sorry for the delay, I am very busy at the moment!
On 19 Jun 08, Sam Clippinger wrote: > My first thought is that the user is starting a TLS session, so spamdyke > can't see the authentication. When you tested this with telnet, did > spamdyke still log "auth: (unknown)"? yes > > Could you turn on full logging (with "full-log-dir") and send me a log > from one of these deliveries? It would also be helpful to see your > spamdyke configuration file. I hope I can provide a full log in the near future. It's a production server and I have to do a lot of other things right now. spamdyke configuration file: log-level=2 local-domains-file=/var/qmail/control/rcpthosts local-domains-file=/var/qmail/control/morercpthosts #max-recipients=5 idle-timeout-secs=60 #graylist-dir=/home/vpopmail/graylist #graylist-min-secs=300 #graylist-max-secs=1814400 policy-url=http://XXXXXXXXXXXX.XX/XXXXXX sender-blacklist-file=/var/qmail/control/blacklist_senders #sender-whitelist-file=/var/qmail/control/whitelist_senders recipient-blacklist-file=/var/qmail/control/blacklist_recipients recipient-whitelist-file=/var/qmail/control/whitelist_recipients #ip-in-rdns-keyword-file=/var/qmail/control/blacklist_keywords ip-blacklist-file=/var/qmail/control/blacklist_ip reject-empty-rdns reject-unresolvable-rdns reject-missing-sender-mx #reject-ip-in-cc-rdns rdns-whitelist-file=/var/qmail/control/whitelist_rdns #rdns-blacklist-dir=/var/qmail/control/blacklist_rdns.d #rdns-blacklist-file=/var/qmail/control/blacklist_rdns ip-whitelist-file=/var/qmail/control/whitelist_ip #greeting-delay-secs=5 #check-dnsrbl=zombie.dnsbl.sorbs.net #check-dnsrbl=dul.dnsbl.sorbs.net #check-dnsrbl=bogons.cymru.com tls-certificate-file=/var/qmail/control/servercert.pem smtp-auth-command-encryption=/var/vpopmail/bin/vchkpw /bin/true check-dns-whitelist=/var/qmail/control/whitelist_dns hostname=XXXXXXXXXXX.XX best, -harti > > -- Sam Clippinger > > Hartmut Wernisch wrote: > > Hello, > > > > > > today I was wondering about the logfile entries of spamdyke! My problem > > was that an authenticated user "test" was sending spammails over one of my > > servers. I am using qmail, vpopmail and spamdyke. > > Default is that a username without domain part gets the defaultdomain > > appended - > > thats what I though?! > > > > Anyway, spamdyke shows me the authenticated user for the mail as "test" > > and also my auhtlogger plugin did so! After some time tracking down this > > issue I found the "real" user which was sending the mails. It was > > something like (yes this domain have a lot of mail accounts:-): > > > > /var/vpopmail/domains/B/domainname/2/test > > > > The lastauth file shows the right IP address and was last accessed > > exactly at the time the last spammail was sent! > > > > OK, now we can say, my authlogger plugin sees only "test" for the > > authenticated user, therefor spamdyke only was logging "test", too .... > > > > > > Since, the mail account belongs to one of my customers and I only have > > the encrypted password I startet a simple test with telnet: > > > > > > telnet MYMAILSERVER 25 > > Trying xxx.xxx.xxx.xxx ... > > Connected to MYMAILSERVER. > > Escape character is '^]'. > > 220 xxx.xxx.xxx.xxx ESMTP > > ehlo > > 250-MYMAILSERVER > > 250-STARTTLS > > 250-PIPELINING > > 250-8BITMIME > > 250 AUTH LOGIN PLAIN > > auth login > > 334 VXNlcm5hbWU6 > > base64encodeduser > > 334 UGFzc3dvcmQ6 > > base64encodepass > > 235 ok, go ahead (#2.0.0) > > MAIL FROM: [EMAIL PROTECTED] > > 250 ok > > RCPT TO: [EMAIL PROTECTED] > > 250 ok > > DATA > > 354 go ahead > > > > testmail > > . > > 250 ok 1213878789 qp 17848 > > quit > > 221 MYMAILSERVER > > Connection closed by foreign host. > > > > > > Luckily my first password guess was right...... > > My authlogger plugin logged the right mail username with the domain > > part, but spamdyke only logged "auth: (unknown)" ?! > > > > Something seems to be wrong here!?! > > I am realy confused! Does anybody of you have an idea? > > > > best, > > hartmut > > > > _______________________________________________ > > spamdyke-users mailing list > > [email protected] > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
