It looks like your qmail has been patched to provide authentication but you've configured spamdyke to process authentication also. That's probably the problem -- spamdyke isn't able to run the authentication command for some reason and it thinks authentication is failing.
Try commenting out the "smtp-auth-command-encryption" line in your spamdyke configuration file. spamdyke should then start trusting qmail's authentication and logging the username correctly. You can also try running spamdyke from the command line with the "--config-test" option to see if it can run the authentication command. -- Sam Clippinger Hartmut Wernisch wrote: > sorry for the delay, I am very busy at the moment! > > > On 19 Jun 08, Sam Clippinger wrote: > >> My first thought is that the user is starting a TLS session, so spamdyke >> can't see the authentication. When you tested this with telnet, did >> spamdyke still log "auth: (unknown)"? >> > > yes > > >> Could you turn on full logging (with "full-log-dir") and send me a log >> from one of these deliveries? It would also be helpful to see your >> spamdyke configuration file. >> > > I hope I can provide a full log in the near future. It's a production > server and I have to do a lot of other things right now. > > spamdyke configuration file: > > log-level=2 > local-domains-file=/var/qmail/control/rcpthosts > local-domains-file=/var/qmail/control/morercpthosts > #max-recipients=5 > idle-timeout-secs=60 > #graylist-dir=/home/vpopmail/graylist > #graylist-min-secs=300 > #graylist-max-secs=1814400 > policy-url=http://XXXXXXXXXXXX.XX/XXXXXX > sender-blacklist-file=/var/qmail/control/blacklist_senders > #sender-whitelist-file=/var/qmail/control/whitelist_senders > recipient-blacklist-file=/var/qmail/control/blacklist_recipients > recipient-whitelist-file=/var/qmail/control/whitelist_recipients > #ip-in-rdns-keyword-file=/var/qmail/control/blacklist_keywords > ip-blacklist-file=/var/qmail/control/blacklist_ip > reject-empty-rdns > reject-unresolvable-rdns > reject-missing-sender-mx > #reject-ip-in-cc-rdns > rdns-whitelist-file=/var/qmail/control/whitelist_rdns > #rdns-blacklist-dir=/var/qmail/control/blacklist_rdns.d > #rdns-blacklist-file=/var/qmail/control/blacklist_rdns > ip-whitelist-file=/var/qmail/control/whitelist_ip > #greeting-delay-secs=5 > #check-dnsrbl=zombie.dnsbl.sorbs.net > #check-dnsrbl=dul.dnsbl.sorbs.net > #check-dnsrbl=bogons.cymru.com > tls-certificate-file=/var/qmail/control/servercert.pem > smtp-auth-command-encryption=/var/vpopmail/bin/vchkpw /bin/true > check-dns-whitelist=/var/qmail/control/whitelist_dns > hostname=XXXXXXXXXXX.XX > > > best, > -harti > > > >> -- Sam Clippinger >> >> Hartmut Wernisch wrote: >> >>> Hello, >>> >>> >>> today I was wondering about the logfile entries of spamdyke! My problem >>> was that an authenticated user "test" was sending spammails over one of my >>> servers. I am using qmail, vpopmail and spamdyke. >>> Default is that a username without domain part gets the defaultdomain >>> appended - >>> thats what I though?! >>> >>> Anyway, spamdyke shows me the authenticated user for the mail as "test" >>> and also my auhtlogger plugin did so! After some time tracking down this >>> issue I found the "real" user which was sending the mails. It was >>> something like (yes this domain have a lot of mail accounts:-): >>> >>> /var/vpopmail/domains/B/domainname/2/test >>> >>> The lastauth file shows the right IP address and was last accessed >>> exactly at the time the last spammail was sent! >>> >>> OK, now we can say, my authlogger plugin sees only "test" for the >>> authenticated user, therefor spamdyke only was logging "test", too .... >>> >>> >>> Since, the mail account belongs to one of my customers and I only have >>> the encrypted password I startet a simple test with telnet: >>> >>> >>> telnet MYMAILSERVER 25 >>> Trying xxx.xxx.xxx.xxx ... >>> Connected to MYMAILSERVER. >>> Escape character is '^]'. >>> 220 xxx.xxx.xxx.xxx ESMTP >>> ehlo >>> 250-MYMAILSERVER >>> 250-STARTTLS >>> 250-PIPELINING >>> 250-8BITMIME >>> 250 AUTH LOGIN PLAIN >>> auth login >>> 334 VXNlcm5hbWU6 >>> base64encodeduser >>> 334 UGFzc3dvcmQ6 >>> base64encodepass >>> 235 ok, go ahead (#2.0.0) >>> MAIL FROM: [EMAIL PROTECTED] >>> 250 ok >>> RCPT TO: [EMAIL PROTECTED] >>> 250 ok >>> DATA >>> 354 go ahead >>> >>> testmail >>> . >>> 250 ok 1213878789 qp 17848 >>> quit >>> 221 MYMAILSERVER >>> Connection closed by foreign host. >>> >>> >>> Luckily my first password guess was right...... >>> My authlogger plugin logged the right mail username with the domain >>> part, but spamdyke only logged "auth: (unknown)" ?! >>> >>> Something seems to be wrong here!?! >>> I am realy confused! Does anybody of you have an idea? >>> >>> best, >>> hartmut >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
