[qmailtoaster] Re: clamav patch update issue
Hi Friends, Anyone facing the similar issue? I have tried to update clamav with the below commands, after preparing it was struck the screen then i do ctl c then i run freshclam command it showing latest one. but the email was not going then i do simcontrol file clam=no, then it was going. Could you look at this issue and help me. i used this command on COS 6 32 bit. rpm -Uvh ftp://qmailtoaster.org/pub/repo/qmt/CentOS/6/testing/i386/clamav-0.101.2-8.qt.zlib1211.el6.i686.rpm could you help to fix this issue. Do i need to revoke to older clamav version. Appreciate if anyone can help me. On Tue, Jun 18, 2019 at 1:18 PM ChandranManikandan wrote: > Hi Folks, > > I have tried to update clamav with the below commands, after preparing it > was struck the screen then i do ctl c then i run freshclam command it > showing latest one. but the email was not going then i do simcontrol file > clam=no, then it was going. > > Could you look at this issue and help me. > > i used this command on COS 6 32 bit. > > rpm -Uvh > ftp://qmailtoaster.org/pub/repo/qmt/CentOS/6/testing/i386/clamav-0.101.2-8.qt.zlib1211.el6.i686.rpm > > > -- > > > *Regards,Manikandan.C* > -- *Regards,Manikandan.C*
Re: [qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
Hi Rajesh, I was using the TLS in the spamdyke.conf and I just removed it and it working just fine. You maybe facing different issues. Remo > On Jun 18, 2019, at 9:16 AM, Rajesh M <24x7ser...@24x7server.net> wrote: > > remo > > Were you facing the same issue ? > > Could you please explain in detail the exact steps you followed > > thanks, > rajesh > > - Original Message - > From: r...@mattei.org [mailto:r...@mattei.org] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 18 Jun 2019 09:13:26 -0700 > Subject: > > I just tested on mine I recalled you do not have to restart the service and > it works just fine > >> Il giorno 18 giu 2019, alle ore 09:01, Rajesh M <24x7ser...@24x7server.net> >> ha scritto: >> >> hello >> >> it does not work >> >> i get the same error. >> >> auth: (unknown) encryption: (none) reason: 503_MAIL_first_(#5.5.1) >> >> rajesh >> >> >> - Original Message - >> From: Eric Broch [mailto:ebr...@whitehorsetc.com] >> To: qmailtoaster-list@qmailtoaster.com >> Sent: Tue, 18 Jun 2019 09:25:59 -0600 >> Subject: >> >> yes, >> >> tls-level=none >> >>> On 6/18/2019 9:19 AM, Rajesh M wrote: >>> tls-level=smtp ? >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >> >> >> >> - >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
I just tested on mine I recalled you do not have to restart the service and it works just fine > Il giorno 18 giu 2019, alle ore 09:01, Rajesh M <24x7ser...@24x7server.net> > ha scritto: > > hello > > it does not work > > i get the same error. > > auth: (unknown) encryption: (none) reason: 503_MAIL_first_(#5.5.1) > > rajesh > > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 18 Jun 2019 09:25:59 -0600 > Subject: > > yes, > > tls-level=none > >> On 6/18/2019 9:19 AM, Rajesh M wrote: >> tls-level=smtp ? > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > > - > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
hello it does not work i get the same error. auth: (unknown) encryption: (none) reason: 503_MAIL_first_(#5.5.1) rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 18 Jun 2019 09:25:59 -0600 Subject: yes, tls-level=none On 6/18/2019 9:19 AM, Rajesh M wrote: > tls-level=smtp ? - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
yes, tls-level=none On 6/18/2019 9:19 AM, Rajesh M wrote: tls-level=smtp ? - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
Re: [qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
eric should i comment the line in the spamdyke.conf tls-level=smtp ? #tls-certificate-file=/var/qmail/control/servercert.pem tls-level=smtp also please do note that this issue is occurring only for emails received from one single external domain. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 18 Jun 2019 09:14:27 -0600 Subject: In /etc/spamdyke/spamdyke.conf set 'tls-level' to 'none'. tls-level=none allow qmail to do the tls and see if it works. On 6/18/2019 9:07 AM, Rajesh M wrote: > eric > > in the spamdyke.conf i can see this > tls-certificate-file=/var/qmail/control/servercert.pem > > also i am using the > /var/qmail/control/servercert.pem > for domain key signing of outgoing emails. > > rajesh > > - Original Message - > From: Eric Broch [mailto:ebr...@whitehorsetc.com] > To: qmailtoaster-list@qmailtoaster.com > Sent: Tue, 18 Jun 2019 08:52:13 -0600 > Subject: > > So you have spamdyke doing the TLS? > > On 6/18/2019 8:38 AM, Rajesh M wrote: >> Hi >> >> ISSUE 1 >> all of a sudden we are receiving error on one of our servers for one >> specific sender domain (sending from microsoft server) >> >> the sender domain is not able to send emails to the recepient domain on our >> server. The email bounces with the following error >> encryption: TLS reason: 503_MAIL_first_(#5.5.1) >> >> 06/18/2019 19:33:16 LOG OUTPUT TLS >> DENIED_OTHER from: rethish.n...@sender.com to: nominati...@dxb.recepient.com >> origin_ip: 40.107.69.126 origin_rdns: >> mail-eopbgr690126.outbound.protection.outlook.com auth: (unknown) >> encryption: TLS reason: 503_MAIL_first_(#5.5.1) >> 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS >> QUIT >> 06/18/2019 19:33:16 LOG OUTPUT TLS >> ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The >> operation failed due to an I/O error, Connection reset by peer >> ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file >> descriptor 1: Connection reset by peer >> 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS >> 221 ns1.HOSTNAME.com >> 06/18/2019 19:33:16 LOG OUTPUT TLS >> ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The >> operation failed due to an I/O error, Unexpected EOF found >> >> 06/18/2019 19:33:16 - TLS ended and closed >> >> >> the error log of spamdyke full-log-dir is give below follows >> >> >> ISSUE 2 >> also i noted that spamdyke log mentions as such >> reset address space soft limit to infinity: please stop using the softlimit >> program >> >> What exactly does this mean. What is the alternative to prevent large files >> should i disable softlimit program in >> /usr/bin/softlimit -m 6400 \ >> in the smtp run file >> >> require your kind help in resolving the above 2 issues >> >> thanks >> rajesh >> >> 06/18/2019 19:32:54 STARTED: VERSION = 5.0.1+TLS+CONFIGTEST+DEBUG, PID = >> 19829 >> >> 06/18/2019 19:32:54 CURRENT ENVIRONMENT >> PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin >> PWD=/var/qmail/supervise/smtp >> SHLVL=0 >> PROTO=TCP >> TCPLOCALIP=103.241.181.154 >> TCPLOCALPORT=25 >> TCPLOCALHOST=ns1.HOSTNAME.com >> TCPREMOTEIP=40.107.69.126 >> TCPREMOTEPORT=42264 >> BADMIMETYPE= >> BADLOADERTYPE=M >> QMAILQUEUE=/var/qmail/bin/simscan >> CHKUSER_START=ALWAYS >> CHKUSER_RCPTLIMIT=50 >> CHKUSER_WRONGRCPTLIMIT=10 >> NOP0FCHECK=1 >> DKQUEUE=/var/qmail/bin/qmail-queue.orig >> DKVERIFY=DEGIJKfh >> DKSIGN=/var/qmail/control/domainkeys/%/private >> >> 06/18/2019 19:32:54 CURRENT CONFIG >> config-file=/etc/spamdyke/spamdyke.conf >> dns-blacklist-entry=zen.spamhaus.org >> full-log-dir=/var/log/spamdyke >> graylist-dir=/var/spamdyke/graylist >> graylist-max-secs=2678400 >> graylist-min-secs=180 >> header-blacklist-entry=From:*>,*<* >> idle-timeout-secs=600 >> ip-blacklist-file=/etc/spamdyke/blacklist_ip >> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords >> ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords >> ip-whitelist-file=/etc/spamdyke/whitelist_ip >> log-level=info >> max-recipients=100 >> rdns-blacklist-file=/etc/spamdyke/blacklist_rdns >> rdns-whitelist-file=/etc/spamdyke/whitelist_rdns >> recipient-blacklist-file=/etc/spamdyke/blacklist_recipients >> recipient-whitelist-file=/etc/spamdyke/whitelist_recipients >> reject-empty-rdns=1 >> reject-sender=no-mx >> reject-sender=authentication-domain-mismatch >> reject-unresolvable-rdns=1 >> relay-level=normal >> sender-blacklist-file=/etc/spamdyke/blacklist_senders >> sender-whitelist-file=/etc/spamdyke/whitelist_senders >> tls-certificate-file=/var/qmail/control/servercert.pem >> >> 06/18/2019 19:32:54 - Remote IP = 40.107.69.126 >> >> 06/18/2019 19:32:54 CURRENT CONFIG >> config-file=/etc/spamdyke/spamdyke.conf >> dns-blacklist-entry=zen.spamhaus.org >> dns-server-ip-primary=8.8.8.8 >> full-log-dir=/var/log/spamdyke >> graylist-dir=/var/spamdyke/graylist >> graylist-max-secs=2678400 >> graylist-min-secs=180 >>
Re: [qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
In /etc/spamdyke/spamdyke.conf set 'tls-level' to 'none'. tls-level=none allow qmail to do the tls and see if it works. On 6/18/2019 9:07 AM, Rajesh M wrote: eric in the spamdyke.conf i can see this tls-certificate-file=/var/qmail/control/servercert.pem also i am using the /var/qmail/control/servercert.pem for domain key signing of outgoing emails. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 18 Jun 2019 08:52:13 -0600 Subject: So you have spamdyke doing the TLS? On 6/18/2019 8:38 AM, Rajesh M wrote: Hi ISSUE 1 all of a sudden we are receiving error on one of our servers for one specific sender domain (sending from microsoft server) the sender domain is not able to send emails to the recepient domain on our server. The email bounces with the following error encryption: TLS reason: 503_MAIL_first_(#5.5.1) 06/18/2019 19:33:16 LOG OUTPUT TLS DENIED_OTHER from: rethish.n...@sender.com to: nominati...@dxb.recepient.com origin_ip: 40.107.69.126 origin_rdns: mail-eopbgr690126.outbound.protection.outlook.com auth: (unknown) encryption: TLS reason: 503_MAIL_first_(#5.5.1) 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS QUIT 06/18/2019 19:33:16 LOG OUTPUT TLS ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The operation failed due to an I/O error, Connection reset by peer ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file descriptor 1: Connection reset by peer 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS 221 ns1.HOSTNAME.com 06/18/2019 19:33:16 LOG OUTPUT TLS ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found 06/18/2019 19:33:16 - TLS ended and closed the error log of spamdyke full-log-dir is give below follows ISSUE 2 also i noted that spamdyke log mentions as such reset address space soft limit to infinity: please stop using the softlimit program What exactly does this mean. What is the alternative to prevent large files should i disable softlimit program in /usr/bin/softlimit -m 6400 \ in the smtp run file require your kind help in resolving the above 2 issues thanks rajesh 06/18/2019 19:32:54 STARTED: VERSION = 5.0.1+TLS+CONFIGTEST+DEBUG, PID = 19829 06/18/2019 19:32:54 CURRENT ENVIRONMENT PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin PWD=/var/qmail/supervise/smtp SHLVL=0 PROTO=TCP TCPLOCALIP=103.241.181.154 TCPLOCALPORT=25 TCPLOCALHOST=ns1.HOSTNAME.com TCPREMOTEIP=40.107.69.126 TCPREMOTEPORT=42264 BADMIMETYPE= BADLOADERTYPE=M QMAILQUEUE=/var/qmail/bin/simscan CHKUSER_START=ALWAYS CHKUSER_RCPTLIMIT=50 CHKUSER_WRONGRCPTLIMIT=10 NOP0FCHECK=1 DKQUEUE=/var/qmail/bin/qmail-queue.orig DKVERIFY=DEGIJKfh DKSIGN=/var/qmail/control/domainkeys/%/private 06/18/2019 19:32:54 CURRENT CONFIG config-file=/etc/spamdyke/spamdyke.conf dns-blacklist-entry=zen.spamhaus.org full-log-dir=/var/log/spamdyke graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=180 header-blacklist-entry=From:*>,*<* idle-timeout-secs=600 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip log-level=info max-recipients=100 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns=1 reject-sender=no-mx reject-sender=authentication-domain-mismatch reject-unresolvable-rdns=1 relay-level=normal sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem 06/18/2019 19:32:54 - Remote IP = 40.107.69.126 06/18/2019 19:32:54 CURRENT CONFIG config-file=/etc/spamdyke/spamdyke.conf dns-blacklist-entry=zen.spamhaus.org dns-server-ip-primary=8.8.8.8 full-log-dir=/var/log/spamdyke graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=180 header-blacklist-entry=From:*>,*<* idle-timeout-secs=600 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip log-level=info max-recipients=100 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns=1 reject-sender=no-mx reject-sender=authentication-domain-mismatch reject-unresolvable-rdns=1 relay-level=normal sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders
RE: [qmailtoaster] SMTP configuration
Ah, so it’s not a setting I can set as I’m running 1.03-2.1 [production]. I can wait for the 1.03-3.1 to make it into production, then set it up. To me, I’ve warned all clients to NEVER EVER use port 25 [instead, use 465/587 with the proper TLS turned on], so this is not a super critical patch. Thanks! Carl From: Eric Broch [mailto:ebr...@whitehorsetc.com] Sent: Tuesday, June 18, 2019 10:38 AM To: qmailtoaster-list@qmailtoaster.com Subject: Re: [qmailtoaster] SMTP configuration What about the most recent qmail (1.03-3.1) package in the development tree. It has a patch that forces encryption before authentication. On 6/18/2019 6:46 AM, CarlC Internet Services Service Desk wrote: I have my own OpenVAS server to test my Qmail server for security. One of the things I get as a “medium” warning is “The remote host is running SMTP server that allows cleartext logins over unencrypted connections.” It’s saying we allow LOGIN and PLAIN for SMTP while supporting the “STARTTLS” command. I’ve been looking at the /var/qmail/supervise/smtp/run file but don’t see how to turn off the LOGIN and PLAIN for SMTP [or enforce STARTTLS instead]. Ideas on how to fix this? Carl p.s. if anyone needs a good scanning tool, I highly recommend OpenVAS. After all, like Qmail, it’s freeware [or has a free version]
Re: [qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
eric in the spamdyke.conf i can see this tls-certificate-file=/var/qmail/control/servercert.pem also i am using the /var/qmail/control/servercert.pem for domain key signing of outgoing emails. rajesh - Original Message - From: Eric Broch [mailto:ebr...@whitehorsetc.com] To: qmailtoaster-list@qmailtoaster.com Sent: Tue, 18 Jun 2019 08:52:13 -0600 Subject: So you have spamdyke doing the TLS? On 6/18/2019 8:38 AM, Rajesh M wrote: > Hi > > ISSUE 1 > all of a sudden we are receiving error on one of our servers for one specific > sender domain (sending from microsoft server) > > the sender domain is not able to send emails to the recepient domain on our > server. The email bounces with the following error > encryption: TLS reason: 503_MAIL_first_(#5.5.1) > > 06/18/2019 19:33:16 LOG OUTPUT TLS > DENIED_OTHER from: rethish.n...@sender.com to: nominati...@dxb.recepient.com > origin_ip: 40.107.69.126 origin_rdns: > mail-eopbgr690126.outbound.protection.outlook.com auth: (unknown) encryption: > TLS reason: 503_MAIL_first_(#5.5.1) > 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS > QUIT > 06/18/2019 19:33:16 LOG OUTPUT TLS > ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The > operation failed due to an I/O error, Connection reset by peer > ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file > descriptor 1: Connection reset by peer > 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS > 221 ns1.HOSTNAME.com > 06/18/2019 19:33:16 LOG OUTPUT TLS > ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The > operation failed due to an I/O error, Unexpected EOF found > > 06/18/2019 19:33:16 - TLS ended and closed > > > the error log of spamdyke full-log-dir is give below follows > > > ISSUE 2 > also i noted that spamdyke log mentions as such > reset address space soft limit to infinity: please stop using the softlimit > program > > What exactly does this mean. What is the alternative to prevent large files > should i disable softlimit program in > /usr/bin/softlimit -m 6400 \ > in the smtp run file > > require your kind help in resolving the above 2 issues > > thanks > rajesh > > 06/18/2019 19:32:54 STARTED: VERSION = 5.0.1+TLS+CONFIGTEST+DEBUG, PID = 19829 > > 06/18/2019 19:32:54 CURRENT ENVIRONMENT > PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin > PWD=/var/qmail/supervise/smtp > SHLVL=0 > PROTO=TCP > TCPLOCALIP=103.241.181.154 > TCPLOCALPORT=25 > TCPLOCALHOST=ns1.HOSTNAME.com > TCPREMOTEIP=40.107.69.126 > TCPREMOTEPORT=42264 > BADMIMETYPE= > BADLOADERTYPE=M > QMAILQUEUE=/var/qmail/bin/simscan > CHKUSER_START=ALWAYS > CHKUSER_RCPTLIMIT=50 > CHKUSER_WRONGRCPTLIMIT=10 > NOP0FCHECK=1 > DKQUEUE=/var/qmail/bin/qmail-queue.orig > DKVERIFY=DEGIJKfh > DKSIGN=/var/qmail/control/domainkeys/%/private > > 06/18/2019 19:32:54 CURRENT CONFIG > config-file=/etc/spamdyke/spamdyke.conf > dns-blacklist-entry=zen.spamhaus.org > full-log-dir=/var/log/spamdyke > graylist-dir=/var/spamdyke/graylist > graylist-max-secs=2678400 > graylist-min-secs=180 > header-blacklist-entry=From:*>,*<* > idle-timeout-secs=600 > ip-blacklist-file=/etc/spamdyke/blacklist_ip > ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords > ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords > ip-whitelist-file=/etc/spamdyke/whitelist_ip > log-level=info > max-recipients=100 > rdns-blacklist-file=/etc/spamdyke/blacklist_rdns > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > recipient-blacklist-file=/etc/spamdyke/blacklist_recipients > recipient-whitelist-file=/etc/spamdyke/whitelist_recipients > reject-empty-rdns=1 > reject-sender=no-mx > reject-sender=authentication-domain-mismatch > reject-unresolvable-rdns=1 > relay-level=normal > sender-blacklist-file=/etc/spamdyke/blacklist_senders > sender-whitelist-file=/etc/spamdyke/whitelist_senders > tls-certificate-file=/var/qmail/control/servercert.pem > > 06/18/2019 19:32:54 - Remote IP = 40.107.69.126 > > 06/18/2019 19:32:54 CURRENT CONFIG > config-file=/etc/spamdyke/spamdyke.conf > dns-blacklist-entry=zen.spamhaus.org > dns-server-ip-primary=8.8.8.8 > full-log-dir=/var/log/spamdyke > graylist-dir=/var/spamdyke/graylist > graylist-max-secs=2678400 > graylist-min-secs=180 > header-blacklist-entry=From:*>,*<* > idle-timeout-secs=600 > ip-blacklist-file=/etc/spamdyke/blacklist_ip > ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords > ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords > ip-whitelist-file=/etc/spamdyke/whitelist_ip > log-level=info > max-recipients=100 > rdns-blacklist-file=/etc/spamdyke/blacklist_rdns > rdns-whitelist-file=/etc/spamdyke/whitelist_rdns > recipient-blacklist-file=/etc/spamdyke/blacklist_recipients > recipient-whitelist-file=/etc/spamdyke/whitelist_recipients > reject-empty-rdns=1 > reject-sender=no-mx > reject-sender=authentication-domain-mismatch > reject-unresolvable-rdns=1 > relay-level=normal >
Re: [qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
So you have spamdyke doing the TLS? On 6/18/2019 8:38 AM, Rajesh M wrote: Hi ISSUE 1 all of a sudden we are receiving error on one of our servers for one specific sender domain (sending from microsoft server) the sender domain is not able to send emails to the recepient domain on our server. The email bounces with the following error encryption: TLS reason: 503_MAIL_first_(#5.5.1) 06/18/2019 19:33:16 LOG OUTPUT TLS DENIED_OTHER from: rethish.n...@sender.com to: nominati...@dxb.recepient.com origin_ip: 40.107.69.126 origin_rdns: mail-eopbgr690126.outbound.protection.outlook.com auth: (unknown) encryption: TLS reason: 503_MAIL_first_(#5.5.1) 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS QUIT 06/18/2019 19:33:16 LOG OUTPUT TLS ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The operation failed due to an I/O error, Connection reset by peer ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file descriptor 1: Connection reset by peer 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS 221 ns1.HOSTNAME.com 06/18/2019 19:33:16 LOG OUTPUT TLS ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found 06/18/2019 19:33:16 - TLS ended and closed the error log of spamdyke full-log-dir is give below follows ISSUE 2 also i noted that spamdyke log mentions as such reset address space soft limit to infinity: please stop using the softlimit program What exactly does this mean. What is the alternative to prevent large files should i disable softlimit program in /usr/bin/softlimit -m 6400 \ in the smtp run file require your kind help in resolving the above 2 issues thanks rajesh 06/18/2019 19:32:54 STARTED: VERSION = 5.0.1+TLS+CONFIGTEST+DEBUG, PID = 19829 06/18/2019 19:32:54 CURRENT ENVIRONMENT PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin PWD=/var/qmail/supervise/smtp SHLVL=0 PROTO=TCP TCPLOCALIP=103.241.181.154 TCPLOCALPORT=25 TCPLOCALHOST=ns1.HOSTNAME.com TCPREMOTEIP=40.107.69.126 TCPREMOTEPORT=42264 BADMIMETYPE= BADLOADERTYPE=M QMAILQUEUE=/var/qmail/bin/simscan CHKUSER_START=ALWAYS CHKUSER_RCPTLIMIT=50 CHKUSER_WRONGRCPTLIMIT=10 NOP0FCHECK=1 DKQUEUE=/var/qmail/bin/qmail-queue.orig DKVERIFY=DEGIJKfh DKSIGN=/var/qmail/control/domainkeys/%/private 06/18/2019 19:32:54 CURRENT CONFIG config-file=/etc/spamdyke/spamdyke.conf dns-blacklist-entry=zen.spamhaus.org full-log-dir=/var/log/spamdyke graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=180 header-blacklist-entry=From:*>,*<* idle-timeout-secs=600 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip log-level=info max-recipients=100 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns=1 reject-sender=no-mx reject-sender=authentication-domain-mismatch reject-unresolvable-rdns=1 relay-level=normal sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem 06/18/2019 19:32:54 - Remote IP = 40.107.69.126 06/18/2019 19:32:54 CURRENT CONFIG config-file=/etc/spamdyke/spamdyke.conf dns-blacklist-entry=zen.spamhaus.org dns-server-ip-primary=8.8.8.8 full-log-dir=/var/log/spamdyke graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=180 header-blacklist-entry=From:*>,*<* idle-timeout-secs=600 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip log-level=info max-recipients=100 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns=1 reject-sender=no-mx reject-sender=authentication-domain-mismatch reject-unresolvable-rdns=1 relay-level=normal sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem 06/18/2019 19:32:54 - Remote rDNS = mail-eopbgr690126.outbound.protection.outlook.com 06/18/2019 19:32:54 LOG OUTPUT DEBUG(filter_rdns_missing()@filter.c:947): checking for missing rDNS; rdns: mail-eopbgr690126.outbound.protection.outlook.com DEBUG(filter_rdns_whitelist_file()@filter.c:1055): searching rDNS whitelist file(s); rdns: mail-eopbgr690126.outbound.protection.outlook.com DEBUG(filter_rdns_blacklist_file()@filter.c:1159): searching rDNS blacklist file(s); rdns:
[qmailtoaster] TLS reason: 503_MAIL_first_(#5.5.1)
Hi ISSUE 1 all of a sudden we are receiving error on one of our servers for one specific sender domain (sending from microsoft server) the sender domain is not able to send emails to the recepient domain on our server. The email bounces with the following error encryption: TLS reason: 503_MAIL_first_(#5.5.1) 06/18/2019 19:33:16 LOG OUTPUT TLS DENIED_OTHER from: rethish.n...@sender.com to: nominati...@dxb.recepient.com origin_ip: 40.107.69.126 origin_rdns: mail-eopbgr690126.outbound.protection.outlook.com auth: (unknown) encryption: TLS reason: 503_MAIL_first_(#5.5.1) 06/18/2019 19:33:16 FROM REMOTE TO CHILD: 6 bytes TLS QUIT 06/18/2019 19:33:16 LOG OUTPUT TLS ERROR(tls_write()@tls.c:678): unable to write to SSL/TLS stream: The operation failed due to an I/O error, Connection reset by peer ERROR(output_writeln()@log.c:104): unable to write 27 bytes to file descriptor 1: Connection reset by peer 06/18/2019 19:33:16 FROM CHILD TO REMOTE: 27 bytes TLS 221 ns1.HOSTNAME.com 06/18/2019 19:33:16 LOG OUTPUT TLS ERROR(tls_read()@tls.c:620): unable to read from SSL/TLS stream: The operation failed due to an I/O error, Unexpected EOF found 06/18/2019 19:33:16 - TLS ended and closed the error log of spamdyke full-log-dir is give below follows ISSUE 2 also i noted that spamdyke log mentions as such reset address space soft limit to infinity: please stop using the softlimit program What exactly does this mean. What is the alternative to prevent large files should i disable softlimit program in /usr/bin/softlimit -m 6400 \ in the smtp run file require your kind help in resolving the above 2 issues thanks rajesh 06/18/2019 19:32:54 STARTED: VERSION = 5.0.1+TLS+CONFIGTEST+DEBUG, PID = 19829 06/18/2019 19:32:54 CURRENT ENVIRONMENT PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin PWD=/var/qmail/supervise/smtp SHLVL=0 PROTO=TCP TCPLOCALIP=103.241.181.154 TCPLOCALPORT=25 TCPLOCALHOST=ns1.HOSTNAME.com TCPREMOTEIP=40.107.69.126 TCPREMOTEPORT=42264 BADMIMETYPE= BADLOADERTYPE=M QMAILQUEUE=/var/qmail/bin/simscan CHKUSER_START=ALWAYS CHKUSER_RCPTLIMIT=50 CHKUSER_WRONGRCPTLIMIT=10 NOP0FCHECK=1 DKQUEUE=/var/qmail/bin/qmail-queue.orig DKVERIFY=DEGIJKfh DKSIGN=/var/qmail/control/domainkeys/%/private 06/18/2019 19:32:54 CURRENT CONFIG config-file=/etc/spamdyke/spamdyke.conf dns-blacklist-entry=zen.spamhaus.org full-log-dir=/var/log/spamdyke graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=180 header-blacklist-entry=From:*>,*<* idle-timeout-secs=600 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip log-level=info max-recipients=100 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns=1 reject-sender=no-mx reject-sender=authentication-domain-mismatch reject-unresolvable-rdns=1 relay-level=normal sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem 06/18/2019 19:32:54 - Remote IP = 40.107.69.126 06/18/2019 19:32:54 CURRENT CONFIG config-file=/etc/spamdyke/spamdyke.conf dns-blacklist-entry=zen.spamhaus.org dns-server-ip-primary=8.8.8.8 full-log-dir=/var/log/spamdyke graylist-dir=/var/spamdyke/graylist graylist-max-secs=2678400 graylist-min-secs=180 header-blacklist-entry=From:*>,*<* idle-timeout-secs=600 ip-blacklist-file=/etc/spamdyke/blacklist_ip ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/blacklist_keywords ip-in-rdns-keyword-whitelist-file=/etc/spamdyke/whitelist_keywords ip-whitelist-file=/etc/spamdyke/whitelist_ip log-level=info max-recipients=100 rdns-blacklist-file=/etc/spamdyke/blacklist_rdns rdns-whitelist-file=/etc/spamdyke/whitelist_rdns recipient-blacklist-file=/etc/spamdyke/blacklist_recipients recipient-whitelist-file=/etc/spamdyke/whitelist_recipients reject-empty-rdns=1 reject-sender=no-mx reject-sender=authentication-domain-mismatch reject-unresolvable-rdns=1 relay-level=normal sender-blacklist-file=/etc/spamdyke/blacklist_senders sender-whitelist-file=/etc/spamdyke/whitelist_senders tls-certificate-file=/var/qmail/control/servercert.pem 06/18/2019 19:32:54 - Remote rDNS = mail-eopbgr690126.outbound.protection.outlook.com 06/18/2019 19:32:54 LOG OUTPUT DEBUG(filter_rdns_missing()@filter.c:947): checking for missing rDNS; rdns: mail-eopbgr690126.outbound.protection.outlook.com DEBUG(filter_rdns_whitelist_file()@filter.c:1055): searching rDNS whitelist file(s); rdns: mail-eopbgr690126.outbound.protection.outlook.com DEBUG(filter_rdns_blacklist_file()@filter.c:1159): searching rDNS blacklist file(s); rdns: mail-eopbgr690126.outbound.protection.outlook.com DEBUG(filter_ip_whitelist()@filter.c:1228):
Re: [qmailtoaster] SMTP configuration
What about the most recent qmail (1.03-3.1) package in the development tree. It has a patch that forces encryption before authentication. On 6/18/2019 6:46 AM, CarlC Internet Services Service Desk wrote: I have my own OpenVAS server to test my Qmail server for security. One of the things I get as a “medium” warning is “The remote host is running SMTP server that allows cleartext logins over unencrypted connections.” It’s saying we allow LOGIN and PLAIN for SMTP while supporting the “STARTTLS” command. I’ve been looking at the /var/qmail/supervise/smtp/run file but don’t see how to turn off the LOGIN and PLAIN for SMTP [or enforce STARTTLS instead]. Ideas on how to fix this? Carl p.s. if anyone needs a good scanning tool, I highly recommend OpenVAS. After all, like Qmail, it’s freeware [or has a free version]
[qmailtoaster] Re: Answer - Re: [qmailtoaster] New QMT7 but no mysql in php
Would adding php-mysql to the dependencies in the install script resolve this? On 6/18/2019 7:36 AM, Jeff Koch wrote: OK - I found out what appears to be the problem. The stock QMT7 does not have all the php extension modules installed in /usr/lib64/php/modules and they are not referenced by 'ini' files in /etc/php.d - it is missing all the mysql modules and a few others such as: dom.so* mysqli.so* mysql.so* pdo_mysql.so* pdo.so* pdo_sqlite.so* posix.so* sqlite3.so* sysvmsg.so* sysvsem.so* sysvshm.so* wddx.so* xmlreader.so* xmlwriter.so* Luckily I had a QMT7 mailserver that I built in December 2017 which had the PHP modules so I copied over the missing php 'ini' and 'so' files. Now php can connect to mysql databases. Regards, Jeff Koch On 6/17/2019 11:05 PM, Jeff Koch wrote: Hi: I'm feeling like I might be crazy right now. I just installed a new QMT7 toaster on a minimal CentOS 7 system. After messing with it for a while I couldn't get the spamassassin database to work with our PHP programs. I checked php_info and found that the mysql, mysqli and pdo_mysql functions had not been compiled into the Apache php module. Does this make sense? Other QMT7 mailservers that we setup with in the last year do have all the mysql functions compiled into PHP. Am I crazy or did I forget to do soemthing? Jeff
[qmailtoaster] SMTP configuration
I have my own OpenVAS server to test my Qmail server for security. One of the things I get as a “medium” warning is “The remote host is running SMTP server that allows cleartext logins over unencrypted connections.” It’s saying we allow LOGIN and PLAIN for SMTP while supporting the “STARTTLS” command. I’ve been looking at the /var/qmail/supervise/smtp/run file but don’t see how to turn off the LOGIN and PLAIN for SMTP [or enforce STARTTLS instead]. Ideas on how to fix this? Carl p.s. if anyone needs a good scanning tool, I highly recommend OpenVAS. After all, like Qmail, it’s freeware [or has a free version]
Re: [qmailtoaster] sslv3 alert handshake failure
Thanks Eric The problem, as far as I can tell, isn't compatibility with other older software. It's that my existing library is too ancient to even pull down the 101e version. I've bitten the bullet and started to build a new toaster, which is something I should have done long ago anyway. One question for you (and the list): what's an appropriate spec for a qmailtoaster host? I've created a 2GB Linode instance and am starting to build on that, but I could double the memory if necessary. This is for a low-traffic mailserver, handling a good number of domains (30?) but each with only a few active users. It will essentially _only_ be running the toaster, and possibly DNS, but not much more than that. Thanks again for your help, Angus On 2019-06-17 23:06, Eric Broch wrote: Angus, Upgrading will not interfere with present ssl library as the 101e version is installed under a different name and qmail is linked to it. Every other package will continue as usual using older version. Eric On 6/17/2019 8:10 PM, Angus McIntyre wrote: Thank you, Eric. Unfortunately, I've hit a "can't get there from here" situation. Upgrading the SSL library requires a newer version of SSL than I have installed. After aA lot of repo tweaking, I end up with: M2Crypto.SSL.SSLError: tlsv1 alert protocol version I suspect that this is insoluble, and my best bet is to build a new qmailtoaster on a modern version of CentOS. I was hoping to keep this one limping along a little longer, but -- unless you have any other suggestions -- I think I've come to the end of the line. Thanks, Angus On 2019-06-17 09:27, Eric's mail wrote: https://www.qmailtoaster.org/newopensslclamavcnt50.html [1] Get Outlook for Android [2] On Mon, Jun 17, 2019 at 5:40 AM -0600, "Angus McIntyre" wrote: I've recently started getting bounces when trying to send email to one particular domain. The errors read: TLS connect failed: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO: sslv3 alert handshake failure I'm running a probably fairly elderly version of QMT on CentOS 5 (yes, I know, I know ...). I assume that what's happening is that the remote site has disabled support for SSL 3.0 for security reasons, and that what I need to do is to switch sslv3 off on my server, to prevent it trying that protocol. Can anyone confirm that, and remind me what part of my configuration I need to change to make that happen? Thanks, Angus - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com Links: -- [1] https://www.qmailtoaster.org//newopensslclamavcnt50.html [2] https://aka.ms/ghei36 - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com - To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com