Sam, FWIW, Eric asked me to copy this post over here to this list when I got around to it. So, am doing so today.
I'm not exactly sure what's going on here, but he thought you should have these observations from the field. Thanks, Tim On 04/28/2011 02:20 PM, Tim Pleiman wrote: > > On Thu, April 28, 2011 3:43 pm, Eric Shubert wrote: >> On 04/28/2011 11:26 AM, Tim Pleiman wrote: >>> >>> It appears that I may be, at least on occasion, having the following >>> problem that Eric discovered here: >>> >>> http://comments.gmane.org/gmane.mail.spam.spamdyke.user/3106 >>> >>> Today it is affecting google's gmail servers: >>> >>> 2011-04-28 12:23:13.290273500 spamdyke[11358]: ERROR: DNS response for >>> adaxa.com: expected type MX, A, CNAME but received type (unknown) >>> 2011-04-28 12:23:13.290860500 spamdyke[11358]: FILTER_SENDER_NO_MX >>> domain: >>> adaxa.com >>> 2011-04-28 12:23:13.826486500 spamdyke[11358]: DENIED_SENDER_NO_MX from: >>> [email protected] to: [email protected] origin_ip: >>> 209.85.212.43 origin_rdns: mail-vw0-f43.google.com auth: (unknown) >>> encryption: TLS >>> 2011-04-28 12:24:15.335562500 spamdyke[11358]: TIMEOUT from: >>> [email protected] to: [email protected] origin_ip: >>> 209.85.212.43 origin_rdns: mail-vw0-f43.google.com auth: (unknown) >>> encryption: TLS reason: TIMEOUT >>> >>> >>> On the particular server that's having this trouble, I'm running >>> spamdyke >>> 4.1.0. >>> >>> It appears from the above that this trouble was discovered after the >>> release of the current 4.2.0 version (release Feb 11) of spamdyke. >>> >>> Does anyone know if this also affects version 4.1.0, and if so, how to >>> bypass this without compromising security until a corrective update is >>> released? >>> >>> It's definitely not affecting the 4.0.10 version of spamdyke that I have >>> running on another qmailtoaster server as the mx lookups for the above >>> domain are having no trouble there. >>> >>> Thanks, >> >> I've commented out that rule for the time being. I think that chkuser >> checks this as well, so it's not really a concern. >> >> -- >> -Eric 'shubes' >> >> > > Eric, > > Yes, I did that on the server running Spamdyke 4.1.0, and then I started > getting the error only on gmail multihomed mx hosts (probably others too, > although I saw them only from gmail connections while tailing the log): > > spamdyke[28535]: ERROR: unable to read from SSL/TLS stream: The operation > failed due to an I/O error, Unexpected EOF found > > There was supposedly a fix in 4.1.0 to correct for the above message NOT > being generated in the logs: > > http://permalink.gmane.org/gmane.mail.spam.spamdyke.user/2918 > > Now, since my server platforms are all the same, I reverted the 4.1.0 > binary on this particular server to 4.0.10 (copied from another server) > with reject-missing-sender-mx enabled, and then the process does seem to > properly resolve these mxes, and also does seem to exit fine on it's own, > despite what's indicated above. Hard to tell, as there is delay in the > process exiting, which may indicate that there is an error message not > being displayed. ???? IIRC, the timeouts are preceded by another error of some sort, which will be some time before the timeout kicks in. On a busy server, it'll be hard to tell. > At any rate, it seems that there are multiple overlapping problems with > the both the 4.2.0 and 4.1.0 releases that may also be dependent on what > features one has turned on or off, although I can't quite pin down exactly > what's going on. Hopefully this will all get cleared up in the next > release. > > Will stick with 4.0.10 for now. > > Thanks! > Tim Sure. Although Sam (spamdyke's author) has been known to lurk here, I'm sure he'd want to know about this. Will you please post this 'upstream' on the spamdyke list so he's sure to see it? Thanks Tim. -- -Eric 'shubes' -- Tim Pleiman Bravo Systems Technologies "Advanced Open Source Solutions for Business" Chicago, IL USA _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
