My best guess is that your qmail is advertising an encrypted
authentication protocol (probably CRAM-MD5) that it doesn't actually
support, perhaps because your passwords are not stored in an unencrypted
format. My theory is supported by your discovery of the
"mail.smtpserver.default.trySecAuth" setting in Thunderbird -- that
value probably controls whether Thunderbird uses encrypted protocols.
When the clients try to authenticate with the encrypted protocol, they fail.
Try this: edit your "run" file where spamdyke's and qmail's command
lines are found. At the end of the line, you'll probably see this:
/var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth
/var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
Edit that portion to just this:
/var/qmail/bin/qmail-smtpd
Restart qmail so the change will take effect.
This change _should_ prevent qmail from advertising SMTP AUTH, including
the encrypted protocols it doesn't support. However, because spamdyke's
configuration file includes the "smtp-auth-command" lines, spamdyke will
advertise unencrypted SMTP AUTH on qmail's behalf. It will process the
authentications and disable its filters. If my theory is correct, this
change should solve your problem.
-- Sam Clippinger
Stefan Pausch wrote:
> Thanks for the response. I will go more into detail :
>
> - i won't strip the IP or eMails from the logs. Enjoy my data :P
> - I guess i have an issue with non-plaintext SMTP-Authentication with QMail
> (Plesk 8.4 installation). Maybe i have to patch the basic qmail
> installation?
> - Outlook works fine. No issues here.
> - Log entrys for Outlook and patched thunderbird2:
>
> spamdyke[25426]: INFO: found A record for p5b01c232.dip.t-dialin.net:
> 91.1.194.50
> smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net [91.1.194.50]
> smtp_auth: smtp_auth: SMTP user : logged in from
> (null)@p5b01c232.dip.t-dialin.net [91.1.194.50]
> smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net [91.1.194.50]
> smtp_auth: smtp_auth: SMTP user : logged in from
> (null)@p5b01c232.dip.t-dialin.net [91.1.194.50]
> spamdyke[25426]: ALLOWED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED]
> origin_ip: 91.1.194.50 origin_rdns: p5b01c232.dip.t-dialin.net auth:
> [EMAIL PROTECTED]
>
> - Thunderbird and "The Bat" show following log entries with SMTP-Auth
> enabled, Non secure connection and correct password (pop3 auth works!):
>
> spamdyke[22736]: INFO: found A record for p5b01c232.dip.t-dialin.net:
> 91.1.194.50
> spamdyke[22736]: INFO: found TXT record for 50.194.1.91.zen.spamhaus.org:
> http://www.spamhaus.org/query/bl?ip=91.1.194.50
> ...
> smtp_auth: smtp_auth: FAILED: - password incorrect () from
> (null)@p5b01c232.dip.t-dialin.net [91.1.194.50]
> spamdyke[24578]: DENIED_RBL_MATCH from: [EMAIL PROTECTED] to:
> [EMAIL PROTECTED] origin_ip: 91.1.194.50 origin_rdns:
> p5b01c232.dip.t-dialin.net auth: (unknown)
> (dont worry about the spamdyke ids ... i just dont find the correct lines
> anymore, but the the output is exat the same, besides the ids)
>
> - If i change the about:config "mail.smtpserver.default.trySecAuth" value in
> Thunderbird 2 from "true" to "false" thunderbird users can send emails
>
> - Is this a issue with spamdyke ( i guess not ) or directly with
> qmail-smtp-auth which doesn't understand a crypted smtp-auth query? - Is
> there an easy way to fix, or do i really have to recompile qmail (again..
> sigh)?
>
> --Stefan
>
>
>
>
>> -----Ursprüngliche Nachricht-----
>> Von: [EMAIL PROTECTED] [mailto:spamdyke-users-
>> [EMAIL PROTECTED] Im Auftrag von Sam Clippinger
>> Gesendet: Sonntag, 18. Mai 2008 18:28
>> An: spamdyke users
>> Betreff: Re: [spamdyke-users] SMTP auth and spamhaus issues with "The
>> Bat"
>>
>> I use Thunderbird myself and I've never had any problems. I'm not sure
>> what you mean by "wrong authentication type".
>>
>> Could you enable full logging and send me a log from a connection that
>> authenticates and is still blocked?
>>
>> -- Sam Clippinger
>>
>> Stefan Pausch wrote:
>>
>>> I just ran into a DENIED_RBL_MATCH issue with "The Bat"
>>> (http://ritlabs.com/) users. The user uses the latest version of "The
>>>
>> Bat"
>>
>>> with SMTP Auth and no SSL Authentifications on and gets denied due
>>>
>> the
>>
>>> spamhaus listing .
>>>
>>> I guess it is the same issue as with thunderbird, which uses a
>>>
>> "wrong"
>>
>>> authentication type. I tested "The bat with several settings" and
>>>
>> couldn't
>>
>>> find a solution for the error
>>>
>>> Has any of you a solution for ths smtp-auth misbehavior?
>>>
>>> System: Debian, qmail, spamdyke
>>>
>>> Spamdyke.conf:
>>>
>>> 1 log-level=2
>>> 2 log-target=1
>>> 3 local-domains-file=/var/qmail/control/rcpthosts
>>> 4 idle-timeout-secs=300
>>> 5 graylist-dir=/var/qmail/spamdyke/greylist
>>> 6 graylist-min-secs=300
>>> 7 graylist-max-secs=4814400
>>> 8 policy-url=http://stefanpausch.com/greylist.php
>>> 9 sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders
>>> 10 recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients
>>> 11 ip-in-rdns-keyword-file=/var/qmail/spamdyke/blacklist_keywords
>>> 12 ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip
>>> 13 rdns-blacklist-dir=/var/qmail/spamdyke/blacklist_rdns.d
>>> 14 rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns
>>> 15 ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip
>>> 16 sender-whitelist-file=/var/qmail/spamdyke/whitelist_sender
>>> 17 greeting-delay-secs=3
>>> 18 tls-certificate-file=/var/qmail/control/servercert.pem
>>> 19 local-domains-file=/var/qmail/control/rcpthosts
>>> 20 smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true
>>> 21 smtp-auth-command=/var/qmail/bin/cmd5checkpw /var/qmail/bin/true
>>> 22 check-dnsrbl=ix.dnsbl.manitu.net
>>> 23 #check-dnsrbl=zen.spamhaus.org
>>> 24 check-dnsrbl=list.dsbl.org
>>> 25 check-dnsrbl=zombie.dnsbl.sorbs.net
>>> 26 check-dnsrbl=dul.dnsbl.sorbs.net
>>> 27 check-dnsrbl=bogons.cymru.com
>>> 28 reject-missing-sender-mx
>>> 29 reject-empty-rdns
>>> 30 reject-unresolvable-rdns
>>> 31 tls-certificate-file=/var/qmail/control/servercert.pem
>>> 32 hostname-file=/var/qmail/control/me
>>>
>>>
>>> __________ Information from ESET NOD32 Antivirus, version of virus
>>>
>> signature
>>
>>> database 3106 (20080516) __________
>>>
>>> The message was checked by ESET NOD32 Antivirus.
>>>
>>> http://www.eset.com
>>>
>>>
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> spamdyke-users@spamdyke.org
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>>
>> _______________________________________________
>> spamdyke-users mailing list
>> spamdyke-users@spamdyke.org
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus
>> signature database 3106 (20080516) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature
> database 3106 (20080516) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> _______________________________________________
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
