qmail Digest 23 Feb 1999 11:00:01 -0000 Issue 560
Topics (messages 22271 through 22317):
HELP! live server won't accept SMTP
22271 by: Eric Dahnke <[EMAIL PROTECTED]>
Qmail mailing list and ReplyTo:
22272 by: Peter Haworth <[EMAIL PROTECTED]>
22313 by: "Rok Papez" <[EMAIL PROTECTED]>
22316 by: Russ Allbery <[EMAIL PROTECTED]>
SOLVED: HELP! live server won't accept SMTP
22273 by: Eric Dahnke <[EMAIL PROTECTED]>
Still subscribed?
22274 by: Mate Wierdl <[EMAIL PROTECTED]>
HELP: NOT SOLVED ! ! live server won't accept SMTP
22275 by: Eric Dahnke <[EMAIL PROTECTED]>
HELP: NOT SOLVED ! ! looks like a SYN attack
22276 by: Eric Dahnke <[EMAIL PROTECTED]>
22278 by: Harald Hanche-Olsen <[EMAIL PROTECTED]>
22284 by: "Sam" <[EMAIL PROTECTED]>
22289 by: Andrew Richards <[EMAIL PROTECTED]>
[EMAIL PROTECTED]
22277 by: <[EMAIL PROTECTED]>
22279 by: Harald Hanche-Olsen <[EMAIL PROTECTED]>
22280 by: Chris Johnson <[EMAIL PROTECTED]>
22285 by: <[EMAIL PROTECTED]>
22286 by: <[EMAIL PROTECTED]>
22287 by: Vince Vielhaber <[EMAIL PROTECTED]>
22317 by: "Rask Ingemann Lambertsen" <[EMAIL PROTECTED]>
ezmlm-idx-0.32.tar.gz available [very large mailing lists/SQL]
22281 by: "Fred Lindberg" <[EMAIL PROTECTED]>
SOLVED AGAIN HELP: NOT SOLVED ! ! looks like a SYN attack
22282 by: Eric Dahnke <[EMAIL PROTECTED]>
22311 by: Chris Green <[EMAIL PROTECTED]>
22314 by: John Conover <[EMAIL PROTECTED]>
Qmail-pop3d
22283 by: [EMAIL PROTECTED]
Pine, Qmail, and time zones
22288 by: Chuck Milam <[EMAIL PROTECTED]>
22294 by: "Fred Lindberg" <[EMAIL PROTECTED]>
Help ASAP: queued message, disk full, general chaos
22290 by: Robin Bowes <[EMAIL PROTECTED]>
22291 by: Russell Nelson <[EMAIL PROTECTED]>
22293 by: Scott Schwartz <[EMAIL PROTECTED]>
22295 by: Robin Bowes <[EMAIL PROTECTED]>
22296 by: Russell Nelson <[EMAIL PROTECTED]>
22297 by: Mark Delany <[EMAIL PROTECTED]>
Remote delivery per user
22292 by: Philip Wall <[EMAIL PROTECTED]>
POP3 and SMTP Questions
22298 by: MountaiNet Tech Support <[EMAIL PROTECTED]>
22301 by: Stefan Paletta <[EMAIL PROTECTED]>
>From line processing.
22299 by: <[EMAIL PROTECTED]>
22302 by: Mate Wierdl <[EMAIL PROTECTED]>
Qmail, Majordomo, and virtual domains
22300 by: Chuck Milam <[EMAIL PROTECTED]>
Denial of service process table attacks
22303 by: John Conover <[EMAIL PROTECTED]>
22304 by: Russell Nelson <[EMAIL PROTECTED]>
22305 by: Mark Delany <[EMAIL PROTECTED]>
22306 by: Scott Lystig Fritchie <[EMAIL PROTECTED]>
22307 by: "Justin M. Streiner" <[EMAIL PROTECTED]>
22308 by: Mark Delany <[EMAIL PROTECTED]>
atime / qmail-pop3d / qmail-1.01 / freebsd
22309 by: Brett Rabe <[EMAIL PROTECTED]>
tcpserver and logging
22310 by: John Conover <[EMAIL PROTECTED]>
>From line processing - how to deliver processed message to maildir
22312 by: "Rok Papez" <[EMAIL PROTECTED]>
need some spam/relay help
22315 by: "Russell Evans" <[EMAIL PROTECTED]>
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Heeelllppp,
I'm fairly new to live mail server maintenence, but it almost seems like
a DoS.
The server is never very busy, it does about 7000 deliveries per day.
There are about 44 qmail-smtp processes running, quit a few more than
usual and a telnet to port 25 just hangs.
qmail-queue zombie processes keep showing up. (now up to five)
I've already reset the machine once. When it came back it was ok for
about 2 minutes, then the same, lots of qmail-smtp and no port 25
response.
Telnet 110 responds no problem, and the load average is 0.3 or something
way low.
What is happening and how can I fix it! - thx - eric
Russell Nelson said:
> Tim Pierce writes:
> > Sounds great! I'm all ears. Where do we submit bug reports for
> > Microsoft Internet Mail, Microsoft Outlook, and WebTV?
>
> The problem (as I see it) is that there is no requirements or even
> guidelines for MUAs. How's about we get all the mailing list manager
> people together, and bash out a set of requirements that a mailing
> list-friendly MUA will have. Then we either find a group to publish
> them, or else create our own group, and publish them ourselves.
It sounds like we need something like the Good Net-Keeping Seal of Approval,
which describes minimal standards for newsreaders.
(http://www.xs4all.nl/~js/gnksa/)
Having looked at this previously, I had thought it applied to MUAs too, but on
subsequent examination this appears not to be the case.
--
Peter Haworth [EMAIL PROTECTED]
"To define recursion, we must first define recursion."
Hello!
On Fri, 19 Feb 1999 15:29:03 -0300, [EMAIL PROTECTED] wrote:
> Yes, I understood that (I'm not an idiot, as you may be
>implying).
> BTW, please don't be so arrogant to ask others "Please read
>the post carefuly before replying" [sic]. You win nothing with this
>attitude.
Sorry.. I didn't want to imply that you are and idiot.
> What should be done when the sender wants his/her personal
>replies back to a different address *BUT* doesn't want to receive all
>replies to his/her post personally, that is, the poster still wants to
>keep the discussion on the list? Add another Reply-To field to the
>message?
I see that there is no point in continuing this debate, I apologize if
I insulted you; it was not my intention. But I do doubt it that it is
the *right* way to force everyone to use mutt. Some of us just don't
like it. :)
best regards,
Rok Papez,
Student at Faculty of Computer and Information Science,
University of Ljubljana, Slovenia.
Rok Papez <[EMAIL PROTECTED]> writes:
> When I hit reply it tells me that From: and Reply-To: fields differ and
> asks me to what e-mail adress do I want to reply (to mailing list or
> to the author personal mailbox).
> -> Now that's a smart MUA.
Except that it's lying to you.
I know a non-trivial number of people for whom, if you answered "personal
mailbox" to that question, the response would end up going somewhere
that's never read or bouncing. It's also downright rude for people who
are answering administrative mail; it forces them to put the role address
as their From address, which I personally find distasteful. Being able to
indicate that yes, "Russ Allbery" is responding to you, but you should
send your responses to his mail to postmaster@leland so that other people
can help you too is valuable semantics.
MUAs like yours cause inexperienced users to override reply-to, which on
more than one occasion has resulted in those people's questions going
unanswered for far long than was necessary.
And, in the spirit of this thread, no, I am not going to put the role
address in the From header, because that's giving in to broken clients.
The RFCs spell out what the From header is and what the Reply-To header
is, and I'm going to abide by the standards. Software that doesn't is
defective and should be fixed.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
/var/ was 100% full. Too much logging I guess.
- una estupidez
Eric Dahnke escribió:
> Heeelllppp,
>
> I'm fairly new to live mail server maintenence, but it almost seems like
> a DoS.
>
> The server is never very busy, it does about 7000 deliveries per day.
>
> There are about 44 qmail-smtp processes running, quit a few more than
> usual and a telnet to port 25 just hangs.
>
> qmail-queue zombie processes keep showing up. (now up to five)
>
> I've already reset the machine once. When it came back it was ok for
> about 2 minutes, then the same, lots of qmail-smtp and no port 25
> response.
>
> Telnet 110 responds no problem, and the load average is 0.3 or something
> way low.
>
> What is happening and how can I fix it! - thx - eric
On Sun, Feb 21, 1999 at 06:45:10PM +0000, Robin Bowes wrote:
> Scott Schwartz wrote:
> >
> > Robin Bowes <[EMAIL PROTECTED]> writes:
> > | I got a bounce message, and my feed of the list seems to have dried
> > | up...
> > |
> > | Am I still on it?
> >
> > Hang on, I'll fly the Taelon shuttle to Chicago and check. Anyone know
> > Dan's office number and password?
>
> <g> I guess that means "yes" !
>
> R.
How did you conclude this? Scott is just sarcastic since you should contac
the list owner about subscription problems. In any case, you might have
some local problems, since your From: filed has home.internal as in the
host part.
--
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
It is still the same. Our server won't accept SMTP.
/var/ now has lots of room, and I've reset the machine a few times already.
It is a linux box, and qmail-smtpd is started from tcpserver this:
/usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v -u 501 -g 500 0 smtp
/var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 &
Should I just start killing qmail-smtpd processes?
How to fix this?
Eric Dahnke escribió:
> /var/ was 100% full. Too much logging I guess.
>
> - una estupidez
>
> Eric Dahnke escribió:
>
> > Heeelllppp,
> >
> > I'm fairly new to live mail server maintenence, but it almost seems like
> > a DoS.
> >
> > The server is never very busy, it does about 7000 deliveries per day.
> >
> > There are about 44 qmail-smtp processes running, quit a few more than
> > usual and a telnet to port 25 just hangs.
> >
> > qmail-queue zombie processes keep showing up. (now up to five)
> >
> > I've already reset the machine once. When it came back it was ok for
> > about 2 minutes, then the same, lots of qmail-smtp and no port 25
> > response.
> >
> > Telnet 110 responds no problem, and the load average is 0.3 or something
> > way low.
> >
> > What is happening and how can I fix it! - thx - eric
And I've got 759 kernel warning possible SYN flood from (always unique IPs) on
our.mail.server.com since sometime early on the 21st.
Is this really a DoS attack, and if so how can we stop it?
Eric Dahnke escribió:
> It is still the same. Our server won't accept SMTP.
>
> /var/ now has lots of room, and I've reset the machine a few times already.
>
> It is a linux box, and qmail-smtpd is started from tcpserver this:
>
> /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v -u 501 -g 500 0 smtp
> /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger smtpd 3 &
>
> Should I just start killing qmail-smtpd processes?
>
> How to fix this?
>
> Eric Dahnke escribió:
>
> > /var/ was 100% full. Too much logging I guess.
> >
> > - una estupidez
> >
> > Eric Dahnke escribió:
> >
> > > Heeelllppp,
> > >
> > > I'm fairly new to live mail server maintenence, but it almost seems like
> > > a DoS.
> > >
> > > The server is never very busy, it does about 7000 deliveries per day.
> > >
> > > There are about 44 qmail-smtp processes running, quit a few more than
> > > usual and a telnet to port 25 just hangs.
> > >
> > > qmail-queue zombie processes keep showing up. (now up to five)
> > >
> > > I've already reset the machine once. When it came back it was ok for
> > > about 2 minutes, then the same, lots of qmail-smtp and no port 25
> > > response.
> > >
> > > Telnet 110 responds no problem, and the load average is 0.3 or something
> > > way low.
> > >
> > > What is happening and how can I fix it! - thx - eric
- Eric Dahnke <[EMAIL PROTECTED]>:
| And I've got 759 kernel warning possible SYN flood from (always
| unique IPs) on our.mail.server.com since sometime early on the 21st.
|
| Is this really a DoS attack, and if so how can we stop it?
Sounds like it. If you can get your hands on the router, or can talk
to someone who can, block access from the offending IP in the router
itself.
Since you have linux, I believe it is possible to compile support for
SYN cookies into the kernel, which is considered a reasonable defense
against SYN flooding attacks. Ask on some Linux related list, unless
you find it in your docs already.
- Harald
Eric Dahnke writes:
> And I've got 759 kernel warning possible SYN flood from (always unique IPs) on
> our.mail.server.com since sometime early on the 21st.
>
> Is this really a DoS attack, and if so how can we stop it?
Make sure that your log files are cycled frequently enough to purge the
logs, and contact your provider.
--
Sam
Eric,
>And I've got 759 kernel warning possible SYN flood from (always unique IPs) on
>our.mail.server.com since sometime early on the 21st.
>
>Is this really a DoS attack, and if so how can we stop it?
Not necessarily: I've met 'Possible SYN flood... sending cookies'
type messages on a heavily loaded Linux box. In fact it was saying
'Help, I've run out of resources'. In our case it was CPU, since we
had a broken application running on the box, that deadlocked
files and put processes into extremely long (not quite infinite) loops.
We fixed the application, upgraded the hardware for good measure,
and nowadays the box handles twice the load with panache.
I'd also suggest upgrading your kernel to the newest possible
release, since sometimes this solves problems you didn't know
you had.
cheers,
Andrew Richards.
I'm running qmail on my little Linux box with a couple of folks using it
as there postoffice. I've noticed in the maillog a continueing entry
for messages to someone called "[EMAIL PROTECTED]". The qmail pop logs:
"Sorry_I_couldn't_find_any_host_by_that_name._(#4.1.2)/".
So, what's happening? Who's the smart guy? How can I stop this if I should.
And I think I should.
das
- <[EMAIL PROTECTED]>:
| I'm running qmail on my little Linux box with a couple of folks using it
| as there postoffice. I've noticed in the maillog a continueing entry
| for messages to someone called "[EMAIL PROTECTED]". The qmail pop logs:
| "Sorry_I_couldn't_find_any_host_by_that_name._(#4.1.2)/".
|
| So, what's happening? Who's the smart guy?
That information is also in the logs. Look in the logs for the line
saying "delivery zzzz: msg yyyy to remote [EMAIL PROTECTED]". Then
search backwards from this point in the log for "info msg yyyy: bytes
nnn from <address> qp qqqq uid uuuu". The <address> is the envelope
sender. If the "uid uuuu" points to a local user, you may have your
smart guy. If it's the uid of the alias user, you need to trace the
message back through alias expansion. If it's the uid of qmaild, the
message probably came in from the net. If so, you are running an open
relay, and should close it up. Create /var/qmail/control/rcpthosts
(man qmail-smtpd) and follow FAQ 5.4 if you need to allow relaying
from some hosts.
- Harald
On Mon, Feb 22, 1999 at 04:13:13PM +0000, [EMAIL PROTECTED] wrote:
> I'm running qmail on my little Linux box with a couple of folks using it as
> there postoffice. I've noticed in the maillog a continueing entry for
> messages to someone called "[EMAIL PROTECTED]". The qmail pop logs:
> "Sorry_I_couldn't_find_any_host_by_that_name._(#4.1.2)/".
>
> So, what's happening? Who's the smart guy? How can I stop this if I should.
> And I think I should.
If there are only a couple of people using your mail relay and your relay isn't
open for everyone in the world to use, you could ask each of your users, "Who's
the wise guy who's trying to send mail to [EMAIL PROTECTED]?"
The problem is, however, that your relay *is* open for everyone in the world to
use, and I suspect that the message to [EMAIL PROTECTED] was sent by someone who
was testing to see if you had an open relay. This means that you've removed
your rcpthosts file, and you're just asking to be used as a spam relay.
Read FAQ 5.4 and
ftp://koobera.math.uic.edu/www/qmail/faq/servers.html#authorized-relay.
Chris
Thank You Harald,
I hate to get railed upon so I am reluctant to show my ignorance. Most of
the people that can help me are really very good at this stuff and are
impatient with no nothing folks like me.
You seem to know what you are doing and are more gentle with us "just
learning" types.
I have folks that use my service from other domains such as "att.net" and
"bellatlantic.net" . These are the folks that are going to be doing
"relaying"? If so how do I get their varying IP addresses to put in the
tcp.smpt file since that address could vary considerably.
I think I took out the rcpthosts file because (of my ignorance) then I
would have the most freedom to check mail from anywhere? I also use
sqwebmail (works great) to check for mail. Could I be infringing upon
receipt or sending of mail throught the use of these setup files?
David Susen
Harald Hanche-Olsen writes:
> - <[EMAIL PROTECTED]>:
>
> | I'm running qmail on my little Linux box with a couple of folks using it
> | as there postoffice. I've noticed in the maillog a continueing entry
> | for messages to someone called "[EMAIL PROTECTED]". The qmail pop logs:
> | "Sorry_I_couldn't_find_any_host_by_that_name._(#4.1.2)/".
> |
> | So, what's happening? Who's the smart guy?
>
> That information is also in the logs. Look in the logs for the line
> saying "delivery zzzz: msg yyyy to remote [EMAIL PROTECTED]". Then
> search backwards from this point in the log for "info msg yyyy: bytes
> nnn from <address> qp qqqq uid uuuu". The <address> is the envelope
> sender. If the "uid uuuu" points to a local user, you may have your
> smart guy. If it's the uid of the alias user, you need to trace the
> message back through alias expansion. If it's the uid of qmaild, the
> message probably came in from the net. If so, you are running an open
> relay, and should close it up. Create /var/qmail/control/rcpthosts
> (man qmail-smtpd) and follow FAQ 5.4 if you need to allow relaying
> from some hosts.
>
> - Harald
A little follow up. (David here again). I went back through my maillog files
and found the first entry was a mail send to one of our domains users by
[EMAIL PROTECTED] the qmail program responded with "Connected to <our server>
but_sender_was_rejected./Remote_host_said:_551_<[EMAIL PROTECTED]>...Domain_mus
t_resolve/
Which makes me think it was rejected and all was well. But then qmail seems
to be trying to send that message over and over again (for quite a few days
I might add).
das
[EMAIL PROTECTED] writes:
> Thank You Harald,
>
> I hate to get railed upon so I am reluctant to show my ignorance. Most of
> the people that can help me are really very good at this stuff and are
> impatient with no nothing folks like me.
>
> You seem to know what you are doing and are more gentle with us "just
> learning" types.
>
> I have folks that use my service from other domains such as "att.net" and
> "bellatlantic.net" . These are the folks that are going to be doing
> "relaying"? If so how do I get their varying IP addresses to put in the
> tcp.smpt file since that address could vary considerably.
>
> I think I took out the rcpthosts file because (of my ignorance) then I
> would have the most freedom to check mail from anywhere? I also use
> sqwebmail (works great) to check for mail. Could I be infringing upon
> receipt or sending of mail throught the use of these setup files?
>
> David Susen
>
>
> Harald Hanche-Olsen writes:
>
> > - <[EMAIL PROTECTED]>:
> >
> > | I'm running qmail on my little Linux box with a couple of folks using it
> > | as there postoffice. I've noticed in the maillog a continueing entry
> > | for messages to someone called "[EMAIL PROTECTED]". The qmail pop logs:
> > | "Sorry_I_couldn't_find_any_host_by_that_name._(#4.1.2)/".
> > |
> > | So, what's happening? Who's the smart guy?
> >
> > That information is also in the logs. Look in the logs for the line
> > saying "delivery zzzz: msg yyyy to remote [EMAIL PROTECTED]". Then
> > search backwards from this point in the log for "info msg yyyy: bytes
> > nnn from <address> qp qqqq uid uuuu". The <address> is the envelope
> > sender. If the "uid uuuu" points to a local user, you may have your
> > smart guy. If it's the uid of the alias user, you need to trace the
> > message back through alias expansion. If it's the uid of qmaild, the
> > message probably came in from the net. If so, you are running an open
> > relay, and should close it up. Create /var/qmail/control/rcpthosts
> > (man qmail-smtpd) and follow FAQ 5.4 if you need to allow relaying
> > from some hosts.
> >
> > - Harald
On Mon, 22 Feb 1999 [EMAIL PROTECTED] wrote:
>
> I have folks that use my service from other domains such as "att.net" and
> "bellatlantic.net" . These are the folks that are going to be doing
> "relaying"? If so how do I get their varying IP addresses to put in the
> tcp.smpt file since that address could vary considerably.
>
> I think I took out the rcpthosts file because (of my ignorance) then I
> would have the most freedom to check mail from anywhere? I also use
> sqwebmail (works great) to check for mail. Could I be infringing upon
> receipt or sending of mail throught the use of these setup files?
Russ Nelson has something that will do this for ya. It's at:
http://www.qmail.org/open-smpt3.tar.gz It'll allow folks to relay
through you ONLY after successfully checking their mail via POP3. The
other solution is to have them use the server run by the ISP they're
dialing in from.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================
On 22-Feb-99 17:13:13, das wrote something about "[EMAIL PROTECTED]". I just couldn't
help replying to it, thus:
> I'm running qmail on my little Linux box with a couple of folks using it
[cut]
And it is in the ORBS list:
<URL:http://www.orbs.org/verify.cgi?address=204.117.27.42>
Dan, please change qmail so that if control/rcpthosts is missing, qmail
will not relay at all. Perhaps qmail(-[qs]mtpd) should even refuse to run. The
only people who benefit from the current behaviour are the spammers.
Regards,
/¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯T¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\
| Rask Ingemann Lambertsen | [EMAIL PROTECTED] |
| Registered Phase5 developer | WWW: http://www.gbar.dtu.dk/~c948374/ |
| A4000, 775 kkeys/s (RC5-64) | "ThrustMe" on XPilot and EFnet IRC |
| I'm as confused as a baby at a topless bar! |
ftp://ftp.id.wustl.edu/pub/patches/ezmlm-idx-0.32.tar.gz
71b642272b89ec9bed5248f4fc4ee1c1 ezmlm-idx-0.32.tar.gz
NEWS:
The need for virtual domain adaptation has been removed, and ezmlm+idx
now scales well beyond 100,000 subscribers via subscriber-transparent
sublisting and optimized bounce handling.
Programs can be compiled with MySQL support, allowing use of a SQL
database for addresses and logging. Normal ezmlm databases will be used
for lists not set up for SQL use, allowing full backwards compatibility
as well as mixing of database types and conversion between them.
ezmlm list clusters can be fully monitored via SQL logging and feedback
messages. See http://dbbs1.wustl.edu/cgi-bin/status.pl for an example.
http://www.ezmlm.org/ will contain the new FAQ (FAQ.idx in the release)
in a few days. The new FAQ is available in several formats via
ftp://ftp.id.wustl.edu/pub/patches/
Other improvements:
- Better tools for setting up a global interface.
- Subscriber From-line logging and tools to remotely determine
subscriber address from name, etc.
- Test program to test most functions of most ezmlm+idx programs (as
well as necessary parts of qmail).
BACKWARDS COMPATIBILITY:
- ezmlm-0.53: Yes.
- Earlier ezmlm-idx: If you use SENDER checks and take advantage of the
DIR/extra or DIR/blacklist databases, you need to rename them to their
new names DIR/allow and DIR/deny. See INSTALL.idx for details.
FEATURES (see http://www.ezmlm.org/ for details):
ezmlm-idx is a patch/add-on to Dan Bernstein's ezmlm-0.53.tar.gz
qmail-adapted mailing list manager to add "threaded" multi-message
archive retrieval, digests, subscription and message moderation, remote
administration, automated configurable list setup in multiple
languages, ability to simply change configuration of active lists, MIME
support. Optional post restrictions based on headers, contents, MIME
type or size, and more. Subscriber-transparent sublisting with or
without use of a SQL database. Currently support for MySQL, but the
interface allows easy support of virtually any SQL database (or with a
little more work any non-SQL database as well).
Thanks to all that have contributed (see README.idx/CHANGES.idx).
Have fun!
Fred Lindberg
Fred B. Ringel
[I've cross-posted this to [EMAIL PROTECTED] reach qmail users who do
not yet use ezmlm. Please restrict further discussion to
[EMAIL PROTECTED]]
-Sincerely, Fred
(Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
Thanks Dave,
That solved it. We're running Linux kernel 3.0.26, and I'm sure it is protected
from SYN attacks.
Here is a summary of what happened.
- port 25 was not responding because /var was full.
- I removed most of the old logs and rebooted.
- port 25 came back, but only for a few minutes.
- noticed the possible SYN flood in log/messages
- deleted the current messages and maillog logs as Dave suggested below and teh SYN
messages (and presumably the attacks? - for some reason port 25 was full up)
stopped and port 25 came back.
thanks to those who responded. - eric
Dave Hansen escribió:
> Hello Eric,
>
> Have you removed the log files from /var/log/ ? Most importantly the
> maillog. Then reboot.
>
> Sounds like a problem I had once caused lots of Zombie processes and once I
> removed the maillog and rebooted it was fine. Also what flavor of linux
> are you using?
>
> Thanks,
> Dave
On Mon, Feb 22, 1999 at 01:59:30PM -0300, Eric Dahnke wrote:
> That solved it. We're running Linux kernel 3.0.26, and I'm sure it is protected
> from SYN attacks.
>
I hope that means kernel 2.0.36, otherwise I'm in another time warp
somewhere! :-)
--
Chris Green ([EMAIL PROTECTED])
Home: [EMAIL PROTECTED] Work: [EMAIL PROTECTED]
WWW: http://www.isbd.co.uk/
On Mon, Feb 22, 1999 at 01:59:30PM -0300, Eric Dahnke wrote:
> That solved it. We're running Linux kernel 3.0.26, and I'm sure it is protected
> from SYN attacks.
>
While were on the subject, does tcpserver have capabilities of dealing
effectively with SYN attacks?
Thanks,
John
--
John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA.
VOX 408.370.2688, FAX 408.379.9602
[EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have been lurking for quite some time on this list because my qmail
installations have been running flawlessly, until last night...
But I must say that this is not a big problem, just an annoyance.
We have been running qmail using maildirs for local delivery for quite some
time (3 months) with no complaints. All of a sudden last night, it seems that
qmail-pop3d quit marking messages retrieved. Quite a few users who have the
"Leave mail on server" option all of a sudden are getting a new copy of each
message each time they check mail via pop. I investigated, and all messages
do get moved from new to cur as they should. Anyone seen this behavior before?
I realize that this seems like a mail reader issue, but if that is the case,
tell me this: why did my mail reader work flawlessly up until last night with
no change in config (on the server or the client side)?
Suggestions?
Thanks in advance,
Kevin Raison
22-Feb-99 10:51:37
[EMAIL PROTECTED]
http://www.chatsubo.org
Humor in the Court:
Q: Now, you have investigated other murders, have you not, where there was
a victim?
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNtGNPe784FFaUn+eEQJVDgCggolgJJJCEI9IZaV1zBEs86oLS6EAoMHu
ANw6aGPwt56zQMEr8SUNmhYs
=BoNY
-----END PGP SIGNATURE-----
On Fri, 19 Feb 1999, Harald Hanche-Olsen wrote:
> Nor is it generated by qmail. Date: header fields are only generated
> in two places within qmail: In qmail-inject, which always uses time
> zone -0000, and in predate. Both of them print only the numeric time
> zone.
>
> So this is a pine and/or a library problem, not a qmail one.
Of course, the guys over on the Redhat list insisted that this was neither
a Redhat Linux nor a Pine problem.
Back to the grind...
----------------------------------------------------------
Chuck Milam I.T. Division - Academic Computing
[EMAIL PROTECTED] University of Wisconsin at Oshkosh
On Mon, 22 Feb 1999 12:17:24 -0600 (EST), Chuck Milam wrote:
>Of course, the guys over on the Redhat list insisted that this was neither
>a Redhat Linux nor a Pine problem.
It may be configuration problem. Look at where /etc/localtime links.
I use UTC on the computer and pine puts .. +0000 ( ). Mutt doesn't do
the "( )" thing. Maybe changing MUAs would help?
-Sincerely, Fred
(Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)
Russell Nelson wrote:
>
> Incoming is easy: stuff the size into a decimal number stored in
> control/databytes. That will tell qmail-smtpd to refuse mail that
> large. Outgoing is a little tougher if you have user accounts.
>
Is it possible to restrict incoming message sizes on a per-user basis
(strictly speaking, on a "per address" basis since we don't have any
"users" as such) ?
R.
--
Two rules to success in life:
1. Don't tell people everything you know.
-- Sassan Tat
Robin Bowes writes:
> Russell Nelson wrote:
> >
> > Incoming is easy: stuff the size into a decimal number stored in
> > control/databytes. That will tell qmail-smtpd to refuse mail that
> > large. Outgoing is a little tougher if you have user accounts.
>
> Is it possible to restrict incoming message sizes on a per-user basis
> (strictly speaking, on a "per address" basis since we don't have any
> "users" as such) ?
Yes. Set the DATABYTES environment variable for some hosts using
tcpserver's control file. If you set it to zero, that disables
limiting.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Robin Bowes <[EMAIL PROTECTED]> writes:
| Is it possible to restrict incoming message sizes on a per-user basis
| (strictly speaking, on a "per address" basis since we don't have any
| "users" as such) ?
What does the man page for qmail-smtpd say?
It says:
"If the environment variable DATABYTES is set, it overrides
databytes."
...which I knew already.
I'm not sure where this would be set; presumably using a rule in the cdb
file used by tcpserver? This would only set the limit based on IP
address, would it not?
I was wondering how it could be done on a per-user basis?
R.
Scott Schwartz wrote:
>
> Robin Bowes <[EMAIL PROTECTED]> writes:
> | Is it possible to restrict incoming message sizes on a per-user basis
> | (strictly speaking, on a "per address" basis since we don't have any
> | "users" as such) ?
>
> What does the man page for qmail-smtpd say?
--
Two rules to success in life:
1. Don't tell people everything you know.
-- Sassan Tat
Robin Bowes writes:
> I was wondering how it could be done on a per-user basis?
So are we. SMTP is an unauthenticated protocol. A number of people
have devised ad-hoc methods for identifying users, but none of them
are wholly satisfactory.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
At 10:07 PM 2/22/99 +0000, Robin Bowes wrote:
>It says:
>
> "If the environment variable DATABYTES is set, it overrides
>databytes."
>
>...which I knew already.
>
>I'm not sure where this would be set; presumably using a rule in the cdb
No. You set the limit in the environment variable.
1.2.3.4:allow,DATABYTES="1000000"
>file used by tcpserver? This would only set the limit based on IP
>address, would it not?
>
>I was wondering how it could be done on a per-user basis?
If you cannot identify the user by IP, there is no standard way. In fact,
how do you identify the user if not by IP? Surely not be the trivially easy
to forge envelope address?
Regards.
>
>R.
>
>Scott Schwartz wrote:
>>
>> Robin Bowes <[EMAIL PROTECTED]> writes:
>> | Is it possible to restrict incoming message sizes on a per-user basis
>> | (strictly speaking, on a "per address" basis since we don't have any
>> | "users" as such) ?
>>
>> What does the man page for qmail-smtpd say?
>
>--
>Two rules to success in life:
> 1. Don't tell people everything you know.
> -- Sassan Tat
>
>
What I have. I have a private LAN that uses Qmail as the mail server on
Linux.
What we would like to do is control who on this private LAN can send
email outside of the network, say out onto the internet. But still allow
all users to exchange email with the other users on this mail server.
Anyone have any ideas?
Phil Wall
I just finished installing Qmail on a new server and it seems to be running
great, but I need to do a few more configuration things. My server is
using Maildir.
Is it possible for Qmail to spawn a users Maildir upon the first time they
receive a message, or does it have to be created when the account is
activated?
How can I set it up so each user doesnt have to have a .qmail file in their
directory and it automatically delivers to their Maildir? This is in my
rc.d scripts:
/usr/local/bin/tcpserver 0 110 /var/qmail/bin/qmail-popup edwin \
/bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir &
I also changed /var/qmail/rc to this:
qmail-start ./Maildir splogger qmail
but it still doesnt deliver to a user's Maildir unless I point .qmail to
that directory.
Is it possible (and feasible) to deny direct telnet access to port 25? We
are having some problems with people doing this to send anonymous e-mail
and wondered if I could stop that. Would it cause users any problems or
would they have to change any options?
Any help is appreciated!
MountaiNet Tech Support wrote/schrieb/scribsit:
> Is it possible for Qmail to spawn a users Maildir upon the first time
> they receive a message, or does it have to be created when the account
> is activated?
With the following delivery instruction before the maildir delivery,
the maildir will be created if necessary (maildirmake lives in
/var/qmail/bin):
|test -d ./Maildir || maildirmake ./Maildir
> qmail-start ./Maildir splogger qmail
This is missing an final / at the end of Maildir to indicate that it's a
maildir and not a mailbox file. So change it to
qmail-start ./Maildir/ splogger qmail
If you want to combine this with question one, use the following:
qmail-start '|test -d ./Maildir || maildirmake ./Maildir
./Maildir/' splooger qmail
(on two lines that is).
> Is it possible (and feasible) to deny direct telnet access to port 25?
> We are having some problems with people doing this to send anonymous
> e-mail and wondered if I could stop that. Would it cause users any
> problems or would they have to change any options?
Umm, their mail user agents most probably "telnet" to port 25 to send mail,
too.
Stefan
Hello!
As you can all see my "From:" field is incorrect, my correct
"From:" should be "[EMAIL PROTECTED]".
I have the following setup:
192.168.1.x LAN boxes with various OSes,
only two of them run Linux, the server and my workstation.
Server does mail exchange with LAN workstations via POP3/SMTP.
When I go online with a server it also does mail exchange local
mailboxes <-> internet. It forwards all the mail for internet to
a smtp host on internet and fetches mail from remote POP3 accounts
to local mailboxes (Maildirs actualy ;>) where users can pick them
up via POP3 and reply to them via SMTP.
Now to the "From:" field problem:
All the workstations "think" their FQDN is "hostXXX.home", so they
create a (fake) "From:" line just like this one: "[EMAIL PROTECTED]".
"~alias/.qmail-ppp-default" contains:
|MyLANFilter
./pppdir/
Now MyLANFilter repairs the "From:" fields, but qmail doesn't
deliver the modified version to ~alias/pppdir/new. I return rc=0.
Do I have to make the deliveries myself?? Is there any way to
make qmail read the filtered mail from MyLANFilters stdout and
deliver them to ~alias/pppdir/new ?? Is there maybe something
along the following line:
"~alias/.qmail-ppp-default":
|MyLANFilter >> ./pppdir/
Thanks for all replies :).
On Tue, Feb 23, 1999 at 12:27:12AM +0100, [EMAIL PROTECTED] wrote:
> Hello!
>
> As you can all see my "From:" field is incorrect, my correct
> "From:" should be "[EMAIL PROTECTED]".
Are not you the reply-to whiz? Now you leave us with the only possibility
of sending the answer to this FAQ to the list (or copy your mailaddress to
the To: field---very tiring)
In any case, for a general rewriting, you will find the mess822 package by
qmail's author helpful.
If you want to do an adhoc rewriting, you can use reformail of maildrop, but
first read the man pages for dot-qmail and qmail-command to understand why
your .qmail-ppp-default line does what it does and not what you want.
Mate
>
> "~alias/.qmail-ppp-default" contains:
> |MyLANFilter
> ./pppdir/
>
> Now MyLANFilter repairs the "From:" fields, but qmail doesn't
> deliver the modified version to ~alias/pppdir/new. I return rc=0.
> Do I have to make the deliveries myself?? Is there any way to
> make qmail read the filtered mail from MyLANFilters stdout and
> deliver them to ~alias/pppdir/new ?? Is there maybe something
> along the following line:
>
> "~alias/.qmail-ppp-default":
> |MyLANFilter >> ./pppdir/
>
> Thanks for all replies :).
>
>
Mate
On Mon, 15 Feb 1999, John R. Levine wrote:
> If this sounds interesting, let me know and I'll pack up my scripts.
> There's a perl script to handle the bounces, and a shell script that
> creates the lists and makes the .qmail files.
John:
Any luck with this? I'm in a state of eager anticipation!
BTW, my time zone should look OK now.
----------------------------------------------------------
Chuck Milam I.T. Division - Academic Computing
[EMAIL PROTECTED] University of Wisconsin at Oshkosh
On http://lwn.net/daily/ptable.html is a description of denial of
service process table attacks. Am I correct that tcpserver limits
fork() calls to a specified number, and therefore alleviates the
situation?
Thanks,
John
--
John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA.
VOX 408.370.2688, FAX 408.379.9602
[EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
John Conover writes:
> On http://lwn.net/daily/ptable.html is a description of denial of
> service process table attacks. Am I correct that tcpserver limits
> fork() calls to a specified number, and therefore alleviates the
> situation?
Yup.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
At 05:31 23/02/99 -0000, you wrote:
>On http://lwn.net/daily/ptable.html is a description of denial of
>service process table attacks. Am I correct that tcpserver limits
>fork() calls to a specified number, and therefore alleviates the
>situation?
Correct. As long as you run all of your services via tcpserver.
Whilst some inetd implementations have crude forms of DOS protection
(initially created for other reasons) I'm not aware of too many that protect
against concurrency - most do it by rate.
Regards.
>>>>> "md" == Mark Delany <[EMAIL PROTECTED]> writes:
md> Whilst some inetd implementations have crude forms of DOS
md> protection (initially created for other reasons) I'm not aware of
md> too many that protect against concurrency - most do it by rate.
Heh. If I may take a slight detour to tell an inetd-related war
story, even if it isn't directly qmail-related....
In a former life, I was the sysadmin for a cable-based ISP in the US.
One customer was in the middle of transitioning email services from
machines they ran to our machines. Their boxes were using an older
Red Hat distribution and were using Sendmail + the Qualcomm POP
daemon. I avoided working on those machines (they weren't really
mine), but the transition wasn't going fast enough ... so I had to
grease the squeaky wheel.
In the evenings, the POP service would become unavailable due to
inetd's rate-limiting. Spending as little time as possible to "fix"
the problem, I had a cron job check the POP service every minute and
SIGHUP inetd every time it was unavailable. But during the busy
evening times, the SIGHUPs were remarkably frequent. Oh, 40-50
times/hour, with 5-minute load averages rising into the teens.
Trying another quick fix, I simply dropped qmail's tcpserver in place
of inetd for starting the POP server. I set the session limit at 60.
This killed the machine performance-wise. Thrash-O-Matic. Unlike
before, when the machine started thrashing now, it was pretty obvious
that syslog was a huge problem.
I finally discovered that syslogd was the cause. As syslog was
logging events from Sendmail and the POP daemon's login/logout events,
it used fsync() after each event. The disk couldn't keep up during
busy times, so openlog() calls started blocking ... causing load
averages to rise, delays in SMTP and POP server initial greetings, POP
client retries making things worse. Until the inetd throttle kicked
in. Then enough syslog could finally catch up, the number of blocked
processes dropped, and life returned to (near) normal. Then my cron
job would HUP inetd, and the cycle repeated. When I started using
tcpserver, things went to hell because there was no emergency escape
valve (namely that !@#$! inetd) to keep syslog from getting too busy.
I recompiled syslogd without the fsync() call, and the system gently
purred through the busiest times thereafter.
A lot of people don't know about inetd's throttle mechanism. I didn't
know there were any modern UNIXen which still used it. Live and
learn.
-Scott
---
Scott Lystig Fritchie
5401 - 10th Ave S, Minneapolis, MN 55417 USA
Professional Governing: Is It Faked?
On Tue, 23 Feb 1999, Mark Delany wrote:
> At 05:31 23/02/99 -0000, you wrote:
> >On http://lwn.net/daily/ptable.html is a description of denial of
> >service process table attacks. Am I correct that tcpserver limits
> >fork() calls to a specified number, and therefore alleviates the
> >situation?
>
> Correct. As long as you run all of your services via tcpserver.
Too bad similar protection isn't currently available for udp and RPC
services :-)
jms
At 01:27 23/02/99 -0500, Justin M. Streiner wrote:
>On Tue, 23 Feb 1999, Mark Delany wrote:
>
>> At 05:31 23/02/99 -0000, you wrote:
>> >On http://lwn.net/daily/ptable.html is a description of denial of
>> >service process table attacks. Am I correct that tcpserver limits
>> >fork() calls to a specified number, and therefore alleviates the
>> >situation?
>>
>> Correct. As long as you run all of your services via tcpserver.
>
>Too bad similar protection isn't currently available for udp and RPC
>services :-)
In the context of DOS attacks which exhaust the process table, it's much
less common for a UDP service to invoke a new process for the obvious
reasons to do with the difficulty of demuxing the inbound packet stream.
Similarly, most RPC services seem to be handled within a single process or
process pool.
Regards.
Howdy, all.
Anyone have a take on why the access time for the
Maildir/cur directory would not be getting updated
specifically on machines using Network Appliance boxen
for disk storage (via NFS) when a user connects to POP
mail?
My take on qmail-pop3d is that it does opendir()/readdir()/
closedir() on Maildir/cur. Pretty simple. Should be
enough to trigger an atime update ....
So. When I run a 5-line C program that does exactly
that and nothing more, and run it through tcpserver,
atime gets updated. When I connect and complete a POP
session it doesn't. I've tested this on FreeBSD
2.2.5-STABLE and 2.2.8-STABLE.
When I run my little 5-line program or transact a POP
session on a non-NetApp qmail-1.01 machine, atime
gets updated. When I do both of those things on machines
using NetApps for storage, it only gets updated with
the 5-line program.
Thoughts? I have that awful nagging feeling I missed
some documentation somewhere, but beats me where.
It seems fairly clear that I am not understanding the
way qmail-pop3d works, even though the code looks
pretty plain 'n simple.
And yes, I'm planning to upgrade to qmail-1.03 soon. :)
Brett
---
Brett Rabe Email : [EMAIL PROTECTED]
Systems Administrator - U S West Phone : 612.664.3078
Interact - 3S Pager : 612.613.2549
600 Stinson Blvd. Fax : 612.664.4770
Minneapolis, MN 55413 USA Pager : [EMAIL PROTECTED]
Absolute zero is cool.
There was a message earlier today concerning the machine resources
required for log files when using tcpserver//var/qmail/bin/splogger.
Shouldn't it be possible for tcpserver to use individual logs per
service, through another logging mechanism. Something like:
tcpserver -R -v -x tcp.cdb -u 123 -g 456 0 \
myservice /wherever/myprogram 2>&1 | mylogger > mylogfile &
where mylogger is like cat(1), but with a better permissions/ownership
structure? (Or, maybe, ... 2>&1 > mylogfile & would work, too. Anyone
tried it?)
Thanks,
John
--
John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA.
VOX 408.370.2688, FAX 408.379.9602
[EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Hello Mate.
On Mon, 22 Feb 1999 22:25:41 -0600, Mate Wierdl wrote:
>Are not you the reply-to whiz?
Sorry; I'm not a native English speaker. Could you please rephrase your
sentance?
>Now you leave us with the only possibility
>of sending the answer to this FAQ to the list
Ermm.. what FAQ? How do you send the answer to the FAQ ??
Is there a new version of FAQ. I've read the one that comes
with qmail 1.03 and it doesn't say anything about this kind of
mail filtering.
>(or copy your mailaddress to
>the To: field---very tiring)
Just reply to the mailing list, I'm subscribed :).
>In any case, for a general rewriting, you will find the mess822 package by
>qmail's author helpful.
>
>If you want to do an adhoc rewriting, you can use reformail of maildrop, but
Thanks I'll have a look at mess822 :).
>first read the man pages for dot-qmail and qmail-command to understand why
>your .qmail-ppp-default line does what it does and not what you want.
I did RTFM (Read This Fine Material) :)
>From "man 8 qmail-command":
----------------------------------------------------------
<*snip*>
qmail-local will, upon your request, feed each incoming
mail message through a program of your choice.
When a mail message arrives, qmail-local runs sh -c com-
mand in your home directory. It makes the message avail-
able on command's standard input.
WARNING: The mail message does not begin with qmail-
local's usual Return-Path and Delivered-To lines.
Note that qmail-local uses the same file descriptor for
every delivery in your .qmail file, so it is not safe for
command to fork a child that reads the message in the
background while the parent exits.
<*snip*>
----------------------------------------------------------
It says I get a message on stdin, but it doesn't say what
to do with it after processing; I've expected that I must
process it and write it out on stdout. But that doesn't
seem to be the case.
I think it only scans the .qmail-ppp-default and it
runs my filter with a message on stdout and it writes the
original message to the ./pppdir/.
Is there any nice way how to make qmail write the modified
message to the ./pppdir/ ?
How should I now make qmail deliver what my program holds
in memory to the ~alias/pppdit/new. Will I have to do the
delivery myself ??
best regards,
Rok Papez,
Student at Faculty of Computer and Information Science,
University of Ljubljana, Slovenia.
Is it possible to use Bruce Guenter's QMAILQUEUE to hold sent mail in a
queue until the user authenticated him or herself via pop. I was thinking a
program could be called to dump the mail in the queue and send back a
notification to the sender on authorization failure.
Thank you
Russell
