Well I can't say with 100% certainty that I understand what's happening here, but two things jump out at me right away. Both of them are in your /etc/init.d/qmail file.
First, your spamdyke configuration file specifies that spamdyke should expect SMTPS on every incoming connection, but your /etc/init.d/qmail file instructs tcpserver to listen on the SMTP port (25). This is possible but very unusual -- SMTPS connections are typically expected on port 465. If I had to guess, I'd guess this is the problem; incoming connections are using plaintext SMTP but spamdyke is expecting SMTPS (SMTP over SSL). Second, your /etc/init.d/qmail file uses the "ulimit" command to limit each spawned process to a maximum of 16 MB of memory. This is pretty low, especially when the OpenSSL libraries are in use. On my server, I allow incoming connections to use 80 MB of memory. I suggest either increasing or removing the limit to see if the behavior changes. -- Sam Clippinger David Bo Jensen wrote: > debian spamdyke-4.0.10 > > I get in syslog: > ep 21 20:11:54 server spamdyke[3211]: ERROR: unable to start SMTPS due to a > protocol failure; closing connection > Sep 21 20:11:56 server spamdyke[3213]: ERROR: unable to start SSL/TLS > connection: The operation failed due to an I/O error, Unexpected EOF found > > server:/var/log# dpkg -l | grep ssl > ii libssl-dev 0.9.8c-4etch9 SSL development > libraries, header files and > ii libssl0.9.7 0.9.7k-3 SSL shared > libraries > ii libssl0.9.8 0.9.8c-4etch9 SSL shared > libraries > ii openssl 0.9.8c-3 Secure Socket > Layer (SSL) binary and related > ii ssl-cert 1.0.13 Simple debconf > wrapper for openssl > > cat /etc/spamdyke.conf > log-level=verbose > tls-level=smtps > tls-certificate-file=/etc/ssl/certs/stunnel.pem > smtp-auth-level=always > smtp-auth-command=/usr/bin/checkpassword /bin/true > relay-level=normal > > > > > cat /etc/init.d/qmail > > .... > rblsmtpd="/usr/local/bin/spamdyke -l -f /etc/spamdyke.conf" > > # > # End of configuration > # > > test -x /usr/sbin/qmail-start || exit 0 > test -x /usr/sbin/qmail-send || exit 0 > > case "$1" in > start) > echo -n "Starting mail-transfer agent: qmail" $rblmsg > sh -c "start-stop-daemon --start --quiet --user qmails \ > --exec /usr/sbin/qmail-send \ > --startas /usr/sbin/qmail-start -- \"$alias_empty\" $logger > &" > # prevent denial-of-service attacks, with ulimit > ulimit -v 16384 > sh -c "start-stop-daemon --start --quiet --user qmaild \ > --pidfile /var/run/tcpserver_smtpd.pid --make-pidfile \ > --exec /usr/bin/tcpserver -- -R -H \ > -u `id -u root` -g `id -g nobody` -x /etc/tcp.smtp.cdb 0 smtp \ > $rblsmtpd /usr/sbin/qmail-smtpd 2>&1 \ > | $logger &" > > sh -c "start-stop-daemon --start --quiet --user root \ > --pidfile /var/run/tcpserver_pop3d.pid --make-pidfile \ > --exec /usr/bin/tcpserver -- -R -H \ > 0 pop-3 /usr/sbin/qmail-popup `hostname`.`dnsdomainname` \ > /usr/bin/checkpassword /usr/sbin/qmail-pop3d Maildir &" > > echo "." > ;; > ..... > ...... > > > > At last a simple question. If a SMPTS connection is made, which ip-number > will be used in the filtering? > I made a test with stunnel and my emails always ended up with the ip numper > 127.0.0.1 which spamdyke all the time accepted without authentication. > I want spamdyke to accept all mails sent from the server itself without > authentication but clients making remote connection shall always be > authenticated even when a ssl tunnel is used. > > Best regards > David > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
