Configuring Spamdyke

Forum for getting help with Project Gamera, Spamassassin, Clamav, qmail-scanner and other anti-spam tools.
bananapar
Forum User
Forum User
Posts: 38
Joined: Fri Jul 23, 2010 10:03 am
Location: UK

Configuring Spamdyke

Unread post by bananapar »

We are looking at having spamdyke running on our server (Centos 5 + plesk 10.2) but are worried about having false positives.
We do have a configuration file from having used spamdyke a few years ago but that is possibly a little outdated.

Would anyone mind posting their spamdyke configurations so we have something to compare with?
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Configuring Spamdyke

Unread post by biggles »

Sure. Here's mine. I'm running the mySQL-version with Plesk Addon.

Code: Select all

#Plesk-Addon

log-level=info
greeting-delay-secs=2
local-domains-file=/var/qmail/control/rcpthosts
idle-timeout-secs=180

#TLS
tls-certificate-file=/var/qmail/control/servercert.pem

#AUTH FROM xinetd-conf
smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cm
d5checkpw /bin/true
smtp-auth-level=ondemand-encrypted

#Greylist
graylist-level=always
graylist-dir=/var/qmail/spamdyke/greylist

#GREYLIST MINIMUM = 5 Min
graylist-min-secs=300

#GREYLIST MAX = 3 Months
graylist-max-secs=1814400

#Blacklist
sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders
recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients
ip-in-rdns-keyword-blacklist-file=/var/qmail/spamdyke/blacklist_keywords
ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip

#Whitelist
rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns
ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip
sender-whitelist-file=/var/qmail/spamdyke/whitelist_senders

#RBL BLOCKLISTS
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=b.barracudacentral.org

dns-whitelist-entry=list.dnswl.org


#Rejects
## the following url gets put in all rejection messages so people who get false
positives
## know where to go for help:
policy-url=http://www.SERVERNAME.com/emailterms.html

#MySQL-Logging:
config-mysql-database=spamdyke
config-mysql-username=spamdyke
config-mysql-password=***
config-dir=/var/qmail/spamdyke/conf.d
config-dir=/var/qmail/spamdyke/conf.s

reject-missing-sender-mx
reject-empty-rdns
reject-identical-sender-recipient

bananapar
Forum User
Forum User
Posts: 38
Joined: Fri Jul 23, 2010 10:03 am
Location: UK

Re: Configuring Spamdyke

Unread post by bananapar »

Thank you biggles, that's helped reassure me on a couple of things.
douglaseggleton
Forum User
Forum User
Posts: 69
Joined: Tue Jul 19, 2011 6:30 am
Location: United Kingdom

Re: Configuring Spamdyke

Unread post by douglaseggleton »

For some reason we just can't seem to get spamdyke running on our server, I follow the instructions give for installing spamdyke, but when we edit the PSA smtp file and so the following:

REMOVING –Rt0 /usr/sbin/rblsmtpd
REPLACING WITH –Rt0 /usr/local/bin/spamdyke –FLAGS

we can receive, but all our outlook clients etc. can't connect to send mail.
Plesk 10 + Centos 5.7 + qmail, spamassasin, clamav etc.

Any ideas as to where to troubleshoot?

I checked the mail log's around that time - I don't think it's even getting to qmail.
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Configuring Spamdyke

Unread post by biggles »

spamdyke should log the errors in maillog. Do you see anything at all?
douglaseggleton
Forum User
Forum User
Posts: 69
Joined: Tue Jul 19, 2011 6:30 am
Location: United Kingdom

Re: Configuring Spamdyke

Unread post by douglaseggleton »

Just tried it again... nothing appeared in the mail log regard spamdyke. :S

However, in outlook it came up with an error with spamdyke in, about DEBUG config. It's gone too quickly for me to see it. It doesn't even get sent to the mail server.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Configuring Spamdyke

Unread post by faris »

just on the offchance, remember that -FLAGS has to be replaced with something else, usually -f path to spamdyke configuration.

e.g. –Rt0 /usr/local/bin/spamdyke -f /path/to/spamdyke.conf
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
douglaseggleton
Forum User
Forum User
Posts: 69
Joined: Tue Jul 19, 2011 6:30 am
Location: United Kingdom

Re: Configuring Spamdyke

Unread post by douglaseggleton »

Thanks! Although we still get a similar issue - outlook still can't connect to the smtp now that i have included the config file, here is a copy of the config file:


# This is an example spamdyke configuration file for spamdyke version 4.2.0.
#
# Without editing, this file will do nothing -- every available option is
# commented out. To enable options, edit the values and remove the comment
# markers at the beginning of the lines (#).
#
# See the README.html file in spamdyke's "documentation" directory for a full
# description of each option. The documentation is also available on spamdyke's
# website:
# http://www.spamdyke.org/

################################################################################
# Sets spamdyke's overall filter behavior.
# Available values: allow-all, normal, require-auth, reject-all
# Default: normal
filter-level=normal
#*#config-mysql-database=spamdyke
#*#config-mysql-username=spamdyke
#*#config-mysql-password=spamdyke

# Delays the SMTP greeting banner for SECS seconds. A value of 0 disables this
# feature.
# Default: 0
greeting-delay-secs=5

# Limit incoming messages to NUM recipients. A value of 0 disables this
# feature.
# Default: 0
max-recipients=150

# Drop superuser privileges and run as USER instead.
# Default: none
#run-as-user=USER[:GROUP]

################################################################################
# DNS TESTS
################################################################################
# Reject connections from remote servers without rDNS names.
# Default: no
reject-empty-rdns

# Reject connections from servers with rDNS names that contain their IP address
# and end in a two-character country code.
# Default: no
#reject-ip-in-cc-rdns

# Reject messages from sender whose domain names have no MX records.
# Default: no
reject-missing-sender-mx

# Reject connections from servers with rDNS names that do not resolve to IP
# addresses.
# Default:no
#reject-unresolvable-rdns

################################################################################
# LOGGING
################################################################################
# Controls the amount (and detail) of the log messages spamdyke produces.
# Available values: none, error, info, verbose, debug, excessive
# Default: error
log-level=info

# Controls where spamdyke's log messages are sent.
# Available values: syslog, stderr
# Default: syslog
#log-target=VALUE

# Outputs all SMTP data into files in DIR.
# Default: none
#full-log-dir=DIR

################################################################################
# CONFIGURATION FILES
################################################################################
# Configuration files can include other configuration files.
# Default: none
#config-file=FILE

# Configuration directories are very powerful but can also be very complicated;
# don't use them if you don't need to.
# Default: none
#config-dir=DIR

# Controls how configuration directories are searched.
# Available values: first, all-ip, all-rdns, all-sender, all-recipient
# Default: first
#config-dir-search=VALUE

################################################################################
# TIMEOUTS
################################################################################
# Close the connection after SECS seconds, regardless of activity. A value of
# 0 disables this feature.
# Default: 0
#connection-timeout-secs=SECS

# Close the connection after SECS seconds of inactivity. A value of 0 disables
# this feature.
# Default: 0
idle-timeout-secs=180

################################################################################
# SENDERS AND RECIPIENTS
################################################################################
# Reject all recipients that exactly match the sender address.
# Default: no
#reject-identical-sender-recipient

################################################################################
# LOCAL BLACKLISTS
################################################################################
# Reject connections from IP addresses that match IPADDRESS.
# Default: none
#ip-blacklist-entry=IPADDRESS

# Reject connections from IP addresses that match entries in FILE.
# Default: none
ip-blacklist-file=/var/qmail/spamdyke/blacklist_ip

# Reject connections from rDNS names that match NAME.
# Default: none
#rdns-blacklist-entry=NAME
dns-blacklist-entry=dnsbl-1.uceprotect.net
dns-blacklist-entry=zen.spamhaus.org
dns-blacklist-entry=bl.spamcop.net
dns-blacklist-entry=bogons.cymru.com
dns-blacklist-entry=b.barracudacentral.org

# Reject connections from rDNS names that match entries in FILE.
# Default: none
#rdns-blacklist-file=FILE

# Reject connections from rDNS names that match files in DIR.
# Default: none
#rdns-blacklist-dir=DIR

# Reject all messages sent to recipient ADDRESS.
# Default: none
#recipient-blacklist-entry=ADDRESS

# Reject all messages sent to any recipient address listed in FILE.
# Default: none
recipient-blacklist-file=/var/qmail/spamdyke/blacklist_recipients

# Reject all messages sent from sender ADDRESS.
# Default: none
#sender-blacklist-entry=ADDRESS

# Reject all messages sent from any sender address listed in FILE.
# Default: none
sender-blacklist-file=/var/qmail/spamdyke/blacklist_senders

# Reject connections from rDNS names that contain their IP address and KEYWORD.
# Default: none
#ip-in-rdns-keyword-blacklist-entry=KEYWORD

# Reject connections from rDNS names that contain their IP address and a keyword
# in FILE.
# Default: none
ip-in-rdns-keyword-blacklist-file=/var/qmail/spamdyke/blacklist_keywords

################################################################################
# LOCAL WHITELISTS
################################################################################
# Whitelist connections from IP addresses that match IPADDRESS.
# Default: none
#ip-whitelist-entry=IPADDRESS

# Whitelist connections from IP addresses that match entries in FILE.
# Default: none
ip-whitelist-file=/var/qmail/spamdyke/whitelist_ip

# Whitelist connections from rDNS names that match NAME.
# Default: none
#rdns-whitelist-entry=NAME

# Whitelist connections from rDNS names that match entries in FILE.
# Default: none
rdns-whitelist-file=/var/qmail/spamdyke/whitelist_rdns

# Whitelist connections from rDNS names that match files in DIR.
# Default: none
#rdns-whitelist-dir=DIR

# Whitelist all messages sent to recipient ADDRESS.
# Default: none
#recipient-whitelist-entry=ADDRESS

# Whitelist all messages sent to any recipient address listed in FILE.
# Default: none
#recipient-whitelist-file=FILE

# Whitelist all messages sent from sender ADDRESS.
# Default: none
#sender-whitelist-entry=ADDRESS

# Whitelist all messages sent from any sender address listed in FILE.
# Default: none
sender-whitelist-file=/var/qmail/spamdyke/whitelist_senders

# Whitelist connections from rDNS names that contain their IP address and
# KEYWORD.
# Default: none
#ip-in-rdns-keyword-whitelist-entry=KEYWORD

# Whitelist connections from rDNS names that contain their IP address and a
# keyword in FILE.
# Default: none
#ip-in-rdns-keyword-whitelist-file=FILE

################################################################################
# DNS-BASED BLACKLISTS
################################################################################
# Check a DNS RBL.
# Default: none
#dns-blacklist-entry=DNSRBL

# Check all DNS RBLs listed in FILE.
# Default: none
#dns-blacklist-file=FILE

# Check an RHSBL.
# Default: none
#rhs-blacklist-entry=RHSBL

# Check all RHSBLs listed in FILE.
# Default: none
#rhs-blacklist-file=FILE

################################################################################
# DNS-BASED WHITELISTS
################################################################################
# Check a DNS whitelist.
# Default: none
#dns-whitelist-entry=WHITELIST

# Check all DNS whitelist listed in a file.
# Default: none
#dns-whitelist-file=FILE

# Check an RHS whitelist.
# Default: none
#rhs-whitelist-entry=RHSBL

# Check all RHS whitelists listed in FILE.
# Default: none
#rhs-whitelist-file=FILE

################################################################################
# GRAYLISTING
################################################################################
# Controls the behavior of spamdyke's graylist filter.
# Available values: none, always, always-create-dir, only, only-create-dir
# Default: none
graylist-level=always-create-dir

# Create the graylist files in DIR.
# Default: none
graylist-dir=/var/qmail/spamdyke/greylist

# Invalidate graylist entries after SECS seconds. A value of 0 deactivates this
# feature.
# Default: 0
graylist-max-secs=1814400

# Graylist entries are not valid until they are SECS seconds old. A value of 0
# deactivates this feature.
# Default: 0
graylist-min-secs=300

# Reverse the current graylist behavior for incoming connections whose IP
# addresses match IPADDRESS.
# Default: none
#graylist-exception-ip-entry=IPADDRESS

# Read a list of IP addresses from a file and reverse the current graylist
# behavior for any connections from matching IP addresses.
# Default: none
#graylist-exception-ip-file=FILE

# Reverse the current graylist behavior for incoming connections whose rDNS
# names match NAME.
# Default: none.
#graylist-exception-rdns-entry=NAME

# Read a list of rDNS names from a file and reverse the current graylist
# behavior for any connections from matching rDNS names.
# Default: none
#graylist-exception-rdns-file=FILE

# Search an rDNS directory and reverse the current graylist behavior for any
# connections from matching rDNS names.
# Default: none
#graylist-exception-rdns-dir=DIR

################################################################################
# SMTP AUTHENTICATION
################################################################################
# Controls the way spamdyke offers, supports and processes SMTP authentication.
# Available values: none, observe, ondemand, ondemand-encrypted, always,
# always-encrypted
# Default: observe
smtp-auth-level=ondemand-encrypted

# Process authentication by running COMMAND, if necessary.
# Default: none
smtp-auth-command=/var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /bin/true

# Use NAME as the local server's name during CRAM-MD5 authentication.
# Default: unknown.server.unknown.domain
#hostname=NAME

# Read the local server's name from the first line of FILE for use during
# CRAM-MD5 authentication.
# Default: /var/qmail/control/me
#hostname-file=FILE

# Run COMMAND and read the local server's name from the first line of output
# for use during CRAM-MD5 authentication.
#hostname-command=COMMAND

################################################################################
# TLS / SSL
################################################################################
# Controls the way spamdyke offers and supports TLS or SMTPS.
# Available values: none, smtp, smtp-no-passthrough, smtps
# Default: none
tls-level=none

# Read SSL certificate from FILE.
# Default: none
#tls-certificate-file=/var/qmail/control/servercert.pem

# Read SSL certificate private key from FILE.
# Default: none
#tls-privatekey-file=FILE

# Decrypt SSL certificate private key using PASSWORD.
# Default: none
#tls-privatekey-password=PASSWORD

# Read the password for the SSL certificate private key from the first line of
# FILE.
# Default: none
#tls-privatekey-password-file=FILE

# Only use the ciphers in LIST during TLS or SMTPS.
# Default: DEFAULT
#tls-cipher-list=LIST

################################################################################
# RELAYING OPTIONS
################################################################################
# Sets spamdyke's relay protection level.
# Available values: block-all, no-check, normal, allow-all
# Default: normal
#relay-level=VALUE

# spamdyke's relay protection requires reading qmail's access file.
# This file is usually: /etc/tcp.smtp
# Default: none
access-file=/etc/tcp.smtp

# Several features require access to the list of locally hosted domains.
# This file is usually: /var/qmail/control/rcpthosts
# Default: none
local-domains-file=/var/qmail/control/rcpthosts

# Adds a single domain to spamdyke's list of locally hosted domains.
# Default: none
#local-domains-entry=DOMAIN

################################################################################
# DNS OPTIONS
################################################################################
# These options should only be used if spamdyke's default behavior is causing
# problems.

# Sets the aggressiveness of spamdyke's DNS resolver.
# Available values: none, normal, aggressive
# Default: aggressive
#dns-level=VALUE

# Adds a nameserver to spamdyke's list of primary nameservers.
# Default: none (reads nameservers from /etc/resolv.conf)
#dns-server-ip-primary=IP[:PORT]

# Adds a nameserver to spamdyke's list of secondary nameservers.
# Default: none (reads nameservers from /etc/resolv.conf)
#dns-server-ip=IP[:PORT]

# Sets the number of times spamdyke queries its primary nameservers.
# Default: 1
#dns-max-retries-primary=NUM

# Sets the total number of times spamdyke queries nameservers.
# Default: 3
#dns-max-retries-total=NUM

# Sets the total number of seconds spamdyke will spend on any DNS query.
# Default: 30
#dns-timeout-secs=SECS

# Sets the name of the file to read for the list of default nameservers.
# Default: /etc/resolv.conf
#dns-resolv-conf=FILE

# Controls whether TCP is used for DNS queries (when needed).
# Available values: none, normal
# Default: normal
#dns-tcp=VALUE

# Controls how DNS spoofing is handled.
# Available values: accept-all, accept-same-ip, accept-same-port, reject
# Default: accept-all
#dns-spoof=VALUE

# Controls the types of queries performed when looking up an IP address.
# Available values: a, cname
# Default: a + cname
#dns-query-type-a=VALUE

# Controls the types of queries performed when looking up a mail exchanger.
# Available values: a, cname, mx
# Default: a + cname + mx
#dns-query-type-mx=VALUE

# Controls the types of queries performed when looking up a reverse DNS record.
# Available values: cname, ptr
# Default: cname + ptr
#dns-query-type-ptr=VALUE

# Controls the types of queries performed when looking up a records in DNS RBLs,
# DNS RWLs, DNS RHSBLs and DNS RHSWLs.
# Available values: a, cname, txt
# Default: a + cname + txt
#dns-query-type-rbl=VALUE

################################################################################
# REJECTION MESSAGES
################################################################################
# Append URL to the end of every rejection message sent to the remote server.
# Default: none
policy-url=http://domain.com/spam-why-blocked

# Use TEXT as the rejection message when a connection is blocked because the
# remote server matches a line in an access file that denies access.
# Default: "Refused. Access is denied."
#rejection-text-access-denied=TEXT

# Use TEXT as the rejection message when authentication fails for any reason.
# Default: "Refused. Authentication failed."
#rejection-text-auth-failure=TEXT

# Use TEXT as the rejection message when SMTP AUTH is rejected because the
# remote server tries to use an unsupported authentication method. This should
# never happen.
# Default: "Refused. Unknown authentication method."
#rejection-text-auth-unknown=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's IP address is listed on a DNS blacklist. This text will only
# be used if the DNS blacklist does not provide a text message and the name of
# the DNS blacklist will be appended.
# Default: "Refused. Your IP address is listed in the RBL at "
#rejection-text-dns-blacklist=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server sent data before the SMTP greeting banner was sent.
# Default: "Refused. You are not following the SMTP protocol."
#rejection-text-earlytalker=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server has no rDNS name.
# Default: "Refused. You have no reverse DNS entry."
#rejection-text-empty-rdns=TEXT

# Use TEXT as the rejection message when a recipient is blocked by the graylist
# filter.
# Default: "Your address has been graylisted. Try again later."
#rejection-text-graylist=TEXT

# Use TEXT as the rejection message when a recipient is blocked because it
# exactly matches the sender address.
# Default: "Refused. Identical sender and recipient addresses are not allowed."
#rejection-text-identical-sender-recipient=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's IP address is listed in a blacklist file or directory.
# Default: "Refused. Your IP address is blacklisted."
#rejection-text-ip-blacklist=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's rDNS name contains its IP address and ends in a country code.
# Default: "Refused. Your reverse DNS entry contains your IP address and a
# country code."
#rejection-text-ip-in-cc-rdns=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# sender's rDNS name contains its IP address and a blacklisted keyword.
# Default: "Refused. Your reverse DNS entry contains your IP address and a
# banned keyword."
#rejection-text-ip-in-rdns-keyword-blacklist=TEXT

# Use TEXT as the rejection message when a recipient is blocked because the
# recipient address was given with no domain name.
# Default: "Improper recipient address. Try supplying a domain name."
#rejection-text-local-recipient=TEXT

# Use TEXT as the rejection message when a recipient is blocked because the
# maximum number of recipients has been reached.
# Default: "Too many recipients. Try the remaining addresses again later."
#rejection-text-max-recipients=TEXT

# Use TEXT as the rejection message when a recipient is blocked because the
# sender's email domain has no mail exchanger.
# Default: "Refused. The domain of your sender address has no mail exchanger
# (MX)."
#rejection-text-missing-sender-mx=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's rDNS name is listed in a blacklist file or directory.
# Default: "Refused. Your domain name is blacklisted."
#rejection-text-rdns-blacklist=TEXT

# Use TEXT as the rejection message when a recipient is blocked because the
# recipient's address is listed in a blacklist file.
# Default: "Refused. Mail is not being accepted at this address."
#rejection-text-recipient-blacklist=TEXT

# Use TEXT as the rejection message when a connection is blocked because all
# connections are being rejected.
# Default: "Refused. Mail is not being accepted."
#rejection-text-reject-all=TEXT

# Use TEXT as the rejection message when a recipient is blocked because the
# remote server does not have permission to relay.
# Default: "Refused. Sending to remote addresses (relaying) is not allowed."
#rejection-text-relaying-denied=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's rDNS name or the sender's email domain name is listed on a RHS
# blacklist. This text will only be used if the RHS blacklist does not provide a
# text message and the name of the RHS blacklist will be appended.
# Default: "Refused. Your domain name is listed in the RHSBL at "
#rejection-text-rhs-blacklist=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# sender's address is listed in a blacklist file.
# Default: "Refused. Your sender address has been blacklisted."
#rejection-text-sender-blacklist=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server has not authenticated.
# Default: "Refused. Authentication is required to send mail."
#rejection-text-smtp-auth-required=TEXT

# Use TEXT as the rejection message when a connection times out.
# Default: "Timeout. Talk faster next time."
#rejection-text-timeout=TEXT

# Use TEXT as the rejection message when a SSL/TLS connection cannot be
# negotiated with the remote client.
# Default: "Failed to negotiate TLS connection."
#rejection-text-tls-failure=TEXT

# Use TEXT as the rejection message when a connection is blocked because the
# remote server's rDNS name does not resolve.
# Default: "Refused. Your reverse DNS entry does not resolve."
#rejection-text-unresolvable-rdns=TEXT

# Use TEXT as the rejection message when a connection is blocked because no valid
# recipients have been given.
# Default: "Refused. You must specify at least one valid recipient."
#rejection-text-zero-recipients=TEXT

Thanks once again!
douglaseggleton
Forum User
Forum User
Posts: 69
Joined: Tue Jul 19, 2011 6:30 am
Location: United Kingdom

Re: Configuring Spamdyke

Unread post by douglaseggleton »

Changed the configuration file... Now get a response of:

sending error report. Outing SMTP email server has reported an internal error. Contact you server admin. Server responded: spamdyke 4.2.0+TLS+CONFIGTEST+DEBUG (C) Sam Clippinger, samc@silence.org

Nothing in the mail log that time.

vim /etc/xinetd.d/smtp_psa had these contents changed:

-Rt0 /usr/sbin/rblsmtpd -r bl.spamcop.net -r dnsbl-1.uceprotect.net -r b.barracudacentral.org

to

–Rt0 /usr/local/bin/spamdyke –f /etc/spamdyke.conf
Still no luck.
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Configuring Spamdyke

Unread post by biggles »

I think you have mangled /etc/xinetd.d/smtp_psa

Mine look like this:

Code: Select all

service smtp
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        disable         = no
        user            = root
        instances       = UNLIMITED
        env             =  SMTPAUTH=1
        server          = /var/qmail/bin/tcp-env
        server_args     = -Rt0 /var/qmail/bin/relaylock /usr/bin/spamdyke -f /etc/spamdyke.conf  /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/                                                                           cmd5checkpw /var/qmail/bin/true
}
douglaseggleton
Forum User
Forum User
Posts: 69
Joined: Tue Jul 19, 2011 6:30 am
Location: United Kingdom

Re: Configuring Spamdyke

Unread post by douglaseggleton »

Thanks biggles, gave it a try - getting some messages in the mail logs this time, but still not sending emails. This appears in the mail log now:

plesk /var/qmail/bin/relaylock[27182]: /var/qmail/bin/relaylock mail from ... (not defined)

Still the same message from outlook though.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Configuring Spamdyke

Unread post by faris »

Hmm.....

Outlook will not be able to use your server to send messages with spamdyke installed IF you are relying on pop-before-relay rather than full username/password authentication.

However, the normal error message to get in that situation would be "relaying denied" rather than what you are getting.

Secondly, with spamdyke installed, it is very likely that customers trying to send email would have general problems. For example their IP is blacklisted. They get greylisted, and so on and so forth.

The normal solution to this is to enable port 587 for smtp in Plesk and make sure anyone who you allow to send email via your server uses that port. They will have to use full smtp authentication to send messages via port 587.

I don't know if any of this will help given the strange error message you were getting.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
paulie
Forum User
Forum User
Posts: 76
Joined: Tue Apr 20, 2010 2:49 am

Re: Configuring Spamdyke

Unread post by paulie »

We've always found the problem here to be with qmail <-> Outlook rather than anything to do with spamdyke per se, smtp auth in general on port 25 doesn't work at all for us and whilst the system is configured for it it just falls back on to poplocks all the time.

Works fine on port 587 as Faris has said though.
douglaseggleton
Forum User
Forum User
Posts: 69
Joined: Tue Jul 19, 2011 6:30 am
Location: United Kingdom

Re: Configuring Spamdyke

Unread post by douglaseggleton »

Ok thanks for your help! I think I've got to the same point as the person looking after the server before me. Is there any way of getting it to work on port 25?
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Configuring Spamdyke

Unread post by faris »

paulie -- Yes! I seem to remember some issue with sending in Outlook. Microsoft changed something in the 2010 version which was when problems started. There's a long thread about it on the Parallels forum from the time when it started.

Now then...what was the solution....Hmm....If I remember correctly it was if you have pop-before-relay enabled then full authentication doesn't work. Or something like that. :-) :-)

Douglas -- try disabling pop-before-relay. I think it might work then (but your customers will all have to do full authentication).

My brain is telling me that at some point there was a change to spamdyke (or the feature was there from the start) and if you do full smtp authentication then no filters are applied if there's a successful login. I may have dreamed this though, and it may not be the case.

If it isn't the case then customers connecting from IPs that are in the blacklists configured for spamdyke will not be able to send AND all customers will be greylisted and therefore unable to send initially. You can solve the latter problem by setting the greylist to 10 seconds initially, or something, then gradually increase it. The former problem......you could whitelist their IPs, maybe?

Anyway, try it and see.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Post Reply