Sorry for the late response to this... The documentation is a bit misleading. The "ALLOWED_TLS" message (and the "ALLOWED_AUTHENTICATED" message) will only appear in full log files (generated with the "full-log-dir") command. Neither of them will appear spamdyke's log messages (syslog or stderr) because I didn't want to break everyone's scripts that were expecting just "ALLOWED".
It wouldn't be hard to change this behavior; does anyone have any thoughts or objections? -- Sam Clippinger [email protected] wrote: > Hi, I've setup spamdyke to run TLS, it seems to run okay, but I only > ever get ALLOWED in the logfile and never ALLOWED_TLS (as in > http://www.spamdyke.org/documentation/README.html#LOG). > > Spamdyke command line: > > /usr/local/bin/spamdyke \ > --tls-privatekey-password-file > /var/qmail-test/control/x.y.dk.pwd \ > --tls-certificate-file /var/qmail-test/control/x.y.dk.crt \ > --tls-privatekey-file /var/qmail-test/control/x.y.dk.key \ > --tls-level smtp \ > --dns-blacklist-entry bl.spamcop.net \ > --dns-blacklist-entry list.dsbl.org \ > --log-target stderr \ > --log-level=debug \ > > > spamdyke -v > spamdyke 4.0.9+TLS+CONFIGTEST+DEBUG+EXCESSIVE (C)2008 Sam Clippinger, > samc (at) silence (dot) org > > > Test esmtp conversation (using smtp-client.pl see > http://www.logix.cz/michal/devel/smtp/): > > [220] 'x.y.dk ESMTP' > Send ehlo > > EHLO localhost > [250] 'x.y.dk' > [250] 'PIPELINING' > [250] '8BITMIME' > [250] 'STARTTLS' > Starting TLS... > > STARTTLS > [220] 'Proceed.' > Using cipher: AES256-SHA > Subject Name: /C=dk/O=uni-c/CN=x.y.dk > Issuer Name: /C=BE/O=Cybertrust/OU=Educational CA/CN=Cybertrust > Educational CA > > MAIL FROM: <[email protected]> > [250] 'ok' > > RCPT TO: <[email protected]> > [250] 'ok' > > DATA > [354] 'go ahead' > [250] 'ok 1228825958 qp 9520' > > QUIT > [221] 'x.y.dk' > > > I have confirmed by wireshark that everything after STARTTLS is > encrypted (or at least unreadable). > > Logfile entry (using multilog, sorry about the wrapping) > > 2008-12-09 13:32:35.078670500 spamdyke[9518]: > DEBUG(prepare_settings()@configuration.c:2711): no UID switch req > uested, running as: qmaildtest (537) > 2008-12-09 13:32:35.079435500 spamdyke[9518]: > DEBUG(filter_dns_rbl()@filter.c:1527): checking DNS RBL(s); ip: 1 > 30.228.8.78 > 2008-12-09 13:32:35.150525500 spamdyke[9518]: > DEBUG(filter_recipient_relay()@filter.c:2183): checking relaying; > relay-level: 0 recipient: [email protected] ip: A.B.C.D rdns: > pc78.uni-c.dk local_recipient: > true relaying_allowed: true > 2008-12-09 13:32:35.150566500 spamdyke[9518]: > DEBUG(filter_recipient_local()@filter.c:2154): checking for unqua > lified recipient; recipient: [email protected] > 2008-12-09 13:32:35.150607500 spamdyke[9518]: ALLOWED from: [email protected] > to: [email protected] ori > gin_ip: 130.228.8.78 origin_rdns: a.b.dk auth: (unknown) > > I need it to verify that TLS is indeed on, for certain domains. Can > anybody help? > > Regards, Ole. > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
