Enabling TLS support in spamdyke won't affect performance at all. When a remote server uses TLS, it must be decrypted and that requires the same amount of work no matter which process performs the decryption. Since that's already happening, simply shifting the work to spamdyke won't change anything.
-- Sam Clippinger Sergio Minini (NETKEY) wrote: > Wow, now I see what I cannot stopped it. > Thanks Sam!! > > Does enabling "tls-certificate-file" affects spamdyke and/or qmail performance > in any way? > Or is it just the same as without using it? > > Thanks a lot for your help. > Sergio > > >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Sam >> Clippinger >> Sent: Tuesday, July 15, 2008 10:08 PM >> To: spamdyke users >> Subject: Re: [spamdyke-users] Cannot reject these mails >> >> >> I think I understand now. In your original message the >> message headers >> show that your server is adding "(DHE-RSA-AES256-SHA >> encrypted)" to its >> "Received:" line. That token is added by a patched qmail >> installation >> when the remote server transmits the message using TLS. >> >> Because the transmission is encrypted, spamdyke can't gather >> the sender >> and recipient addresses. Version 3.1.8 didn't create a log >> message at >> all in this situation, that's why you can't find anything in >> your logs >> for these messages. (Version 4.0.0 fixes this by logging the >> IP address >> and rDNS name.) For this reason, adding the domain to your sender >> blacklist won't stop these messages either. >> >> spamdyke won't reject a message when it can't decrypt the >> TLS, because >> the remote server may authenticate or match a >> sender/recipient whitelist. >> >> The best way to fix this is to allow spamdyke to perform the TLS >> decryption instead of qmail. Use the "tls-certificate-file" >> option to >> give spamdyke access to the server certificate (usually >> "/var/qmail/control/servercert.pem"). >> >> -- Sam Clippinger >> > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
