Re: [spamdyke-users] SMTP AUTH and relaying problem
Hola Ernesto, queria saber si al final se soluciono tu problema con el spamdyke.
Nightduke
Ernesto Vega <[EMAIL PROTECTED]> escribió:
The allowed domain It´s on the rcpthosts file.
After testing i realized that it´s now working because i have my
server on a DMZ and the firewall is a Symantec Gateway Security 1600
(piece of crap ), which is not making a clear Nat. I´ll move the
server out of that garbish and set iptables on it.
Ernesto
On Dec 14, 2007 6:19 PM, Sam Clippinger wrote:
> I don't see anything wrong with your "run" file that would prevent
> spamdyke from offering SMTP AUTH to non-localhost connections. Try
> running spamdyke from the command line to see if you get the AUTH banner:
> $ export TCPREMOTEIP=11.22.33.44
> $ /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd
> When you see the banner, type "EHLO me".
>
> As for your relaying problem, yes, removing the access file will stop
> spamdyke from preventing relaying. This is by design -- the relaying
> information is in that file and without it, spamdyke cannot enforce it.
> Once again, your server will become an open relay.
>
> Looking at the log message from your first email, where you showed an
> email to "[EMAIL PROTECTED]" being blocked, is the recipient's domin
> ("allowed.domain") in your /var/qmail/control/rcpthosts file?
>
>
> -- Sam Clippinger
>
> Ernesto Vega wrote:
> > On Dec 14, 2007 12:59 PM, Sam Clippinger wrote:
> >> Let's see...
> >>
> >> 1: I'm not sure why this is. Are you using tcpserver or xinetd? Can
> >> you post the script that's starting spamdyke?
> >>
> >
> > tcpserver
> >
> > Here it´s my /var/qmail/supervise/qmail-smtpd/run
> >
> > ---
> > #!/bin/sh
> >
> > QMAILDUID=`id -u qmaild`
> > NOFILESGID=`id -g qmaild`
> > MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> > LOCAL=`head -1 /var/qmail/control/me`
> >
> > if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z
> > "$LOCAL" ]; then
> > echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
> > echo /var/qmail/supervise/qmail-smtpd/run
> > exit 1
> > fi
> >
> > if [ ! -f /var/qmail/control/rcpthosts ]; then
> > echo "No /var/qmail/control/rcpthosts!"
> > echo "Refusing to start SMTP listener because it'll create an open relay"
> > exit 1
> > fi
> >
> > exec /usr/local/bin/softlimit -m 800 \
> > /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c
> > "$MAXSMTPD" \
> > -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp
>
> > /usr/local/bin/spamdyke -f /etc/spamdyke.conf
> > /var/qmail/bin/qmail-smtpd 2>&1
> >
> > ---
> >
> >> 2: Check your permissions. DJB's checkpassword requires root
> >> permissions to run correctly, so you may need to mark the binary setuid
> >> root. spamdyke's "config-test" option can test this for you.
> >>
> >
> > I did not try that before ...:(
> >
> > I willl
> >
> >> 3: This is correct -- spamdyke will block relaying unless the
> >> recipient's domain is listed in your rcpthosts file OR your
> >> /etc/tcp.smtp file allows relaying OR the remote server authenticates.
> >> If your remote servers weren't being blocked before, your server must
> >> have been running as an open relay.
> >
> > After i took this line:
> >
> > access-file=/etc/spamdyke/access ( which only has a :allow line)
> >
> > away from my spamdyke.conf file, this stoppped happening.
> >
> > :(
> >
> > Any Ideas ?
> >
> >> -- Sam Clippinger
> >>
> >>
> >> Ernesto Vega wrote:
> >>> Hi Everyone. I have a working qmail server and i decided to stop the
> >>> spam and also to implement SMTP AUTH.
> >>> So i installed spamdyke version 3.1.1. And I´ve had some problens:
> >>>
> >>> 1.- SMTP AUTH only starts on localhost connections ...
> >>>
> >>>
> >>> [EMAIL PROTECTED] etc]# telnet localhost 25
> >>> Trying 127.0.0.1...
> >>> Connected to localhost.localdomain (127.0.0.1).
> >>> Escape character is '^]'.
> >>> 220 myserver.mydomain ESMTP
> >>> ehlo
> >>> 250-myserver.mydomain
> >>> 250-PIPELINING
> >>> 250-8BITMIME
> >>> 250 AUTH LOGIN PLAIN
> >>>
> >>>
> >>> If i connect from somewhre else it does not show the last line,
> >>> telling that it can let me send mail if i authenticate.
> >>>
> >>> 2.- Authentication fails always, but I´m using the same password
> >>> validation startegy (checkpassword) than the pop server (which works
> >>> perfectly).
> >>>
> >>> I use SMTP AUTH LOGIN PLAIN.
> >>>
> >>> 3.- It does not exchange mail with other servers (could you believe that
> >>> ??)
> >>>
> >>> I keep getting :
> >>>
> >>>
> >>> DENIED_RELAYING from: [EMAIL PROTECTED] to: [EMAIL PROTECTED]
> >>>
> >>>
> >>> Any Ideas ???
> >>>
> >>> This is my /etc/tcp.smtp:
> >>>
> >>> 127.0.0.1:allow,RELAYCLIENT=""
> >>> :allow
> >>> ---
Re: [spamdyke-users] SMTP AUTH and relaying problem
The allowed domain It´s on the rcpthosts file.
After testing i realized that it´s now working because i have my
server on a DMZ and the firewall is a Symantec Gateway Security 1600
(piece of crap ), which is not making a clear Nat. I´ll move the
server out of that garbish and set iptables on it.
Ernesto
On Dec 14, 2007 6:19 PM, Sam Clippinger <[EMAIL PROTECTED]> wrote:
> I don't see anything wrong with your "run" file that would prevent
> spamdyke from offering SMTP AUTH to non-localhost connections. Try
> running spamdyke from the command line to see if you get the AUTH banner:
> $ export TCPREMOTEIP=11.22.33.44
> $ /usr/local/bin/spamdyke -f /etc/spamdyke.conf
> /var/qmail/bin/qmail-smtpd
> When you see the banner, type "EHLO me".
>
> As for your relaying problem, yes, removing the access file will stop
> spamdyke from preventing relaying. This is by design -- the relaying
> information is in that file and without it, spamdyke cannot enforce it.
> Once again, your server will become an open relay.
>
> Looking at the log message from your first email, where you showed an
> email to "[EMAIL PROTECTED]" being blocked, is the recipient's domin
> ("allowed.domain") in your /var/qmail/control/rcpthosts file?
>
>
> -- Sam Clippinger
>
> Ernesto Vega wrote:
> > On Dec 14, 2007 12:59 PM, Sam Clippinger <[EMAIL PROTECTED]> wrote:
> >> Let's see...
> >>
> >> 1: I'm not sure why this is. Are you using tcpserver or xinetd? Can
> >> you post the script that's starting spamdyke?
> >>
> >
> > tcpserver
> >
> > Here it´s my /var/qmail/supervise/qmail-smtpd/run
> >
> > ---
> > #!/bin/sh
> >
> > QMAILDUID=`id -u qmaild`
> > NOFILESGID=`id -g qmaild`
> > MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> > LOCAL=`head -1 /var/qmail/control/me`
> >
> > if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z
> > "$LOCAL" ]; then
> > echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
> > echo /var/qmail/supervise/qmail-smtpd/run
> > exit 1
> > fi
> >
> > if [ ! -f /var/qmail/control/rcpthosts ]; then
> > echo "No /var/qmail/control/rcpthosts!"
> > echo "Refusing to start SMTP listener because it'll create an open
> > relay"
> > exit 1
> > fi
> >
> > exec /usr/local/bin/softlimit -m 800 \
> > /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c
> > "$MAXSMTPD" \
> > -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp
>
> > /usr/local/bin/spamdyke -f /etc/spamdyke.conf
> > /var/qmail/bin/qmail-smtpd 2>&1
> >
> > ---
> >
> >> 2: Check your permissions. DJB's checkpassword requires root
> >> permissions to run correctly, so you may need to mark the binary setuid
> >> root. spamdyke's "config-test" option can test this for you.
> >>
> >
> > I did not try that before ...:(
> >
> > I willl
> >
> >> 3: This is correct -- spamdyke will block relaying unless the
> >> recipient's domain is listed in your rcpthosts file OR your
> >> /etc/tcp.smtp file allows relaying OR the remote server authenticates.
> >> If your remote servers weren't being blocked before, your server must
> >> have been running as an open relay.
> >
> > After i took this line:
> >
> > access-file=/etc/spamdyke/access ( which only has a :allow line)
> >
> > away from my spamdyke.conf file, this stoppped happening.
> >
> > :(
> >
> > Any Ideas ?
> >
> >> -- Sam Clippinger
> >>
> >>
> >> Ernesto Vega wrote:
> >>> Hi Everyone. I have a working qmail server and i decided to stop the
> >>> spam and also to implement SMTP AUTH.
> >>> So i installed spamdyke version 3.1.1. And I´ve had some problens:
> >>>
> >>> 1.- SMTP AUTH only starts on localhost connections ...
> >>>
> >>>
> >>> [EMAIL PROTECTED] etc]# telnet localhost 25
> >>> Trying 127.0.0.1...
> >>> Connected to localhost.localdomain (127.0.0.1).
> >>> Escape character is '^]'.
> >>> 220 myserver.mydomain ESMTP
> >>> ehlo
> >>> 250-myserver.mydomain
> >>> 250-PIPELINING
> >>> 250-8BITMIME
> >>> 250 AUTH LOGIN PLAIN
> >>>
> >>>
> >>> If i connect from somewhre else it does not show the last line,
> >>> telling that it can let me send mail if i authenticate.
> >>>
> >>> 2.- Authentication fails always, but I´m using the same password
> >>> validation startegy (checkpassword) than the pop server (which works
> >>> perfectly).
> >>>
> >>> I use SMTP AUTH LOGIN PLAIN.
> >>>
> >>> 3.- It does not exchange mail with other servers (could you believe that
> >>> ??)
> >>>
> >>> I keep getting :
> >>>
> >>>
> >>> DENIED_RELAYING from: [EMAIL PROTECTED] to: [EMAIL PROTECTED]
> >>>
> >>>
> >>> Any Ideas ???
> >>>
> >>> This is my /etc/tcp.smtp:
> >>>
> >>> 127.0.0.1:allow,RELAYCLIENT=""
> >>> :allow
> >>>
> >>>
> >>> Thi
Re: [spamdyke-users] SMTP AUTH and relaying problem
I don't see anything wrong with your "run" file that would prevent
spamdyke from offering SMTP AUTH to non-localhost connections. Try
running spamdyke from the command line to see if you get the AUTH banner:
$ export TCPREMOTEIP=11.22.33.44
$ /usr/local/bin/spamdyke -f /etc/spamdyke.conf
/var/qmail/bin/qmail-smtpd
When you see the banner, type "EHLO me".
As for your relaying problem, yes, removing the access file will stop
spamdyke from preventing relaying. This is by design -- the relaying
information is in that file and without it, spamdyke cannot enforce it.
Once again, your server will become an open relay.
Looking at the log message from your first email, where you showed an
email to "[EMAIL PROTECTED]" being blocked, is the recipient's domin
("allowed.domain") in your /var/qmail/control/rcpthosts file?
-- Sam Clippinger
Ernesto Vega wrote:
> On Dec 14, 2007 12:59 PM, Sam Clippinger <[EMAIL PROTECTED]> wrote:
>> Let's see...
>>
>> 1: I'm not sure why this is. Are you using tcpserver or xinetd? Can
>> you post the script that's starting spamdyke?
>>
>
> tcpserver
>
> Here it´s my /var/qmail/supervise/qmail-smtpd/run
>
> ---
> #!/bin/sh
>
> QMAILDUID=`id -u qmaild`
> NOFILESGID=`id -g qmaild`
> MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
> LOCAL=`head -1 /var/qmail/control/me`
>
> if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z
> "$LOCAL" ]; then
> echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
> echo /var/qmail/supervise/qmail-smtpd/run
> exit 1
> fi
>
> if [ ! -f /var/qmail/control/rcpthosts ]; then
> echo "No /var/qmail/control/rcpthosts!"
> echo "Refusing to start SMTP listener because it'll create an open relay"
> exit 1
> fi
>
> exec /usr/local/bin/softlimit -m 800 \
> /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c
> "$MAXSMTPD" \
> -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp
> /usr/local/bin/spamdyke -f /etc/spamdyke.conf
> /var/qmail/bin/qmail-smtpd 2>&1
>
> ---
>
>> 2: Check your permissions. DJB's checkpassword requires root
>> permissions to run correctly, so you may need to mark the binary setuid
>> root. spamdyke's "config-test" option can test this for you.
>>
>
> I did not try that before ...:(
>
> I willl
>
>> 3: This is correct -- spamdyke will block relaying unless the
>> recipient's domain is listed in your rcpthosts file OR your
>> /etc/tcp.smtp file allows relaying OR the remote server authenticates.
>> If your remote servers weren't being blocked before, your server must
>> have been running as an open relay.
>
> After i took this line:
>
> access-file=/etc/spamdyke/access ( which only has a :allow line)
>
> away from my spamdyke.conf file, this stoppped happening.
>
> :(
>
> Any Ideas ?
>
>> -- Sam Clippinger
>>
>>
>> Ernesto Vega wrote:
>>> Hi Everyone. I have a working qmail server and i decided to stop the
>>> spam and also to implement SMTP AUTH.
>>> So i installed spamdyke version 3.1.1. And I´ve had some problens:
>>>
>>> 1.- SMTP AUTH only starts on localhost connections ...
>>>
>>>
>>> [EMAIL PROTECTED] etc]# telnet localhost 25
>>> Trying 127.0.0.1...
>>> Connected to localhost.localdomain (127.0.0.1).
>>> Escape character is '^]'.
>>> 220 myserver.mydomain ESMTP
>>> ehlo
>>> 250-myserver.mydomain
>>> 250-PIPELINING
>>> 250-8BITMIME
>>> 250 AUTH LOGIN PLAIN
>>>
>>>
>>> If i connect from somewhre else it does not show the last line,
>>> telling that it can let me send mail if i authenticate.
>>>
>>> 2.- Authentication fails always, but I´m using the same password
>>> validation startegy (checkpassword) than the pop server (which works
>>> perfectly).
>>>
>>> I use SMTP AUTH LOGIN PLAIN.
>>>
>>> 3.- It does not exchange mail with other servers (could you believe that ??)
>>>
>>> I keep getting :
>>>
>>>
>>> DENIED_RELAYING from: [EMAIL PROTECTED] to: [EMAIL PROTECTED]
>>>
>>>
>>> Any Ideas ???
>>>
>>> This is my /etc/tcp.smtp:
>>>
>>> 127.0.0.1:allow,RELAYCLIENT=""
>>> :allow
>>>
>>>
>>> This is my spamdyke.conf:
>>>
>>> hostname=myserver.mydomain
>>> log-level=4
>>> max-recipients=5
>>> idle-timeout-secs=60
>>> greeting-delay-secs=5
>>> local-domains-file=/var/qmail/control/rcpthosts
>>> access-file=/etc/spamdyke/access
>>> smtp-auth-command=/bin/checkpassword /bin/true
>>>
>>>
>>>
>>> Thanks in advance for the help!!!
>>>
>>> Regards
>>>
>>> Ernesto
>>> ___
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-use
Re: [spamdyke-users] SMTP AUTH and relaying problem
On Dec 14, 2007 12:59 PM, Sam Clippinger <[EMAIL PROTECTED]> wrote: > Let's see... > > 1: I'm not sure why this is. Are you using tcpserver or xinetd? Can > you post the script that's starting spamdyke? > tcpserver Here it´s my /var/qmail/supervise/qmail-smtpd/run --- #!/bin/sh QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in echo /var/qmail/supervise/qmail-smtpd/run exit 1 fi if [ ! -f /var/qmail/control/rcpthosts ]; then echo "No /var/qmail/control/rcpthosts!" echo "Refusing to start SMTP listener because it'll create an open relay" exit 1 fi exec /usr/local/bin/softlimit -m 800 \ /usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd 2>&1 --- > 2: Check your permissions. DJB's checkpassword requires root > permissions to run correctly, so you may need to mark the binary setuid > root. spamdyke's "config-test" option can test this for you. > I did not try that before ...:( I willl > 3: This is correct -- spamdyke will block relaying unless the > recipient's domain is listed in your rcpthosts file OR your > /etc/tcp.smtp file allows relaying OR the remote server authenticates. > If your remote servers weren't being blocked before, your server must > have been running as an open relay. After i took this line: access-file=/etc/spamdyke/access ( which only has a :allow line) away from my spamdyke.conf file, this stoppped happening. :( Any Ideas ? > > -- Sam Clippinger > > > Ernesto Vega wrote: > > Hi Everyone. I have a working qmail server and i decided to stop the > > spam and also to implement SMTP AUTH. > > So i installed spamdyke version 3.1.1. And I´ve had some problens: > > > > 1.- SMTP AUTH only starts on localhost connections ... > > > > > > [EMAIL PROTECTED] etc]# telnet localhost 25 > > Trying 127.0.0.1... > > Connected to localhost.localdomain (127.0.0.1). > > Escape character is '^]'. > > 220 myserver.mydomain ESMTP > > ehlo > > 250-myserver.mydomain > > 250-PIPELINING > > 250-8BITMIME > > 250 AUTH LOGIN PLAIN > > > > > > If i connect from somewhre else it does not show the last line, > > telling that it can let me send mail if i authenticate. > > > > 2.- Authentication fails always, but I´m using the same password > > validation startegy (checkpassword) than the pop server (which works > > perfectly). > > > > I use SMTP AUTH LOGIN PLAIN. > > > > 3.- It does not exchange mail with other servers (could you believe that ??) > > > > I keep getting : > > > > > > DENIED_RELAYING from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] > > > > > > Any Ideas ??? > > > > This is my /etc/tcp.smtp: > > > > 127.0.0.1:allow,RELAYCLIENT="" > > :allow > > > > > > This is my spamdyke.conf: > > > > hostname=myserver.mydomain > > log-level=4 > > max-recipients=5 > > idle-timeout-secs=60 > > greeting-delay-secs=5 > > local-domains-file=/var/qmail/control/rcpthosts > > access-file=/etc/spamdyke/access > > smtp-auth-command=/bin/checkpassword /bin/true > > > > > > > > Thanks in advance for the help!!! > > > > Regards > > > > Ernesto > > ___ > > spamdyke-users mailing list > > spamdyke-users@spamdyke.org > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > ___ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] SMTP AUTH and relaying problem
Let's see... 1: I'm not sure why this is. Are you using tcpserver or xinetd? Can you post the script that's starting spamdyke? 2: Check your permissions. DJB's checkpassword requires root permissions to run correctly, so you may need to mark the binary setuid root. spamdyke's "config-test" option can test this for you. 3: This is correct -- spamdyke will block relaying unless the recipient's domain is listed in your rcpthosts file OR your /etc/tcp.smtp file allows relaying OR the remote server authenticates. If your remote servers weren't being blocked before, your server must have been running as an open relay. -- Sam Clippinger Ernesto Vega wrote: > Hi Everyone. I have a working qmail server and i decided to stop the > spam and also to implement SMTP AUTH. > So i installed spamdyke version 3.1.1. And I´ve had some problens: > > 1.- SMTP AUTH only starts on localhost connections ... > > > [EMAIL PROTECTED] etc]# telnet localhost 25 > Trying 127.0.0.1... > Connected to localhost.localdomain (127.0.0.1). > Escape character is '^]'. > 220 myserver.mydomain ESMTP > ehlo > 250-myserver.mydomain > 250-PIPELINING > 250-8BITMIME > 250 AUTH LOGIN PLAIN > > > If i connect from somewhre else it does not show the last line, > telling that it can let me send mail if i authenticate. > > 2.- Authentication fails always, but I´m using the same password > validation startegy (checkpassword) than the pop server (which works > perfectly). > > I use SMTP AUTH LOGIN PLAIN. > > 3.- It does not exchange mail with other servers (could you believe that ??) > > I keep getting : > > > DENIED_RELAYING from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] > > > Any Ideas ??? > > This is my /etc/tcp.smtp: > > 127.0.0.1:allow,RELAYCLIENT="" > :allow > > > This is my spamdyke.conf: > > hostname=myserver.mydomain > log-level=4 > max-recipients=5 > idle-timeout-secs=60 > greeting-delay-secs=5 > local-domains-file=/var/qmail/control/rcpthosts > access-file=/etc/spamdyke/access > smtp-auth-command=/bin/checkpassword /bin/true > > > > Thanks in advance for the help!!! > > Regards > > Ernesto > ___ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
