I appreciate you reporting this here -- I used to subscribe to the QMT
list but had to drop it when the volume got too high to keep up with.
I don't seem to be able to reproduce this error with version 4.1.0 or
4.2.0. The log message from spamdyke indicates a situation that should
never happen -- when a DNS query is sent asking for specific query
types, an answer should never be sent that contains data from any other
type of query. In this case, spamdyke is asking for A, MX and CNAME
records but received something else it couldn't identify. The response
type must have been an uncommon DNS type if spamdyke couldn't even name it.
I've done some digging with nslookup and I don't see anything out of the
ordinary in the DNS records for adaxa.com -- no IPv6 addresses, no
uncommon record types. I think it's possible this is a problem with
your nameserver (maybe a caching nameserver on your mail server?) or
your configuration. I assume you're using QMT; does your qmail
configuration include the "softlimit" program? If so, could you try
doubling/tripling the memory limit or removing the softlimit command
entirely? If spamdyke is running out of memory, it can cause very
strange problems like this.
http://www.spamdyke.org/documentation/FAQ.html#TROUBLE9
If that doesn't help, could you try setting that server to use a
different nameserver for a little while, just to see if something is
wrong with the primary one? You can use spamdyke's
"dns-server-ip-primary" and "dns-server-ip" configuration options to
change the nameservers spamdyke uses if you don't want to change them
for the entire server. If that fixes it (or if nothing does), I would
really like to know more about your setup (QMT version, architecture,
configuration details) so I can reproduce this issue and figure out a
solution.
-- Sam Clippinger
On 5/12/11 11:48 AM, Tim Pleiman wrote:
> Sam,
>
> FWIW, Eric asked me to copy this post over here to this list when I got
> around to it. So, am doing so today.
>
> I'm not exactly sure what's going on here, but he thought you should have
> these observations from the field.
>
> Thanks,
> Tim
>
> On 04/28/2011 02:20 PM, Tim Pleiman wrote:
>
>> On Thu, April 28, 2011 3:43 pm, Eric Shubert wrote:
>>
>>> On 04/28/2011 11:26 AM, Tim Pleiman wrote:
>>>
>>>> It appears that I may be, at least on occasion, having the following
>>>> problem that Eric discovered here:
>>>>
>>>> http://comments.gmane.org/gmane.mail.spam.spamdyke.user/3106
>>>>
>>>> Today it is affecting google's gmail servers:
>>>>
>>>> 2011-04-28 12:23:13.290273500 spamdyke[11358]: ERROR: DNS response for
>>>> adaxa.com: expected type MX, A, CNAME but received type (unknown)
>>>> 2011-04-28 12:23:13.290860500 spamdyke[11358]: FILTER_SENDER_NO_MX
>>>> domain:
>>>> adaxa.com
>>>> 2011-04-28 12:23:13.826486500 spamdyke[11358]: DENIED_SENDER_NO_MX from:
>>>> [email protected] to: [email protected] origin_ip:
>>>> 209.85.212.43 origin_rdns: mail-vw0-f43.google.com auth: (unknown)
>>>> encryption: TLS
>>>> 2011-04-28 12:24:15.335562500 spamdyke[11358]: TIMEOUT from:
>>>> [email protected] to: [email protected] origin_ip:
>>>> 209.85.212.43 origin_rdns: mail-vw0-f43.google.com auth: (unknown)
>>>> encryption: TLS reason: TIMEOUT
>>>>
>>>>
>>>> On the particular server that's having this trouble, I'm running
>>>> spamdyke
>>>> 4.1.0.
>>>>
>>>> It appears from the above that this trouble was discovered after the
>>>> release of the current 4.2.0 version (release Feb 11) of spamdyke.
>>>>
>>>> Does anyone know if this also affects version 4.1.0, and if so, how to
>>>> bypass this without compromising security until a corrective update is
>>>> released?
>>>>
>>>> It's definitely not affecting the 4.0.10 version of spamdyke that I have
>>>> running on another qmailtoaster server as the mx lookups for the above
>>>> domain are having no trouble there.
>>>>
>>>> Thanks,
>>>>
>>> I've commented out that rule for the time being. I think that chkuser
>>> checks this as well, so it's not really a concern.
>>>
>>> --
>>> -Eric 'shubes'
>>>
>>>
>>>
>> Eric,
>>
>> Yes, I did that on the server running Spamdyke 4.1.0, and then I started
>> getting the error only on gmail multihomed mx hosts (probably others too,
>> although I saw them only from gmail connections while tailing the log):
>>
>> spamdyke[28535]: ERROR: unable to read from SSL/TLS stream: The operation
>> failed due to an I/O error, Unexpected EOF found
>>
>> There was supposedly a fix in 4.1.0 to correct for the above message NOT
>> being generated in the logs:
>>
>> http://permalink.gmane.org/gmane.mail.spam.spamdyke.user/2918
>>
>> Now, since my server platforms are all the same, I reverted the 4.1.0
>> binary on this particular server to 4.0.10 (copied from another server)
>> with reject-missing-sender-mx enabled, and then the process does seem to
>> properly resolve these mxes, and also does seem to exit fine on it's own,
>> despite what's indicated above. Hard to tell, as there is delay in the
>> process exiting, which may indicate that there is an error message not
>> being displayed. ????
>>
> IIRC, the timeouts are preceded by another error of some sort, which
> will be some time before the timeout kicks in. On a busy server, it'll
> be hard to tell.
>
>
>> At any rate, it seems that there are multiple overlapping problems with
>> the both the 4.2.0 and 4.1.0 releases that may also be dependent on what
>> features one has turned on or off, although I can't quite pin down exactly
>> what's going on. Hopefully this will all get cleared up in the next
>> release.
>>
>> Will stick with 4.0.10 for now.
>>
>> Thanks!
>> Tim
>>
> Sure. Although Sam (spamdyke's author) has been known to lurk here, I'm
> sure he'd want to know about this. Will you please post this 'upstream'
> on the spamdyke list so he's sure to see it?
>
> Thanks Tim.
>
>
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
