip: 64.58.208.13 > origin_rdns: mail-out-01.healthways.com auth: (unknown) encryption: TLS > reason: TIMEOUT > > 06/08/2011 12:44:48 - TLS ended and closed > > 06/08/2011 12:44:48 CLOSED
It appears that TLS starts, the remote says "EHLO", qmail sends back 250- replies, and the remote never replies back. Hmmm. My guess is that the implementation of TLS is somehow incompatible between the remote and spamdyke. When you test with no spamdyke, does qmail receive email from the remote with TLS? The received email header would show this somewhere, perhaps referred to as SSL. If so, I suspect there's a but in spamdyke's implementation of TLS that causes the remote to not recognize the 250- replies with TLS is active. As a temporary workaround, I expect that turning off TLS will work. Then you wouldn't need to disable spamdyke entirely. Let us know if this works too. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
