Re: [qmailtoaster] qq soft reject with Centos 7
Hi Jeff, Do you know why spamdyke would be looking in /home/vpopmail/etc for anything ? I've never heard of this before. Spamdyke's configuration directory is a link in /etc: /etc/spamdyke -> ../opt/spamdyke/etc. Here's my spamdyke configuration: 'cat /etc/spamdyke/spamdyke.conf' #dns-blacklist-entry=zombie.dnsbl.sorbs.net #dns-blacklist-entry=dul.dnsbl.sorbs.net #dns-blacklist-entry=bogons.cymru.com dns-blacklist-entry=zen.spamhaus.org dns-blacklist-entry=bl.spamcop.net graylist-dir=/var/spamdyke/graylist graylist-level=none graylist-max-secs=2678400 graylist-min-secs=180 greeting-delay-secs=2 header-blacklist-entry=From:*>,*<* idle-timeout-secs=60 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip qmail-rcpthosts-file=/var/qmail/control/rcpthosts #qmail-rcpthosts-file=/var/qmail/control/qmail-morercpthosts-cdb log-level=info max-recipients=50 #policy-url=http://my.policy.explanation.url/ rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns #reject-ip-in-cc-rdns reject-sender=no-mx reject-unresolvable-rdns sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp And, how did you make your certificate and where did you put it? Let me know if that helps. Eric On 4/28/2017 6:26 PM, Jeff Koch wrote: Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable to open file for searching /home/vpopmail/etc/open-smtp: No such file or directory Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable to load or decrypt SSL/TLS private key from file: /home/vpopmail/spamdyke/server_domain_net.key : A protocol or library failure occurred, error:0B080074:lib(11):func(128):reason(116) Apr 28 09:52:32 server spamdyke[20476]: ERROR: incorrect SSL/TLS private key password or SSL/TLS certificate/privatekey mismatch/home/vpopmail/spamdyke/server_domain_net.key : A protocol or library failure occurred, error:140A80B1:lib(20):func(168):reason(177) -- Eric Broch White Horse Technical Consulting (WHTC) - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qq soft reject with Centos 7
Hi Jeff, In addtion, 1. Check the spamassassin. # spamassassin --lint 2. Also check the environment spamassassin. spamassassin -D --lint 3. You also need restart qmail. # systemctl stop qmail check by ps ax # systemctl start qmail Kind regards, Nori On Fri, 28 Apr 2017 20:26:33 -0400 Jeff Koch wrote: > > Hi - we're running a new qmailtoaster (installed in March 2017) on a new > CentOS 7 server. We're seeing a large number of soft rejects in the > /var/log/qmail/smtp log that look like this: > > qmail-smtpd: qq soft reject (mail server temporarily rejected message > (#4.3.0)): > > We tried turning off ClamAV to see if that helped but it didn't. However, > these rejects seem to be accompanied by the following spamdyke errors in the > /var/log/maillog: > > Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable to open file for > searching /home/vpopmail/etc/tcp.s > mtp: No such file or directory > Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable to open file for > searching /home/vpopmail/etc/open-smtp: No such file or directory > Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable to load or decrypt > SSL/TLS private key from file: /home/vpopmail/spamdyke/server_domain_net.key > : A protocol or library failure occurred, > error:0B080074:lib(11):func(128):reason(116) > Apr 28 09:52:32 server spamdyke[20476]: ERROR: incorrect SSL/TLS private key > password or SSL/TLS certificate/privatekey > mismatch/home/vpopmail/spamdyke/server_domain_net.key : A protocol or library > failure occurred, error:140A80B1:lib(20):func(168):reason(177) > Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable to initialize SSL/TLS > library > Apr 28 09:52:32 server spamdyke[20476]: TLS_ENCRYPTED from: (unknown) to: > (unknown) origin_ip: 200.xx.xx.10 origin_rdns: ns.blah-blah.net auth: > (unknown) encryption: TLS_PASSTHROUGH reason: (empty) > > First Question - where did tcp.smtp go that used to reside in > /home/vpopmail/etc in the old toasters? > > Second Question - /home/vpopmail/spamdyke/server_domain_net.key does exist so > what could be the reason why spamdyke is unable to decrypt the private key? > > Thanks for any insights you guys might have. > > Jeff Koch /_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Telecommunications Association License No. A-18-9191 Government Resell License No. 301039703002 WATS CO.,LTD. Kawana Bldg, 5F Kamata Ota-ku Tokyo, 144-0052 JAPAN Phone 81-50-5830-5940 Ext&Mobile:201 VoiceMailDirect:201*1 FAX 81-50-5830-5941 http://wats.gr.jp Mail: wats @ wats.gr.jp Please remove the space between @ as double side Key fingerprint = B53D FF2F BFEA FDA8 1439 38AA 8281 9A3E C9B6 2FC9 /_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qq soft reject with Centos 7
Hi Jeff, Hope you are good. I am using CentOS-7.2.1511 for qt. Memory 16GB 4CPU on the KVM. 1. You can check clamdscan as below. # clamdscan -V ClamAV 0.99.2/23331/Wed Apr 26 13:58:22 2017 It should no error like above. 2. Check the softlimit /var/qmail/supervise/smtp/run I am setting 12800. #!/bin/sh QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SPAMDYKE="/usr/bin/spamdyke" SPAMDYKE_CONF="/etc/spamdyke/spamdyke.conf" SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" REQUIRE_AUTH=0 exec /usr/bin/softlimit -m 12800 \ /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \ $SPAMDYKE --config-file $SPAMDYKE_CONF \ $SMTPD $VCHKPW /bin/true 2>&1 3. You can set the DEBUG mode on simscan like below. /etc/tcprules.d/tcp.smtp :allow,SIMSCAN_DEBUG="3",BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/simscan",NOP0FCHECK="1" Do not forget # tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp 4. You will restart /etc/rc.d/init.d/spamd Then you can check the every log. Kind regards, Nori On Fri, 28 Apr 2017 20:26:33 -0400 Jeff Koch wrote: > > Hi - we're running a new qmailtoaster (installed in March 2017) on a new > CentOS 7 server. We're seeing a large number of soft rejects in the > /var/log/qmail/smtp log that look like this: > > qmail-smtpd: qq soft reject (mail server temporarily rejected message > (#4.3.0)): > > We tried turning off ClamAV to see if that helped but it didn't. However, > these rejects seem to be accompanied by the following spamdyke errors in the > /var/log/maillog: > > Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable to open file for > searching /home/vpopmail/etc/tcp.s > mtp: No such file or directory > Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable to open file for > searching /home/vpopmail/etc/open-smtp: No such file or directory > Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable to load or decrypt > SSL/TLS private key from file: /home/vpopmail/spamdyke/server_domain_net.key > : A protocol or library failure occurred, > error:0B080074:lib(11):func(128):reason(116) > Apr 28 09:52:32 server spamdyke[20476]: ERROR: incorrect SSL/TLS private key > password or SSL/TLS certificate/privatekey > mismatch/home/vpopmail/spamdyke/server_domain_net.key : A protocol or library > failure occurred, error:140A80B1:lib(20):func(168):reason(177) > Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable to initialize SSL/TLS > library > Apr 28 09:52:32 server spamdyke[20476]: TLS_ENCRYPTED from: (unknown) to: > (unknown) origin_ip: 200.xx.xx.10 origin_rdns: ns.blah-blah.net auth: > (unknown) encryption: TLS_PASSTHROUGH reason: (empty) > > First Question - where did tcp.smtp go that used to reside in > /home/vpopmail/etc in the old toasters? > > Second Question - /home/vpopmail/spamdyke/server_domain_net.key does exist so > what could be the reason why spamdyke is unable to decrypt the private key? > > Thanks for any insights you guys might have. > > Jeff Koch /_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ Telecommunications Association License No. A-18-9191 Government Resell License No. 301039703002 WATS CO.,LTD. Kawana Bldg, 5F Kamata Ota-ku Tokyo, 144-0052 JAPAN Phone 81-50-5830-5940 Ext&Mobile:201 VoiceMailDirect:201*1 FAX 81-50-5830-5941 http://wats.gr.jp Mail: wats @ wats.gr.jp Please remove the space between @ as double side Key fingerprint = B53D FF2F BFEA FDA8 1439 38AA 8281 9A3E C9B6 2FC9 /_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] qq soft reject with Centos 7
Hi Jeff, To answer your first question, the tcp.smtp file and related files now reside in /etc/tcprules.d. As far as your second question goes, I haven't used spamdyke so I can't speak to anything regarding that. Perhaps Eric or someone with some more experience can help you there. When you turned off ClamAV, did you also remove it from simscan and run "qmailctl cdb" after doing so? -Sean > On Apr 28, 2017, at 8:26 PM, Jeff Koch wrote: > > > Hi - we're running a new qmailtoaster (installed in March 2017) on a new > CentOS 7 server. We're seeing a large number of soft rejects in the > /var/log/qmail/smtp log that look like this: > > qmail-smtpd: qq soft reject (mail server temporarily rejected message > (#4.3.0)): > > We tried turning off ClamAV to see if that helped but it didn't. However, > these rejects seem to be accompanied by the following spamdyke errors in the > /var/log/maillog: > > Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable to open file for > searching /home/vpopmail/etc/tcp.s > mtp: No such file or directory > Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable to open file for > searching /home/vpopmail/etc/open-smtp: No such file or directory > Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable to load or decrypt > SSL/TLS private key from file: /home/vpopmail/spamdyke/server_domain_net.key > : A protocol or library failure occurred, > error:0B080074:lib(11):func(128):reason(116) > Apr 28 09:52:32 server spamdyke[20476]: ERROR: incorrect SSL/TLS private key > password or SSL/TLS certificate/privatekey > mismatch/home/vpopmail/spamdyke/server_domain_net.key : A protocol or library > failure occurred, error:140A80B1:lib(20):func(168):reason(177) > Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable to initialize SSL/TLS > library > Apr 28 09:52:32 server spamdyke[20476]: TLS_ENCRYPTED from: (unknown) to: > (unknown) origin_ip: 200.xx.xx.10 origin_rdns: ns.blah-blah.net auth: > (unknown) encryption: TLS_PASSTHROUGH reason: (empty) > > First Question - where did tcp.smtp go that used to reside in > /home/vpopmail/etc in the old toasters? > > Second Question - /home/vpopmail/spamdyke/server_domain_net.key does exist so > what could be the reason why spamdyke is unable to decrypt the private key? > > Thanks for any insights you guys might have. > > Jeff Koch
[qmailtoaster] qq soft reject with Centos 7
Hi - we're running a new qmailtoaster (installed in March 2017) on a new CentOS 7 server. We're seeing a large number of soft rejects in the /var/log/qmail/smtp log that look like this: qmail-smtpd: qq soft reject (mail server temporarily rejected message (#4.3.0)): We tried turning off ClamAV to see if that helped but it didn't. However, these rejects seem to be accompanied by the following spamdyke errors in the /var/log/maillog: Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable to open file for searching /home/vpopmail/etc/tcp.s mtp: No such file or directory Apr 28 09:52:29 server spamdyke[20476]: ERROR: unable to open file for searching /home/vpopmail/etc/open-smtp: No such file or directory Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable to load or decrypt SSL/TLS private key from file: /home/vpopmail/spamdyke/server_domain_net.key : A protocol or library failure occurred, error:0B080074:lib(11):func(128):reason(116) Apr 28 09:52:32 server spamdyke[20476]: ERROR: incorrect SSL/TLS private key password or SSL/TLS certificate/privatekey mismatch/home/vpopmail/spamdyke/server_domain_net.key : A protocol or library failure occurred, error:140A80B1:lib(20):func(168):reason(177) Apr 28 09:52:32 server spamdyke[20476]: ERROR: unable to initialize SSL/TLS library Apr 28 09:52:32 server spamdyke[20476]: TLS_ENCRYPTED from: (unknown) to: (unknown) origin_ip: 200.xx.xx.10 origin_rdns: ns.blah-blah.net auth: (unknown) encryption: TLS_PASSTHROUGH reason: (empty) First Question - where did tcp.smtp go that used to reside in /home/vpopmail/etc in the old toasters? Second Question - /home/vpopmail/spamdyke/server_domain_net.key does exist so what could be the reason why spamdyke is unable to decrypt the private key? Thanks for any insights you guys might have. Jeff Koch