HI Eric:
Here's what I have in tcp.smtp:
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="100",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
and here's what I have in /var/qmai/control/simcontrol
:clam=yes,spam=no,spam_hits=12,attach=.mp3:.src:.bat:.pif
and I know simscan is working because I see the clamav entries in
/var/log/maillog. Note: we need to have clamav running because the
email is going to real people. But when clamav was turned off there
no simscan logging either.
Here's what I have in /var/qmail/supervise/smtp/run
#!/bin/sh
SIMSCAN_DEBUG=5
export SIMSCAN_DEBUG
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SPAMDYKE="/usr/bin/spamdyke"
SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf"
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
REQUIRE_AUTH=0
exec /usr/bin/softlimit -m 128000000 \
/usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c
"$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
$SPAMDYKE --config-file $SPAMDYKE_CONF \
$SMTPD $VCHKPW /bin/true 2>&1
and I ran qmailctl - stop - cdb - start (Note: The HOSTNAME entry is
exactly as shown 'hostname' - we did not change it to the actual hostname
In the /var/log/maillog we see no entries that reference 'simscan' -
is that the log that the debug logging should appear in?
In this log we see entries referencing 'spamdyke', spamd, clamd,
vpopmail (vchkpw-smtp) but none that says 'simscan' ** remember we
have clamav running:
May 3 22:28:47 server spamdyke[26952]: ALLOWED from:...................
May 3 22:31:40 server spamd[2772]: spamd: connection..............
May 3 22:31:52 server clamd[661]:
/var/qmail.............................
May 3 22:25:55 server vpopmail[26673]: vchkpw-smtp: vpopmail
user.........................
and were are still seeing DENIED_OTHER 451 rejects like this:
May 3 22:32:20 server spamdyke[27401]: DENIED_OTHER from:
3294909110062131b4b02-b17122-5f62f91568cf4aa2ad5adb71f8f94...@mg.expediaxxx.com
to: jsux...@sinpxxx.com origin_ip: 135.84.xxx.10 origin_rdns:
gears217-10.expediaxxx.com auth: (unknown) encryption: TLS reason:
451_mail_server_temporarily_rejected_message_(#4.3.0)
As you can see we do have spamdyke running. Could that be interfering
with the logging?
Jeff
On 5/3/2017 10:09 AM, Eric Broch wrote:
Did you turn simscan on in tcp.smtp:
QMAILQUEUE=/var/qmail/bin/simscan
and stop/cdb/start qmail?
On 5/2/2017 9:08 PM, Jeff Koch wrote:
HI Eric:
I turned on simscan debugging but I don't see any 'simscan' logging
in /var/log/maillog or /var/log/qmail/smtp
Jeff
On 5/2/2017 12:27 AM, Eric Broch wrote:
I wonder if you have a permissions issue somewhere?
You could now change /var/qmail/supervise/smtp/run script to debug
simscan by adding the following settings
SIMSCAN_DEBUG=5
export SIMSCAN_DEBUG
and in tcp.smtp change
QMAILQUEUE=/var/qmail/bin/simscan
and in simcontrol change to
:clam=no, spam=no
and qmailctl stop/cdb/start
and see what the log produces.
You should (hopefully) see the reason for the failure.
On 5/1/2017 8:59 PM, Jeff Koch wrote:
Hi Eric:
Here are the results of this tests. See below:
On 4/30/2017 1:08 AM, Eric Broch wrote:
Also,
My plan was that you would change things a step at a time (and
check between steps whether qq soft rejects persisted) in this
order:
Step 1) Increase softlimit in smtp run file (stop/start/cdb
qmail) to 128000000
No effect - still seeing spamdyke DENIED_OTHER -
451_mail_server_temporarily_rejected_message_(#4.3.0)
Step 2) Change /var/qmail/control/simcontrol settings from
:clam=yes,spam=yes,spam_hits=12,attach=.mp3:.src:.bat:.pif
to
:clam=no,spam=no
this stops clamd, spamc, and ripmime.
stop/start/cdb qmail.
No effect - 451_mail_server_temporarily_rejected_message_(#4.3.0)
Step 3) Revert /var/qmail/control/simcontrol settings and change
/etc/tcprules.d/tcp.smtp
QMAILQUEUE="/var/qmail/bin/simscan"
to
QMAILQUEUE="/var/qmail/bin/qmail-queue.orig"
stop/start/cdb qmail.
So far it looks good. I've let the server run for 20 minutes and
I don't see any 'DENIED_OTHER' or 451's nor do we see any qq soft
rejects in /var/qmail/log/smtp/current.
It is interesting that spamd seems to be running. That is
probably because we use 'spamc' in a maildrop filter that also
develops a spamassassin score prior to dropping the message into
the user's mailbox. If the score is over the threshold the filter
diverts the message to the domain's spam user's mailbox. I'm also
now getting detailed spam analysis information in the
/var/log/maillog. I wasn't seeing that before.
I should point out that this is the same procedure and setup
we've used successfully for almost ten years with Bill's Toaster.
With the Bill's Toaster setup the spamassassin logs were logged
separately at /var/log/spamd/. Is it possible that two instances
of spamassassin are conflicting with each other
The issue does seem to be related to simscan - even with spam and
clam disabled in simscan we were getting 451 rejects / DENIED_OTHER
Please let me know what you think.
Jeff
Once we get this stop we can start adding things in one at a
time with simscan in debug mode to find out where the problem is.
Eric
On 4/29/2017 10:26 PM, Eric Broch wrote:
Sorry, Jeff,
change
QMAILQUEUE="/var/qmail/bin/qmail-queue
QMAILQUEUE="/var/qmail/bin/qmail-queue.orig
qmail-queue is a link to qmail-dk so use qmail-queue.orig
Eric
On 4/29/2017 10:01 PM, Jeff Koch wrote:
Hi Eric:
no indication of segfaults in /var/log/messages or dmesg
softlimit is set at 100000000 (100MB)
changed clam and spam to 'no' and did qmailctl stop, cdb, start
changed
This was the contents of tcp.smtp:
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="100",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
changed to:
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="100",CHKUSER_WRONGRCPTLIMIT="10",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/qmail-queue",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
and then did qmailctl stop, cdb, start
Now the /var/log/maillog is showing many:
DENIED_OTHER from:
cap21-return-27-contabilidad=idfimportadora....@capexxxx.info
to: contabxx...@idfimpoxxxx.com origin_ip: 98.130.1.xx8
origin_rdns: mail1103.opentransfer.com auth: (unknown)
encryption: (none) reason:
554_qmail-dk:_Cannot_sign_message_due_to_invalid_message_syntax._(#5.3.0)
and /var/log/qmail/smtp
qmail-smtpd: qq hard reject (qmail-dk: Cannot sign message due
to invalid message syntax. (#5.3.0)):
MAILFROM:<323792861003aa0d40b02-b17119-1eec421bc9e947029e3ec865f716e...@mg.mailer.cxxxxtickets.com>
RCPTTO:rodx...@brxxx.com.ec
This seems weird. Not sure why the server would be trying to
sign a message that is coming to a local recipient. I could
see it signing a message being sent or relayed but not
received for a local recipient
Jeff
On 4/29/2017 2:02 PM, Eric Broch wrote:
Jeff,
In summary...
DENIED_OTHER: The connection was rejected by qmail (or
another downstream filter), not spamdyke.|REASON| will
contain the rejection message given by qmail (or other
downstream filter).
REASON: 451_mail_server_temporarily_rejected_message_(#4.3.0).
Check /var/log/messages for segfault
Check /var/qmail/supervise/smtp/run softlimit
Try this:
Edit /var/qmail/control/simcontrol and set the following to 'no'
:clam=no,spam=no
# qmailctl stop
# qmailctl cdb
# qmailctl start
Let me know.
If that doesn't work edit /etc/tcprules.d/tcp.smtp
change
QMAILQUEUE="/var/qmail/bin/simscan"
to
QMAILQUEUE="/var/qmail/bin/qmail-queue"
Eric
On 4/29/2017 11:23 AM, Jeff Koch wrote:
Hi Erin:
Thanks, we found the tcp.smtp file at /etc/trcrules.d and
pointed spamdyke there. So that's fixed.
We also pointed the certificate file to
/var/qmail/control/servercert.pem and cleared those errors.
However, we are still seeing qq soft rejects in
/var/log/qmail/smtp/current. They seem to be related to the
matching spamdyke log entries in /var/log/maillog. Example:
Apr 29 11:05:46 server clamd[661]:
/var/qmail/simscan/1493481946.217350.3912/msg.1493481946.217350.3912:
OK
Apr 29 11:05:46 server clamd[661]:
/var/qmail/simscan/1493481946.217350.3912/addr.1493481946.217350.3912:
OK
Apr 29 11:05:46 server clamd[661]:
/var/qmail/simscan/1493481946.217350.3912/textfile1: OK
Apr 29 11:05:46 server clamd[661]:
/var/qmail/simscan/1493481946.217350.3912/2c7fdfebf8050265e8b51bd3c2ea
58f0: OK
Apr 29 11:05:46 server spamdyke[3905]: DENIED_OTHER from:
xxxx....@pokemailing.com to: yyyy.yyy@idfim
portadora.com origin_ip: 67.211.215.94 origin_rdns:
km61.pokemailing.com auth: (unknown) encryption: (no
ne) reason:
451_mail_server_temporarily_rejected_message_(#4.3.0)
I put the clamd log entries above so you could that clamd
passed the message OK. However does anybody know what
'DENIED OTHER" means or figure out from the message why
spamdyke rejected the message?
Jeff Koch
On 4/29/2017 1:18 AM, Eric Broch wrote:
Hi Jeff,
Do you know why spamdyke would be looking in
/home/vpopmail/etc for anything ? I've never heard of this
before.
Spamdyke's configuration directory is a link in /etc:
/etc/spamdyke -> ../opt/spamdyke/etc.
Here's my spamdyke configuration: 'cat
/etc/spamdyke/spamdyke.conf'
<spamdyke.conf>
#dns-blacklist-entry=zombie.dnsbl.sorbs.net
#dns-blacklist-entry=dul.dnsbl.sorbs.net
#dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=bl.spamcop.net
graylist-dir=/var/spamdyke/graylist
graylist-level=none
graylist-max-secs=2678400
graylist-min-secs=180
greeting-delay-secs=2
header-blacklist-entry=From:*>,*<*
idle-timeout-secs=60
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
qmail-rcpthosts-file=/var/qmail/control/rcpthosts
#qmail-rcpthosts-file=/var/qmail/control/qmail-morercpthosts-cdb
log-level=info
max-recipients=50
#policy-url=http://my.policy.explanation.url/
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
reject-empty-rdns
#reject-ip-in-cc-rdns
reject-sender=no-mx
reject-unresolvable-rdns
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
tls-level=smtp
</spamdyke.conf>
And, how did you make your certificate and where did you
put it?
Let me know if that helps.
Eric
On 4/28/2017 6:26 PM, Jeff Koch wrote:
Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable to
open file for searching /home/vpopmail/etc/open-smtp: No
such file or directory
Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable to
load or decrypt SSL/TLS private key from file:
/home/vpopmail/spamdyke/server_domain_net.key : A protocol
or library failure occurred,
error:0B080074:lib(11):func(128):reason(116)
Apr 28 09:52:32 server spamdyke[20476]: ERROR: incorrect
SSL/TLS private key password or SSL/TLS
certificate/privatekey
mismatch/home/vpopmail/spamdyke/server_domain_net.key : A
protocol or library failure occurred,
error:140A80B1:lib(20):func(168):reason(177)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
--
Eric Broch
White Horse Technical Consulting (WHTC)
