I started digging why Spamdyke blacklisting sometimes fails on my qmailtoaster server. The cause seems to be that it's not compiled with tls support and therefore msgs received with tls encryption are not being filtered.
Is there a reason why tls is not compiled in? What I have installed is: spamdyke-5.0.1-1.qt.el8.x86_64 and here is my config-test result: # /usr/bin/spamdyke --config-file /etc/spamdyke/spamdyke.conf \ > --config-test \ > /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true spamdyke 5.0.1+CONFIGTEST+DEBUG (C)2015 Sam Clippinger, samc (at) silence (dot) org http://www.spamdyke.org/ Use --help for an option summary, --more-help for option details or see README.html for complete documentation. WARNING: Running tests as superuser root(0), group root(0). These test results may not be valid if the mail server runs as another user. ERROR: /var/qmail/bin/qmail-smtpd appears to offer TLS support. The "tls-type" and "tls-certificate-file" options are being used but TLS support is not compiled into spamdyke. Unless it is recompiled with TLS support, the following spamdyke features will not function during TLS deliveries: graylisting, sender whitelisting, sender blacklisting, sender domain MX checking, DNS RHSBL checking for sender domains, recipient whitelisting, recipient blacklisting, limited number of recipients and full logging. SUCCESS: /var/qmail/bin/qmail-smtpd does not appear to offer SMTP AUTH support. spamdyke will observe any authentication and trust its response (although that appears unlikely to happen). SUCCESS(config-file): Opened for reading: /etc/spamdyke/spamdyke.conf SUCCESS(dns-resolv-conf): Opened for reading: /etc/resolv.conf ERROR(graylist-level): The "graylist-level" option is "none" but other graylist options were given. They will all be ignored. SUCCESS(header-blacklist-file): Opened for reading: /etc/spamdyke/blacklist_headers SUCCESS(ip-blacklist-file): Opened for reading: /etc/spamdyke/blacklist_ip SUCCESS(ip-in-rdns-keyword-blacklist-file): Opened for reading: /etc/spamdyke/blacklist_keywords SUCCESS(ip-in-rdns-keyword-whitelist-file): Opened for reading: /etc/spamdyke/whitelist_keywords SUCCESS(ip-whitelist-file): Opened for reading: /etc/spamdyke/whitelist_ip SUCCESS(qmail-rcpthosts-file): Opened for reading: /var/qmail/control/rcpthosts SUCCESS(rdns-blacklist-file): Opened for reading: /etc/spamdyke/blacklist_rdns SUCCESS(rdns-whitelist-file): Opened for reading: /etc/spamdyke/whitelist_rdns SUCCESS(recipient-blacklist-file): Opened for reading: /etc/spamdyke/blacklist_recipients SUCCESS(recipient-whitelist-file): Opened for reading: /etc/spamdyke/whitelist_recipients SUCCESS(sender-blacklist-file): Opened for reading: /etc/spamdyke/blacklist_senders SUCCESS(sender-whitelist-file): Opened for reading: /etc/spamdyke/whitelist_senders ERROR(tls-certificate-file): TLS support is not compiled into this executable but a TLS certificate file was given anyway: /var/qmail/control/servercert.pem ERROR: Tests complete. Errors detected. Best, Peter
