Linux mail2.nsii.net 2.6.18-238.9.1.el5 #1 SMP Tue Apr 12 18:10:56 EDT
2011 i686 i686 i386 GNU/Linux
**
On 6/9/2011 10:04 AM, Eric Shubert wrote:
arch ?
# uname -a
On 06/09/2011 05:13 AM, ron wrote:
OS is Centos 5.6
Linux kernel is 2.6.18-238.9.1.el5
Server is a DL380 G4
Centos runs under VMWare ESXi 4.0
Here is the "run" file.
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/local/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0
exec /usr/bin/softlimit -m 20000000 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
$SPAMDYKE --config-file $SPAMDYKE_CONF \
$SMTPD $VCHKPW /bin/true 2>&1
On 6/8/2011 4:50 PM, Sam Clippinger wrote:
OK, I'll try to run back through this thread and respond to the various
questions in one email...
To turn off TLS in spamdyke, you can do one of several things. You can
prohibit both spamdyke and qmail from using TLS by using this option:
tls-level=none
Or you can simply remove/comment out the tls-certificate-file option to
allow spamdyke to pass encrypted traffic through to qmail. That will
bypass some of spamdyke's filters but would allow you to continue to
receive encrypted email.
spamdyke does not implement TLS or SSL on its own, it just calls the
installed OpenSSL library for encryption/decryption as needed. The
version you have installed looks fine to me (my own server has 0.9.7f
installed) and since TLS works with qmail, it should work with
spamdyke. From the headers you sent, it looks like the remote server is
running Windows Server 2003, probably with Exchange 2003. I correspond
regularly with clients on that same setup (as you did before installing
spamdyke), so I doubt the remote server is at fault.
By default, spamdyke specifies the cipher list as "DEFAULT" (unless you
override that with the "tls-cipher-list" option). The meaning of
"DEFAULT" depends on your version of OpenSSL and the way it was
compiled. Typically, it includes all of the usable ciphers that aren't
known to be too weak or too computationally expensive. See this page
for more details:
http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
Overall, I don't see anything wrong with your configuration file. I'm
curious to know what OS, version and architecture you're using. My #1
suspicion is that spamdyke is running out of memory. Can you check your
"run" file where the spamdyke command line is located and look for the
"softlimit" command? Try doubling/tripling that number and see if this
problem persists (don't forget to restart tcpserver after you change the
"run" file).
http://www.spamdyke.org/documentation/FAQ.html#TROUBLE9
-- Sam Clippinger
On 6/8/11 3:03 PM, Eric Shubert wrote:
The first cipher listed is the same one that qmail used with a
successful transmission.
Looks to me from all of this that there is a bug in spamdyke with
regards to that particular remote server software and TLS.
I think this is the point where Sam can best continue helping to debug
this situation.
Sam?
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
