OS is Centos 5.6
Linux kernel is 2.6.18-238.9.1.el5
Server is a DL380 G4
Centos runs under VMWare ESXi 4.0
Here is the "run" file.
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/local/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0
exec /usr/bin/softlimit -m 20000000 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
$SPAMDYKE --config-file $SPAMDYKE_CONF \
$SMTPD $VCHKPW /bin/true 2>&1
On 6/8/2011 4:50 PM, Sam Clippinger wrote:
> OK, I'll try to run back through this thread and respond to the various
> questions in one email...
>
> To turn off TLS in spamdyke, you can do one of several things. You can
> prohibit both spamdyke and qmail from using TLS by using this option:
> tls-level=none
> Or you can simply remove/comment out the tls-certificate-file option to
> allow spamdyke to pass encrypted traffic through to qmail. That will
> bypass some of spamdyke's filters but would allow you to continue to
> receive encrypted email.
>
> spamdyke does not implement TLS or SSL on its own, it just calls the
> installed OpenSSL library for encryption/decryption as needed. The
> version you have installed looks fine to me (my own server has 0.9.7f
> installed) and since TLS works with qmail, it should work with
> spamdyke. From the headers you sent, it looks like the remote server is
> running Windows Server 2003, probably with Exchange 2003. I correspond
> regularly with clients on that same setup (as you did before installing
> spamdyke), so I doubt the remote server is at fault.
>
> By default, spamdyke specifies the cipher list as "DEFAULT" (unless you
> override that with the "tls-cipher-list" option). The meaning of
> "DEFAULT" depends on your version of OpenSSL and the way it was
> compiled. Typically, it includes all of the usable ciphers that aren't
> known to be too weak or too computationally expensive. See this page
> for more details:
> http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
>
> Overall, I don't see anything wrong with your configuration file. I'm
> curious to know what OS, version and architecture you're using. My #1
> suspicion is that spamdyke is running out of memory. Can you check your
> "run" file where the spamdyke command line is located and look for the
> "softlimit" command? Try doubling/tripling that number and see if this
> problem persists (don't forget to restart tcpserver after you change the
> "run" file).
> http://www.spamdyke.org/documentation/FAQ.html#TROUBLE9
>
> -- Sam Clippinger
>
> On 6/8/11 3:03 PM, Eric Shubert wrote:
>> The first cipher listed is the same one that qmail used with a
>> successful transmission.
>>
>> Looks to me from all of this that there is a bug in spamdyke with
>> regards to that particular remote server software and TLS.
>>
>> I think this is the point where Sam can best continue helping to debug
>> this situation.
>>
>> Sam?
>>
>>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
>
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
