Re: [spamdyke-users] Next Version
Sam Clippinger ha scritto: The next major version will be 4.0.0. It does not include recipient validation. That feature is currently targeted for the following version, probably 4.1.0. I haven't yet decided how to implement it, but I think it won't be useful unless it supports (at minimum) plain vanilla qmail, qmail with vpopmail, qmail with vpopmail+MySQL and Plesk (qmail+chkuser). (This feature could finally be a reason to integrate database support.) If anyone has any other configurations that should be supported (LDAP?), now is the time to speak up -- let's discuss it before I start writing code. My idea is still based on the list checking concept, that is spamdyke simply check recipient in a file which contanins a list of valid recipients (could be ascii or hashed) . In this way the method is universal, and you could use whatever user db you want, you just only need to export the valid email list in a file . Considering the vpopmail case, there are a lot of script which parse all the vpopmail users and create the file. have fun, Davide ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] yet another wishlist... :-)
Forgive me if I'm missing something here, but qmail-scanner already does spamassassin and AV checking, and can be configured to reject (as opposed to drop) any emails that fall outside of admin/user set parameters. Because qmail-scanner is so easy to install (especially if you have Plesk under RedHat/Centos) I'm not sure if there's a point in having the same features in Spamdyke? (qmail-scanner and spamdyke work perfectly together with no changes needed to make it happen). This is not to say that the original poster's idea is a bad one, or that having the facility in spamdyke rather than in yet another qmail wrapper-thing isn't a good one. I'm just thinking that maybe it isn't all that necessary. Faris. -Original Message- From: [EMAIL PROTECTED] [mailto:spamdyke-users- [EMAIL PROTECTED] On Behalf Of Sam Clippinger Sent: 16 May 2008 04:25 To: spamdyke users Subject: Re: [spamdyke-users] yet another wishlist... :-) I'd love to be able to do spam and virus scanning within spamdyke, before the connection is complete. That would require spamdyke to start SpamAssassin and/or ClamAV (or another AV) and capture their output. It shouldn't be too hard, since both of those programs are designed to be run this way. The biggest change required in spamdyke would be buffering the incoming message. Currently spamdyke doesn't do this, it only passes the traffic between the network and qmail. In order to scan the message, it would have to save it (probably to a file) so it could first pass it to the scanners, then pass it to qmail afterwards. Thanks for the suggestion! I'll add it to my TODO list for a future version. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] yet another wishlist... :-)
Sam Clippinger wrote: I'd love to be able to do spam and virus scanning within spamdyke, But what for? There's couple of tools you can use to scan (for whatever you want) incoming mails before they go to the user mailbox and drop mails when needed. Absolutely pointless feature to be added to spamdyke. Regards, -- Daddy, what Formatting drive C: means?... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] yet another wishlist... :-)
On Fri, May 16, 2008 at 03:39:15PM +0200, Marcin Orlowski wrote: Sam Clippinger wrote: I'd love to be able to do spam and virus scanning within spamdyke, But what for? There's couple of tools you can use to scan (for whatever you want) incoming mails before they go to the user mailbox and drop mails when needed. Absolutely pointless feature to be added to spamdyke. FWIW, I use amavisd-new to integrate qmail with SA and clamav. Works pretty well. Andras -- Andras Korn korn at chardonnay.math.bme.hu http://chardonnay.math.bme.hu/~korn/ QOTD: Time passes... Does that mean it's my turn again?! ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Next Version
Many mails, one sum up answer :) rcpt validation --- I think the best approach is not building into spamdyke a zillion methods to do it, but make it able to call an outside application to get the list. 1) spamdyke could periodically (configurable) re-run the application to refresh the list. 2) send HUP/USR1 or alike to interactively update 3) You can have whatever way to construct the list, you could even daisy chain multiple ones. Simplest approach is: run the application that outputs an email list. Wildcards are the only things to think over IMHO. Of course it would be nice to have a /contrib in spamdyke with the most popular applications. This could be user contributed too. Address farming --- This is a story that has two sides. farming vs. better filtering. An in between option would be to have a 'silently-drop' option for invalid addresses. Invalid addresses 'go to /dev/null'. Of course you will loose legitimate mistyped address bounces, but with smtp you can't have everything :/ 1) filter invalid rcpt pro: less spam con: mail address farming 2) do not filter pro: no farming con: additional spam 3) silently filter pro: no farming, less spam (better than 1) because of no farming) con: no legitimate bounce blacklisting and alike -- Following the rcpt validation line, I have a suggestion. Instead of building different approaches into spamdyke (custom scripts brought into the code), it might be feasible to have a log queuing mechanism in spamdyke. It would just queue information somewhere and leave the logic to the admin. Custom filtering, *list building, etc. methods can be constructed and the same app can also update spamdyke-s config. Just my .02$-s Regards Bgs ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] yet another wishlist... :-)
Well said. It wouldn't be spamDYKE at that point. ;) Bgs wrote: Spamdyke is an smtp level filtering system while virus filtering is at the data level. Absolutely different by design. Spamdyke is fast because it does not bother to handle data. If you add virus filtering to it, it would be just-another-virus-scanner-with-dns-checks. It would loose most of what it makes valuable. to be able to virus scan you need to queue the data, which takes hdd space, IO, queuing system, etc. Right now data is just passed through. With tls you would loose overview anyway so part of the mails cannot be filtered. Bye Bgs Olivier Mueller wrote: On Fri, 2008-05-16 at 15:39 +0200, Marcin Orlowski wrote: Sam Clippinger wrote: I'd love to be able to do spam and virus scanning within spamdyke, But what for? There's couple of tools you can use to scan (for whatever you want) incoming mails before they go to the user mailbox and drop mails when needed. Absolutely pointless feature to be added to spamdyke Yes, but not always on SMTP-level, and IMHO it's better there since the sender (if he's in the 3-4% of non-spams) will get an error message from his smtp server in case of problems. Otherwise it will be silently dropped, and it's unpractical to debug issues... regards, Olivier -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] yet another wishlist... :-)
Olivier Mueller wrote: I'd love to be able to do spam and virus scanning within spamdyke, But what for? There's couple of tools you can use to scan (for whatever you want) incoming mails before they go to the user mailbox and drop mails when needed. Absolutely pointless feature to be added to spamdyke Yes, but not always on SMTP-level, and IMHO it's better there since the sender (if he's in the 3-4% of non-spams) will get an error message from his smtp server in case of problems. Otherwise it will be silently dropped, and it's unpractical to debug issues... What SMTP-level you talk about? You need to get all the data prior checks we talk about. And this makes *huge* difference. Regards, -- Daddy, what Formatting drive C: means?... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] yet another wishlist... :-)
On Fri, 2008-05-16 at 17:56 +0200, Marcin Orlowski wrote: What SMTP-level you talk about? You need to get all the data prior checks we talk about. And this makes *huge* difference. SMTP-Level = during the SMTP Session, before the mail is accepted in the local qmail queue. Once the mail is in the local queue, you can still run checks on the mail (virus, spam, etc.). But if you then drop the mail, the sender will not know that unless you send an error message by mail, which is not so recommended as nearly all spams are sent with faked return-path/from headers regards, Olivier ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] yet another wishlist... :-)
It is still a big perl script :-) We've not had any issues with memory/cpu with it but I expect our servers aren't as busy as others. Faris. -Original Message- From: [EMAIL PROTECTED] [mailto:spamdyke-users- [EMAIL PROTECTED] On Behalf Of Olivier Mueller Sent: 16 May 2008 16:18 To: spamdyke users Subject: Re: [spamdyke-users] yet another wishlist... :-) On Fri, 2008-05-16 at 14:31 +0100, Faris Raouf wrote: Forgive me if I'm missing something here, but qmail-scanner already does spamassassin and AV checking, and can be configured to reject (as opposed to drop) any emails that fall outside of admin/user set parameters. I used q-s in the past, but had to drop it because of memory/cpu-use issues... As far as I remember it was an huge perl script started on every incoming mail: is it still the case? (better would be something like spamd + spamc). But I guess it's still a fine solution for low-trafic servers :) regards, Olivier ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] spamhaus down = trouble?
Strange. Wonder if the user mistyped the url ... Have to check that. Thanks alot for pointing at it .) --Stefan -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:spamdyke-users- [EMAIL PROTECTED] Im Auftrag von Olivier Mueller Gesendet: Freitag, 16. Mai 2008 18:51 An: spamdyke users Betreff: Re: [spamdyke-users] spamhaus down = trouble? Hi Stefan, On Fri, 2008-05-16 at 17:53 +0200, Stefan Pausch wrote: A email user on my server just reported an issue with his email and spamhaus. His email was not send due an problem with spamhaus (my guess). The Spamhaus database is currently down: http://www.spamhaus.org/querry/bl?ip=80.146.64.126 http://www.spamhaus.org/query/bl?ip=80.146.64.126 will work better :-) 80.146.64.126 is not listed in the SBL 80.146.64.126 is listed in the PBL, in the following records: * PBL038780 80.146.64.126 is not listed in the XBL HTH regards, Olivier ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users __ Information from ESET NOD32 Antivirus, version of virus signature database 3105 (20080516) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com __ Information from ESET NOD32 Antivirus, version of virus signature database 3106 (20080516) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
[spamdyke-users] Duplicate Emails and Timeouts
So this is a problem that has been intermittent for a month or so and I haven't really been able to find a way to debug it until I found the option 'full-log-dir' in spamdyke.conf. My problem has been my users will occasionally complain that they have gotten duplicates of the same message. It happens sporadically and seemingly without pattern. If I looked at the headers on both messages everything is the same exact for the top/last Received: line which is usually a few minutes different; the message-ids were the same in both messages. It was my suspicion that the sending mailserver started the conversation, sent all of the message, but for some reason didn't receive the close/end/quit command and never removed the message for it's queue, however the receiving server had enough of a message to actually deliver it to my user. So I enabled the full-log-dir feature and waited for a user to have a duplicate. I finally got one and it looks like the problem is with a timeout. Below is the edited contents of file: # [EMAIL PROTECTED] ~]# more 20080515_152028_64.18.2.171_exprod7og109.obsmtp.com 05/15/2008 15:20:28 STARTED: VERSION = 3.1.6+TLS, PID = 23327 05/15/2008 15:20:28 LEGEND: To remote host = ; to child process = ; blocked by filter = XX 05/15/2008 15:20:28 LEGEND: From filter to remote host = FF ; from filter to child process = FF 05/15/2008 15:20:28 220 rsmail.mymailserver.tld ESMTP 05/15/2008 15:20:28 HELO exprod7og109.obsmtp.com 05/15/2008 15:20:28 250 rsmail.mymailserver.tld 05/15/2008 15:20:28 MAIL FROM:[EMAIL PROTECTED] 05/15/2008 15:20:28 250 ok 05/15/2008 15:20:28 RCPT TO:[EMAIL PROTECTED] 05/15/2008 15:20:28 250 ok 05/15/2008 15:20:28 RCPT TO:[EMAIL PROTECTED] 05/15/2008 15:20:28 250 ok 05/15/2008 15:20:29 DATA 05/15/2008 15:20:29 354 go ahead 05/15/2008 15:20:29 Received: from source ([63.90.125.11]) by exprod7ob109.postini.com ([64.18.6.12]) with SMTP; Thu, 15 May 2008 12:20:18 PDT Received: from mail.shrr.com ([63.90.125.10]) by mail.shrr.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 15 May 2008 15:17:43 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; ... [ snipped message content ]... --_=_NextPart_001_01C8B6C0.59C6D54D-- . FF 05/15/2008 15:23:30 . QUIT FF 05/15/2008 15:23:30 421 Timeout. Talk faster next time. XX 05/15/2008 15:34:10 250 ok 1210880050 qp 23364 502 unimplemented (#5.5.1) 221 rsmail.mymailserver.tld 05/15/2008 15:34:10 CLOSED [EMAIL PROTECTED] ~]# # In a previous thread, a subscriber recommended adjusting the qmail timeout to be lower than spamdyke's. Here is what the timeout settings are on on my server: [EMAIL PROTECTED] ~]# more /var/qmail/control/timeoutsmtpd 120 [EMAIL PROTECTED] ~]# grep -i timeout /etc/spamdyke.conf # connection-timeout-secs=0 is disabling the feature connection-timeout-secs=0 idle-timeout-secs=180 [EMAIL PROTECTED] ~]# So it looks like the actual message data stopped sending at 05/15/2008 15:23:30 and got the talk faster error but didn't actually close the connection until 05/15/2008 15:34:10. So any ideas what I can try next to stop these duplicates? -ken -- Have a nice day ... unless you've made other plans. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] yet another wishlist... :-)
Well, to answer your question, spamdyke is aimed at... me. And mail administrators like me, I suppose. :) Some history: The first time I installed qmail, I used the qmail handbook by Dave Sill. All of my previous Unix mail experience was with Sendmail, so I didn't understand anything about qmail's design or configuration. I didn't even know what the term toaster meant (I'm still not 100% certain about that word...). I just followed the book's instructions, which said (IIRC) to use netqmail 1.03, vpopmail, qmailadmin, vqadmin and ezmlm. I prefer working at the command line and I'm (obviously) a programmer, so patching and compiling didn't bother me. I was just surprised at the necessity -- I hadn't manually installed a major system component like a mail daemon since I switched to RedHat 4 from Slackware in 199x. I wouldn't have bothered with qmail at all, but I wanted to host multiple domains on the same box and I was sick of Sendmail's lousy virtual domain support. Anyway, _after_ qmail was installed and in production, I learned about some additional patches to add things like virus scanning, SpamAssassin, etc. However, when I tried to apply and install them, everything broke. No inbound or outbound email, angry users, long nights, etc. I finally managed to restore the system to its former state and swore never to touch a working qmail installation again. That's still my motto, BTW, despite everything I've learned about qmail since that incident. It's just easier (and safer) to build a new server and swap it into position. Now here I am, running a mail server I'm scared to update. Is there a new version of vpopmail available? I don't know. I'm not even sure what version I'm using. Have some of the patches been updated to fix security holes? How would I possibly find out? I can't remember where I got most of them (or even which ones I used). I don't care anyway -- I'm not going to install them, because I'm hosting Real Email for Real Customers and my time is too precious to pick fights with qmail that I'll probably lose. So welcome back to the Bad Old Days of Linux system administration. This is why rpm and apt-get were created but DJB's bullheaded obstinacy renders those tools useless. That's why I say spamdyke is targeted at me. I want filtering and logging but I'm not willing to recompile qmail to get those things. I want a package that is small and self-contained, so I can upgrade it (or use rpm/yum/up2date/apt-get) without fear of losing my job. When I first created spamdyke, I wanted it to (eventually) replace every qmail patch, because it meant fewer patches would have to be applied to new qmail installations. Nowadays, in the presence of maintained and preconfigured qmail distributions like QmailToaster, that need is somewhat lessened and I can concentrate on features that aren't available through patches (or are difficult to use or are broken). At the same time, I don't want to forget about the mail administrators running 8 year old qmail installations that they're scared to touch. :) -- Sam Clippinger Michael Colvin wrote: This will sound strange after all the Suggesting I've done recently but... :-) I think Sam's idea/concept for SpamDyke, if I understand it correctly, is ideal. Make something that is easy to install, adds functionality to a basic Qmail install without a lot of patching. I think having a completely STOCK qmail install, adding something like SpamDyke that can do all the filtering in front of qmail, would make the complete package better. Face it, a lot of people don't use qmail because they are scared of all the patches, and the fact that it isn't Maintained, which, is actually kind of funny..They consider postfix Maintained because it gets occassional updates...Yet, even with things like SpamDyke and the various patches/smtp additions, the don't consider Qmail Updated, because the auther isn't bundling the changes himself... Anyway... Most people tha run Qmail are likely running, netqmail, qmail with jms's patchs, or qmailrocks, or a stock qmail. Those with jms's patches and netqmail have most of what's built into SpamDyke, by modifying/changing the smtp to rblsmtp, as I understand it. So, instead of an outside application doing that scanning and handing it off to an smtp daemon to process, the smtp daemon does the processing...Not sure which is better. Qmailrocks has it's downsides, so in that case, SpamDyke definetely adds some much needed additions, and makes them easy to implement. Obviously, with a stock qmail install, this is also true. So, who is SpamDyke *REALLY* geared towards? Not a retorical question, I'm actually curious. I've found it very helpful and very effective. As I dig beyond Qmailrocks into other variations of installing qmail, I'm finding most of SpamDykes functions, or at least the ones I'm using, implemented directly in Qmail via patches.
Re: [spamdyke-users] Duplicate Emails and Timeouts
It looks like something is taking a long time to respond to the end of the message -- do you have anything installed to run SpamAssassin or ClamAV before the message is accepted? In particular, sometimes ClamAV needs to be restarted after it's been running for a long time; it starts taking longer and longer to process messages. Because qmail is taking so long to respond, spamdyke is giving up and timing out (even though it's not the remote client's fault). I've fixed this particular situation in version 4.0.0, so that delays from qmail won't count against the idle timeout. -- Sam Clippinger Ken Schweigert wrote: So this is a problem that has been intermittent for a month or so and I haven't really been able to find a way to debug it until I found the option 'full-log-dir' in spamdyke.conf. My problem has been my users will occasionally complain that they have gotten duplicates of the same message. It happens sporadically and seemingly without pattern. If I looked at the headers on both messages everything is the same exact for the top/last Received: line which is usually a few minutes different; the message-ids were the same in both messages. It was my suspicion that the sending mailserver started the conversation, sent all of the message, but for some reason didn't receive the close/end/quit command and never removed the message for it's queue, however the receiving server had enough of a message to actually deliver it to my user. So I enabled the full-log-dir feature and waited for a user to have a duplicate. I finally got one and it looks like the problem is with a timeout. Below is the edited contents of file: # [EMAIL PROTECTED] ~]# more 20080515_152028_64.18.2.171_exprod7og109.obsmtp.com 05/15/2008 15:20:28 STARTED: VERSION = 3.1.6+TLS, PID = 23327 05/15/2008 15:20:28 LEGEND: To remote host = ; to child process = ; blocked by filter = XX 05/15/2008 15:20:28 LEGEND: From filter to remote host = FF ; from filter to child process = FF 05/15/2008 15:20:28 220 rsmail.mymailserver.tld ESMTP 05/15/2008 15:20:28 HELO exprod7og109.obsmtp.com 05/15/2008 15:20:28 250 rsmail.mymailserver.tld 05/15/2008 15:20:28 MAIL FROM:[EMAIL PROTECTED] 05/15/2008 15:20:28 250 ok 05/15/2008 15:20:28 RCPT TO:[EMAIL PROTECTED] 05/15/2008 15:20:28 250 ok 05/15/2008 15:20:28 RCPT TO:[EMAIL PROTECTED] 05/15/2008 15:20:28 250 ok 05/15/2008 15:20:29 DATA 05/15/2008 15:20:29 354 go ahead 05/15/2008 15:20:29 Received: from source ([63.90.125.11]) by exprod7ob109.postini.com ([64.18.6.12]) with SMTP; Thu, 15 May 2008 12:20:18 PDT Received: from mail.shrr.com ([63.90.125.10]) by mail.shrr.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 15 May 2008 15:17:43 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; ... [ snipped message content ]... --_=_NextPart_001_01C8B6C0.59C6D54D-- . FF 05/15/2008 15:23:30 . QUIT FF 05/15/2008 15:23:30 421 Timeout. Talk faster next time. XX 05/15/2008 15:34:10 250 ok 1210880050 qp 23364 502 unimplemented (#5.5.1) 221 rsmail.mymailserver.tld 05/15/2008 15:34:10 CLOSED [EMAIL PROTECTED] ~]# # In a previous thread, a subscriber recommended adjusting the qmail timeout to be lower than spamdyke's. Here is what the timeout settings are on on my server: [EMAIL PROTECTED] ~]# more /var/qmail/control/timeoutsmtpd 120 [EMAIL PROTECTED] ~]# grep -i timeout /etc/spamdyke.conf # connection-timeout-secs=0 is disabling the feature connection-timeout-secs=0 idle-timeout-secs=180 [EMAIL PROTECTED] ~]# So it looks like the actual message data stopped sending at 05/15/2008 15:23:30 and got the talk faster error but didn't actually close the connection until 05/15/2008 15:34:10. So any ideas what I can try next to stop these duplicates? -ken ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] Duplicate Emails and Timeouts
On Fri, May 16, 2008 at 5:08 PM, Sam Clippinger [EMAIL PROTECTED] wrote: It looks like something is taking a long time to respond to the end of the message -- do you have anything installed to run SpamAssassin or ClamAV before the message is accepted? In particular, sometimes ClamAV needs to be restarted after it's been running for a long time; it starts taking longer and longer to process messages. Because qmail is taking so long to respond, spamdyke is giving up and timing out (even though it's not the remote client's fault). Thanks for the quick reply. I do use ClamAV, but not SpamAssassin. ClamAV has been running for quite a while now so I restarted it. Hopefully that is all that it is. Thanks for the tip! -ken I've fixed this particular situation in version 4.0.0, so that delays from qmail won't count against the idle timeout. -- Sam Clippinger Ken Schweigert wrote: So this is a problem that has been intermittent for a month or so and I haven't really been able to find a way to debug it until I found the option 'full-log-dir' in spamdyke.conf. My problem has been my users will occasionally complain that they have gotten duplicates of the same message. It happens sporadically and seemingly without pattern. If I looked at the headers on both messages everything is the same exact for the top/last Received: line which is usually a few minutes different; the message-ids were the same in both messages. It was my suspicion that the sending mailserver started the conversation, sent all of the message, but for some reason didn't receive the close/end/quit command and never removed the message for it's queue, however the receiving server had enough of a message to actually deliver it to my user. So I enabled the full-log-dir feature and waited for a user to have a duplicate. I finally got one and it looks like the problem is with a timeout. Below is the edited contents of file: # [EMAIL PROTECTED] ~]# more 20080515_152028_64.18.2.171_exprod7og109.obsmtp.com 05/15/2008 15:20:28 STARTED: VERSION = 3.1.6+TLS, PID = 23327 05/15/2008 15:20:28 LEGEND: To remote host = ; to child process = ; blocked by filter = XX 05/15/2008 15:20:28 LEGEND: From filter to remote host = FF ; from filter to child process = FF 05/15/2008 15:20:28 220 rsmail.mymailserver.tld ESMTP 05/15/2008 15:20:28 HELO exprod7og109.obsmtp.com 05/15/2008 15:20:28 250 rsmail.mymailserver.tld 05/15/2008 15:20:28 MAIL FROM:[EMAIL PROTECTED] 05/15/2008 15:20:28 250 ok 05/15/2008 15:20:28 RCPT TO:[EMAIL PROTECTED] 05/15/2008 15:20:28 250 ok 05/15/2008 15:20:28 RCPT TO:[EMAIL PROTECTED] 05/15/2008 15:20:28 250 ok 05/15/2008 15:20:29 DATA 05/15/2008 15:20:29 354 go ahead 05/15/2008 15:20:29 Received: from source ([63.90.125.11]) by exprod7ob109.postini.com ([64.18.6.12]) with SMTP; Thu, 15 May 2008 12:20:18 PDT Received: from mail.shrr.com ([63.90.125.10]) by mail.shrr.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 15 May 2008 15:17:43 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; ... [ snipped message content ]... --_=_NextPart_001_01C8B6C0.59C6D54D-- . FF 05/15/2008 15:23:30 . QUIT FF 05/15/2008 15:23:30 421 Timeout. Talk faster next time. XX 05/15/2008 15:34:10 250 ok 1210880050 qp 23364 502 unimplemented (#5.5.1) 221 rsmail.mymailserver.tld 05/15/2008 15:34:10 CLOSED [EMAIL PROTECTED] ~]# # In a previous thread, a subscriber recommended adjusting the qmail timeout to be lower than spamdyke's. Here is what the timeout settings are on on my server: [EMAIL PROTECTED] ~]# more /var/qmail/control/timeoutsmtpd 120 [EMAIL PROTECTED] ~]# grep -i timeout /etc/spamdyke.conf # connection-timeout-secs=0 is disabling the feature connection-timeout-secs=0 idle-timeout-secs=180 [EMAIL PROTECTED] ~]# So it looks like the actual message data stopped sending at 05/15/2008 15:23:30 and got the talk faster error but didn't actually close the connection until 05/15/2008 15:34:10. So any ideas what I can try next to stop these duplicates? -ken ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- Have a nice day ... unless you've made other plans. ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users