Wow, now I see what I cannot stopped it. Thanks Sam!! Does enabling "tls-certificate-file" affects spamdyke and/or qmail performance in any way? Or is it just the same as without using it?
Thanks a lot for your help. Sergio > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Sam > Clippinger > Sent: Tuesday, July 15, 2008 10:08 PM > To: spamdyke users > Subject: Re: [spamdyke-users] Cannot reject these mails > > > I think I understand now. In your original message the > message headers > show that your server is adding "(DHE-RSA-AES256-SHA > encrypted)" to its > "Received:" line. That token is added by a patched qmail > installation > when the remote server transmits the message using TLS. > > Because the transmission is encrypted, spamdyke can't gather > the sender > and recipient addresses. Version 3.1.8 didn't create a log > message at > all in this situation, that's why you can't find anything in > your logs > for these messages. (Version 4.0.0 fixes this by logging the > IP address > and rDNS name.) For this reason, adding the domain to your sender > blacklist won't stop these messages either. > > spamdyke won't reject a message when it can't decrypt the > TLS, because > the remote server may authenticate or match a > sender/recipient whitelist. > > The best way to fix this is to allow spamdyke to perform the TLS > decryption instead of qmail. Use the "tls-certificate-file" > option to > give spamdyke access to the server certificate (usually > "/var/qmail/control/servercert.pem"). > > -- Sam Clippinger _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
