My first thought is that the user is starting a TLS session, so spamdyke can't see the authentication. When you tested this with telnet, did spamdyke still log "auth: (unknown)"?
Could you turn on full logging (with "full-log-dir") and send me a log from one of these deliveries? It would also be helpful to see your spamdyke configuration file. -- Sam Clippinger Hartmut Wernisch wrote: > Hello, > > > today I was wondering about the logfile entries of spamdyke! My problem > was that an authenticated user "test" was sending spammails over one of my > servers. I am using qmail, vpopmail and spamdyke. > Default is that a username without domain part gets the defaultdomain > appended - > thats what I though?! > > Anyway, spamdyke shows me the authenticated user for the mail as "test" > and also my auhtlogger plugin did so! After some time tracking down this > issue I found the "real" user which was sending the mails. It was > something like (yes this domain have a lot of mail accounts:-): > > /var/vpopmail/domains/B/domainname/2/test > > The lastauth file shows the right IP address and was last accessed > exactly at the time the last spammail was sent! > > OK, now we can say, my authlogger plugin sees only "test" for the > authenticated user, therefor spamdyke only was logging "test", too .... > > > Since, the mail account belongs to one of my customers and I only have > the encrypted password I startet a simple test with telnet: > > > telnet MYMAILSERVER 25 > Trying xxx.xxx.xxx.xxx ... > Connected to MYMAILSERVER. > Escape character is '^]'. > 220 xxx.xxx.xxx.xxx ESMTP > ehlo > 250-MYMAILSERVER > 250-STARTTLS > 250-PIPELINING > 250-8BITMIME > 250 AUTH LOGIN PLAIN > auth login > 334 VXNlcm5hbWU6 > base64encodeduser > 334 UGFzc3dvcmQ6 > base64encodepass > 235 ok, go ahead (#2.0.0) > MAIL FROM: [EMAIL PROTECTED] > 250 ok > RCPT TO: [EMAIL PROTECTED] > 250 ok > DATA > 354 go ahead > > testmail > . > 250 ok 1213878789 qp 17848 > quit > 221 MYMAILSERVER > Connection closed by foreign host. > > > Luckily my first password guess was right...... > My authlogger plugin logged the right mail username with the domain > part, but spamdyke only logged "auth: (unknown)" ?! > > Something seems to be wrong here!?! > I am realy confused! Does anybody of you have an idea? > > best, > hartmut > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
