Hello,
today I was wondering about the logfile entries of spamdyke! My problem was that an authenticated user "test" was sending spammails over one of my servers. I am using qmail, vpopmail and spamdyke. Default is that a username without domain part gets the defaultdomain appended - thats what I though?! Anyway, spamdyke shows me the authenticated user for the mail as "test" and also my auhtlogger plugin did so! After some time tracking down this issue I found the "real" user which was sending the mails. It was something like (yes this domain have a lot of mail accounts:-): /var/vpopmail/domains/B/domainname/2/test The lastauth file shows the right IP address and was last accessed exactly at the time the last spammail was sent! OK, now we can say, my authlogger plugin sees only "test" for the authenticated user, therefor spamdyke only was logging "test", too .... Since, the mail account belongs to one of my customers and I only have the encrypted password I startet a simple test with telnet: telnet MYMAILSERVER 25 Trying xxx.xxx.xxx.xxx ... Connected to MYMAILSERVER. Escape character is '^]'. 220 xxx.xxx.xxx.xxx ESMTP ehlo 250-MYMAILSERVER 250-STARTTLS 250-PIPELINING 250-8BITMIME 250 AUTH LOGIN PLAIN auth login 334 VXNlcm5hbWU6 base64encodeduser 334 UGFzc3dvcmQ6 base64encodepass 235 ok, go ahead (#2.0.0) MAIL FROM: [EMAIL PROTECTED] 250 ok RCPT TO: [EMAIL PROTECTED] 250 ok DATA 354 go ahead testmail . 250 ok 1213878789 qp 17848 quit 221 MYMAILSERVER Connection closed by foreign host. Luckily my first password guess was right...... My authlogger plugin logged the right mail username with the domain part, but spamdyke only logged "auth: (unknown)" ?! Something seems to be wrong here!?! I am realy confused! Does anybody of you have an idea? best, hartmut _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
