I will send you a full log later this day. - QMail was originally installed by Plesk (8.0) - I recompiled QMail a few months ago with a greylist patch, which worked flawless (but not as good as spamdyke) - I month ago i switched to Spamdyke and manually Reinstalled Qmail - maybe something went terrible wrong there? :) ( I will have a deeper look into the authentication stuff later this day ... maybe something isn't configured correctly)
--Stefan > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] [mailto:spamdyke-users- > [EMAIL PROTECTED] Im Auftrag von Sam Clippinger > Gesendet: Montag, 19. Mai 2008 05:27 > An: spamdyke users > Betreff: Re: [spamdyke-users] SMTP auth and spamhaus issues with "The > Bat" > > I don't understand either. Could you enable full logging in spamdyke > (with "full-log-dir") and send a log file from one of these connections > to me? > > Also, out of curiosity, how did you install qmail? Did you use > qmailrocks, LifeWithQmail or some other tutorial/distribution? > > -- Sam Clippinger > > Stefan Pausch wrote: > > I changed the configuration with no effect. I remembered the log > window in > > "The Bat" and had a look: > > > > 18.05.2008, 22:30:35: SEND - sending mail message(s) - 1 message(s) > in > > queue > > 18.05.2008, 22:30:35: SEND - connected to SMTP server > > 18.05.2008, 22:30:35: SEND - authenticating (software CRAM-MD5)... > > 18.05.2008, 22:30:35: SEND - Server reports error. The response is: > out of > > memory (#4.3.0) > > 18.05.2008, 22:30:35: SEND - authenticating (plain)... > > 18.05.2008, 22:30:37: SEND - Server reports error. The response is: > auth > > failure > > 18.05.2008, 22:30:37: SEND - authenticating (login)... > > 18.05.2008, 22:30:37: SEND - WARNING: authentication failed > > 18.05.2008, 22:30:37: SEND - sending message to [EMAIL PROTECTED] > > !18.05.2008, 22:30:37: SEND - Server reports error. The response is: > > http://www.spamhaus.org/query/bl?ip=91.1.194.50 See: > > http://stefanpausch.com/greylist.php > > !18.05.2008, 22:30:37: SEND - Server reports error. The response is: > > http://www.spamhaus.org/query/bl?ip=91.1.194.50 See: > > http://stefanpausch.com/greylist.php > > 18.05.2008, 22:30:37: SEND - connection finished - 0 message(s) > sent > > 18.05.2008, 22:30:37: SEND - Some messages were not sent - check > the log > > for details > > > > Looks like "plain" authentication fails. I wonder why. I used > > "/var/qmail/bin/qmail-smtpd /var/qmail/bin/true" instead of > > "/var/qmail/bin/qmail-smtp", because without "/var/qmail/bin/true" i > > couldn't auth at all - didn't fully test this, just saw a weird error > > message in the log files: > > > > smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net > [91.1.194.50] > > smtp_auth: smtp_auth: exit 2 at point 9 > > smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net > [91.1.194.50] > > smtp_auth: smtp_auth: exit 2 at point 9 > > > > Any other ideas what could be the cause? > > > > Just for completion my /etc/inetd.conf ... maybe something is wrong > there: > > > > poppassd stream tcp nowait/1000 root /usr/sbin/tcpd > > /opt/psa/admin/bin/poppassd > > smtp stream tcp nowait.1000 root /var/qmail/bin/tcp-env tcp-env -Rt0 > > /usr/bin/env SMTPAUTH=1 POPLOCK_TIME=20 END=1 > /var/qmail/bin/relaylock > > /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail- > smtpd > > /var/qmail/bin/smtp_auth /var/qmail/bin/true > > smtps stream tcp nowait.1000 root /var/qmail/bin/tcp-env tcp-env -Rt0 > > /usr/bin/env SMTPAUTH=1 POPLOCK_TIME=20 END=1 > /var/qmail/bin/relaylock > > /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail- > smtpd > > /var/qmail/bin/smtp_auth /var/qmail/bin/true > > > > Thanks alot for the help. > > > > --Stefan > > > > > >> -----Ursprüngliche Nachricht----- > >> Von: [EMAIL PROTECTED] [mailto:spamdyke-users- > >> [EMAIL PROTECTED] Im Auftrag von Sam Clippinger > >> Gesendet: Sonntag, 18. Mai 2008 22:20 > >> An: spamdyke users > >> Betreff: Re: [spamdyke-users] SMTP auth and spamhaus issues with > "The > >> Bat" > >> > >> My best guess is that your qmail is advertising an encrypted > >> authentication protocol (probably CRAM-MD5) that it doesn't actually > >> support, perhaps because your passwords are not stored in an > >> unencrypted > >> format. My theory is supported by your discovery of the > >> "mail.smtpserver.default.trySecAuth" setting in Thunderbird -- that > >> value probably controls whether Thunderbird uses encrypted > protocols. > >> When the clients try to authenticate with the encrypted protocol, > they > >> fail. > >> > >> Try this: edit your "run" file where spamdyke's and qmail's command > >> lines are found. At the end of the line, you'll probably see this: > >> /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth > >> /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true > >> Edit that portion to just this: > >> /var/qmail/bin/qmail-smtpd > >> Restart qmail so the change will take effect. > >> > >> This change _should_ prevent qmail from advertising SMTP AUTH, > >> including > >> the encrypted protocols it doesn't support. However, because > >> spamdyke's > >> configuration file includes the "smtp-auth-command" lines, spamdyke > >> will > >> advertise unencrypted SMTP AUTH on qmail's behalf. It will process > the > >> authentications and disable its filters. If my theory is correct, > this > >> change should solve your problem. > >> > >> -- Sam Clippinger > >> > >> Stefan Pausch wrote: > >> > >>> Thanks for the response. I will go more into detail : > >>> > >>> - i won't strip the IP or eMails from the logs. Enjoy my data :P > >>> - I guess i have an issue with non-plaintext SMTP-Authentication > with > >>> > >> QMail > >> > >>> (Plesk 8.4 installation). Maybe i have to patch the basic qmail > >>> installation? > >>> - Outlook works fine. No issues here. > >>> - Log entrys for Outlook and patched thunderbird2: > >>> > >>> spamdyke[25426]: INFO: found A record for p5b01c232.dip.t- > dialin.net: > >>> 91.1.194.50 > >>> smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net > >>> > >> [91.1.194.50] > >> > >>> smtp_auth: smtp_auth: SMTP user : logged in from > >>> (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] > >>> smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net > >>> > >> [91.1.194.50] > >> > >>> smtp_auth: smtp_auth: SMTP user : logged in from > >>> (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] > >>> spamdyke[25426]: ALLOWED from: [EMAIL PROTECTED] to: > >>> > >> [EMAIL PROTECTED] > >> > >>> origin_ip: 91.1.194.50 origin_rdns: p5b01c232.dip.t-dialin.net > auth: > >>> [EMAIL PROTECTED] > >>> > >>> - Thunderbird and "The Bat" show following log entries with SMTP- > Auth > >>> enabled, Non secure connection and correct password (pop3 auth > >>> > >> works!): > >> > >>> spamdyke[22736]: INFO: found A record for p5b01c232.dip.t- > dialin.net: > >>> 91.1.194.50 > >>> spamdyke[22736]: INFO: found TXT record for > >>> > >> 50.194.1.91.zen.spamhaus.org: > >> > >>> http://www.spamhaus.org/query/bl?ip=91.1.194.50 > >>> ... > >>> smtp_auth: smtp_auth: FAILED: - password incorrect () from > >>> (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] > >>> spamdyke[24578]: DENIED_RBL_MATCH from: [EMAIL PROTECTED] to: > >>> [EMAIL PROTECTED] origin_ip: 91.1.194.50 origin_rdns: > >>> p5b01c232.dip.t-dialin.net auth: (unknown) > >>> (dont worry about the spamdyke ids ... i just dont find the correct > >>> > >> lines > >> > >>> anymore, but the the output is exat the same, besides the ids) > >>> > >>> - If i change the about:config "mail.smtpserver.default.trySecAuth" > >>> > >> value in > >> > >>> Thunderbird 2 from "true" to "false" thunderbird users can send > >>> > >> emails > >> > >>> - Is this a issue with spamdyke ( i guess not ) or directly with > >>> qmail-smtp-auth which doesn't understand a crypted smtp-auth query? > - > >>> > >> Is > >> > >>> there an easy way to fix, or do i really have to recompile qmail > >>> > >> (again.. > >> > >>> sigh)? > >>> > >>> --Stefan > >>> > >>> > >>> > >>> > >>> > >>>> -----Ursprüngliche Nachricht----- > >>>> Von: [EMAIL PROTECTED] [mailto:spamdyke-users- > >>>> [EMAIL PROTECTED] Im Auftrag von Sam Clippinger > >>>> Gesendet: Sonntag, 18. Mai 2008 18:28 > >>>> An: spamdyke users > >>>> Betreff: Re: [spamdyke-users] SMTP auth and spamhaus issues with > >>>> > >> "The > >> > >>>> Bat" > >>>> > >>>> I use Thunderbird myself and I've never had any problems. I'm not > >>>> > >> sure > >> > >>>> what you mean by "wrong authentication type". > >>>> > >>>> Could you enable full logging and send me a log from a connection > >>>> > >> that > >> > >>>> authenticates and is still blocked? > >>>> > >>>> -- Sam Clippinger > >>>> > >>>> Stefan Pausch wrote: > >>>> > >>>> > >>>>> I just ran into a DENIED_RBL_MATCH issue with "The Bat" > >>>>> (http://ritlabs.com/) users. The user uses the latest version of > >>>>> > >> "The > >> > >>>> Bat" > >>>> > >>>> > >>>>> with SMTP Auth and no SSL Authentifications on and gets denied > due > >>>>> > >>>>> > >>>> the > >>>> > >>>> > >>>>> spamhaus listing . > >>>>> > >>>>> I guess it is the same issue as with thunderbird, which uses a > >>>>> > >>>>> > >>>> "wrong" > >>>> > >>>> > >>>>> authentication type. I tested "The bat with several settings" and > >>>>> > >>>>> > >>>> couldn't > >>>> > >>>> > >>>>> find a solution for the error > >>>>> > >>>>> Has any of you a solution for ths smtp-auth misbehavior? > >>>>> > >>>>> System: Debian, qmail, spamdyke > >>>>> > >>>>> Spamdyke.conf: > >>>>> > >>>>> 1 log-level=2 > >>>>> 2 log-target=1 > >>>>> 3 local-domains-file=/var/qmail/control/rcpthosts > >>>>> 4 idle-timeout-secs=300 > >>>>> 5 graylist-dir=/var/qmail/spamdyke/greylist > >>>>> 6 graylist-min-secs=300 > >>>>> 7 graylist-max-secs=4814400 > >>>>> 8 policy-url=http://stefanpausch.com/greylist.php > >>>>> 9 sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders > >>>>> 10 recipient-blacklist- > >>>>> > >> file=/var/qmail/spamdyke/blacklist_recipients > >> > >>>>> 11 ip-in-rdns-keyword- > file=/var/qmail/spamdyke/blacklist_keywords > >>>>> 12 ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip > >>>>> 13 rdns-blacklist-dir=/var/qmail/spamdyke/blacklist_rdns.d > >>>>> 14 rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns > >>>>> 15 ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip > >>>>> 16 sender-whitelist-file=/var/qmail/spamdyke/whitelist_sender > >>>>> 17 greeting-delay-secs=3 > >>>>> 18 tls-certificate-file=/var/qmail/control/servercert.pem > >>>>> 19 local-domains-file=/var/qmail/control/rcpthosts > >>>>> 20 smtp-auth-command=/var/qmail/bin/smtp_auth > /var/qmail/bin/true > >>>>> 21 smtp-auth-command=/var/qmail/bin/cmd5checkpw > >>>>> > >> /var/qmail/bin/true > >> > >>>>> 22 check-dnsrbl=ix.dnsbl.manitu.net > >>>>> 23 #check-dnsrbl=zen.spamhaus.org > >>>>> 24 check-dnsrbl=list.dsbl.org > >>>>> 25 check-dnsrbl=zombie.dnsbl.sorbs.net > >>>>> 26 check-dnsrbl=dul.dnsbl.sorbs.net > >>>>> 27 check-dnsrbl=bogons.cymru.com > >>>>> 28 reject-missing-sender-mx > >>>>> 29 reject-empty-rdns > >>>>> 30 reject-unresolvable-rdns > >>>>> 31 tls-certificate-file=/var/qmail/control/servercert.pem > >>>>> 32 hostname-file=/var/qmail/control/me > >>>>> > >>>>> > >>>>> __________ Information from ESET NOD32 Antivirus, version of > virus > >>>>> > >>>>> > >>>> signature > >>>> > >>>> > >>>>> database 3106 (20080516) __________ > >>>>> > >>>>> The message was checked by ESET NOD32 Antivirus. > >>>>> > >>>>> http://www.eset.com > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> spamdyke-users mailing list > >>>>> [email protected] > >>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >>>>> > >>>>> > >>>>> > >>>> _______________________________________________ > >>>> spamdyke-users mailing list > >>>> [email protected] > >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >>>> > >>>> __________ Information from ESET NOD32 Antivirus, version of virus > >>>> signature database 3106 (20080516) __________ > >>>> > >>>> The message was checked by ESET NOD32 Antivirus. > >>>> > >>>> http://www.eset.com > >>>> > >>>> > >>> > >>> __________ Information from ESET NOD32 Antivirus, version of virus > >>> > >> signature > >> > >>> database 3106 (20080516) __________ > >>> > >>> The message was checked by ESET NOD32 Antivirus. > >>> > >>> http://www.eset.com > >>> > >>> > >>> _______________________________________________ > >>> spamdyke-users mailing list > >>> [email protected] > >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >>> > >>> > >> _______________________________________________ > >> spamdyke-users mailing list > >> [email protected] > >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >> > >> __________ Information from ESET NOD32 Antivirus, version of virus > >> signature database 3106 (20080516) __________ > >> > >> The message was checked by ESET NOD32 Antivirus. > >> > >> http://www.eset.com > >> > > > > > > _______________________________________________ > > spamdyke-users mailing list > > [email protected] > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > __________ Information from ESET NOD32 Antivirus, version of virus > signature database 3108 (20080519) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
