[spamdyke-users] Spamdyke Scanning Mail Queue After SpamAssassin

Sun, 05 Feb 2012 09:50:54 -0800 

Hi,

Wonder of any one can assist with the following: when e-mail arrives, 
SpamAssassin scans messages before Spamdyke in the qmail-scanner mail chain. 
Server environment:

CentOS 6, 64-bit.
Spamdyke 4.3.1+TLS+CONFIGTEST+DEBUG.
SpamAssassin version 3.3.2 (running on Perl version 5.10.1).
Qmail-scanner 2.08.
Plesk 10.4.4.


config-test displays no errors:
spamdyke -linfo -f /etc/spamdyke.conf --config-test 
--config-test-smtpauth-username me@domain --config-test-smtpauth-password 
mypassword --access-file /var/qmail/bin/tcp-env --run-as-user qmaild 
/var/qmail/bin/qmail-smtpd
SUCCESS: Running tests as user qmaild(2020), group root(0).
SUCCESS(binary-check): File is executable: /usr/local/bin/spamdyke
SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer TLS support but spamdyke 
will intercept and decrypt the TLS traffic so all of its filters can operate.
SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer SMTP AUTH support. 
spamdyke will observe any authentication and trust its response. spamdyke will 
offer authentication if /var/qmail/bin/qmail-smtpd does not.
SUCCESS(access-file): Opened for reading: /var/qmail/bin/tcp-env
Killed


cat /etc/xinetd.d/smtp_psa:
service smtp
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        disable         = no
        user            = root
        flags           = IPv6
        instances       = UNLIMITED
        env             = SMTPAUTH=1
        server          = /var/qmail/bin/tcp-env
        server_args     = -Rt0 /var/qmail/bin/relaylock /usr/local/bin/spamdyke 
-f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth 
/var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}

spamdyke.conf is modified to: reject reject-empty-rdns, 
reject-missing-sender-mx, reject-unresolvable-rdns and use 
dns-blacklist-entry=zen.spamhaus.org, b.barracudacentral.org.

Qmail-scanner/SpamAssassin are configured the same, here is the mail log on 
incorrectly functioning server (when sending a very spammy looking message via 
telnet HOSTNAME 25) message > qmail-scanner/spamassassin > spamdyke:

/var/qmail/bin/relaylock[23311]: /var/qmail/bin/relaylock: mail from 
MY.IP.ADDRESS:55510 (not defined)
Feb  5 16:57:28 HOSTNAME spamd[1033]: spamd: connection from HOSTNAME 
[127.0.0.1] at port 37921
Feb  5 16:57:28 HOSTNAME spamd[1033]: spamd: setuid to qscand succeeded
Feb  5 16:57:28 HOSTNAME spamd[1033]: spamd: checking message (unknown) for 
qscand:10001
Feb  5 16:57:28 HOSTNAME dccproc[23324]: missing message body; fatal error
Feb  5 16:57:28 HOSTNAME spamd[1033]: spamd: identified spam (11.1/4.0) for 
qscand:10001 in 0.3 seconds, 158 bytes.
Feb  5 16:57:28 HOSTNAME spamd[1033]: spamd: result: Y 11 - 
BAYES_20,EMPTY_MESSAGE,FSL_HELO_NON_FQDN_1,HELO_NO_DOMAIN,MISSING_DATE,MISSING_FROM,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,RDNS_NONE,TO_NO_BRKTS_DIRECT
 scantime=0.3,size=158,user=qscand,uid=10001,required_score=4.0,rhost= 
HOSTNAME,raddr=127.0.0.1,rport=37921,mid=(unknown),bayes=0.189068,autolearn=no
Feb  5 16:57:28 HOSTNAME qmail-scanner-queue.pl: qmail-scanner[23315]: 
SA:SPAM-DELETED:RC:0(MY.IP.ADDRESS):SA:1(11.1/4.0): 0.309819 130 me@home 
me@domain <> <> HOSTNAME 132846104179823315-unpacked:130
Feb  5 16:57:28 HOSTNAME spamdyke[23311]: ALLOWED from: me@home to: me@domain 
origin_ip: MY.IP.ADDRESS origin_rdns: (unknown) auth: (unknown) encryption: 
(none) reason: 250_ok_1328461048_qp_23315


Here is mail log from correctly functioning CentOS 5 server (when sending the 
same spammy looking message via telnet HOSTNAME 25) message > spamdyke > 
qmail-scanner/spamassassin:

Feb  5 17:28:04 HOSTNAME spamdyke[23807]: ALLOWED from: me@home to: me@domain 
origin_ip: MY.IP.ADDRESS origin_rdns: (unknown) auth: (unknown) encryption: 
(none)
Feb  5 17:28:15 HOSTNAME spamd[9488]: spamd: connection from HOSTNAME 
[127.0.0.1] at port 50549 
Feb  5 17:28:15 HOSTNAME spamd[9488]: spamd: setuid to qscand succeeded 
Feb  5 17:28:15 HOSTNAME spamd[9488]: spamd: checking message (unknown) for 
qscand:10041 
Feb  5 17:28:15 HOSTNAME dccproc[23829]: missing message body; fatal error
Feb  5 17:28:15 HOSTNAME spamd[9488]: spamd: identified spam (4.9/4.0) for 
qscand:10041 in 0.3 seconds, 159 bytes. 
Feb  5 17:28:15 HOSTNAME spamd[9488]: spamd: result: Y 4 - 
BAYES_20,MISSING_DATE,MISSING_HB_SEP,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,RDNS_NONE
 
scantime=0.3,size=159,user=qscand,uid=10041,required_score=4.0,rhost=HOSTNAME,raddr=127.0.0.1,rport=50549,mid=(unknown),bayes=0.189302,autolearn=no
 
Feb  5 17:28:15 HOSTNAME qmail-queue-handlers[23832]: Handlers Filter 
before-queue for qmail started ...
Feb  5 17:28:15 HOSTNAME qmail-queue-handlers[23832]: from=me@home
Feb  5 17:28:15 HOSTNAME qmail-queue-handlers[23832]: to=me@domain
etc etc etc...

Well it's nice that SpamAssassin has done a better job of detecting the spammy 
message, but cannot understand or find a solution to why Spamdyke is coming 
into play after the Mail queue/SpamAssassin process in the first server.

Can any one suggest where to look next?

Many thanks




_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Reply via email to