Hi Sam, many thanks for your help.
I changed my spamdyke.conf and the smtp-psa like you suggested and it works. :-)) Mails from our own users are no longer greylisted. I also checked the maillog, and I did not find any of the errors you listed. So you dont have look for bugs. Also using spamdyke for the blacklists has another advantage. I have a few users in Africa and Indonesia and the rblsmptd kicked them out very often because their providers often have "bad" IPs. Now the can bypass the blacklist check. I still have a few questions but I start a new thread for them. Again Thanks Greetings from the Black Forrest Markus Thüer -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Sam Clippinger Gesendet: Donnerstag, 24. April 2008 19:49 An: spamdyke users Betreff: Re: [spamdyke-users] Spamdyke and Plesk 8.3 You are correct -- authenticated connections should bypass graylisting and all other filters. If that isn't working, your users should be reporting lots of problems, because their MUAs (e.g. Outlook, Thunderbird) won't be able to deliver email to your server -- they'll get the graylist rejection message. First, I would recommend several changes to your configuration. You're correct that you can remove rblsmtpd and allow spamdyke to check blacklists. This is a better solution because spamdyke will not check blacklists for authenticated users (once we fix your authentication problem, that is). So you should add the following lines to your spamdyke.conf file: check-dnsrbl=list.dsbl.org check-dnsrbl=dnsbl.njabl.org check-dnsrbl=bl.spamcop.net Changes to spamdyke.conf will take effect as soon as you save the file. Also, I seem to recall that spamdyke and relaylock don't get along perfectly well; spamdyke does better when it runs before relaylock (I can't find my notes on this to explain why). Once you remove rblsmtpd and move relaylock around, your smtp_psa file should look like this: service smtp { socket_type = stream protocol = tcp wait = no disable = no user = root instances = UNLIMITED server = /var/qmail/bin/tcp-env server_args = -Rt0 /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true } To force xinetd to reload its configuration, use this command: killall -HUP xinetd If those changes don't fix the problem, there are several things you can do to troubleshoot it. The fastest way is to look at the maillog file (Plesk moves it to /usr/local/psa/var/log/maillog). Look for spamdyke log entries that start with "DENIED_GRAYLISTED" and also show a username after "auth:" at the end of the line. If you find any, that means spamdyke saw the authorization but still performed graylisting. That would be a bug, so I'll need your help to fix it. Next, look for spamdyke log entries that start with "DENIED_GRAYLISTED" and end with "auth: (unknown)". If the "to:" and "from:" indicate the messages are from your users to remote addresses, they probably should have authenticated and bypassed graylisting. If the graylist filter blocked them anyway, there might be a bug in spamdyke that isn't allowing it to snoop on the qmail authentication. If you could turn on full logging (with "full-log-dir") and send me the log of a connection that authenticated but was graylisted anyway, I would appreciate it. -- Sam Clippinger Markus Thüer wrote: > > Hi, > > I am new to this list, and first I want to say thank you for spamdyke. > > I installed it recently on a Plesk 8.3 System for greylisting and it > works fine. > > But I have problems with the authentification. I read the archive but > I am still a bit confused and I am new to server administration. So > please forgive me if I ask silly questions. > > I noticed that even mail accounts of my own domain were greylisted. > After they are authentificated they should bypass spamdyke. Shouldnt > they? > > I read that from spamdyke 3.0.0 I dont have to use the > authentifcation in spamdyke because the authtentification of qmail is > honored. > > So how do I get this working ? > > I am also using the blackhole daemon provided by plesk. Would it be > better to use spamdyke for this? > > I dont dare to simply try things out on the server, for it is a live > system with more than 400 e-mail accounts and I will (probably) be > killed if it should stop working. > > So I want to be quite confident before I start to try anything. So > please boost my confidence by giving me some hints how it should work. > > This is my spamdyke.conf: > > log-level=2 > > local-domains-file=/var/qmail/control/rcpthosts > > max-recipients=15 > > idle-timeout-secs=60 > > graylist-dir=/var/qmail/spamdyke/greylist > > graylist-min-secs=300 > > graylist-max-secs=4814400 > > #policy-url=http:/www.kapuziner.org/greylisting.html > > #sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders > > #recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients > > #ip-in-rdns-keyword-file=/var/qmail/spamdyke/blacklist_keywords > > #ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip > > #rdns-blacklist-dir=/var/qmail/spamdyke/blacklist_rdns.d > > #rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns > > #ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip > > #greeting-delay-secs=5 > > #check-dnsrbl=ix.dnsbl.manitu.net > > #check-dnsrbl=zen.spamhaus.org > > #check-dnsrbl=list.dsbl.org > > #check-dnsrbl=zombie.dnsbl.sorbs.net > > #check-dnsrbl=dul.dnsbl.sorbs.net > > #check-dnsrbl=bogons.cymru.com > > #reject-missing-sender-mx > > #reject-empty-rdns > > #reject-unresolvable-rdns > > #reject-ip-in-cc-rdns > > ls-certificate-file=/var/qmail/control/servercert.pem > > local-domains-file=/var/qmail/control/rcpthosts > > And this the smtp_psa file for xinetd.d: > > service smtp > > { > > socket_type = stream > > protocol = tcp > > wait = no > > disable = no > > user = root > > instances = UNLIMITED > > server = /var/qmail/bin/tcp-env > > server_args = -Rt0 /usr/sbin/rblsmtpd -r list.dsbl.org -r > dnsbl.njabl.org -r bl.spamcop.net /var/qmail/bin/ > > relaylock /usr/local/bin/spamdyke -f /etc/spamdyke.conf > /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/b > > in/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true > > } > > Thanks for any help. > > minorum > > ------------------------------------------------------------------------ > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
