Re: [spamdyke-users] Weird behavior with TLS and auth-level=always
What version of spamdyke are you using? I fixed a bug related to this in 5.0.1... that doesn't mean there isn't another bug, I just want to make sure you're on that version before I spend time chasing a bug that's already fixed. :) If you are on 5.0.1, could you post your configuration file that shows how to reproduce this? That'll probably save me quite a bit of time. -- Sam Clippinger On Aug 21, 2015, at 1:54 PM, Gary Gendel via spamdyke-users spamdyke-users@spamdyke.org wrote: Sam, If I use qmail with smtp auth, then spamdyke announces STARTTLS capabilities, but if I have spamdyke do it then it doesn't. It's there and works, but it isn't announced in the ehlo response. gary@abby ~ openssl s_client -starttls smtp -crlf -connect tardis.genashor.com:587 -starttls smtp CONNECTED(0003) didn't found starttls in server response, try anyway... depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA I'm trying to use spamdyke for auth because qmail auth doesn't seem to work for me. If I test checkpassword-pam outside it works, but from qmail it just hangs for a few seconds than then fails. I'll figure it out but I wanted to report this quirk. Gary ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Some stats after a couple of months; NotInFromWhiteList; Calling External Program
Pretty cool, thanks for reporting that! At this point, spamdyke doesn't support hooking in external scripts during processing. I very much want to make that happen however, since it would make it possible to invoke SpamAssassin or ClamAV within the delivery process. That's probably a couple of versions away unfortunately. -- Sam Clippinger On Aug 22, 2015, at 5:40 AM, Philip Rhoades via spamdyke-users spamdyke-users@spamdyke.org wrote: People, Here are some stats after a couple of months of happy Spamdyke usage - thanks! If I had remembered to set the logrotate number higher I would have had more data but I think the last 31 days is sufficient to illustrate some things: Total spamdyke lines in maillog files for the last 31 days: 54838 Total spamdyke ALLOWED lines in maillog files for the last 31 days: 12278 (22.4%) Total spam / phishing messages that were delivered: 165 100% Valid To email address: 105 64% No To email address: 19 12% Undisclosed Recipients: 159% Mailer Daemon bounces:138% Invalid To email address: 127% Valid To email address but NO Subject and NO From: 11% I could stop the 64% Valid To email address spams if I had a NotInFromWhiteList facility - at the expense of annoying people sometimes with failed messages and them receiving a If you are a real mailer . . note - like my previous Qmail + GreyLite + Ruby script (that was called via qmail-qfilter) setup. Except for Mailer Daemon bounces ands Valid To email address but NO SUBJECT and NO FROM, I don't even know how the other mails actually get delivered at all . . I notice the processing that spamdyke does is slower for me to send mail compared to my previous setup - but I guess it is doing more work too . . Is there any way for me to call a modified version of my old Ruby script from spamdyke as the last bit of processing before allowing an email through? Thanks again! Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: p...@pricom.com.au ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Weird behavior with TLS and auth-level=always
Sam, Yes I'm on 5.0.1. I've paired the configuration file down to: qmail-rcpthosts-file=/var/qmail/control/rcpthosts recipient-validation-command=/usr/local/bin/spamdyke-qrv reject-recipient=invalid max-recipients=5 idle-timeout-secs=300 tls-level=smtp-no-passthrough tls-certificate-file=/usr/local/etc/ssl/certs/dovecot.pem tls-privatekey-file=/usr/local/etc/ssl/private/dovecot.pem filter-level=require-auth smtp-auth-level=always smtp-auth-command=/usr/local/bin/checkpassword-pam -s smtp /bin/true If I comment out the smpt-auth-level so it uses qmail, I get the STARTTLS, this way I don't. I'm still trying to figure out the qmail auth failure. This one is a real head-stratcher. It's timing out so it looks like the pipe isn't connecting to checkpasswd-pam. I tried hard-coding the string that was sent (and works fine on external checkpasswd-pam tests) but it still times out. However, spamdyke's auth works fine which is how I discovered the above problem. Gary On 08/24/2015 12:26 PM, Sam Clippinger via spamdyke-users wrote: What version of spamdyke are you using? I fixed a bug related to this in 5.0.1... that doesn't mean there isn't another bug, I just want to make sure you're on that version before I spend time chasing a bug that's already fixed. :) If you are on 5.0.1, could you post your configuration file that shows how to reproduce this? That'll probably save me quite a bit of time. -- Sam Clippinger On Aug 21, 2015, at 1:54 PM, Gary Gendel via spamdyke-users spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org wrote: Sam, If I use qmail with smtp auth, then spamdyke announces STARTTLS capabilities, but if I have spamdyke do it then it doesn't. It's there and works, but it isn't announced in the ehlo response. gary@abby ~ openssl s_client -starttls smtp -crlf -connect tardis.genashor.com http://tardis.genashor.com:587 -starttls smtp CONNECTED(0003) didn't found starttls in server response, try anyway... depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify return:1 depth=1 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Class 1 Primary Intermediate Server CA I'm trying to use spamdyke for auth because qmail auth doesn't seem to work for me. If I test checkpassword-pam outside it works, but from qmail it just hangs for a few seconds than then fails. I'll figure it out but I wanted to report this quirk. Gary ___ spamdyke-users mailing list spamdyke-users@spamdyke.org mailto:spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users smime.p7s Description: S/MIME Cryptographic Signature ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users