I changed the configuration with no effect. I remembered the log window in "The Bat" and had a look:
18.05.2008, 22:30:35: SEND - sending mail message(s) - 1 message(s) in queue 18.05.2008, 22:30:35: SEND - connected to SMTP server 18.05.2008, 22:30:35: SEND - authenticating (software CRAM-MD5)... 18.05.2008, 22:30:35: SEND - Server reports error. The response is: out of memory (#4.3.0) 18.05.2008, 22:30:35: SEND - authenticating (plain)... 18.05.2008, 22:30:37: SEND - Server reports error. The response is: auth failure 18.05.2008, 22:30:37: SEND - authenticating (login)... 18.05.2008, 22:30:37: SEND - WARNING: authentication failed 18.05.2008, 22:30:37: SEND - sending message to [EMAIL PROTECTED] !18.05.2008, 22:30:37: SEND - Server reports error. The response is: http://www.spamhaus.org/query/bl?ip=91.1.194.50 See: http://stefanpausch.com/greylist.php !18.05.2008, 22:30:37: SEND - Server reports error. The response is: http://www.spamhaus.org/query/bl?ip=91.1.194.50 See: http://stefanpausch.com/greylist.php 18.05.2008, 22:30:37: SEND - connection finished - 0 message(s) sent 18.05.2008, 22:30:37: SEND - Some messages were not sent - check the log for details Looks like "plain" authentication fails. I wonder why. I used "/var/qmail/bin/qmail-smtpd /var/qmail/bin/true" instead of "/var/qmail/bin/qmail-smtp", because without "/var/qmail/bin/true" i couldn't auth at all - didn't fully test this, just saw a weird error message in the log files: smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] smtp_auth: smtp_auth: exit 2 at point 9 smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] smtp_auth: smtp_auth: exit 2 at point 9 Any other ideas what could be the cause? Just for completion my /etc/inetd.conf ... maybe something is wrong there: poppassd stream tcp nowait/1000 root /usr/sbin/tcpd /opt/psa/admin/bin/poppassd smtp stream tcp nowait.1000 root /var/qmail/bin/tcp-env tcp-env -Rt0 /usr/bin/env SMTPAUTH=1 POPLOCK_TIME=20 END=1 /var/qmail/bin/relaylock /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true smtps stream tcp nowait.1000 root /var/qmail/bin/tcp-env tcp-env -Rt0 /usr/bin/env SMTPAUTH=1 POPLOCK_TIME=20 END=1 /var/qmail/bin/relaylock /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true Thanks alot for the help. --Stefan > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] [mailto:spamdyke-users- > [EMAIL PROTECTED] Im Auftrag von Sam Clippinger > Gesendet: Sonntag, 18. Mai 2008 22:20 > An: spamdyke users > Betreff: Re: [spamdyke-users] SMTP auth and spamhaus issues with "The > Bat" > > My best guess is that your qmail is advertising an encrypted > authentication protocol (probably CRAM-MD5) that it doesn't actually > support, perhaps because your passwords are not stored in an > unencrypted > format. My theory is supported by your discovery of the > "mail.smtpserver.default.trySecAuth" setting in Thunderbird -- that > value probably controls whether Thunderbird uses encrypted protocols. > When the clients try to authenticate with the encrypted protocol, they > fail. > > Try this: edit your "run" file where spamdyke's and qmail's command > lines are found. At the end of the line, you'll probably see this: > /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth > /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true > Edit that portion to just this: > /var/qmail/bin/qmail-smtpd > Restart qmail so the change will take effect. > > This change _should_ prevent qmail from advertising SMTP AUTH, > including > the encrypted protocols it doesn't support. However, because > spamdyke's > configuration file includes the "smtp-auth-command" lines, spamdyke > will > advertise unencrypted SMTP AUTH on qmail's behalf. It will process the > authentications and disable its filters. If my theory is correct, this > change should solve your problem. > > -- Sam Clippinger > > Stefan Pausch wrote: > > Thanks for the response. I will go more into detail : > > > > - i won't strip the IP or eMails from the logs. Enjoy my data :P > > - I guess i have an issue with non-plaintext SMTP-Authentication with > QMail > > (Plesk 8.4 installation). Maybe i have to patch the basic qmail > > installation? > > - Outlook works fine. No issues here. > > - Log entrys for Outlook and patched thunderbird2: > > > > spamdyke[25426]: INFO: found A record for p5b01c232.dip.t-dialin.net: > > 91.1.194.50 > > smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net > [91.1.194.50] > > smtp_auth: smtp_auth: SMTP user : logged in from > > (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] > > smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net > [91.1.194.50] > > smtp_auth: smtp_auth: SMTP user : logged in from > > (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] > > spamdyke[25426]: ALLOWED from: [EMAIL PROTECTED] to: > [EMAIL PROTECTED] > > origin_ip: 91.1.194.50 origin_rdns: p5b01c232.dip.t-dialin.net auth: > > [EMAIL PROTECTED] > > > > - Thunderbird and "The Bat" show following log entries with SMTP-Auth > > enabled, Non secure connection and correct password (pop3 auth > works!): > > > > spamdyke[22736]: INFO: found A record for p5b01c232.dip.t-dialin.net: > > 91.1.194.50 > > spamdyke[22736]: INFO: found TXT record for > 50.194.1.91.zen.spamhaus.org: > > http://www.spamhaus.org/query/bl?ip=91.1.194.50 > > ... > > smtp_auth: smtp_auth: FAILED: - password incorrect () from > > (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] > > spamdyke[24578]: DENIED_RBL_MATCH from: [EMAIL PROTECTED] to: > > [EMAIL PROTECTED] origin_ip: 91.1.194.50 origin_rdns: > > p5b01c232.dip.t-dialin.net auth: (unknown) > > (dont worry about the spamdyke ids ... i just dont find the correct > lines > > anymore, but the the output is exat the same, besides the ids) > > > > - If i change the about:config "mail.smtpserver.default.trySecAuth" > value in > > Thunderbird 2 from "true" to "false" thunderbird users can send > emails > > > > - Is this a issue with spamdyke ( i guess not ) or directly with > > qmail-smtp-auth which doesn't understand a crypted smtp-auth query? - > Is > > there an easy way to fix, or do i really have to recompile qmail > (again.. > > sigh)? > > > > --Stefan > > > > > > > > > >> -----Ursprüngliche Nachricht----- > >> Von: [EMAIL PROTECTED] [mailto:spamdyke-users- > >> [EMAIL PROTECTED] Im Auftrag von Sam Clippinger > >> Gesendet: Sonntag, 18. Mai 2008 18:28 > >> An: spamdyke users > >> Betreff: Re: [spamdyke-users] SMTP auth and spamhaus issues with > "The > >> Bat" > >> > >> I use Thunderbird myself and I've never had any problems. I'm not > sure > >> what you mean by "wrong authentication type". > >> > >> Could you enable full logging and send me a log from a connection > that > >> authenticates and is still blocked? > >> > >> -- Sam Clippinger > >> > >> Stefan Pausch wrote: > >> > >>> I just ran into a DENIED_RBL_MATCH issue with "The Bat" > >>> (http://ritlabs.com/) users. The user uses the latest version of > "The > >>> > >> Bat" > >> > >>> with SMTP Auth and no SSL Authentifications on and gets denied due > >>> > >> the > >> > >>> spamhaus listing . > >>> > >>> I guess it is the same issue as with thunderbird, which uses a > >>> > >> "wrong" > >> > >>> authentication type. I tested "The bat with several settings" and > >>> > >> couldn't > >> > >>> find a solution for the error > >>> > >>> Has any of you a solution for ths smtp-auth misbehavior? > >>> > >>> System: Debian, qmail, spamdyke > >>> > >>> Spamdyke.conf: > >>> > >>> 1 log-level=2 > >>> 2 log-target=1 > >>> 3 local-domains-file=/var/qmail/control/rcpthosts > >>> 4 idle-timeout-secs=300 > >>> 5 graylist-dir=/var/qmail/spamdyke/greylist > >>> 6 graylist-min-secs=300 > >>> 7 graylist-max-secs=4814400 > >>> 8 policy-url=http://stefanpausch.com/greylist.php > >>> 9 sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders > >>> 10 recipient-blacklist- > file=/var/qmail/spamdyke/blacklist_recipients > >>> 11 ip-in-rdns-keyword-file=/var/qmail/spamdyke/blacklist_keywords > >>> 12 ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip > >>> 13 rdns-blacklist-dir=/var/qmail/spamdyke/blacklist_rdns.d > >>> 14 rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns > >>> 15 ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip > >>> 16 sender-whitelist-file=/var/qmail/spamdyke/whitelist_sender > >>> 17 greeting-delay-secs=3 > >>> 18 tls-certificate-file=/var/qmail/control/servercert.pem > >>> 19 local-domains-file=/var/qmail/control/rcpthosts > >>> 20 smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true > >>> 21 smtp-auth-command=/var/qmail/bin/cmd5checkpw > /var/qmail/bin/true > >>> 22 check-dnsrbl=ix.dnsbl.manitu.net > >>> 23 #check-dnsrbl=zen.spamhaus.org > >>> 24 check-dnsrbl=list.dsbl.org > >>> 25 check-dnsrbl=zombie.dnsbl.sorbs.net > >>> 26 check-dnsrbl=dul.dnsbl.sorbs.net > >>> 27 check-dnsrbl=bogons.cymru.com > >>> 28 reject-missing-sender-mx > >>> 29 reject-empty-rdns > >>> 30 reject-unresolvable-rdns > >>> 31 tls-certificate-file=/var/qmail/control/servercert.pem > >>> 32 hostname-file=/var/qmail/control/me > >>> > >>> > >>> __________ Information from ESET NOD32 Antivirus, version of virus > >>> > >> signature > >> > >>> database 3106 (20080516) __________ > >>> > >>> The message was checked by ESET NOD32 Antivirus. > >>> > >>> http://www.eset.com > >>> > >>> > >>> _______________________________________________ > >>> spamdyke-users mailing list > >>> spamdyke-users@spamdyke.org > >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >>> > >>> > >> _______________________________________________ > >> spamdyke-users mailing list > >> spamdyke-users@spamdyke.org > >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > >> > >> __________ Information from ESET NOD32 Antivirus, version of virus > >> signature database 3106 (20080516) __________ > >> > >> The message was checked by ESET NOD32 Antivirus. > >> > >> http://www.eset.com > >> > > > > > > > > __________ Information from ESET NOD32 Antivirus, version of virus > signature > > database 3106 (20080516) __________ > > > > The message was checked by ESET NOD32 Antivirus. > > > > http://www.eset.com > > > > > > _______________________________________________ > > spamdyke-users mailing list > > spamdyke-users@spamdyke.org > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > __________ Information from ESET NOD32 Antivirus, version of virus > signature database 3106 (20080516) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users