I know I'm responding to a really old thread here, but I stumbled upon this trying to solve another issue.
When I set tls-level=none in /opt/spamdyke/etc/spamdyke.conf and reboot, I now completely fail the SMTP TLS checker at https://luxsci.com/smtp-tls-checker It would appear that qmail isn't doing the tls at all. Where are the settings to telling qmail to handle the tls? Is it in the run file, or elsewhere? On Wed, Jun 19, 2019 at 3:14 AM Eric Broch <[email protected]> wrote: > In /etc/spamdyke/spamdyke.conf set 'tls-level' to 'none'. > > tls-level=none > > allow qmail to do the tls and see if it works. > > > On 6/18/2019 9:07 AM, Rajesh M wrote: > > eric > > in the spamdyke.conf i can see this > tls-certificate-file=/var/qmail/control/servercert.pem > > also i am using the > /var/qmail/control/servercert.pem > for domain key signing of outgoing emails. > > rajesh > > ----- Original Message ----- > From: Eric Broch [mailto:[email protected] <[email protected]>] > To: [email protected] > Sent: Tue, 18 Jun 2019 08:52:13 -0600 > Subject: > > So you have spamdyke doing the TLS? > > On 6/18/2019 8:38 AM, Rajesh M wrote: > > Hi > > ISSUE 1 > all of a sudden we are receiving error on one of our servers for one specific > sender domain (sending from microsoft server) > > the sender domain is not able to send emails to the recepient domain on our > server. The email bounces with the following error > encryption: TLS reason: 503_MAIL_first_(#5.5.1) > > 06/18/2019 19:33:16 LOG OUTPUT TLS > DENIED_OTHER from: [email protected] to: [email protected] > origin_ip: 40.107.69.126 origin_rdns: > mail-eopbgr690126.outbound.protection.outlook.com auth: (unknown) encryption: > TLS reason: 503_MAIL_first_(#5.5.1) > 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS > QUIT > 06/18/2019 19:33:16 LOG OUTPUT TLS > ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The > operation failed due to an I/O error, Connection reset by peer > ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file > descriptor 1: Connection reset by peer > 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS > 221 ns1.HOSTNAME.com > 06/18/2019 19:33:16 LOG OUTPUT TLS > ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The > operation failed due to an I/O error, Unexpected EOF found > > 06/18/2019 19:33:16 - TLS ended and closed > > > the error log of spamdyke full-log-dir is give below follows > > > ISSUE 2 > also i noted that spamdyke log mentions as such > reset address space soft limit to infinity: please stop using the softlimit > program > > What exactly does this mean. What is the alternative to prevent large files > should i disable softlimit program in > /usr/bin/softlimit -m 64000000 \ > in the smtp run file > > require your kind help in resolving the above 2 issues > > thanks > rajesh > > 06/18/2019 19:32:54 STARTED: VERSION = 5.0.1+TLS+CONFIGTEST+DEBUG, PID = 19829 > > 06/18/2019 19:32:54 CURRENT ENVIRONMENT > PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin > PWD=/var/qmail/supervise/smtp > SHLVL=0 > PROTO=TCP > TCPLOCALIP=103.241.181.154 > TCPLOCALPORT=25 > TCPLOCALHOST=ns1.HOSTNAME.com > TCPREMOTEIP=40.107.69.126 > TCPREMOTEPORT=42264 > BADMIMETYPE= > BADLOADERTYPE=M > QMAILQUEUE=/var/qmail/bin/simscan > CHKUSER_START=ALWAYS > CHKUSER_RCPTLIMIT=50 > CHKUSER_WRONGRCPTLIMIT=10 > NOP0FCHECK=1 > DKQUEUE=/var/qmail/bin/qmail-queue.orig > DKVERIFY=DEGIJKfh > DKSIGN=/var/qmail/control/domainkeys/%/private > > 06/18/2019 19:32:54 CURRENT CONFIG > config-file=/etc/spamdyke/spamdyke.conf > dns-blacklist-entry=zen.spamhaus.org > full-log-dir=/var/log/spamdyke > graylist-dir=/var/spamdyke/graylist > graylist-max-secs=2678400 > graylist-min-secs=180 > header-blacklist-entry=From:*>,*<* > idle-timeout-secs=600 > ip-blacklist-file=/etc/spamdyke/blacklist_ip > ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords > ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords > ip-whitelist-file=/etc/spamdyke/whitelist_ip > log-level=info > max-recipients=100 > rdns-blacklist-file=/etc/spamdyke/blacklist_rdns > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > recipient-blacklist-file=/etc/spamdyke/blacklist_recipients > recipient-whitelist-file=/etc/spamdyke/whitelist_recipients > reject-empty-rdns=1 > reject-sender=no-mx > reject-sender=authentication-domain-mismatch > reject-unresolvable-rdns=1 > relay-level=normal > sender-blacklist-file=/etc/spamdyke/blacklist_senders > sender-whitelist-file=/etc/spamdyke/whitelist_senders > tls-certificate-file=/var/qmail/control/servercert.pem > > 06/18/2019 19:32:54 - Remote IP = 40.107.69.126 > > 06/18/2019 19:32:54 CURRENT CONFIG > config-file=/etc/spamdyke/spamdyke.conf > dns-blacklist-entry=zen.spamhaus.org > dns-server-ip-primary=8.8.8.8 > full-log-dir=/var/log/spamdyke > graylist-dir=/var/spamdyke/graylist > graylist-max-secs=2678400 > graylist-min-secs=180 > header-blacklist-entry=From:*>,*<* > idle-timeout-secs=600 > ip-blacklist-file=/etc/spamdyke/blacklist_ip > ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords > ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords > ip-whitelist-file=/etc/spamdyke/whitelist_ip > log-level=info > max-recipients=100 > rdns-blacklist-file=/etc/spamdyke/blacklist_rdns > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > recipient-blacklist-file=/etc/spamdyke/blacklist_recipients > recipient-whitelist-file=/etc/spamdyke/whitelist_recipients > reject-empty-rdns=1 > reject-sender=no-mx > reject-sender=authentication-domain-mismatch > reject-unresolvable-rdns=1 > relay-level=normal > sender-blacklist-file=/etc/spamdyke/blacklist_senders > sender-whitelist-file=/etc/spamdyke/whitelist_senders > tls-certificate-file=/var/qmail/control/servercert.pem > > 06/18/2019 19:32:54 - Remote rDNS = > mail-eopbgr690126.outbound.protection.outlook.com > > 06/18/2019 19:32:54 LOG OUTPUT > DEBUG(filter_rdns_missing()@filter.c:947): checking for missing rDNS; rdns: > mail-eopbgr690126.outbound.protection.outlook.com > DEBUG(filter_rdns_whitelist_file()@filter.c:1055): searching rDNS whitelist > file(s); rdns: mail-eopbgr690126.outbound.protection.outlook.com > DEBUG(filter_rdns_blacklist_file()@filter.c:1159): searching rDNS blacklist > file(s); rdns: mail-eopbgr690126.outbound.protection.outlook.com > DEBUG(filter_ip_whitelist()@filter.c:1228): searching IP whitelist file(s); > ip: 40.107.69.126 > DEBUG(filter_ip_blacklist()@filter.c:1279): searching IP blacklist file(s); > ip: 40.107.69.126 > DEBUG(filter_ip_in_rdns_whitelist()@filter.c:1380): checking for IP in rDNS > +keyword(s) in whitelist file; ip: 40.107.69.126 rdns: > mail-eopbgr690126.outbound.protection.outlook.com > DEBUG(filter_ip_in_rdns_blacklist()@filter.c:1333): checking for IP in rDNS > +keyword(s) in blacklist file; ip: 40.107.69.126 rdns: > mail-eopbgr690126.outbound.protection.outlook.com > DEBUG(filter_rdns_resolve()@filter.c:1426): checking rDNS resolution; rdns: > mail-eopbgr690126.outbound.protection.outlook.com > DEBUG(filter_dns_rbl()@filter.c:1645): checking DNS RBL(s); ip: 40.107.69.126 > DEBUG(undo_softlimit()@spamdyke.c:3203): reset address space soft limit to > infinity: please stop using the softlimit program > DEBUG(undo_softlimit()@spamdyke.c:3223): reset data segment soft limit to > infinity: please stop using the softlimit program > DEBUG(undo_softlimit()@spamdyke.c:3241): reset stack size soft limit to > infinity: please stop using the softlimit program > > 06/18/2019 19:32:54 FROM CHILD TO REMOTE: 33 bytes > 220 ns1.HOSTNAME.com ESMTP > > 06/18/2019 19:32:54 FROM REMOTE TO CHILD: 52 bytes > EHLO NAM04-CO1-obe.outbound.protection.outlook.com > > 06/18/2019 19:32:54 FROM CHILD TO REMOTE: 27 bytes250-ns1.HOSTNAME.com > > 06/18/2019 19:32:54 FROM CHILD TO REMOTE: 14 bytes > 250-STARTTLS > > 06/18/2019 19:32:54 FROM CHILD TO REMOTE: 16 bytes > 250-PIPELINING > > 06/18/2019 19:32:54 FROM CHILD TO REMOTE: 14 bytes > 250-8BITMIME > > 06/18/2019 19:32:54 FROM CHILD TO REMOTE: 19 bytes > 250-SIZE 31457280 > > 06/18/2019 19:32:54 FROM CHILD TO REMOTE: 31 bytes > 250 AUTH LOGIN PLAIN CRAM-MD5 > > 06/18/2019 19:32:55 FROM REMOTE TO CHILD: 10 bytes > STARTTLS > > 06/18/2019 19:32:55 FROM SPAMDYKE TO REMOTE: 14 bytes > 220 Proceed. > > 06/18/2019 19:32:56 LOG OUTPUT TLS > DEBUG(tls_start()@tls.c:417): TLS/SSL connection established, using cipher > AES256-GCM-SHA384, 256 bits > > 06/18/2019 19:32:56 - TLS negotiated and started > > 06/18/2019 19:32:56 FROM REMOTE TO CHILD: 52 bytes TLS > EHLO NAM04-CO1-obe.outbound.protection.outlook.com > > 06/18/2019 19:32:56 FROM CHILD TO REMOTE: 27 bytes TLS250-ns1.HOSTNAME.com > > 06/18/2019 19:32:56 FROM CHILD, FILTERED: 14 bytes TLS > 250-STARTTLS > > 06/18/2019 19:32:56 FROM CHILD TO REMOTE: 16 bytes TLS > 250-PIPELINING > > 06/18/2019 19:32:56 FROM CHILD TO REMOTE: 14 bytes TLS > 250-8BITMIME > > 06/18/2019 19:32:56 FROM CHILD TO REMOTE: 19 bytes TLS > 250-SIZE 31457280 > > 06/18/2019 19:32:56 FROM CHILD TO REMOTE: 31 bytes TLS > 250 AUTH LOGIN PLAIN CRAM-MD5 > > 06/18/2019 19:32:57 FROM REMOTE TO CHILD: 48 bytes TLS > MAIL FROM:<[email protected]> <[email protected]> SIZE=68640 > > 06/18/2019 19:32:57 LOG OUTPUT TLS > DEBUG(find_username()@spamdyke.c:127): searching for username between > positions 11 and 33: MAIL FROM:<[email protected]> > <[email protected]> SIZE=68640 > RCPT TO:<[email protected]> <[email protected]> > RCPT TO:<[email protected]> <[email protected]> > DEBUG(find_domain()@spamdyke.c:361): searching for domain between positions > 23 and 33: MAIL FROM:<[email protected]> <[email protected]> > SIZE=68640 > RCPT TO:<[email protected]> <[email protected]> > RCPT TO:<[email protected]> <[email protected]> > DEBUG(find_address()@spamdyke.c:726): found username: Rethish.Nair > DEBUG(find_address()@spamdyke.c:743): found domain: SENDER.com > DEBUG(filter_sender_whitelist()@filter.c:1871): searching sender > whitelist(s); sender: [email protected] > FILTER_SENDER_WHITELIST sender: [email protected] file: > /etc/spamdyke/whitelist_senders(781) > > 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 33 bytes TLS > 451 SPF lookup failure (#4.3.0) > > 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 40 bytes TLS > RCPT TO:<[email protected]> <[email protected]> > > 06/18/2019 19:33:16 LOG OUTPUT TLS > DEBUG(find_username()@spamdyke.c:127): searching for username between > positions 9 and 36: RCPT TO:<[email protected]> > <[email protected]> > RCPT TO:<[email protected]> <[email protected]> > DEBUG(find_domain()@spamdyke.c:361): searching for domain between positions > 16 and 36: RCPT TO:<[email protected]> <[email protected]> > RCPT TO:<[email protected]> <[email protected]> > DEBUG(find_address()@spamdyke.c:726): found username: ranjini > DEBUG(find_address()@spamdyke.c:743): found domain: dxb.RECEPIENT.com > DEBUG(find_cdb_record()@cdb.c:138): searching CDB file > /var/qmail/control/morercpthosts.cdb for 20 byte key = dxb.RECEPIENT.com, > hash = 3655419700, main index = 52, num_slots = 2, slot_num = 1 > > 06/18/2019 19:33:16 LOG OUTPUT TLS > FILTER_OTHER response: "503 MAIL first (#5.5.1)" > > 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 25 bytes TLS > 503 MAIL first (#5.5.1) > > 06/18/2019 19:33:16 LOG OUTPUT TLS > DENIED_OTHER from: [email protected] to: [email protected] > origin_ip: 40.107.69.126 origin_rdns: > mail-eopbgr690126.outbound.protection.outlook.com auth: (unknown) encryption: > TLS reason: 503_MAIL_first_(#5.5.1) > > 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 44 bytes TLS > RCPT TO:<[email protected]> <[email protected]> > > 06/18/2019 19:33:16 LOG OUTPUT TLS > DEBUG(find_username()@spamdyke.c:127): searching for username between > positions 9 and 40: RCPT TO:<[email protected]> > <[email protected]> > DEBUG(find_domain()@spamdyke.c:361): searching for domain between positions > 20 and 40: RCPT TO:<[email protected]> > <[email protected]> > DEBUG(find_address()@spamdyke.c:726): found username: nominations > DEBUG(find_address()@spamdyke.c:743): found domain: dxb.RECEPIENT.com > DEBUG(find_cdb_record()@cdb.c:138): searching CDB file > /var/qmail/control/morercpthosts.cdb for 20 byte key = dxb.RECEPIENT.com, > hash = 3655419700, main index = 52, num_slots = 2, slot_num = 1 > > 06/18/2019 19:33:16 LOG OUTPUT TLS > FILTER_OTHER response: "503 MAIL first (#5.5.1)" > > 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 25 bytes TLS > 503 MAIL first (#5.5.1) > > 06/18/2019 19:33:16 LOG OUTPUT TLS > DENIED_OTHER from: [email protected] to: [email protected] > origin_ip: 40.107.69.126 origin_rdns: > mail-eopbgr690126.outbound.protection.outlook.com auth: (unknown) encryption: > TLS reason: 503_MAIL_first_(#5.5.1) > > 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS > QUIT > > 06/18/2019 19:33:16 LOG OUTPUT TLS > ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The > operation failed due to an I/O error, Connection reset by peer > ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file > descriptor 1: Connection reset by peer > > 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS > 221 ns1.HOSTNAME.com > > 06/18/2019 19:33:16 LOG OUTPUT TLS > ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The > operation failed due to an I/O error, Unexpected EOF found > > 06/18/2019 19:33:16 - TLS ended and closed > > 06/18/2019 19:33:16 CLOSED > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
