Carl Robinson | 2 Jun 21:34 2011

One Issue Fixed... / plesk 9.3.1

I am getting an error on the --config-test that I cannot figure out how to
get rid of.

SUCCESS(local-domains-file): Opened for reading:
/var/qmail/control/rcpthosts
ERROR(rdns-blacklist-dir): rDNS directory contains no subdirectories:
/var/qmail/blacklist_rdns.d
SUCCESS(rdns-whitelist-file): Opened for reading: /var/qmail/whitelist_rdns

Is that a permission error?... Searched the archives and didn't see anything
that could help me.

Thanks Sam for your last reply.

-Carl
ron | 8 Jun 15:50 2011
Picon

Help with spamdyke...

I am having an issue with one of our clients sending us an email. Spamdyke
does very well with everyone else except this one domain and it blocks or
stops all mail from them. I have had to disable spamdyke because of this.
I have white listed the ip address, but it did not help. Can anyone give
me any other ideas on what to do or look for? I have included a portion
of the log and my spamdyke configuration file.

Thanks in advance
Ron

Information from smtp log:

 <at> 400000004dee4249107d002c tcpserver: end 14525 status 0
 <at> 400000004dee4249107d2b24 tcpserver: status: 0/100
 <at> 400000004dee4249139753d4 tcpserver: status: 1/100
 <at> 400000004dee42491397869c tcpserver: pid 14628 from 64.58.208.13
 <at> 400000004dee424913979e0c tcpserver: ok 14628 
mail2.nsii.net:65.116.220.139:25 :64.58.208.13::64793
 <at> 400000004dee424916766784 spamdyke[14628]: 
DEBUG(filter_rdns_missing() <at> filter.c:897): checking for missing rDNS; 
rdns: mail-out-01.healthways.com
 <at> 400000004dee424916769e34 spamdyke[14628]: 
DEBUG(filter_ip_in_rdns_cc() <at> filter.c:928): checking for IP in rDNS 
+country code; rdns: mail-out-01.healthways.com
 <at> 400000004dee42491676b5a4 spamdyke[14628]: 
DEBUG(filter_rdns_whitelist_file() <at> filter.c:1005): searching rDNS 
whitelist file(s); rdns: mail-out-01.healthways.com
 <at> 400000004dee42491676f424 spamdyke[14628]: 
DEBUG(filter_rdns_blacklist_file() <at> filter.c:1108): searching rDNS 
blacklist file(s); rdns: mail-out-01.healthways.com
(Continue reading)

Eric Shubert | 8 Jun 17:33 2011
Picon

Re: Help with spamdyke...

On 06/08/2011 06:50 AM, ron wrote:
> I am having an issue with one of our clients sending us an email. Spamdyke
> does very well with everyone else except this one domain and it blocks or
> stops all mail from them. I have had to disable spamdyke because of this.
> I have white listed the ip address, but it did not help. Can anyone give
> me any other ideas on what to do or look for? I have included a portion
> of the log and my spamdyke configuration file.
>
> Thanks in advance
> Ron
>
> Information from smtp log:
>
>  <at> 400000004dee4249107d002c tcpserver: end 14525 status 0
>  <at> 400000004dee4249107d2b24 tcpserver: status: 0/100
>  <at> 400000004dee4249139753d4 tcpserver: status: 1/100
>  <at> 400000004dee42491397869c tcpserver: pid 14628 from 64.58.208.13
>  <at> 400000004dee424913979e0c tcpserver: ok 14628
> mail2.nsii.net:65.116.220.139:25 :64.58.208.13::64793
>  <at> 400000004dee424916766784 spamdyke[14628]:
> DEBUG(filter_rdns_missing() <at> filter.c:897): checking for missing rDNS;
> rdns: mail-out-01.healthways.com
>  <at> 400000004dee424916769e34 spamdyke[14628]:
> DEBUG(filter_ip_in_rdns_cc() <at> filter.c:928): checking for IP in rDNS
> +country code; rdns: mail-out-01.healthways.com
>  <at> 400000004dee42491676b5a4 spamdyke[14628]:
> DEBUG(filter_rdns_whitelist_file() <at> filter.c:1005): searching rDNS
> whitelist file(s); rdns: mail-out-01.healthways.com
>  <at> 400000004dee42491676f424 spamdyke[14628]:
> DEBUG(filter_rdns_blacklist_file() <at> filter.c:1108): searching rDNS
(Continue reading)

ron | 8 Jun 18:53 2011
Picon

Re: Help with spamdyke...

Here is the log of the client that spamdyke is blocking:
06/08/2011 12:42:45 STARTED: VERSION = 4.2.0+TLS+CONFIGTEST+DEBUG, PID = 
31888

06/08/2011 12:42:45 CURRENT ENVIRONMENT
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
PWD=/var/qmail/supervise/smtp
SHLVL=0
PROTO=TCP
TCPLOCALIP=65.116.220.139
TCPLOCALPORT=25
TCPLOCALHOST=mail2.nsii.net
TCPREMOTEIP=64.58.208.13
TCPREMOTEPORT=59400
BADMIMETYPE=
BADLOADERTYPE=M
CHKUSER_RCPTLIMIT=50
CHKUSER_WRONGRCPTLIMIT=10
DKSIGN=/var/qmail/control/domainkeys/%/private

06/08/2011 12:42:45 CURRENT CONFIG
config-file=/etc/spamdyke/spamdyke.conf
connection-timeout-secs=3600
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=bl.spamcop.net
full-log-dir=/var/log/spamdyke
graylist-dir=/var/spamdyke/graylist
graylist-level=always
graylist-max-secs=2678400
graylist-min-secs=180
(Continue reading)

Eric Shubert | 8 Jun 19:12 2011
Picon

Re: Help with spamdyke...

On 06/08/2011 09:53 AM, ron wrote:
> Here is the log of the client that spamdyke is blocking:
> 06/08/2011 12:42:45 STARTED: VERSION = 4.2.0+TLS+CONFIGTEST+DEBUG, PID =
> 31888
>
> 06/08/2011 12:42:45 CURRENT ENVIRONMENT
> PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
> PWD=/var/qmail/supervise/smtp
> SHLVL=0
> PROTO=TCP
> TCPLOCALIP=65.116.220.139
> TCPLOCALPORT=25
> TCPLOCALHOST=mail2.nsii.net
> TCPREMOTEIP=64.58.208.13
> TCPREMOTEPORT=59400
> BADMIMETYPE=
> BADLOADERTYPE=M
> CHKUSER_RCPTLIMIT=50
> CHKUSER_WRONGRCPTLIMIT=10
> DKSIGN=/var/qmail/control/domainkeys/%/private
>
> 06/08/2011 12:42:45 CURRENT CONFIG
> config-file=/etc/spamdyke/spamdyke.conf
> connection-timeout-secs=3600
> dns-blacklist-entry=zen.spamhaus.org
> dns-blacklist-entry=bl.spamcop.net
> full-log-dir=/var/log/spamdyke
> graylist-dir=/var/spamdyke/graylist
> graylist-level=always
> graylist-max-secs=2678400
(Continue reading)

ron | 8 Jun 19:19 2011
Picon

Re: Help with spamdyke...

Attached is the header of an email I received from the client while 
spamdyke is disabled:

 From - Wed Jun 08 12:51:38 2011
X-Account-Key: account1
X-UIDL: 1307551736.32139.mail2.nsii.net,S=2800
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path:<LeAnn.Stooksbury@...>
Delivered-To: ron@...
Received: (qmail 32137 invoked by uid 89); 8 Jun 2011 16:48:56 -0000
Received: from unknown (HELO mail-out-01.healthways.com) (64.58.208.13)
   by mail2.nsii.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jun 2011 16:48:56 -0000
Received-SPF: none (mail2.nsii.net: domain at healthways.com does not designate permitted sender hosts)
Received: from [10.0.10.32] by mail-out-01.healthways.com with ESMTP (
  MMS SMTP Relay); Wed, 08 Jun 2011 11:41:03 -0500
X-Server-Uuid: 7721453E-A9D6-4BCA-9403-B7295BB7A763
Received: from corpexchht.amhc.amhealthways.net ([10.15.5.10]) by
  CORPOWA01.amhc.amhealthways.net with Microsoft SMTPSVC(6.0.3790.4675);
  Wed, 8 Jun 2011 11:41:03 -0500
Received: from corpexch03.amhc.amhealthways.net ([::1]) by
  corpexchht.amhc.amhealthways.net ([::1]) with mapi; Wed, 8 Jun 2011
  11:41:03 -0500
From: "Stooksbury, LeAnn"<LeAnn.Stooksbury@...>
To: 'ron'<ron@...>
Date: Wed, 8 Jun 2011 11:41:02 -0500
Subject: RE: Email Testing...
Thread-Topic: Email Testing...
Thread-Index: Acwl+Iej85BQZeBSQYCv4sz0SMR3OQAAlCvw
(Continue reading)

ron | 8 Jun 19:25 2011
Picon

Re: Help with spamdyke...

To turn off TLS, I would remark out the following lines in my config file?
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp
These are the only 2 lines that show TLS
> It appears that TLS starts, the remote says "EHLO", qmail sends back
> 250- replies, and the remote never replies back. Hmmm. My guess is that
> the implementation of TLS is somehow incompatible between the remote and
> spamdyke.
>
> When you test with no spamdyke, does qmail receive email from the remote
> with TLS? The received email header would show this somewhere, perhaps
> referred to as SSL. If so, I suspect there's a but in spamdyke's
> implementation of TLS that causes the remote to not recognize the 250-
> replies with TLS is active.
>
> As a temporary workaround, I expect that turning off TLS will work. Then
> you wouldn't need to disable spamdyke entirely. Let us know if this
> works too.
>
Eric Shubert | 8 Jun 19:59 2011
Picon

Re: Help with spamdyke...

On 06/08/2011 10:19 AM, ron wrote:
> Received: from unknown (HELO mail-out-01.healthways.com) (64.58.208.13)
>     by mail2.nsii.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jun 2011 16:48:56 -0000

I'm not familiar enough with TLS to know exactly what DHE-RSA-AES256-SHA 
is, but it appears that qmail is working with TLS and no spamdyke.

Perhaps there something errant in spamdyke's implementation of this 
particular combination of encryption options?

I think it's time for Sam to have a look at this.

--

-- 
-Eric 'shubes'
Eric Shubert | 8 Jun 20:02 2011
Picon

Re: Help with spamdyke...

No, simply use:
tls-level=none

This will prohibit qmail from using TLS, which would defeat many of 
spamdyke's filters.

-- 
-Eric 'shubes'

On 06/08/2011 10:25 AM, ron wrote:
> To turn off TLS, I would remark out the following lines in my config file?
> tls-certificate-file=/var/qmail/control/servercert.pem
> tls-level=smtp
> These are the only 2 lines that show TLS
>> It appears that TLS starts, the remote says "EHLO", qmail sends back
>> 250- replies, and the remote never replies back. Hmmm. My guess is that
>> the implementation of TLS is somehow incompatible between the remote and
>> spamdyke.
>>
>> When you test with no spamdyke, does qmail receive email from the remote
>> with TLS? The received email header would show this somewhere, perhaps
>> referred to as SSL. If so, I suspect there's a but in spamdyke's
>> implementation of TLS that causes the remote to not recognize the 250-
>> replies with TLS is active.
>>
>> As a temporary workaround, I expect that turning off TLS will work. Then
>> you wouldn't need to disable spamdyke entirely. Let us know if this
>> works too.
>>
(Continue reading)

Eric Shubert | 8 Jun 20:19 2011
Picon

Re: Help with spamdyke...

On 06/08/2011 10:59 AM, Eric Shubert wrote:
> On 06/08/2011 10:19 AM, ron wrote:
>> Received: from unknown (HELO mail-out-01.healthways.com) (64.58.208.13)
>>      by mail2.nsii.net with (DHE-RSA-AES256-SHA encrypted) SMTP; 8 Jun 2011 16:48:56 -0000
>
> I'm not familiar enough with TLS to know exactly what DHE-RSA-AES256-SHA
> is, but it appears that qmail is working with TLS and no spamdyke.
>
> Perhaps there something errant in spamdyke's implementation of this
> particular combination of encryption options?
>
> I think it's time for Sam to have a look at this.
>

Just re-read
http://www.spamdyke.org/documentation/README.html#TLS:
"Rarely, some situations will require specifying the list of encryption 
algorithms (ciphers) to be used during TLS. In those cases, the 
tls-cipher-list option can be used to pass a list of ciphers in the 
format expected by the OpenSSL library. The vast majority of spamdyke 
installations will not need this option -- the default list of ciphers 
is usually fine. To see the full list of available ciphers, run the 
command openssl ciphers."

The default value for for the tls-cipher-list option is unfortunately 
not listed. I wonder, is this a spamdyke default, or the openssl 
default? Sam?

Ron, what do you get from:
# rpm -q openssl
(Continue reading)


Gmane