Plesk is such a queer duck. I like its control panel but it sure does
some screwy things to the system configuration.
I see something in your spamdyke configuration file that could be
causing the SMTP AUTH problem. You have the following line commented out:
smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true
/var/qmail/bin/cmd5checkpw /var/qmail/bin/true
This is actually two commands -- smtp_auth and cmd5checkpw. They should
be given on two separate lines and they should offer encrypted
authentication:
smtp-auth-command-encryption=/var/qmail/bin/smtp_auth
/var/qmail/bin/true
smtp-auth-command-encryption=/var/qmail/bin/cmd5checkpw
/var/qmail/bin/true
I suspect the authentication is failing because cmd5checkpw is the
program that can actually process your credentials but it's not being
started (because your configuration file lists it as a parameter to
smtp_auth).
However, you're correct that you don't need it with 3.0.0 and later --
spamdyke now automatically detects successful authentication without
running the commands itself.
Next, your "config-test" is giving strange results because you probably
used this command:
spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd
Plesk doesn't patch qmail-smtpd to provide SMTP AUTH, so spamdyke can't
see it. Instead, Plesk uses relaylock for that purpose. You should
really test with:
spamdyke -f /etc/spamdyke.conf /var/qmail/bin/relaylock
/var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true
/var/qmail/bin/cmd5checkpw /var/qmail/bin/true
With that command line, the SMTP AUTH banners will appear and spamdyke
won't complain about it any more.
So in summary, you can either use Plesk's relaylock OR you can use
spamdyke's "smtp-auth-command-encryption" directive. Using both is
unnecessary and wastes server resources. If you have some users (or
servers) that need to relay without authenticating, continue using
relaylock. If you don't, create an empty access file and use spamdyke's
"smtp-auth-command-encryption" and "access-file" instead of relaylock.
It's a bit more efficient.
To answer your last question about qmail-smtpd's command line, it
doesn't have one by default. Most of the time, when you see command
line options passed to qmail-smtpd, you're looking at a patched version
of qmail-smtpd. (In Plesk's case, the extra options are not parameters
to qmail-smtpd, they're actually parameters to relaylock.) Typically,
any parameters are commands to process SMTP AUTH attempts.
The authentication commands always come in pairs -- the auth command and
a "true" command. This is a holdover from DJB's original
"checkpassword" program, which runs the second command if the
authentication is successful. I think his intent was that successful
authentications could have side-effects, such as logging or unlocking
resources. The password-checking program could be generic (i.e. only
check the password) and the second command could perform the
side-effect. In practice, this hasn't happened. People have simply
written password-checking programs that perform the side-effects
internally. "true" is used as the side-effect command because it's
small and fast.
For more information on "checkpassword" (but not much more), see DJB's site:
http://cr.yp.to/checkpwd/interface.html
-- Sam Clippinger
Grimmi Meloni wrote:
> Hi,
>
> I've been using spamdyke for about 2 weeks now, and I'm quite satisfied
> with the results. Thanks for this great tool.
>
> As the subject states, I'm running a Plesk 8.1 based system. Today I
> upgraded from the 2.6.3 version, to the 3.1.0.
>
> The good news is: I got everything working so far.
>
> But what made me curious are two things:
>
> With the old 2.6.3 I could use the --smtp-auth-command option, with the
> new 3.1.0 this does not work anymore. "Not working anymore" in this case
> means, that I have to remove this option or my client gets an error
> message. In the logs it looks like authentication is tried twice. Really
> weired, but since Plesk delivers a SMTP_AUTH capable server, this is no
> problem - at least my relaying tests all failed when not authenticated.
> So I think I'm still good.
>
> During the trial and error phase of this, I ran the --config-test option
> of spamdyke. Although smtp authentication works, the config-test gives
> me this warning:
>
> WARNING: /var/qmail/bin/qmail-smtpd does not appear to offer SMTP AUTH
> support. Please use the "smtp-auth-command" flag or the
> "smtp-auth-command-encryption" flag as well as the "access-file" and
> "local-domains-file" flags so spamdyke will be able to authenticate
> users and correctly allow them to relay.
>
> Now I'm wondering why this warning occurs at all. Is it a
> misconfiguration on my part, or just the config-test failing to detect
> the SMTP AUTH capabilities of my qmail_smtpd?
>
> bye, Michael
>
> P.S.: Although offtopic: Can anybody point me to a place where the
> commandline of qmail_smtpd is explained? Basically I would like to know,
> why /var/qmail/bin/true has to be in the commandline twice, or even
> better, what qmail_smtpd in general does with it's parameters? Thanks.
>
> ------------- my spamdyke.conf ------------
> log-level=2
> local-domains-file=/var/qmail/control/rcpthosts
> max-recipients=5
> idle-timeout-secs=60
> graylist-dir=/var/qmail/gray
> graylist-min-secs=300
> graylist-max-secs=1814400
> reject-empty-rdns
> reject-unresolvable-rdns
> reject-ip-in-cc-rdns
> greeting-delay-secs=5
> check-dnsrbl=zombie.dnsbl.sorbs.net
> check-dnsrbl=dul.dnsbl.sorbs.net
> check-dnsrbl=bogons.cymru.com
> #smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true
> /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
> local-domains-file=/var/qmail/control/rcpthosts
> reject-missing-sender-mx
> hostname=v31616.vierfpeile.de
> tls-certificate-file=/var/qmail/control/servercert.pem
> ---------------end my spamdyke.conf------------
>
>
> ------------ my xinetd.d config for smtp_psa ---------
> server = /var/qmail/bin/tcp-env
> server_args = -Rt0 /usr/local/bin/spamdyke -f
> /etc/spamdyke.conf /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd
> /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw
> /var/qmail/bin/true
> ------------ my xinetd.d config for smtp_psa ---------
> _______________________________________________
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
