Spamd TLS and exchange

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Spamd TLS and exchange

Kevin Chadwick-4
On a machine just after 5.7 bumped to get spamd TLS support where
changes to spamd have been minimal since (I have tested the compat mode
diff with no effect).

I've had reports of mails not coming through and they have been quite
tricky to find (traffic logs of known incoming mail) as they do not hit
the spamd logs (except as ip disconnected after 19 seconds) or show up
in spamdb as the connection fails early on before getting to the mail
addresses. This only seem to affect microsoft/exchange who don't monitor
postmaster@. The intermediate is correctly loaded though it wasn't
originally.

The microsoft end receives a QUEUE.Expired failure message that states
it's not their fault so don't contact (arrogant #@!*s), though using
hotmail.com gives even less information (couldn't connect).

I created an account at hotmail.com and found that removing the -K and
-C flags when starting spamd solves the issue but I would prefer to
minimise the plain text on the wire if possible, secure or not (No DANE
yet).

Once past spamd the exchange TLS works with opensmtpd

TIA for any help/info.

I shall try 5.8 when released but I don't expect it to fix the issue
personally?


--

KISSIS - Keep It Simple So It's Securable

Reply | Threaded
Open this post in threaded view
|

Re: Spamd TLS and exchange

Kevin Chadwick-4
> except as ip disconnected after 19 seconds
oops 3 seconds... I have -s 3 spamd flag

Anyone else receiving from microsoft, maybe it's a configuration
combination such as a timeout only applied to TLS by microsoft but I
would have thought the same TCP would just be encapsulated and behave
exactly the same?

I'll test the defaults except TLS anyway and if no success just
disable TLS.

--

KISSIS - Keep It Simple So It's Securable