Re: [qmailtoaster] TLS issue with Spamdyke v5.0.1

Tue, 27 Dec 2022 15:30:11 -0800

It looks like the start of the connection at 18:37:41 and when the timeout occurs at 18:42:03 is a pretty big chunk of time. The idle timeout in you spamdyke file is 60 seconds. This doesn't sound like a problem with TLS. It seems like a problem with the time of negotiation. How busy is your server? 

On 12/27/2022 12:13 PM, nowuk...@gmail.com wrote:



Mistakenly, I ended up taking this conversation off the list. Here is 
the summary conclusion for anyone that may encounter a similar situation.



It appears to be mostly network issue. At Eric's advice, I downgraded 
Spamdyke and the delivery seemed to improve. I still see timeouts, as 
shown below, but in the end, Yahoo delivered the message below several 
minutes later. Notably, messages from Gmail sometimes show timeouts, 
but typically get delivered within minutes. I am still investigating 
potential networking issues causing the MX lookup to fail.


Thanks, again, to everyone who offered assistance.

Regards,

Ed


12/27/2022 18:37:41 - Remote rDNS = sonic315-13.consmr.mail.bf2.yahoo.com

12/27/2022 18:37:41 LOG OUTPUT

DEBUG(filter_rdns_missing()@filter.c:947): checking for missing rDNS; 
rdns: sonic315-13.consmr.mail.bf2.yahoo.com
DEBUG(filter_ip_in_rdns_cc()@filter.c:978): checking for IP in rDNS 
+country code; rdns: sonic315-13.consmr.mail.bf2.yahoo.com
DEBUG(filter_rdns_whitelist_file()@filter.c:1055): searching rDNS 
whitelist file(s); rdns: sonic315-13.consmr.mail.bf2.yahoo.com
DEBUG(filter_rdns_blacklist_file()@filter.c:1159): searching rDNS 
blacklist file(s); rdns: sonic315-13.consmr.mail.bf2.yahoo.com
DEBUG(filter_ip_whitelist()@filter.c:1228): searching IP whitelist 
file(s); ip: 74.6.134.123
DEBUG(filter_ip_blacklist()@filter.c:1279): searching IP blacklist 
file(s); ip: 74.6.134.123
DEBUG(filter_ip_in_rdns_whitelist()@filter.c:1380): checking for IP in 
rDNS +keyword(s) in whitelist file; ip: 74.6.134.123 rdns: 
sonic315-13.consmr.mail.bf2.yahoo.com
DEBUG(filter_ip_in_rdns_blacklist()@filter.c:1333): checking for IP in 
rDNS +keyword(s) in blacklist file; ip: 74.6.134.123 rdns: 
sonic315-13.consmr.mail.bf2.yahoo.com
DEBUG(filter_rdns_resolve()@filter.c:1426): checking rDNS resolution; 
rdns: sonic315-13.consmr.mail.bf2.yahoo.com
DEBUG(filter_dns_rbl()@filter.c:1645): checking DNS RBL(s); ip: 
74.6.134.123
DEBUG(filter_earlytalker()@filter.c:1817): checking for earlytalker; 
delay: 6
DEBUG(undo_softlimit()@spamdyke.c:3203): reset address space soft 
limit to infinity: please stop using the softlimit program
DEBUG(undo_softlimit()@spamdyke.c:3223): reset data segment soft limit 
to infinity: please stop using the softlimit program
DEBUG(undo_softlimit()@spamdyke.c:3241): reset stack size soft limit 
to infinity: please stop using the softlimit program


12/27/2022 18:37:47 FROM CHILD TO REMOTE: 60 bytes
220 --removed-- - No spam or viruses accepted ESMTP

12/27/2022 18:37:47 FROM REMOTE TO CHILD: 44 bytes
EHLO sonic315-13.consmr.mail.bf2.yahoo.com

12/27/2022 18:37:47 FROM CHILD TO REMOTE: 54 bytes
250---removed-- - No spam or viruses accepted

12/27/2022 18:37:47 FROM CHILD TO REMOTE: 14 bytes
250-STARTTLS

12/27/2022 18:37:47 FROM CHILD TO REMOTE: 16 bytes
250-PIPELINING

12/27/2022 18:37:47 FROM CHILD TO REMOTE: 14 bytes
250-8BITMIME

12/27/2022 18:37:47 FROM CHILD TO REMOTE: 19 bytes
250-SIZE 20971520

12/27/2022 18:37:47 FROM CHILD TO REMOTE: 31 bytes
250 AUTH LOGIN PLAIN CRAM-MD5

12/27/2022 18:37:47 FROM REMOTE TO CHILD: 10 bytes
STARTTLS

12/27/2022 18:37:47 FROM SPAMDYKE TO REMOTE: 14 bytes
220 Proceed.

12/27/2022 18:37:48 LOG OUTPUT TLS

DEBUG(tls_start()@tls.c:417): TLS/SSL connection established, using 
cipher AES128-GCM-SHA256, 128 bits


12/27/2022 18:37:48 - TLS negotiated and started

12/27/2022 18:37:48 FROM REMOTE TO CHILD: 44 bytes TLS
EHLO sonic315-13.consmr.mail.bf2.yahoo.com

12/27/2022 18:37:48 FROM CHILD TO REMOTE: 54 bytes TLS
250---removed-- - No spam or viruses accepted

12/27/2022 18:37:48 FROM CHILD, FILTERED: 14 bytes TLS
250-STARTTLS

12/27/2022 18:37:48 FROM CHILD TO REMOTE: 16 bytes TLS
250-PIPELINING

12/27/2022 18:37:48 FROM CHILD TO REMOTE: 14 bytes TLS
250-8BITMIME

12/27/2022 18:37:48 FROM CHILD TO REMOTE: 19 bytes TLS
250-SIZE 20971520

12/27/2022 18:37:48 FROM CHILD TO REMOTE: 31 bytes TLS
250 AUTH LOGIN PLAIN CRAM-MD5

12/27/2022 18:37:49 FROM REMOTE TO CHILD: 33 bytes TLS
MAIL FROM:<--removed-->

12/27/2022 18:37:49 LOG OUTPUT TLS

DEBUG(find_username()@spamdyke.c:127): searching for username between 
positions 11 and 29: MAIL FROM:<--removed-->
DEBUG(find_domain()@spamdyke.c:361): searching for domain between 
positions 20 and 29: MAIL FROM:<--removed-->

DEBUG(find_address()@spamdyke.c:726): found username: --removed--
DEBUG(find_address()@spamdyke.c:743): found domain: yahoo.com

DEBUG(filter_sender_whitelist()@filter.c:1871): searching sender 
whitelist(s); sender: --removed--
DEBUG(filter_sender_blacklist()@filter.c:2011): searching sender 
blacklist(s); sender: --removed--
DEBUG(filter_sender()@filter.c:2296): checking for sender domain MX 
record; domain: yahoo.com


12/27/2022 18:42:03 FROM CHILD TO REMOTE: 8 bytes TLS
250 ok

12/27/2022 18:42:03 LOG OUTPUT TLS

ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The 
connection was unexpectedly ended/closed


12/27/2022 18:42:03 - TLS ended and closed

12/27/2022 18:42:03 CLOSED



On 12/26/22 00:45, Eric Broch wrote:

Do you have openssl-* installed?
On Dec 25, 2022, at 9:57 PM, nowuk...@gmail.com wrote:

    Hi,

    It seems like suddenly my QMT installation started acting up and reject
    mail (several days now). It does not deliver bounces but reports that
    the sending server, e.g., Yahoo, etc, could not connect to send mail.
    There is no MTA code in returned mail, at all. Initially, Gmail was
    having an issue, as well, but now seems to be able to send mail.

    I am convinced it was due to some package upgrade, but I am at my wits
    end to figure out how to fix this. Any hints would be appreciated. The
    certificate file is Let's Encrypt certificate I have used for some time
    now and key packaged into PEM file.

    Current package versions are (some upgraded recently, as I was trying to
    fix it with no success):

    autorespond-2.0.5-1.qt.el7.x86_64
    control-panel-0.5.1-1.qt.el7.x86_64
    daemontools-0.76-0.qt.el7.x86_64
    dovecot-2.3.11.3  <http://2.3.11.3>-13.qt.el7.x86_64
    dspam-3.10.2-15.qt.el7.x86_64
    dspam-client-3.10.2-15.qt.el7.x86_64
    dspam-hash-3.10.2-15.qt.el7.x86_64
    dspam-libs-3.10.2-15.qt.el7.x86_64
    dspam-mysql-3.10.2-15.qt.el7.x86_64
    ezmlm-0.53.324-0.qt.el7.x86_64
    ezmlm-cgi-0.53.324-0.qt.el7.x86_64
    isoqlog-2.2.1-2.qt.el7.x86_64
    libdomainkeys-devel-0.69-1.qt.el7.x86_64
    libsrs2-1.0.18-0.qt.el7.x86_64
    libsrs2-devel-1.0.18-0.qt.el7.x86_64
    maildrop-2.9.1-2.qt.el7.x86_64
    maildrop-devel-2.9.1-2.qt.el7.x86_64
    mailman-debuginfo-2.1.12-20.qt.el7.x86_64
    openssl11-1.1.1k-6.qt.el7.x86_64
    openssl11-libs-1.1.1k-6.qt.el7.x86_64
    qmail-1.03-2.2.1.qt.el7.x86_64
    qmailadmin-1.2.16-3.2.qt.el7.x86_64
    qmailmrtg-4.2-3.qt.el7.x86_64
    qmt-plus-1-0.qt.el7.noarch
    qmt-release-1-7.qt.el7.noarch
    spamdyke-5.0.1-3.qt.el7.x86_64
    ucspi-tcp-0.88-0.qt.el7.x86_64
    vpopmail-5.4.33-2.qt.el7.x86_64
    vqadmin-2.3.7-1.qt.el7.x86_64

    Thanks,

    Ed


    P.S. In the Spamdyke logs, I see that the TLS connection has been
    established but it times out:

    Dec 25 18:32:27 mx2 spamdyke[17819]:
    DEBUG(filter_ip_in_rdns_cc()@filter.c:978): checking for IP in rDNS
    +country code; rdns:mta5.ealerts.bankofamerica.com  
<http://mta5.ealerts.bankofamerica.com>
    Dec 25 18:32:27 mx2 spamdyke[17819]:
    DEBUG(filter_rdns_whitelist_file()@filter.c:1055): searching rDNS
    whitelist file(s); rdns:mta5.ealerts.bankofamerica.com  
<http://mta5.ealerts.bankofamerica.com>
    Dec 25 18:32:27 mx2 spamdyke[17819]:
    DEBUG(filter_rdns_blacklist_file()@filter.c:1159): searching rDNS
    blacklist file(s); rdns:mta5.ealerts.bankofamerica.com  
<http://mta5.ealerts.bankofamerica.com>
    Dec 25 18:32:27 mx2 spamdyke[17819]:
    DEBUG(filter_ip_whitelist()@filter.c:1228): searching IP whitelist
    file(s); ip:68.232.194.2  <http://68.232.194.2>
    Dec 25 18:32:27 mx2 spamdyke[17819]:
    DEBUG(filter_ip_blacklist()@filter.c:1279): searching IP blacklist
    file(s); ip:68.232.194.2  <http://68.232.194.2>
    Dec 25 18:32:27 mx2 spamdyke[17819]:
    DEBUG(filter_ip_in_rdns_whitelist()@filter.c:1380): checking for IP in
    rDNS +keyword(s) in whitelist file; ip:68.232.194.2  <http://68.232.194.2>  
rdns:
    mta5.ealerts.bankofamerica.com  <http://mta5.ealerts.bankofamerica.com>
    Dec 25 18:32:27 mx2 spamdyke[17819]:
    DEBUG(filter_ip_in_rdns_blacklist()@filter.c:1333): checking for IP in
    rDNS +keyword(s) in blacklist file; ip:68.232.194.2  <http://68.232.194.2>  
rdns:
    mta5.ealerts.bankofamerica.com  <http://mta5.ealerts.bankofamerica.com>
    Dec 25 18:32:27 mx2 spamdyke[17819]:
    DEBUG(filter_rdns_resolve()@filter.c:1426): checking rDNS resolution;
    rdns:mta5.ealerts.bankofamerica.com  <http://mta5.ealerts.bankofamerica.com>
    Dec 25 18:32:27 mx2 spamdyke[17819]:
    DEBUG(filter_dns_rbl()@filter.c:1645): checking DNS RBL(s); ip:68.232.194.2  
<http://68.232.194.2>
    Dec 25 18:32:27 mx2 spamdyke[17819]:
    DEBUG(filter_earlytalker()@filter.c:1817): checking for earlytalker;
    delay: 2
    Dec 25 18:32:30 mx2 spamdyke[17819]: DEBUG(tls_start()@tls.c:439):
    TLS/SSL connection established, using cipher AES256-GCM-SHA384, 256 bits
    Dec 25 18:32:31 mx2 spamdyke[17819]:
    DEBUG(find_username()@spamdyke.c:127): searching for username between
    positions 11 and 93: MAIL

    FROM:<bounce-145816_html-1692157747-5010266-522000109...@bounce.ealerts.bankofamerica.com>  
    BODY=8BITMIME

    Dec 25 18:32:31 mx2 spamdyke[17819]:
    DEBUG(find_domain()@spamdyke.c:361): searching for domain between
    positions 61 and 93: MAIL

    FROM:<bounce-145816_html-1692157747-5010266-522000109...@bounce.ealerts.bankofamerica.com>  
    BODY=8BITMIME

    Dec 25 18:32:31 mx2 spamdyke[17819]:
    DEBUG(find_address()@spamdyke.c:726): found username:
    bounce-145816_HTML-1692157747-5010266-522000109-17
    Dec 25 18:32:31 mx2 spamdyke[17819]:
    DEBUG(find_address()@spamdyke.c:743): found domain:
    bounce.ealerts.bankofamerica.com  <http://bounce.ealerts.bankofamerica.com>
    Dec 25 18:32:31 mx2 spamdyke[17819]:
    DEBUG(filter_sender_whitelist()@filter.c:1871): searching sender
    whitelist(s); sender:
    
bounce-145816_html-1692157747-5010266-522000109...@bounce.ealerts.bankofamerica.com
    Dec 25 18:32:31 mx2 spamdyke[17819]:
    DEBUG(filter_sender_blacklist()@filter.c:2011): searching sender
    blacklist(s); sender:
    
bounce-145816_html-1692157747-5010266-522000109...@bounce.ealerts.bankofamerica.com
    Dec 25 18:32:31 mx2 spamdyke[17819]:
    DEBUG(filter_sender()@filter.c:2296): checking for sender domain MX
    record; domain:bounce.ealerts.bankofamerica.com  
<http://bounce.ealerts.bankofamerica.com>
    Dec 25 18:33:32 mx2 spamdyke[17819]: TIMEOUT from:

    bounce-145816_html-1692157747-5010266-522000109...@bounce.ealerts.bankofamerica.com  
    to: (unknown) origin_ip:68.232.194.2  <http://68.232.194.2>  origin_rdns:

    mta5.ealerts.bankofamerica.com  <http://mta5.ealerts.bankofamerica.com>  
auth: (unknown) encryption: TLS reason:
    TIMEOUT



    ------------------------------------------------------------------------

    To unsubscribe, e-mail:qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail:qmailtoaster-list-h...@qmailtoaster.com






















					Reply via email to