On 01 Jul 08, Sam Clippinger wrote: > It looks like your qmail has been patched to provide authentication but > you've configured spamdyke to process authentication also. That's > probably the problem -- spamdyke isn't able to run the authentication > command for some reason and it thinks authentication is failing.
yes, qmail is patched against smtp-auth. reading spamdykes documentations again I have to say it realy does not make sense using smtp-auth-command-encryption! Anyway, spamdyke thinks authentication is failing but sending mail works?! Sounds strange... > > Try commenting out the "smtp-auth-command-encryption" line in your > spamdyke configuration file. spamdyke should then start trusting > qmail's authentication and logging the username correctly. You can also > try running spamdyke from the command line with the "--config-test" > option to see if it can run the authentication command. My customer has changed the password so I was not able to reproduce the test exactly. Using the wrong password spamdyke logs the correct user wether using smtp-auth-command-encryption or not. Hum, I have to check this out at a later date and will report back the results. Thanks for your help! -Hartmut Wernisch > > -- Sam Clippinger > > Hartmut Wernisch wrote: > > sorry for the delay, I am very busy at the moment! > > > > > > On 19 Jun 08, Sam Clippinger wrote: > > > >> My first thought is that the user is starting a TLS session, so spamdyke > >> can't see the authentication. When you tested this with telnet, did > >> spamdyke still log "auth: (unknown)"? > >> > > > > yes > > > > > >> Could you turn on full logging (with "full-log-dir") and send me a log > >> from one of these deliveries? It would also be helpful to see your > >> spamdyke configuration file. > >> > > > > I hope I can provide a full log in the near future. It's a production > > server and I have to do a lot of other things right now. > > > > spamdyke configuration file: > > > > log-level=2 > > local-domains-file=/var/qmail/control/rcpthosts > > local-domains-file=/var/qmail/control/morercpthosts > > #max-recipients=5 > > idle-timeout-secs=60 > > #graylist-dir=/home/vpopmail/graylist > > #graylist-min-secs=300 > > #graylist-max-secs=1814400 > > policy-url=http://XXXXXXXXXXXX.XX/XXXXXX > > sender-blacklist-file=/var/qmail/control/blacklist_senders > > #sender-whitelist-file=/var/qmail/control/whitelist_senders > > recipient-blacklist-file=/var/qmail/control/blacklist_recipients > > recipient-whitelist-file=/var/qmail/control/whitelist_recipients > > #ip-in-rdns-keyword-file=/var/qmail/control/blacklist_keywords > > ip-blacklist-file=/var/qmail/control/blacklist_ip > > reject-empty-rdns > > reject-unresolvable-rdns > > reject-missing-sender-mx > > #reject-ip-in-cc-rdns > > rdns-whitelist-file=/var/qmail/control/whitelist_rdns > > #rdns-blacklist-dir=/var/qmail/control/blacklist_rdns.d > > #rdns-blacklist-file=/var/qmail/control/blacklist_rdns > > ip-whitelist-file=/var/qmail/control/whitelist_ip > > #greeting-delay-secs=5 > > #check-dnsrbl=zombie.dnsbl.sorbs.net > > #check-dnsrbl=dul.dnsbl.sorbs.net > > #check-dnsrbl=bogons.cymru.com > > tls-certificate-file=/var/qmail/control/servercert.pem > > smtp-auth-command-encryption=/var/vpopmail/bin/vchkpw /bin/true > > check-dns-whitelist=/var/qmail/control/whitelist_dns > > hostname=XXXXXXXXXXX.XX > > > > > > best, > > -harti > > > > > > > >> -- Sam Clippinger > >> > >> Hartmut Wernisch wrote: > >> > >>> Hello, > >>> > >>> > >>> today I was wondering about the logfile entries of spamdyke! My problem > >>> was that an authenticated user "test" was sending spammails over one of my > >>> servers. I am using qmail, vpopmail and spamdyke. > >>> Default is that a username without domain part gets the defaultdomain > >>> appended - > >>> thats what I though?! > >>> > >>> Anyway, spamdyke shows me the authenticated user for the mail as "test" > >>> and also my auhtlogger plugin did so! After some time tracking down this > >>> issue I found the "real" user which was sending the mails. It was > >>> something like (yes this domain have a lot of mail accounts:-): > >>> > >>> /var/vpopmail/domains/B/domainname/2/test > >>> > >>> The lastauth file shows the right IP address and was last accessed > >>> exactly at the time the last spammail was sent! > >>> > >>> OK, now we can say, my authlogger plugin sees only "test" for the > >>> authenticated user, therefor spamdyke only was logging "test", too .... > >>> > >>> > >>> Since, the mail account belongs to one of my customers and I only have > >>> the encrypted password I startet a simple test with telnet: > >>> > >>> > >>> telnet MYMAILSERVER 25 > >>> Trying xxx.xxx.xxx.xxx ... > >>> Connected to MYMAILSERVER. > >>> Escape character is '^]'. > >>> 220 xxx.xxx.xxx.xxx ESMTP > >>> ehlo > >>> 250-MYMAILSERVER > >>> 250-STARTTLS > >>> 250-PIPELINING > >>> 250-8BITMIME > >>> 250 AUTH LOGIN PLAIN > >>> auth login > >>> 334 VXNlcm5hbWU6 > >>> base64encodeduser > >>> 334 UGFzc3dvcmQ6 > >>> base64encodepass > >>> 235 ok, go ahead (#2.0.0) > >>> MAIL FROM: [EMAIL PROTECTED] > >>> 250 ok > >>> RCPT TO: [EMAIL PROTECTED] > >>> 250 ok > >>> DATA > >>> 354 go ahead > >>> > >>> testmail > >>> . > >>> 250 ok 1213878789 qp 17848 > >>> quit > >>> 221 MYMAILSERVER > >>> Connection closed by foreign host. > >>> > >>> > >>> Luckily my first password guess was right...... > >>> My authlogger plugin logged the right mail username with the domain > >>> part, but spamdyke only logged "auth: (unknown)" ?! > >>> > >>> Something seems to be wrong here!?! > >>> I am realy confused! Does anybody of you have an idea? > >>> > >>> best, > >>> hartmut > >>> > >>> _______________________________________________ > >>> spamdyke-users mailing list > >>> [email protected] > >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >>> > >>> > >> _______________________________________________ > >> spamdyke-users mailing list > >> [email protected] > >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >> > >> > > > > _______________________________________________ > > spamdyke-users mailing list > > [email protected] > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
