I don't understand either. Could you enable full logging in spamdyke (with "full-log-dir") and send a log file from one of these connections to me?
Also, out of curiosity, how did you install qmail? Did you use qmailrocks, LifeWithQmail or some other tutorial/distribution? -- Sam Clippinger Stefan Pausch wrote: > I changed the configuration with no effect. I remembered the log window in > "The Bat" and had a look: > > 18.05.2008, 22:30:35: SEND - sending mail message(s) - 1 message(s) in > queue > 18.05.2008, 22:30:35: SEND - connected to SMTP server > 18.05.2008, 22:30:35: SEND - authenticating (software CRAM-MD5)... > 18.05.2008, 22:30:35: SEND - Server reports error. The response is: out of > memory (#4.3.0) > 18.05.2008, 22:30:35: SEND - authenticating (plain)... > 18.05.2008, 22:30:37: SEND - Server reports error. The response is: auth > failure > 18.05.2008, 22:30:37: SEND - authenticating (login)... > 18.05.2008, 22:30:37: SEND - WARNING: authentication failed > 18.05.2008, 22:30:37: SEND - sending message to [EMAIL PROTECTED] > !18.05.2008, 22:30:37: SEND - Server reports error. The response is: > http://www.spamhaus.org/query/bl?ip=91.1.194.50 See: > http://stefanpausch.com/greylist.php > !18.05.2008, 22:30:37: SEND - Server reports error. The response is: > http://www.spamhaus.org/query/bl?ip=91.1.194.50 See: > http://stefanpausch.com/greylist.php > 18.05.2008, 22:30:37: SEND - connection finished - 0 message(s) sent > 18.05.2008, 22:30:37: SEND - Some messages were not sent - check the log > for details > > Looks like "plain" authentication fails. I wonder why. I used > "/var/qmail/bin/qmail-smtpd /var/qmail/bin/true" instead of > "/var/qmail/bin/qmail-smtp", because without "/var/qmail/bin/true" i > couldn't auth at all - didn't fully test this, just saw a weird error > message in the log files: > > smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] > smtp_auth: smtp_auth: exit 2 at point 9 > smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] > smtp_auth: smtp_auth: exit 2 at point 9 > > Any other ideas what could be the cause? > > Just for completion my /etc/inetd.conf ... maybe something is wrong there: > > poppassd stream tcp nowait/1000 root /usr/sbin/tcpd > /opt/psa/admin/bin/poppassd > smtp stream tcp nowait.1000 root /var/qmail/bin/tcp-env tcp-env -Rt0 > /usr/bin/env SMTPAUTH=1 POPLOCK_TIME=20 END=1 /var/qmail/bin/relaylock > /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd > /var/qmail/bin/smtp_auth /var/qmail/bin/true > smtps stream tcp nowait.1000 root /var/qmail/bin/tcp-env tcp-env -Rt0 > /usr/bin/env SMTPAUTH=1 POPLOCK_TIME=20 END=1 /var/qmail/bin/relaylock > /usr/local/bin/spamdyke -f /etc/spamdyke.conf /var/qmail/bin/qmail-smtpd > /var/qmail/bin/smtp_auth /var/qmail/bin/true > > Thanks alot for the help. > > --Stefan > > >> -----Ursprüngliche Nachricht----- >> Von: [EMAIL PROTECTED] [mailto:spamdyke-users- >> [EMAIL PROTECTED] Im Auftrag von Sam Clippinger >> Gesendet: Sonntag, 18. Mai 2008 22:20 >> An: spamdyke users >> Betreff: Re: [spamdyke-users] SMTP auth and spamhaus issues with "The >> Bat" >> >> My best guess is that your qmail is advertising an encrypted >> authentication protocol (probably CRAM-MD5) that it doesn't actually >> support, perhaps because your passwords are not stored in an >> unencrypted >> format. My theory is supported by your discovery of the >> "mail.smtpserver.default.trySecAuth" setting in Thunderbird -- that >> value probably controls whether Thunderbird uses encrypted protocols. >> When the clients try to authenticate with the encrypted protocol, they >> fail. >> >> Try this: edit your "run" file where spamdyke's and qmail's command >> lines are found. At the end of the line, you'll probably see this: >> /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth >> /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true >> Edit that portion to just this: >> /var/qmail/bin/qmail-smtpd >> Restart qmail so the change will take effect. >> >> This change _should_ prevent qmail from advertising SMTP AUTH, >> including >> the encrypted protocols it doesn't support. However, because >> spamdyke's >> configuration file includes the "smtp-auth-command" lines, spamdyke >> will >> advertise unencrypted SMTP AUTH on qmail's behalf. It will process the >> authentications and disable its filters. If my theory is correct, this >> change should solve your problem. >> >> -- Sam Clippinger >> >> Stefan Pausch wrote: >> >>> Thanks for the response. I will go more into detail : >>> >>> - i won't strip the IP or eMails from the logs. Enjoy my data :P >>> - I guess i have an issue with non-plaintext SMTP-Authentication with >>> >> QMail >> >>> (Plesk 8.4 installation). Maybe i have to patch the basic qmail >>> installation? >>> - Outlook works fine. No issues here. >>> - Log entrys for Outlook and patched thunderbird2: >>> >>> spamdyke[25426]: INFO: found A record for p5b01c232.dip.t-dialin.net: >>> 91.1.194.50 >>> smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net >>> >> [91.1.194.50] >> >>> smtp_auth: smtp_auth: SMTP user : logged in from >>> (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] >>> smtp_auth: SMTP connect from (null)@p5b01c232.dip.t-dialin.net >>> >> [91.1.194.50] >> >>> smtp_auth: smtp_auth: SMTP user : logged in from >>> (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] >>> spamdyke[25426]: ALLOWED from: [EMAIL PROTECTED] to: >>> >> [EMAIL PROTECTED] >> >>> origin_ip: 91.1.194.50 origin_rdns: p5b01c232.dip.t-dialin.net auth: >>> [EMAIL PROTECTED] >>> >>> - Thunderbird and "The Bat" show following log entries with SMTP-Auth >>> enabled, Non secure connection and correct password (pop3 auth >>> >> works!): >> >>> spamdyke[22736]: INFO: found A record for p5b01c232.dip.t-dialin.net: >>> 91.1.194.50 >>> spamdyke[22736]: INFO: found TXT record for >>> >> 50.194.1.91.zen.spamhaus.org: >> >>> http://www.spamhaus.org/query/bl?ip=91.1.194.50 >>> ... >>> smtp_auth: smtp_auth: FAILED: - password incorrect () from >>> (null)@p5b01c232.dip.t-dialin.net [91.1.194.50] >>> spamdyke[24578]: DENIED_RBL_MATCH from: [EMAIL PROTECTED] to: >>> [EMAIL PROTECTED] origin_ip: 91.1.194.50 origin_rdns: >>> p5b01c232.dip.t-dialin.net auth: (unknown) >>> (dont worry about the spamdyke ids ... i just dont find the correct >>> >> lines >> >>> anymore, but the the output is exat the same, besides the ids) >>> >>> - If i change the about:config "mail.smtpserver.default.trySecAuth" >>> >> value in >> >>> Thunderbird 2 from "true" to "false" thunderbird users can send >>> >> emails >> >>> - Is this a issue with spamdyke ( i guess not ) or directly with >>> qmail-smtp-auth which doesn't understand a crypted smtp-auth query? - >>> >> Is >> >>> there an easy way to fix, or do i really have to recompile qmail >>> >> (again.. >> >>> sigh)? >>> >>> --Stefan >>> >>> >>> >>> >>> >>>> -----Ursprüngliche Nachricht----- >>>> Von: [EMAIL PROTECTED] [mailto:spamdyke-users- >>>> [EMAIL PROTECTED] Im Auftrag von Sam Clippinger >>>> Gesendet: Sonntag, 18. Mai 2008 18:28 >>>> An: spamdyke users >>>> Betreff: Re: [spamdyke-users] SMTP auth and spamhaus issues with >>>> >> "The >> >>>> Bat" >>>> >>>> I use Thunderbird myself and I've never had any problems. I'm not >>>> >> sure >> >>>> what you mean by "wrong authentication type". >>>> >>>> Could you enable full logging and send me a log from a connection >>>> >> that >> >>>> authenticates and is still blocked? >>>> >>>> -- Sam Clippinger >>>> >>>> Stefan Pausch wrote: >>>> >>>> >>>>> I just ran into a DENIED_RBL_MATCH issue with "The Bat" >>>>> (http://ritlabs.com/) users. The user uses the latest version of >>>>> >> "The >> >>>> Bat" >>>> >>>> >>>>> with SMTP Auth and no SSL Authentifications on and gets denied due >>>>> >>>>> >>>> the >>>> >>>> >>>>> spamhaus listing . >>>>> >>>>> I guess it is the same issue as with thunderbird, which uses a >>>>> >>>>> >>>> "wrong" >>>> >>>> >>>>> authentication type. I tested "The bat with several settings" and >>>>> >>>>> >>>> couldn't >>>> >>>> >>>>> find a solution for the error >>>>> >>>>> Has any of you a solution for ths smtp-auth misbehavior? >>>>> >>>>> System: Debian, qmail, spamdyke >>>>> >>>>> Spamdyke.conf: >>>>> >>>>> 1 log-level=2 >>>>> 2 log-target=1 >>>>> 3 local-domains-file=/var/qmail/control/rcpthosts >>>>> 4 idle-timeout-secs=300 >>>>> 5 graylist-dir=/var/qmail/spamdyke/greylist >>>>> 6 graylist-min-secs=300 >>>>> 7 graylist-max-secs=4814400 >>>>> 8 policy-url=http://stefanpausch.com/greylist.php >>>>> 9 sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders >>>>> 10 recipient-blacklist- >>>>> >> file=/var/qmail/spamdyke/blacklist_recipients >> >>>>> 11 ip-in-rdns-keyword-file=/var/qmail/spamdyke/blacklist_keywords >>>>> 12 ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip >>>>> 13 rdns-blacklist-dir=/var/qmail/spamdyke/blacklist_rdns.d >>>>> 14 rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns >>>>> 15 ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip >>>>> 16 sender-whitelist-file=/var/qmail/spamdyke/whitelist_sender >>>>> 17 greeting-delay-secs=3 >>>>> 18 tls-certificate-file=/var/qmail/control/servercert.pem >>>>> 19 local-domains-file=/var/qmail/control/rcpthosts >>>>> 20 smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true >>>>> 21 smtp-auth-command=/var/qmail/bin/cmd5checkpw >>>>> >> /var/qmail/bin/true >> >>>>> 22 check-dnsrbl=ix.dnsbl.manitu.net >>>>> 23 #check-dnsrbl=zen.spamhaus.org >>>>> 24 check-dnsrbl=list.dsbl.org >>>>> 25 check-dnsrbl=zombie.dnsbl.sorbs.net >>>>> 26 check-dnsrbl=dul.dnsbl.sorbs.net >>>>> 27 check-dnsrbl=bogons.cymru.com >>>>> 28 reject-missing-sender-mx >>>>> 29 reject-empty-rdns >>>>> 30 reject-unresolvable-rdns >>>>> 31 tls-certificate-file=/var/qmail/control/servercert.pem >>>>> 32 hostname-file=/var/qmail/control/me >>>>> >>>>> >>>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>>> >>>>> >>>> signature >>>> >>>> >>>>> database 3106 (20080516) __________ >>>>> >>>>> The message was checked by ESET NOD32 Antivirus. >>>>> >>>>> http://www.eset.com >>>>> >>>>> >>>>> _______________________________________________ >>>>> spamdyke-users mailing list >>>>> spamdyke-users@spamdyke.org >>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>> >>>>> >>>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> spamdyke-users@spamdyke.org >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>>> __________ Information from ESET NOD32 Antivirus, version of virus >>>> signature database 3106 (20080516) __________ >>>> >>>> The message was checked by ESET NOD32 Antivirus. >>>> >>>> http://www.eset.com >>>> >>>> >>> >>> __________ Information from ESET NOD32 Antivirus, version of virus >>> >> signature >> >>> database 3106 (20080516) __________ >>> >>> The message was checked by ESET NOD32 Antivirus. >>> >>> http://www.eset.com >>> >>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> spamdyke-users@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> spamdyke-users@spamdyke.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> __________ Information from ESET NOD32 Antivirus, version of virus >> signature database 3106 (20080516) __________ >> >> The message was checked by ESET NOD32 Antivirus. >> >> http://www.eset.com >> > > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users