Re: [spamdyke-users] Spamdyke Scanning Mail Queue After SpamAssassin

Sam Clippinger Mon, 06 Feb 2012 14:39:30 -0800

Try reversing the order of the "relaylock" and "spamdyke" commands.  In other 
words, edit your smtp_psa file to use this line:
        server_args     = -Rt0 /usr/local/bin/spamdyke -f /etc/spamdyke.conf 
/var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth 
/var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true


-- Sam Clippinger




On Feb 5, 2012, at 11:46 AM, Simon Ferris wrote:

> Hi,
> 
> Wonder of any one can assist with the following: when e-mail arrives, 
> SpamAssassin scans messages before Spamdyke in the qmail-scanner mail chain. 
> Server environment:
> 
> CentOS 6, 64-bit.
> Spamdyke 4.3.1+TLS+CONFIGTEST+DEBUG.
> SpamAssassin version 3.3.2 (running on Perl version 5.10.1).
> Qmail-scanner 2.08.
> Plesk 10.4.4.
> 
> 
> config-test displays no errors:
> spamdyke -linfo -f /etc/spamdyke.conf --config-test 
> --config-test-smtpauth-username me@domain --config-test-smtpauth-password 
> mypassword --access-file /var/qmail/bin/tcp-env --run-as-user qmaild 
> /var/qmail/bin/qmail-smtpd
> SUCCESS: Running tests as user qmaild(2020), group root(0).
> SUCCESS(binary-check): File is executable: /usr/local/bin/spamdyke
> SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer TLS support but spamdyke 
> will intercept and decrypt the TLS traffic so all of its filters can operate.
> SUCCESS: /var/qmail/bin/qmail-smtpd appears to offer SMTP AUTH support. 
> spamdyke will observe any authentication and trust its response. spamdyke 
> will offer authentication if /var/qmail/bin/qmail-smtpd does not.
> SUCCESS(access-file): Opened for reading: /var/qmail/bin/tcp-env
> Killed
> 
> 
> cat /etc/xinetd.d/smtp_psa:
> service smtp
> {
>         socket_type     = stream
>         protocol        = tcp
>         wait            = no
>         disable         = no
>         user            = root
>         flags           = IPv6
>         instances       = UNLIMITED
>         env             = SMTPAUTH=1
>         server          = /var/qmail/bin/tcp-env
>         server_args     = -Rt0 /var/qmail/bin/relaylock 
> /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd 
> /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw 
> /var/qmail/bin/true
> }
> 
> spamdyke.conf is modified to: reject reject-empty-rdns, 
> reject-missing-sender-mx, reject-unresolvable-rdns and use 
> dns-blacklist-entry=zen.spamhaus.org, b.barracudacentral.org.
> 
> Qmail-scanner/SpamAssassin are configured the same, here is the mail log on 
> incorrectly functioning server (when sending a very spammy looking message 
> via telnet HOSTNAME 25) message > qmail-scanner/spamassassin > spamdyke:
> 
> /var/qmail/bin/relaylock[23311]: /var/qmail/bin/relaylock: mail from 
> MY.IP.ADDRESS:55510 (not defined)
> Feb  5 16:57:28 HOSTNAME spamd[1033]: spamd: connection from HOSTNAME 
> [127.0.0.1] at port 37921
> Feb  5 16:57:28 HOSTNAME spamd[1033]: spamd: setuid to qscand succeeded
> Feb  5 16:57:28 HOSTNAME spamd[1033]: spamd: checking message (unknown) for 
> qscand:10001
> Feb  5 16:57:28 HOSTNAME dccproc[23324]: missing message body; fatal error
> Feb  5 16:57:28 HOSTNAME spamd[1033]: spamd: identified spam (11.1/4.0) for 
> qscand:10001 in 0.3 seconds, 158 bytes.
> Feb  5 16:57:28 HOSTNAME spamd[1033]: spamd: result: Y 11 - 
> BAYES_20,EMPTY_MESSAGE,FSL_HELO_NON_FQDN_1,HELO_NO_DOMAIN,MISSING_DATE,MISSING_FROM,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,RDNS_NONE,TO_NO_BRKTS_DIRECT
>  scantime=0.3,size=158,user=qscand,uid=10001,required_score=4.0,rhost= 
> HOSTNAME,raddr=127.0.0.1,rport=37921,mid=(unknown),bayes=0.189068,autolearn=no
> Feb  5 16:57:28 HOSTNAME qmail-scanner-queue.pl: qmail-scanner[23315]: 
> SA:SPAM-DELETED:RC:0(MY.IP.ADDRESS):SA:1(11.1/4.0): 0.309819 130 me@home 
> me@domain <> <> HOSTNAME 132846104179823315-unpacked:130
> Feb  5 16:57:28 HOSTNAME spamdyke[23311]: ALLOWED from: me@home to: me@domain 
> origin_ip: MY.IP.ADDRESS origin_rdns: (unknown) auth: (unknown) encryption: 
> (none) reason: 250_ok_1328461048_qp_23315
> 
> 
> Here is mail log from correctly functioning CentOS 5 server (when sending the 
> same spammy looking message via telnet HOSTNAME 25) message > spamdyke > 
> qmail-scanner/spamassassin:
> 
> Feb  5 17:28:04 HOSTNAME spamdyke[23807]: ALLOWED from: me@home to: me@domain 
> origin_ip: MY.IP.ADDRESS origin_rdns: (unknown) auth: (unknown) encryption: 
> (none)
> Feb  5 17:28:15 HOSTNAME spamd[9488]: spamd: connection from HOSTNAME 
> [127.0.0.1] at port 50549 
> Feb  5 17:28:15 HOSTNAME spamd[9488]: spamd: setuid to qscand succeeded 
> Feb  5 17:28:15 HOSTNAME spamd[9488]: spamd: checking message (unknown) for 
> qscand:10041 
> Feb  5 17:28:15 HOSTNAME dccproc[23829]: missing message body; fatal error
> Feb  5 17:28:15 HOSTNAME spamd[9488]: spamd: identified spam (4.9/4.0) for 
> qscand:10041 in 0.3 seconds, 159 bytes. 
> Feb  5 17:28:15 HOSTNAME spamd[9488]: spamd: result: Y 4 - 
> BAYES_20,MISSING_DATE,MISSING_HB_SEP,MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,RDNS_NONE
>  
> scantime=0.3,size=159,user=qscand,uid=10041,required_score=4.0,rhost=HOSTNAME,raddr=127.0.0.1,rport=50549,mid=(unknown),bayes=0.189302,autolearn=no
>  
> Feb  5 17:28:15 HOSTNAME qmail-queue-handlers[23832]: Handlers Filter 
> before-queue for qmail started ...
> Feb  5 17:28:15 HOSTNAME qmail-queue-handlers[23832]: from=me@home
> Feb  5 17:28:15 HOSTNAME qmail-queue-handlers[23832]: to=me@domain
> etc etc etc...
> 
> Well it's nice that SpamAssassin has done a better job of detecting the 
> spammy message, but cannot understand or find a solution to why Spamdyke is 
> coming into play after the Mail queue/SpamAssassin process in the first 
> server.
> 
> Can any one suggest where to look next?
> 
> Many thanks
> 
> 
> 
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] Spamdyke Scanning Mail Queue After SpamAssassin

Reply via email to