I'm not sure I like how spamdyke handles tls, though I don't know
another way one would do it.
Setting tls-level=none turns of ALL TLS even in qmail's offering.
If you want qmail to handle TLS comment the certificate file:
#tls-certificate-file=/var/qmail/control/servercert.pem
However, if you do this, spamdyke (I think) will not work anymore
because all traffic through it is now encrypted (you could check if I'm
correct on the spamdyke mailing list).
On 8/7/2020 6:13 PM, Chris wrote:
I know I'm responding to a really old thread here, but I stumbled upon
this trying to solve another issue.
When I set tls-level=none in /opt/spamdyke/etc/spamdyke.conf and
reboot, I now completely fail the SMTP TLS checker at
https://luxsci.com/smtp-tls-checker
It would appear that qmail isn't doing the tls at all.
Where are the settings to telling qmail to handle the tls? Is it in
the run file, or elsewhere?
On Wed, Jun 19, 2019 at 3:14 AM Eric Broch <ebr...@whitehorsetc.com
<mailto:ebr...@whitehorsetc.com>> wrote:
In /etc/spamdyke/spamdyke.conf set 'tls-level' to 'none'.
tls-level=none
allow qmail to do the tls and see if it works.
On 6/18/2019 9:07 AM, Rajesh M wrote:
eric
in the spamdyke.conf i can see this
tls-certificate-file=/var/qmail/control/servercert.pem
also i am using the
/var/qmail/control/servercert.pem
for domain key signing of outgoing emails.
rajesh
----- Original Message -----
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
To:qmailtoaster-list@qmailtoaster.com
<mailto:qmailtoaster-list@qmailtoaster.com>
Sent: Tue, 18 Jun 2019 08:52:13 -0600
Subject:
So you have spamdyke doing the TLS?
On 6/18/2019 8:38 AM, Rajesh M wrote:
Hi
ISSUE 1
all of a sudden we are receiving error on one of our servers for one
specific sender domain (sending from microsoft server)
the sender domain is not able to send emails to the recepient domain on our
server. The email bounces with the following error
encryption: TLS reason: 503_MAIL_first_(#5.5.1)
06/18/2019 19:33:16 LOG OUTPUT TLS
DENIED_OTHER from:rethish.n...@sender.com <mailto:rethish.n...@sender.com>
to:nominati...@dxb.recepient.com <mailto:nominati...@dxb.recepient.com> origin_ip:
40.107.69.126 origin_rdns:mail-eopbgr690126.outbound.protection.outlook.com
<http://mail-eopbgr690126.outbound.protection.outlook.com> auth: (unknown) encryption: TLS
reason: 503_MAIL_first_(#5.5.1)
06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS
QUIT
06/18/2019 19:33:16 LOG OUTPUT TLS
ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The
operation failed due to an I/O error, Connection reset by peer
ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file
descriptor 1: Connection reset by peer
06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS
221ns1.HOSTNAME.com <http://ns1.HOSTNAME.com>
06/18/2019 19:33:16 LOG OUTPUT TLS
ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The
operation failed due to an I/O error, Unexpected EOF found
06/18/2019 19:33:16 - TLS ended and closed
the error log of spamdyke full-log-dir is give below follows
ISSUE 2
also i noted that spamdyke log mentions as such
reset address space soft limit to infinity: please stop using the softlimit
program
What exactly does this mean. What is the alternative to prevent large files
should i disable softlimit program in
/usr/bin/softlimit -m 64000000 \
in the smtp run file
require your kind help in resolving the above 2 issues
thanks
rajesh
06/18/2019 19:32:54 STARTED: VERSION = 5.0.1+TLS+CONFIGTEST+DEBUG, PID =
19829
06/18/2019 19:32:54 CURRENT ENVIRONMENT
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin
PWD=/var/qmail/supervise/smtp
SHLVL=0
PROTO=TCP
TCPLOCALIP=103.241.181.154
TCPLOCALPORT=25
TCPLOCALHOST=ns1.HOSTNAME.com <http://ns1.HOSTNAME.com>
TCPREMOTEIP=40.107.69.126
TCPREMOTEPORT=42264
BADMIMETYPE=
BADLOADERTYPE=M
QMAILQUEUE=/var/qmail/bin/simscan
CHKUSER_START=ALWAYS
CHKUSER_RCPTLIMIT=50
CHKUSER_WRONGRCPTLIMIT=10
NOP0FCHECK=1
DKQUEUE=/var/qmail/bin/qmail-queue.orig
DKVERIFY=DEGIJKfh
DKSIGN=/var/qmail/control/domainkeys/%/private
06/18/2019 19:32:54 CURRENT CONFIG
config-file=/etc/spamdyke/spamdyke.conf
dns-blacklist-entry=zen.spamhaus.org <http://zen.spamhaus.org>
full-log-dir=/var/log/spamdyke
graylist-dir=/var/spamdyke/graylist
graylist-max-secs=2678400
graylist-min-secs=180
header-blacklist-entry=From:*>,*<*
idle-timeout-secs=600
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
log-level=info
max-recipients=100
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
reject-empty-rdns=1
reject-sender=no-mx
reject-sender=authentication-domain-mismatch
reject-unresolvable-rdns=1
relay-level=normal
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
06/18/2019 19:32:54 - Remote IP = 40.107.69.126
06/18/2019 19:32:54 CURRENT CONFIG
config-file=/etc/spamdyke/spamdyke.conf
dns-blacklist-entry=zen.spamhaus.org <http://zen.spamhaus.org>
dns-server-ip-primary=8.8.8.8
full-log-dir=/var/log/spamdyke
graylist-dir=/var/spamdyke/graylist
graylist-max-secs=2678400
graylist-min-secs=180
header-blacklist-entry=From:*>,*<*
idle-timeout-secs=600
ip-blacklist-file=/etc/spamdyke/blacklist_ip
ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords
ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords
ip-whitelist-file=/etc/spamdyke/whitelist_ip
log-level=info
max-recipients=100
rdns-blacklist-file=/etc/spamdyke/blacklist_rdns
rdns-whitelist-file=/etc/spamdyke/whitelist_rdns
recipient-blacklist-file=/etc/spamdyke/blacklist_recipients
recipient-whitelist-file=/etc/spamdyke/whitelist_recipients
reject-empty-rdns=1
reject-sender=no-mx
reject-sender=authentication-domain-mismatch
reject-unresolvable-rdns=1
relay-level=normal
sender-blacklist-file=/etc/spamdyke/blacklist_senders
sender-whitelist-file=/etc/spamdyke/whitelist_senders
tls-certificate-file=/var/qmail/control/servercert.pem
06/18/2019 19:32:54 - Remote rDNS
=mail-eopbgr690126.outbound.protection.outlook.com
<http://mail-eopbgr690126.outbound.protection.outlook.com>
06/18/2019 19:32:54 LOG OUTPUT
DEBUG(filter_rdns_missing()@filter.c:947): checking for missing rDNS;
rdns:mail-eopbgr690126.outbound.protection.outlook.com
<http://mail-eopbgr690126.outbound.protection.outlook.com>
DEBUG(filter_rdns_whitelist_file()@filter.c:1055): searching rDNS whitelist
file(s); rdns:mail-eopbgr690126.outbound.protection.outlook.com
<http://mail-eopbgr690126.outbound.protection.outlook.com>
DEBUG(filter_rdns_blacklist_file()@filter.c:1159): searching rDNS blacklist
file(s); rdns:mail-eopbgr690126.outbound.protection.outlook.com
<http://mail-eopbgr690126.outbound.protection.outlook.com>
DEBUG(filter_ip_whitelist()@filter.c:1228): searching IP whitelist file(s);
ip: 40.107.69.126
DEBUG(filter_ip_blacklist()@filter.c:1279): searching IP blacklist file(s);
ip: 40.107.69.126
DEBUG(filter_ip_in_rdns_whitelist()@filter.c:1380): checking for IP in rDNS
+keyword(s) in whitelist file; ip: 40.107.69.126
rdns:mail-eopbgr690126.outbound.protection.outlook.com
<http://mail-eopbgr690126.outbound.protection.outlook.com>
DEBUG(filter_ip_in_rdns_blacklist()@filter.c:1333): checking for IP in rDNS
+keyword(s) in blacklist file; ip: 40.107.69.126
rdns:mail-eopbgr690126.outbound.protection.outlook.com
<http://mail-eopbgr690126.outbound.protection.outlook.com>
DEBUG(filter_rdns_resolve()@filter.c:1426): checking rDNS resolution;
rdns:mail-eopbgr690126.outbound.protection.outlook.com
<http://mail-eopbgr690126.outbound.protection.outlook.com>
DEBUG(filter_dns_rbl()@filter.c:1645): checking DNS RBL(s); ip:
40.107.69.126
DEBUG(undo_softlimit()@spamdyke.c:3203): reset address space soft limit to
infinity: please stop using the softlimit program
DEBUG(undo_softlimit()@spamdyke.c:3223): reset data segment soft limit to
infinity: please stop using the softlimit program
DEBUG(undo_softlimit()@spamdyke.c:3241): reset stack size soft limit to
infinity: please stop using the softlimit program
06/18/2019 19:32:54 FROM CHILD TO REMOTE: 33 bytes
220ns1.HOSTNAME.com <http://ns1.HOSTNAME.com> ESMTP
06/18/2019 19:32:54 FROM REMOTE TO CHILD: 52 bytes
EHLONAM04-CO1-obe.outbound.protection.outlook.com
<http://NAM04-CO1-obe.outbound.protection.outlook.com>
06/18/2019 19:32:54 FROM CHILD TO REMOTE: 27 bytes
250-ns1.HOSTNAME.com <http://250-ns1.HOSTNAME.com>
06/18/2019 19:32:54 FROM CHILD TO REMOTE: 14 bytes
250-STARTTLS
06/18/2019 19:32:54 FROM CHILD TO REMOTE: 16 bytes
250-PIPELINING
06/18/2019 19:32:54 FROM CHILD TO REMOTE: 14 bytes
250-8BITMIME
06/18/2019 19:32:54 FROM CHILD TO REMOTE: 19 bytes
250-SIZE 31457280
06/18/2019 19:32:54 FROM CHILD TO REMOTE: 31 bytes
250 AUTH LOGIN PLAIN CRAM-MD5
06/18/2019 19:32:55 FROM REMOTE TO CHILD: 10 bytes
STARTTLS
06/18/2019 19:32:55 FROM SPAMDYKE TO REMOTE: 14 bytes
220 Proceed.
06/18/2019 19:32:56 LOG OUTPUT TLS
DEBUG(tls_start()@tls.c:417): TLS/SSL connection established, using cipher
AES256-GCM-SHA384, 256 bits
06/18/2019 19:32:56 - TLS negotiated and started
06/18/2019 19:32:56 FROM REMOTE TO CHILD: 52 bytes TLS
EHLONAM04-CO1-obe.outbound.protection.outlook.com
<http://NAM04-CO1-obe.outbound.protection.outlook.com>
06/18/2019 19:32:56 FROM CHILD TO REMOTE: 27 bytes TLS
250-ns1.HOSTNAME.com <http://250-ns1.HOSTNAME.com>
06/18/2019 19:32:56 FROM CHILD, FILTERED: 14 bytes TLS
250-STARTTLS
06/18/2019 19:32:56 FROM CHILD TO REMOTE: 16 bytes TLS
250-PIPELINING
06/18/2019 19:32:56 FROM CHILD TO REMOTE: 14 bytes TLS
250-8BITMIME
06/18/2019 19:32:56 FROM CHILD TO REMOTE: 19 bytes TLS
250-SIZE 31457280
06/18/2019 19:32:56 FROM CHILD TO REMOTE: 31 bytes TLS
250 AUTH LOGIN PLAIN CRAM-MD5
06/18/2019 19:32:57 FROM REMOTE TO CHILD: 48 bytes TLS
MAIL FROM:<rethish.n...@sender.com> <mailto:rethish.n...@sender.com>
SIZE=68640
06/18/2019 19:32:57 LOG OUTPUT TLS
DEBUG(find_username()@spamdyke.c:127): searching for username between positions 11 and
33: MAIL FROM:<rethish.n...@sender.com> <mailto:rethish.n...@sender.com>
SIZE=68640
RCPT TO:<ranj...@dxb.recepient.com> <mailto:ranj...@dxb.recepient.com>
RCPT TO:<nominati...@dxb.recepient.com>
<mailto:nominati...@dxb.recepient.com>
DEBUG(find_domain()@spamdyke.c:361): searching for domain between positions 23 and 33:
MAIL FROM:<rethish.n...@sender.com> <mailto:rethish.n...@sender.com>
SIZE=68640
RCPT TO:<ranj...@dxb.recepient.com> <mailto:ranj...@dxb.recepient.com>
RCPT TO:<nominati...@dxb.recepient.com>
<mailto:nominati...@dxb.recepient.com>
DEBUG(find_address()@spamdyke.c:726): found username: Rethish.Nair
DEBUG(find_address()@spamdyke.c:743): found domain: SENDER.com
DEBUG(filter_sender_whitelist()@filter.c:1871): searching sender whitelist(s);
sender:rethish.n...@sender.com <mailto:rethish.n...@sender.com>
FILTER_SENDER_WHITELIST sender:rethish.n...@sender.com
<mailto:rethish.n...@sender.com> file: /etc/spamdyke/whitelist_senders(781)
06/18/2019 19:33:16 FROM CHILD TO REMOTE: 33 bytes TLS
451 SPF lookup failure (#4.3.0)
06/18/2019 19:33:16 FROM REMOTE TO CHILD: 40 bytes TLS
RCPT TO:<ranj...@dxb.recepient.com> <mailto:ranj...@dxb.recepient.com>
06/18/2019 19:33:16 LOG OUTPUT TLS
DEBUG(find_username()@spamdyke.c:127): searching for username between positions 9 and
36: RCPT TO:<ranj...@dxb.recepient.com> <mailto:ranj...@dxb.recepient.com>
RCPT TO:<nominati...@dxb.recepient.com>
<mailto:nominati...@dxb.recepient.com>
DEBUG(find_domain()@spamdyke.c:361): searching for domain between positions 16 and 36:
RCPT TO:<ranj...@dxb.recepient.com> <mailto:ranj...@dxb.recepient.com>
RCPT TO:<nominati...@dxb.recepient.com>
<mailto:nominati...@dxb.recepient.com>
DEBUG(find_address()@spamdyke.c:726): found username: ranjini
DEBUG(find_address()@spamdyke.c:743): found domain:dxb.RECEPIENT.com
<http://dxb.RECEPIENT.com>
DEBUG(find_cdb_record()@cdb.c:138): searching CDB file
/var/qmail/control/morercpthosts.cdb for 20 byte key =dxb.RECEPIENT.com
<http://dxb.RECEPIENT.com>, hash = 3655419700, main index = 52, num_slots = 2,
slot_num = 1
06/18/2019 19:33:16 LOG OUTPUT TLS
FILTER_OTHER response: "503 MAIL first (#5.5.1)"
06/18/2019 19:33:16 FROM CHILD TO REMOTE: 25 bytes TLS
503 MAIL first (#5.5.1)
06/18/2019 19:33:16 LOG OUTPUT TLS
DENIED_OTHER from:rethish.n...@sender.com <mailto:rethish.n...@sender.com>
to:ranj...@dxb.recepient.com <mailto:ranj...@dxb.recepient.com> origin_ip: 40.107.69.126
origin_rdns:mail-eopbgr690126.outbound.protection.outlook.com
<http://mail-eopbgr690126.outbound.protection.outlook.com> auth: (unknown) encryption: TLS
reason: 503_MAIL_first_(#5.5.1)
06/18/2019 19:33:16 FROM REMOTE TO CHILD: 44 bytes TLS
RCPT TO:<nominati...@dxb.recepient.com>
<mailto:nominati...@dxb.recepient.com>
06/18/2019 19:33:16 LOG OUTPUT TLS
DEBUG(find_username()@spamdyke.c:127): searching for username between positions 9 and
40: RCPT TO:<nominati...@dxb.recepient.com>
<mailto:nominati...@dxb.recepient.com>
DEBUG(find_domain()@spamdyke.c:361): searching for domain between positions 20 and 40:
RCPT TO:<nominati...@dxb.recepient.com> <mailto:nominati...@dxb.recepient.com>
DEBUG(find_address()@spamdyke.c:726): found username: nominations
DEBUG(find_address()@spamdyke.c:743): found domain:dxb.RECEPIENT.com
<http://dxb.RECEPIENT.com>
DEBUG(find_cdb_record()@cdb.c:138): searching CDB file
/var/qmail/control/morercpthosts.cdb for 20 byte key =dxb.RECEPIENT.com
<http://dxb.RECEPIENT.com>, hash = 3655419700, main index = 52, num_slots = 2,
slot_num = 1
06/18/2019 19:33:16 LOG OUTPUT TLS
FILTER_OTHER response: "503 MAIL first (#5.5.1)"
06/18/2019 19:33:16 FROM CHILD TO REMOTE: 25 bytes TLS
503 MAIL first (#5.5.1)
06/18/2019 19:33:16 LOG OUTPUT TLS
DENIED_OTHER from:rethish.n...@sender.com <mailto:rethish.n...@sender.com>
to:nominati...@dxb.recepient.com <mailto:nominati...@dxb.recepient.com> origin_ip:
40.107.69.126 origin_rdns:mail-eopbgr690126.outbound.protection.outlook.com
<http://mail-eopbgr690126.outbound.protection.outlook.com> auth: (unknown) encryption: TLS
reason: 503_MAIL_first_(#5.5.1)
06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS
QUIT
06/18/2019 19:33:16 LOG OUTPUT TLS
ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The
operation failed due to an I/O error, Connection reset by peer
ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file
descriptor 1: Connection reset by peer
06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS
221ns1.HOSTNAME.com <http://ns1.HOSTNAME.com>
06/18/2019 19:33:16 LOG OUTPUT TLS
ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The
operation failed due to an I/O error, Unexpected EOF found
06/18/2019 19:33:16 - TLS ended and closed
06/18/2019 19:33:16 CLOSED
---------------------------------------------------------------------
To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>
---------------------------------------------------------------------
To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com
<mailto:qmailtoaster-list-unsubscr...@qmailtoaster.com>
For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com
<mailto:qmailtoaster-list-h...@qmailtoaster.com>
