OK, I guess I'll bite... why can't you replace `id -u root` with `id -u qmaild`? Do you get errors? Does it crash? Does it malfunction? I really want to help, but you're not giving enough information to work with.
Have you tried running spamdyke's "config-test" feature to look for problems? -- Sam Clippinger David Bo Jensen wrote: > I solved the problem with > > server:/# cat /etc/spamdyke-smtps.conf > log-level=verbose > tls-level=smtps > tls-certificate-file=/etc/ssl/certs/stunnel.pem > filter-level=require-auth > smtp-auth-level=ondemand > smtp-auth-command=/usr/bin/chkpw.sh /bin/true > relay-level=normal > > please notice the "filter-level", further more I have > > server:/etc# cat tcp.smtps > :allow,RELAYCLIENT="" > > However I have another issue. First look at > > server:/etc/ssl/certs# ls -la stunnel.pem > -rw-r----- 1 root qmaild 2402 2009-09-23 10:03 stunnel.pem > > and /usr/bin > -rwxr-xr-x 1 root root 12360 2007-06-30 11:52 checkpassword > -rwSr-x--- 1 root qmaild 38 2009-09-24 21:26 chkpw.sh > > chkpw.sh is a wrapper for checkpassword > > In /etc/init.d/qmail > > sh -c "start-stop-daemon --start --quiet --user qmaild \ > --pidfile /var/run/tcpserver_smtpsd.pid --make-pidfile \ > --exec /usr/bin/tcpserver -- -R -H \ > -u `id -u root` -g `id -g nobody` -x /etc/tcp.smtps.cdb 0 smtps > \ > $rblsmtpd2 /usr/sbin/qmail-smtpd 2>&1 \ > | $logger &" > > > ($rblsmtpd2 is spamdyke see the whole file below.) > I cannot replace `id -u root` with `id -u qmaild` why? It would be nice if > spamdyke didn't have to run with root permissions for SSL connections. > I am using debian etch 2.6.18. Please also notice my other thread about > missing loggings for authentication. > > > > > > > > > > > > server:/usr/bin# cat /etc/init.d/qmail > #!/bin/bash > # > # /etc/init.d/qmail : start or stop the qmail mail subsystem. > # > # Written by Christian Hudon <[email protected]> > # Currently maintained by Jon Marler <[email protected]> > # > # Configuration > # > > > # set default delivery method > > #alias_empty="|/usr/sbin/qmail-procmail" # procmail delivery to > /var/spool/mail > alias_empty="./Maildir/" # This uses qmail prefered ~/Maildir/ > directory > # You may want to maildirmake > /etc/skel/Maildir > #alias_empty="./Mailbox" # This uses Mailbox file in users $HOME > > logger="splogger qmail 2" # facility mail == 2 > #logger="|accustamp >>/var/log/qmail.log" # If you have accustamp > installed. > #logger=">>/var/log/qmail.log" # Does not give timing info. > > # If you uncommented one of the lines that appends to /var/log/qmail.log, > you > # need to uncomment the following two lines. > #touch /var/log/qmail.log > #chown qmaill /var/log/qmail.log > > # If you want to use one or more of the Relay Black Lists, uncomment > # the appropriate lines. > > rblmsg= > rblsmtpd="/usr/local/bin/spamdyke -l -f /etc/spamdyke.conf" > rblsmtpd2="/usr/local/bin/spamdyke -l -f /etc/spamdyke-smtps.conf" > #rblmsg=" (with rblsmtpd)" > #rblsmtpd="/usr/bin/rblsmtpd -r list.dsbl.org -r relays.ordb.org" > > # > # End of configuration > # > > test -x /usr/sbin/qmail-start || exit 0 > test -x /usr/sbin/qmail-send || exit 0 > > case "$1" in > start) > echo -n "Starting mail-transfer agent: qmail" $rblmsg > sh -c "start-stop-daemon --start --quiet --user qmails \ > --exec /usr/sbin/qmail-send \ > --startas /usr/sbin/qmail-start -- \"$alias_empty\" $logger > &" > # prevent denial-of-service attacks, with ulimit > ulimit -v 16384 > sh -c "start-stop-daemon --start --quiet --user qmaild \ > --pidfile /var/run/tcpserver_smtpd.pid --make-pidfile \ > --exec /usr/bin/tcpserver -- -R -H \ > -u `id -u qmaild` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp > \ > $rblsmtpd /usr/sbin/qmail-smtpd 2>&1 \ > | $logger &" > > sh -c "start-stop-daemon --start --quiet --user qmaild \ > --pidfile /var/run/tcpserver_smtpsd.pid --make-pidfile \ > --exec /usr/bin/tcpserver -- -R -H \ > -u `id -u root` -g `id -g nobody` -x /etc/tcp.smtps.cdb 0 smtps > \ > $rblsmtpd2 /usr/sbin/qmail-smtpd 2>&1 \ > | $logger &" > > > > #Uncomment the following lines to automatically start the pop3 > server > sh -c "start-stop-daemon --start --quiet --user root \ > --pidfile /var/run/tcpserver_pop3d.pid --make-pidfile \ > --exec /usr/bin/tcpserver -- -R -H \ > 0 pop-3 /usr/sbin/qmail-popup `hostname`.`dnsdomainname` \ > /usr/bin/checkpassword /usr/sbin/qmail-pop3d Maildir &" > > sh -c "start-stop-daemon --start --quiet --user root \ > --pidfile /var/run/tcpserver_pop3sd.pid --make-pidfile \ > --exec /usr/bin/tcpserver -- -R -H \ > 0 995 /usr/bin/stunnel -f -l /usr/sbin/qmail-popup -- > qmail-popup `hostname`.`dnsdomainname` \ > /usr/bin/checkpassword /usr/sbin/qmail-pop3d Maildir &" > > echo "." > ;; > stop) > echo -n "Stopping mail-transfer agent: qmail" $rblmsg > if [ "`pidof /usr/sbin/qmail-send`" ] ; then > start-stop-daemon --user qmails --stop --quiet --oknodo --exec > /usr/sbin/qmail-send > start-stop-daemon --user > qmaild --stop --quiet --oknodo --pidfile /var/run/tcpserver_smtpd.pid --exec > /usr/bin/tcpserver > start-stop-daemon --user > qmaild --stop --quiet --oknodo --pidfile > /var/run/tcpserver_smtpsd.pid --exec /usr/bin/tcpserver > # Uncomment the following line if you have enabled the pop3 > server > start-stop-daemon --user root --stop --quiet --oknodo --pidfile > /var/run/tcpserver_pop3d.pid --exec /usr/bin/tcpserver > start-stop-daemon --user root --stop --quiet --oknodo --pidfile > /var/run/tcpserver_pop3sd.pid --exec /usr/bin/tcpserver > # Wait until the timeout for qmail processes to die. > count=120 > numdots=0 > while ([ $count != 0 ]) do > let count=$count-1 > if [ "`pidof /usr/sbin/qmail-send`" ] ; then > echo -n . > let numdots=$numdots+1 > sleep 1 > else > count=0 > fi > done > > # If it's not dead yet, kill it. > # if [ "`pidof /usr/sbin/qmail-send`" ] ; then > # echo -n " TIMEOUT!" > # kill -KILL `pidof /usr/sbin/qmail-send` > # else > case $numdots in > 0) echo "." ;; > 1) echo ;; > *) echo " done." ;; > esac > # fi > else > echo " not running."; > fi > > ;; > restart) > $0 stop > $0 start > ;; > cdb) > echo "Rebuilding tcp.smtp.cdb." > cd /etc > tcprules tcp.smtp.cdb tcp.smtp.temp < tcp.smtp > ;; > flush) > /usr/sbin/qmail-tcpok > start-stop-daemon --stop --quiet --oknodo --signal ALRM --exec > /usr/sbin/qmail-send > echo "Queue flushed." > ;; > stat) > /usr/sbin/qmail-qread > /usr/sbin/qmail-qstat > ;; > reload|force-reload) > echo "Reloading 'locals' and 'virtualdomains' control files." > start-stop-daemon --stop --quiet --oknodo --signal HUP --exec > /usr/sbin/qmail-send > ;; > *) > echo 'Usage: /etc/init.d/qmail {start|stop|stat|cdb|restart|reload}' > exit 1 > esac > > exit 0 > > > > > ----- Original Message ----- > From: "Sam Clippinger" <[email protected]> > To: "spamdyke users" <[email protected]> > Sent: Friday, September 25, 2009 5:34 AM > Subject: Re: [spamdyke-users] I can hardly make a SMTPS connection > > > >> I don't think I understand enough about your setup to answer this >> question. Could you post your full startup script and full spamdyke >> configuration file? Also, what operating system and version are you >> using? Have you tried running spamdyke's "config-test" feature? Is >> spamdyke logging any errors? >> >> -- Sam Clippinger >> >> David Bo Jensen wrote: >> >>> It seems to be a client (I am using Outlook express) issue changing the >>> port >>> to 465 and removing unlinit somewhat solved the issue. >>> >>> But in I have >>> grep spamdyke /var/log/mail.info >>> Sep 22 07:46:17 server spamdyke[4311]: ALLOWED from: [email protected] >>> to: >>> [email protected] origin_ip: 127.0.0.1 origin_rdns: (unknown) auth: >>> (unknown) >>> >>> It doesn't ask for authentication 127.0.0.1 is enveloped in the ssl >>> protocol. In fact in many cases users will be able to use my server as >>> open >>> relay. That is not what intended >>> >>> > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
