Ok, Thanks a lot Sam for your time and help. Congrats on pulling out 4.0!
Cheers. Sergio > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Sam > Clippinger > Sent: Wednesday, July 16, 2008 11:09 AM > To: spamdyke users > Subject: Re: [spamdyke-users] Cannot reject these mails > > > Enabling TLS support in spamdyke won't affect performance at > all. When > a remote server uses TLS, it must be decrypted and that requires the > same amount of work no matter which process performs the decryption. > Since that's already happening, simply shifting the work to spamdyke > won't change anything. > > -- Sam Clippinger > > Sergio Minini (NETKEY) wrote: > > Wow, now I see what I cannot stopped it. > > Thanks Sam!! > > > > Does enabling "tls-certificate-file" affects spamdyke and/or qmail > > performance in any way? Or is it just the same as without using it? > > > > Thanks a lot for your help. > > Sergio > > > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On Behalf Of Sam > >> Clippinger > >> Sent: Tuesday, July 15, 2008 10:08 PM > >> To: spamdyke users > >> Subject: Re: [spamdyke-users] Cannot reject these mails > >> > >> > >> I think I understand now. In your original message the > >> message headers > >> show that your server is adding "(DHE-RSA-AES256-SHA > >> encrypted)" to its > >> "Received:" line. That token is added by a patched qmail > >> installation > >> when the remote server transmits the message using TLS. > >> > >> Because the transmission is encrypted, spamdyke can't gather > >> the sender > >> and recipient addresses. Version 3.1.8 didn't create a log > >> message at > >> all in this situation, that's why you can't find anything in > >> your logs > >> for these messages. (Version 4.0.0 fixes this by logging the > >> IP address > >> and rDNS name.) For this reason, adding the domain to your sender > >> blacklist won't stop these messages either. > >> > >> spamdyke won't reject a message when it can't decrypt the > >> TLS, because > >> the remote server may authenticate or match a > >> sender/recipient whitelist. > >> > >> The best way to fix this is to allow spamdyke to perform the TLS > >> decryption instead of qmail. Use the "tls-certificate-file" > >> option to > >> give spamdyke access to the server certificate (usually > >> "/var/qmail/control/servercert.pem"). > >> > >> -- Sam Clippinger > >> > > > > _______________________________________________ > > spamdyke-users mailing list > > [email protected] > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
