qmail Digest 10 Mar 1999 11:00:01 -0000 Issue 575 Topics (messages 22788 through 22822): implementing anti-SPAM policies in qmail 22788 by: Francisco Yepes Candel <[EMAIL PROTECTED]> I couldn't find a mail exchanger... 22789 by: Czeh Istvan <[EMAIL PROTECTED]> 22815 by: Richard Letts <[EMAIL PROTECTED]> xinetd & SMTP relay allowing 22790 by: Czeh Istvan <[EMAIL PROTECTED]> RAID and FS Help 22791 by: Dan Laffin <[EMAIL PROTECTED]> Getting Qmail to reject unknown MAIL FROM addresses... 22792 by: [EMAIL PROTECTED] Fw: Your SMTP is about to be abused! 22793 by: "Rick McMillin" <[EMAIL PROTECTED]> 22795 by: [EMAIL PROTECTED] 22796 by: Chris Johnson <[EMAIL PROTECTED]> 22819 by: Markus Stumpf <[EMAIL PROTECTED]> 22820 by: "Brad (Senior Systems Administrator - Americanisp, LLC.)" <[EMAIL PROTECTED]> 22821 by: Markus Stumpf <[EMAIL PROTECTED]> Little date normalizer 22794 by: Juan Carlos Castro y Castro <[EMAIL PROTECTED]> 22797 by: Juan Carlos Castro y Castro <[EMAIL PROTECTED]> 22799 by: Mate Wierdl <[EMAIL PROTECTED]> 22801 by: Juan Carlos Castro y Castro <[EMAIL PROTECTED]> 22804 by: Mate Wierdl <[EMAIL PROTECTED]> 22816 by: "Sam" <[EMAIL PROTECTED]> 22817 by: Mate Wierdl <[EMAIL PROTECTED]> 22818 by: "Sam" <[EMAIL PROTECTED]> use relay on first failure? 22798 by: Peter van Dijk <[EMAIL PROTECTED]> qpopper vulnerability? 22800 by: John Gonzalez/netMDC admin <[EMAIL PROTECTED]> 22802 by: "Aaron L. Meehan" <[EMAIL PROTECTED]> 22803 by: John Gonzalez/netMDC admin <[EMAIL PROTECTED]> 22806 by: [EMAIL PROTECTED] 22808 by: "Aaron L. Meehan" <[EMAIL PROTECTED]> SMTP server account probing (fwd) 22805 by: xs <[EMAIL PROTECTED]> Qmail equivalent of sendmail's virtusertable? 22807 by: Simon Rainey <[EMAIL PROTECTED]> 22810 by: Pedro Melo <[EMAIL PROTECTED]> 22814 by: Justin Bell <[EMAIL PROTECTED]> Queue in tmpfs 22809 by: "Paul Watkins" <[EMAIL PROTECTED]> 22811 by: [EMAIL PROTECTED] 22812 by: Jeff Hayward <[EMAIL PROTECTED]> smtpd & pop3d & cyclog 22813 by: <[EMAIL PROTECTED]> qmail + IMAP 22822 by: Manfred Spraul <[EMAIL PROTECTED]> Administrivia: To subscribe to the digest, e-mail: [EMAIL PROTECTED] To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] ----------------------------------------------------------------------
I want to use qmail in a mail server that act as a mail gateway, i.e: it no support mailboxes and only redirect all the mail from my organization to the world and viceversa. All the traffic SMTP between my organization and the world is forced to go throught this mail server (I have filtered traffic in my main gateway). In these circustances, how can I implement the following anti-SPAM policies?: 1. reject all the messages with origin (dirIP) AND destination (rcpt) out of my domain 2. reject all the messages with a envelope sender "unqualified" (without domain) 3. reject all the messages with a envelope sender "unresolvable" (in DNS) 4. accept the rest If this question has already ben made I apologize. Thanks. Gracias y saludos. --------------------------------------------------------------------------- Francisco Yepes Candel e-mail:[EMAIL PROTECTED] Universidad de Murcia telf: +34-968-364828 Servicio de Informática fax : +34-968-364151 30100 Murcia Spain
Hi! I have a problem. From a machine the mails returne back with the following message: --- Hi. This is the qmail-send program at my.machine.com I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <[EMAIL PROTECTED]> Sorry, I couldn't find a mail exchanger or IP address. (#5.4.4) --- foo.bar.com is an alias of foo1.bar.com: % nslookup foo1.bar.com Server: localhost Address: 127.0.0.1 Non-authoritative answer: Name: foo1.bar.com Address: 10.10.10.10 Aliases: foo.bar.com foo1.bar.com runs sendmail: % telnet foo.bar.com 25 Trying 10.10.10.10... Connected to foo1.bar.com Escape character is '^]'. 220 foo.bar.com ESMTP Sendmail 8.8.5/8.8.5; Tue, 9 Mar 1999 13:04:24 +0100 ^^^^^^^^^^^ If I send mail to foo1.bar.com than foo1.bar.com recieves it correctly, but foo.bar.com doesn't. What could be the problem? -- Czéh István --- [EMAIL PROTECTED] --- http://www.hal.vein.hu/~isti To get my PGP public key finger [EMAIL PROTECTED]
On Tue, 9 Mar 1999, Czeh Istvan wrote: > % nslookup foo1.bar.com > Server: localhost > Address: 127.0.0.1 > > Non-authoritative answer: > Name: foo1.bar.com > Address: 10.10.10.10 > Aliases: foo.bar.com $ to doughnuts foo1.bar.com has something like: foo1.bar.com IN CNAME foo.bar.com. IN A 10.10.10.10 which isn't allowed. qmail will problalbly follow the CNAME to foo.bar.com which then doesn't have an A record? richard The problems of the world can't be solved by fixing the working C. Daniluk
Hi! I'm running qmail-smtpd from xinetd, and now I need to allow SMTP relay for the localhost. I've read FAQ 5.4, and I configured xinetd like this: service smtp { socket_type = stream protocol = tcp wait = no instances = 32 flags = REUSE user = qmaild server = /usr/sbin/tcpd server_args = /usr/local/qmail/bin/tcp-env /usr/local/qmail/bin/qmail-smtpd } In /etc/hosts.allow the RELAYCLIENT has been set: tcp-env: 127.0.0.1 , 193.6.41.140 : setenv RELAYCLIENT After all this if I try to telnet to the smtp port, qmail-smtpd doesn't respond: % telnet localhost 25 Trying 193.6.41.140... Connected to hal2000.hal.vein.hu. Escape character is '^]'. ^] telnet> Any suggestion? -- Czéh István --- [EMAIL PROTECTED] --- http://www.hal.vein.hu/~isti To get my PGP public key finger [EMAIL PROTECTED]
2nd send due to my stupidity of not giving it a real subject. I'm kind of under the gun on this one, but I want to make sure I do it right... Hey, I'm finally getting down to setting up this qmail box and I was wondering if there were any suggestions on filesystem setup (inode density, cylinder grouping, and cluster size, etc.) and RAID0+1 config (stripping interval, etc.). I have my system drives (raid1) and my data drives for the Maildirs (raid0+1) running on an e450 with Solaris 7 and DiskSuite 4.2. Thanks. -- Dan Laffin [EMAIL PROTECTED] Phone:(407)660-7900x249 Systems Administrator, MPINet Fax :(407)660-7848
[Pardon me; I sent this reply yesterday but it only went to Sam, who didn't think much of it.] Jason Haar <[EMAIL PROTECTED]> writes: > On Mon, Mar 08, 1999 at 10:49:00PM +0000, Sam wrote: > > How would you propose to handle the second and subsequent E-mail > > messages that the sender might send, after the first one is > > accepted by Qmail? > > Well that about sorts that problem out. > > I can't see how I can do what I want without patching qmail itself. As Dan would say, "This is UNIX. Stop acting so helpless." There are a handful of ways to do the above without patching qmail. Remember that qmail-smtp reads stdin and writes stdout. In short, it is a filter. Hence, for example, an expect wrapper along the following lines would work: #!/usr/bin/expect -- proc maybe_kill {addr} { # Check $addr; if bogus, kill as follows: send "QUIT\n" send_user "550 Go away! You smell like spam." } spawn qmail-smtpd interact { -re "mail from:<(.*)>\r" maybe_kill $interact_out(1,string) } A similar skeleton can implement tarpitting, helo-host verification, or almost anything. Len. -- 46. Take all Admonitions thankfully in what Time or Place Soever given but afterwards not being culpable take a Time & Place convenient to let him him know it that gave them. -- George Washington, "Rules of Civility & Decent Behaviour"
OK, by now I'm sure you've all heard about this thread that's been going around about this program that connects to your SMTP server, runs through a built in dictionary of addresses verifying the validity of each address. It then takes the results and sends emails to the ones it knows exists. It does something like this. On some other lists I'm on, people using Sendmail have been going on and on about what can be done to fix it, why that fix can cause other problems, blah, blah, blah. Me being the almighty QMail supporter (notice I didn't say almighty QMail expert), decided to put my $0.02 in about how QMail was better than Sendmail and this spam program was an example of why QMail is better. Below, you'll see a piece of the email I sent. I said that it was better because it blindly acknowledges VRFY or RCPT requests. Then this guy emails this response back (he's probably subscribed to this list). I can see this guy's point, but I still feel that if you were subjected to this attack, you'd be much better off with QMail than Sendmail, but I can't really come up with any concrete facts as to why even though I'm sure there are some. Does anyone know of any good reasons as to why QMail is better suited to handle this attack? I'm sure there must be some because no one on this list seems to worried about it. Thanks, Rick McMillin I-Land Internet Services -----Original Message----- From: Bob Love <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Monday, March 08, 1999 6:30 PM Subject: RE: Your SMTP is about to be abused! >>Yep, we run QMail and have been very happy with it. We >>also received this message and ran some tests (like trying >>the VRFY command) and it looks like QMail is not susceptible >>to this type of spam attack. >> >>From what I've seen, it looks like what this spam program does >>is connect to your SMTP server and use the VRFY command >>to check to see if a certain email address is valid at your domain. > >Huh? Non susceptible? Rick... wake up and smell the coffee... > >telnet mail.internetland.net 25 > >220 newton.internetland.net ESMTP >vrfy ricklist >252 send some mail, i'll try my best >vrfy xyzzy >252 send some mail, i'll try my best >vrfy kjhfksjfdf >252 send some mail, i'll try my best >mail from:[EMAIL PROTECTED] >250 ok >rcpt to:ricklist >250 ok >rcpt to: xyzzy >250 ok >rcpt to kjhfksjfdf >250 ok > >I'd worry, if I were you. For a start the program we're all speaking about >doesn't use vrfy it uses rcpt > >In both cases on your server, if you're attacked, it will respond with a >positive (or semi-positive in the case of vrfy) answer for EVERY word in >their dictionary. Let's say they have a 500,000 word dictionary (I have no >idea what size they use). Shortly after the harvesting attack, you're going >to get 500,000 spams flooding into your mailserver (or more likely 5000 >messages with 100 BCC: recipients each?). > >Please don't take this as a personal message (my server's not much better) >but I think we all need to worry about this scummy piece of software. It's >already been suggested round here it could be used by our competition to >harvest and target our users (ISP market is very small and competitive >here). There's a lot more nasty uses for this software than just spam... ;-( > >Regards > >Bob > > > >_________________ • The ISP-TECH Discussion List • _________________ > To Remove, Send an Email to: mailto:[EMAIL PROTECTED] > To Join, Send an Email to: mailto:[EMAIL PROTECTED] > >Make your POPs easier, more efficient, and smarter with a RAS solution >from Ariel. For a limited time buy one RAS server and get a second for >free. http://www.ariel.com/241 or call (888) RAS-3407. > > > > > >
Rick McMillin <[EMAIL PROTECTED]> writes on 9 March 1999 at 09:30:22 -0600 > OK, by now I'm sure you've all heard about this thread that's > been going around about this program that connects to your > SMTP server, runs through a built in dictionary of addresses > verifying the validity of each address. It then takes the results > and sends emails to the ones it knows exists. It does something > like this. And qmail gives it a positive on every name it tries. This has up-sides and down-sides. If everybody did this, the attack wouldn't work at all and wouldn't be tried. It's sort-of like building one of those infinite mazes of web-pages with invalid addresses on every page to try to pollute the mailing lists of people harvesting web addresses. On the other hand, since people ARE trying this attack, it means you'll be getting double-bounces on 500,000 pieces of spam soon, which might not be so good. -- David Dyer-Bennet [EMAIL PROTECTED] http://www.ddb.com/~ddb (photos, sf) Minicon: http://www.mnstf.org/minicon http://ouroboros.demesne.com/ The Ouroboros Bookworms Join the 20th century before it's too late!
On Tue, Mar 09, 1999 at 09:55:06AM -0600, [EMAIL PROTECTED] wrote: > Rick McMillin <[EMAIL PROTECTED]> writes on 9 March 1999 at 09:30:22 -0600 > > OK, by now I'm sure you've all heard about this thread that's > > been going around about this program that connects to your > > SMTP server, runs through a built in dictionary of addresses > > verifying the validity of each address. It then takes the results > > and sends emails to the ones it knows exists. It does something > > like this. > > And qmail gives it a positive on every name it tries. This has > up-sides and down-sides. If everybody did this, the attack wouldn't > work at all and wouldn't be tried. It's sort-of like building one of > those infinite mazes of web-pages with invalid addresses on every page > to try to pollute the mailing lists of people harvesting web > addresses. I may be giving them too much credit, but it's conceivable that this software considers a 100 percent positive rate as meaning what it does mean--that the results are meaningless. If that's the case, then qmail is immune to this attack. Chris
On Tue, Mar 09, 1999 at 11:01:52AM -0500, Chris Johnson wrote: > I may be giving them too much credit, I'm sure you do :-( However, "Fred Lindberg" <[EMAIL PROTECTED]> pointed out to me as an answer to my first post that there is a patch flying around (probably at http://www.qmai.org/) allowing restriction of the number of RCPT TOs within one single stream. This may be of help. \Maex -- SpaceNet GmbH | http://www.Space.Net/ | In a world without Research & Development | mailto:[EMAIL PROTECTED] | walls and fences, Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | who needs D-80807 Muenchen | Fax: +49 (89) 32356-299 | Windows and Gates?
Markus Stumpf wrote: > However, "Fred Lindberg" <[EMAIL PROTECTED]> pointed out to me > as an answer to my first post that there is a patch flying around > (probably at http://www.qmai.org/) allowing restriction of the number of > RCPT TOs within one single stream. > This may be of help. only problem with that is: the software that they are talking about sends just one RCPT TO request per stream. it opens up another connection to brute force the possibility of existing addresses. (From what I understand of all this)... All that needs to be done to avoid this is to create a patch which has a variable or something that can be set to threshold "denies" of invalid requests. maybe even puts them in /etc/tcp.smtp 'addy':DENY or something ;) heh -Brad
On Wed, Mar 10, 1999 at 12:59:21AM -0700, Brad (Senior Systems Administrator - Americanisp, LLC.) wrote: > only problem with that is: > the software that they are talking about sends just one RCPT > TO request per stream. it opens up another connection to > brute force the possibility of existing addresses. (From > what I understand of all this)... No it doesn't (at least as I read the description on the web page) See http://www.l8r.com/nwa/nwa1.htm > All that needs to be done > to avoid this is to create a patch which has a variable or > something that can be set to threshold "denies" of invalid > requests. maybe even puts them in /etc/tcp.smtp 'addy':DENY > or something ;) heh If it would behave "single streamed", your solution wouldn't work either, as for an unpatched qmail-smtpd there isn't such a thing as "invalid requests" if testing a dictionary with syntactically correct RCPT TO lines against it. If you patch qmail-smtpd to keep (centralized) track on incoming connections per time period and lock out those which are over some threshold this will probably work as long as you are not a bigger site with many users subscribed to a mailing list that is distributed via qmail. In the latter case you'll probably notice a similar behaviour. \Maex -- SpaceNet GmbH | http://www.Space.Net/ | In a world without Research & Development | mailto:[EMAIL PROTECTED] | walls and fences, Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0 | who needs D-80807 Muenchen | Fax: +49 (89) 32356-299 | Windows and Gates?
Hi! I worked on Sam's idea and, instead of sed, I made up a little gawk script to normalize the Date: field of messages. It works like a charm! Note that: 1) It doesn't check for duplicate Date: fields, but it does add one if the header comes to an end without one; 2) It renames the old Date: field to Client-Date:; 3) It adds "(server time)" at the end of the new Date: field 4) I couldn't extract an RFC-822-compliant string from strftime (that's why the servertz variable). Anyone can tip me on how to do that? ----------------------------------------------------------------------- #!/usr/bin/gawk -f BEGIN { inheader = 1; datenotparsed = 0; servertz = "-0300"; } function printdate() { print "Date: " strftime("%a, %e %h %Y %T ") servertz " (server time)"; } { if ($0 == "") { inheader = 0; if (datenotparsed) printdate(); } if (inheader) { if (substr($0, 1, 6) == "Date: ") { print "Client-" $0; printdate(); datenotparsed = 0; } else print $0; } else print $0; } ----------------------------------------------------------------------- -- ___THE___ One man alone cannot fight the future. USE LINUX! \ \ / / _______________________________________________ \ V / |Juan Carlos Castro y Castro | \ / |[EMAIL PROTECTED] | / \ |Linuxeiro, alvinegro, X-Phile e Carioca Folgado| / ^ \ |Diretor de Informática e Eventos Sobrenaturais | / / \ \ |da E-RACE CORPORATION | ~~~ ~~~ ----------------------------------------------- RACER
Oops, line 4 should read datenotparsed = 1; Also, the way to use it (in ezmlm mailing lists) is to insert it in the beginning of the ezmlm-send line in .qmail-xxx like that: |/(your path)/ezmlm-send '/(your path)/(your list)' becomes: |/(your path)/redate.awk |/(your path)/ezmlm-send '/(your path)/(your list)' Cya, -- ___THE___ One man alone cannot fight the future. USE LINUX! \ \ / / _______________________________________________ \ V / |Juan Carlos Castro y Castro | \ / |[EMAIL PROTECTED] | / \ |Linuxeiro, alvinegro, X-Phile e Carioca Folgado| / ^ \ |Diretor de Informática e Eventos Sobrenaturais | / / \ \ |da E-RACE CORPORATION | ~~~ ~~~ ----------------------------------------------- RACER
What was wrong with using reformail like |reformail -i"Date: $(date) -0300 (server time)"|forward ..... Mate On Tue, Mar 09, 1999 at 12:44:49PM -0300, Juan Carlos Castro y Castro wrote: > Hi! I worked on Sam's idea and, instead of sed, I made up a little gawk > script to normalize the Date: field of messages. It works like a charm! > Note that: > > 1) It doesn't check for duplicate Date: fields, but it does add one if > the header comes to an end without one; > > 2) It renames the old Date: field to Client-Date:; > > 3) It adds "(server time)" at the end of the new Date: field > > 4) I couldn't extract an RFC-822-compliant string from strftime (that's > why the servertz variable). Anyone can tip me on how to do that? > > ----------------------------------------------------------------------- > #!/usr/bin/gawk -f > BEGIN { > inheader = 1; > datenotparsed = 0; > servertz = "-0300"; > } > > function printdate() { > print "Date: " strftime("%a, %e %h %Y %T ") servertz " (server > time)"; > } > > { > if ($0 == "") > { > inheader = 0; > if (datenotparsed) > printdate(); > } > > if (inheader) > { > if (substr($0, 1, 6) == "Date: ") > { > print "Client-" $0; > printdate(); > datenotparsed = 0; > } > else > print $0; > } > else > print $0; > } > ----------------------------------------------------------------------- > > -- > ___THE___ One man alone cannot fight the future. USE LINUX! > \ \ / / _______________________________________________ > \ V / |Juan Carlos Castro y Castro | > \ / |[EMAIL PROTECTED] | > / \ |Linuxeiro, alvinegro, X-Phile e Carioca Folgado| > / ^ \ |Diretor de Informática e Eventos Sobrenaturais | > / / \ \ |da E-RACE CORPORATION | > ~~~ ~~~ ----------------------------------------------- > RACER -- --- Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Mate Wierdl wrote: > > What was wrong with using reformail like > > |reformail -i"Date: $(date) -0300 (server time)"|forward ..... I didn't know this thing existed. Where can I find it? -- ___THE___ One man alone cannot fight the future. USE LINUX! \ \ / / _______________________________________________ \ V / |Juan Carlos Castro y Castro | \ / |[EMAIL PROTECTED] | / \ |Linuxeiro, alvinegro, X-Phile e Carioca Folgado| / ^ \ |Diretor de Informática e Eventos Sobrenaturais | / / \ \ |da E-RACE CORPORATION | ~~~ ~~~ ----------------------------------------------- RACER
On Tue, Mar 09, 1999 at 03:01:40PM -0300, Juan Carlos Castro y Castro wrote: > Mate Wierdl wrote: > > > > What was wrong with using reformail like > > > > |reformail -i"Date: $(date) -0300 (server time)"|forward ..... > > I didn't know this thing existed. Where can I find it? It is part of Sam's maildrop package; perhaps there is a URL at www.qmail.org. It is very similar to formail of the procmail package. So you could also use |formail -f -i"Date: $(date) -0300 (server time)"| -- --- Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Mate Wierdl writes: > > > |reformail -i"Date: $(date) -0300 (server time)"|forward ..... > > > > I didn't know this thing existed. Where can I find it? > > It is part of Sam's maildrop package; perhaps there is a URL at > www.qmail.org. It is very similar to formail of the procmail package. So > you could also use > > |formail -f -i"Date: $(date) -0300 (server time)"| In fact, it's identical. The only difference is that overall my options are slightly better organized. -- Sam
In fact, it's identical. The only difference is that overall my options are slightly better organized. There is just one thing which I miss in reformail: capitalization of header fields matter: Run echo Date: okidoki| formail -f -Idate echo Date: okidoki| reformail -Idate Mate
Mate Wierdl writes: > In fact, it's identical. The only difference is that overall my options > are slightly better organized. > > There is just one thing which I miss in reformail: capitalization of > header fields matter: > Run > > echo Date: okidoki| formail -f -Idate > > echo Date: okidoki| reformail -Idate Ugly formail syntax that people should not be using. formail -f -Idate just happens to do the same thing as formail -f -Idate: And that happens to be the same thing that reformail -Idate: does. -- Sam
Is there any way to make qmail try delivery of a message _once_, and if that fails (as in 'deferred', not 'bounced'), have qmail forward the message to a fixed relay? Greetz, Peter. -- .| Peter van Dijk | <mo|VERWEG> stoned worden of coden .| [EMAIL PROTECTED] | <mo|VERWEG> dat is de levensvraag | <mo|VERWEG> coden of stoned worden | <mo|VERWEG> stonend worden En coden | <mo|VERWEG> hmm | <mo|VERWEG> dan maar stoned worden en slashdot lezen:)
On Tue, 9 Mar 1999 [EMAIL PROTECTED] wrote: -| On Tue, Mar 09, 1999 at 09:56:41AM +0100, Peter van Dijk wrote: -| > rephrase: no bugs have been found... after the amount of bugs found in previous -| > qpopper releases, I don't trust it. -| -| okay (: -| right you are ... the only thing that makes me use it anyways is it`s -| bulletinboard feature ... can you describe the feature? _ __ _____ __ _________ ______________ /_______ ___ ____ /______ John Gonzalez/Net.Tech __ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC! _ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052 /_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com [---------------------------------------------[system info]-----------] 12:20pm up 32 days, 19:00, 2 users, load average: 0.04, 0.06, 0.01
This would be the same feature supplied in the popbull patch to qmail-pop3d available on the qmail.org web site(s). Namely, the ability to send a mail bulletin to all users without the need to deliver a unique message to each mailbox. I find it quite useful. Aaron Quoting John Gonzalez/netMDC admin ([EMAIL PROTECTED]): > On Tue, 9 Mar 1999 [EMAIL PROTECTED] wrote: > > -| On Tue, Mar 09, 1999 at 09:56:41AM +0100, Peter van Dijk wrote: > -| > rephrase: no bugs have been found... after the amount of bugs found in previous > -| > qpopper releases, I don't trust it. > -| > -| okay (: > -| right you are ... the only thing that makes me use it anyways is it`s > -| bulletinboard feature ... > > can you describe the feature?
has anyone messed with the popbull feature with virtual domains or the vmailmgrd patch? On Tue, 9 Mar 1999, Aaron L. Meehan wrote: -| This would be the same feature supplied in the popbull patch to -| qmail-pop3d available on the qmail.org web site(s). Namely, -| the ability to send a mail bulletin to all users without the need to -| deliver a unique message to each mailbox. I find it quite useful. -| -| Aaron -| -| Quoting John Gonzalez/netMDC admin ([EMAIL PROTECTED]): -| > On Tue, 9 Mar 1999 [EMAIL PROTECTED] wrote: -| > -| > -| On Tue, Mar 09, 1999 at 09:56:41AM +0100, Peter van Dijk wrote: -| > -| > rephrase: no bugs have been found... after the amount of bugs found in previous -| > -| > qpopper releases, I don't trust it. -| > -| -| > -| okay (: -| > -| right you are ... the only thing that makes me use it anyways is it`s -| > -| bulletinboard feature ... -| > -| > can you describe the feature? -| _ __ _____ __ _________ ______________ /_______ ___ ____ /______ John Gonzalez/Net.Tech __ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC! _ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052 /_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com [---------------------------------------------[system info]-----------] 12:25pm up 32 days, 19:05, 2 users, load average: 0.03, 0.05, 0.00
On Tue, Mar 09, 1999 at 10:04:56AM -0800, Aaron L. Meehan wrote: > This would be the same feature supplied in the popbull patch to > qmail-pop3d available on the qmail.org web site(s). Namely, > the ability to send a mail bulletin to all users without the need to > deliver a unique message to each mailbox. I find it quite useful. [ssnip] > > can you describe the feature? [ssnip] I think the following is worth posting to make the idea really clear: ----- 4.3) How does bulletins work : During POP session after the authentication by user, server copies the bulletins placed in the BULLDIR in to the users message spool. Server would figure out the last bulletin read by user by placing under users home directory ~/.popbull the last bulletin number read. Any bulletin in the BULLDIR with number greater than the one in ~/.popbull would be copied to users message spool. ---- it works for qpopper, what`s about qmail`s popper - can it do that way too? Or it will send to new user old bulls too? Oh! on systems with no homedirs it is possible to keep a DB of user:latest bull recieved ... Pashah -- http://www.spb.sitek.net/~pashah/public-key-0x97739141.pgp
Well, the qmail popbull patch works a bit differently, since it counts on the access time of the user's Maildir vs the creation time of the actual bulletin file to determine whether they should get the bulletin (as far as I can remember). I'm wondering which method I prefer now. One drawback of the access time method is that if the user accesses the mail in another fashion (we have a imap webmail gateway, for example), or if a technician needs to access the customer's mail for some reason, then the access time of the Maildir has been modified and they will never get the bulletin.. I'll ponder what to do.. One drawback of the ~/.popbull method would be a few thousand more inodes used.. among other things. Aaron Quoting [EMAIL PROTECTED] ([EMAIL PROTECTED]): > 4.3) How does bulletins work : > During POP session after the authentication by user, server > copies the bulletins placed in the BULLDIR in to the users > message spool. Server would figure out the last bulletin > read by user by placing under users home directory ~/.popbull > the last bulletin number read. Any bulletin in the BULLDIR > with number greater than the one in ~/.popbull would > be copied to users message spool. > ---- > > it works for qpopper, what`s about qmail`s popper - can it do that way too? > Or it will send to new user old bulls too?
same thing, over again end ------------------------------------------------- Greg Albrecht Safari Internet System Administrator Fort Lauderdale, FL [EMAIL PROTECTED] www.safari.net +1[888|954]537-9550 ------------------------------------------------- ---------- Forwarded message ---------- Date: Mon, 8 Mar 1999 12:13:22 -0700 From: Brett Glass <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: SMTP server account probing Several ISPs throughout the Net are reporting an attack described at http://www.l8r.com/nwa/nwa1.htm In this attack, an SMTP server is probed for common names, presumably so that spam can the be targeted at them. The attacking machine connects and issues hundreds of RCPT TO: commands, searching a long list of common user names (e.g. susan) for ones that don't cause errors. It then compiles a list of target addresses to spam. Unfortunately, the attack -- besides allowing the perpetrator to spam users -- also brings SMTP servers to their knees. This happens most often if the server maintains lists of user names in a database where looking up a name requires substantial disk activity or computational overhead. Some people whose domain names have been hard-coded into a commercial program designed to implement this attack have responded with outrage, e.g. http://www.junk.org/earthonline/ I'm surprised that I haven't seen this one on the Bugtraq list yet. --Brett Glass
Hi, Sendmail has some neat features for handling virtual domains, and it all got a whole lot easier with the introduction of virtusertable in 8.9.0. I'm running over 2000 virtual domains under sendmail and make use of four rewrite rules in virtusertable: @wibble.com wibble.pop3 => deliver mail addressed to *any* user @wibble.com into the POP3 mailbox called wibble.pop3. @wibble.com %1.wibble => deliver mail addressed to [EMAIL PROTECTED] into the POP3 mailbox someuser.wibble. That is, take the user and add ".wibble" to form the mailbox name. @wibble.com [EMAIL PROTECTED] => deliver mail addressed to any user @wibble.com to [EMAIL PROTECTED] I do not handle mail for the wobble.net domain. @wibble.com [EMAIL PROTECTED] => deliver mail addressed to [EMAIL PROTECTED] to [EMAIL PROTECTED] I do not handle mail for the wobble.net domain. Now sendmail is big and slow and I'd really like to move to qmail. However I'm having a hard time figuring out how I'm going to handle these four rewrite rules using qmail. Can anyone help? Thanks, Simon.
Look into qmail-users. It handles all the situations bellow (except for the last one that im not sure about). On 09-Mar-99 Simon Rainey wrote: > Hi, > > Sendmail has some neat features for handling virtual domains, and it all > got a whole lot easier with the introduction of virtusertable in 8.9.0. I'm > running over 2000 virtual domains under sendmail and make use of four > rewrite rules in virtusertable: > > @wibble.com wibble.pop3 > > => deliver mail addressed to *any* user @wibble.com into the POP3 mailbox > called wibble.pop3. > > @wibble.com %1.wibble > > => deliver mail addressed to [EMAIL PROTECTED] into the POP3 mailbox > someuser.wibble. That is, take the user and add ".wibble" to form the > mailbox name. > > @wibble.com [EMAIL PROTECTED] > > => deliver mail addressed to any user @wibble.com to [EMAIL PROTECTED] I do > not handle mail for the wobble.net domain. > > @wibble.com [EMAIL PROTECTED] > > => deliver mail addressed to [EMAIL PROTECTED] to [EMAIL PROTECTED] I > do not handle mail for the wobble.net domain. > > Now sendmail is big and slow and I'd really like to move to qmail. However > I'm having a hard time figuring out how I'm going to handle these four > rewrite rules using qmail. Can anyone help? > > Thanks, > Simon. --- Pedro Melo <[EMAIL PROTECTED]> IP - Engenharia de Rede <http://ip.pt/> Av. Duque de Avila, 23, 1049-071 LISBOA - PORTUGAL tel: +351 1 3166740/00 (24h/dia) - fax: +351 1 3166701
On Tue, Mar 09, 1999 at 07:29:41PM -0000, Pedro Melo wrote: # Look into qmail-users. It handles all the situations bellow (except for the # last one that im not sure about). the last one can be done quite easily with a virtual address sent to .qmail-wibble-default |forward "$LOCAL"@wobble.net # # On 09-Mar-99 Simon Rainey wrote: # > Hi, # > # > Sendmail has some neat features for handling virtual domains, and it all # > got a whole lot easier with the introduction of virtusertable in 8.9.0. I'm # > running over 2000 virtual domains under sendmail and make use of four # > rewrite rules in virtusertable: # > # > @wibble.com wibble.pop3 # > # > => deliver mail addressed to *any* user @wibble.com into the POP3 mailbox # > called wibble.pop3. # > # > @wibble.com %1.wibble # > # > => deliver mail addressed to [EMAIL PROTECTED] into the POP3 mailbox # > someuser.wibble. That is, take the user and add ".wibble" to form the # > mailbox name. # > # > @wibble.com [EMAIL PROTECTED] # > # > => deliver mail addressed to any user @wibble.com to [EMAIL PROTECTED] I do # > not handle mail for the wobble.net domain. # > # > @wibble.com [EMAIL PROTECTED] # > # > => deliver mail addressed to [EMAIL PROTECTED] to [EMAIL PROTECTED] I # > do not handle mail for the wobble.net domain. # > # > Now sendmail is big and slow and I'd really like to move to qmail. However # > I'm having a hard time figuring out how I'm going to handle these four # > rewrite rules using qmail. Can anyone help? # > # > Thanks, # > Simon. # # --- # Pedro Melo <[EMAIL PROTECTED]> # IP - Engenharia de Rede <http://ip.pt/> # Av. Duque de Avila, 23, 1049-071 LISBOA - PORTUGAL # tel: +351 1 3166740/00 (24h/dia) - fax: +351 1 3166701 -- /- [EMAIL PROTECTED] --------------- [EMAIL PROTECTED] -\ |Justin Bell NIC:JB3084| Time and rules are changing. | |Pearson | Attention span is quickening. | |Developer | Welcome to the Information Age. | \-------- http://www.superlibrary.com/people/justin/ ----------/
I'm operating a system that doesn't need the reliability that queueing affords - speed is all that counts, because after 10 minutes any email that hasn't gotten out is out-of-date and worthless - such is the unique nature of our system. Since I've got to get out 10,000 emails in a few minutes, I'm finding that the hard disk is the massive bottleneck in achieving this. I'm running Solaris and am looking at the possibility of having the queue on tmpfs so it's in RAM. Of course, on reboot or crash the directory structure would be gone.. how much of this directory structure does qmail expect to find, and how much of it will it create on the fly? Any other suggestions? Paul Watkins ______________________________ Paul I. Watkins MCSE, OCDBA, CCTT Systems / Network Engineer Oracle / MS SQL Server DBA phone: 219-291-0520 fax: 219-291-0524 email: [EMAIL PROTECTED] web: http://www.cs-int.com Client/Server Integrators, Inc 19575 Brick Road South Bend, IN 46637 ______________________________
On Tue, Mar 09, 1999 at 02:21:12PM -0500, Paul Watkins wrote: > I'm operating a system that doesn't need the reliability that queueing > affords - speed is all that counts, because after 10 minutes any email that > hasn't gotten out is out-of-date and worthless - such is the unique nature > of our system. Since I've got to get out 10,000 emails in a few minutes, > I'm finding that the hard disk is the massive bottleneck in achieving this. > I'm running Solaris and am looking at the possibility of having the queue on > tmpfs so it's in RAM. Of course, on reboot or crash the directory structure > would be gone.. how much of this directory structure does qmail expect to > find, and how much of it will it create on the fly? Any other suggestions? RAID 1+0, or Solid State Disk (SSD). In the case of needing the queue to sync as quickly as possible, I'd look into SSD from Quantum as /var/qmail/queue. Under $10K. -- John White johnjohn at triceratops.com PGP Public Key: http://www.triceratops.com/john/public-key.pgp
I'm finding that the hard disk is the massive bottleneck in achieving this. I'm running Solaris and am looking at the possibility of having the queue on tmpfs so it's in RAM. Of course, on reboot or crash the directory structure would be gone.. how much of this directory structure does qmail expect to find, and how much of it will it create on the fly? Any other suggestions? I'm assuming that you'll mount the tmpfs as /var/qmail/queue. After mounting, before running qmail-start, just run "make setup" from the qmail source directory. That will give you a clean queue. -- Jeff Hayward
Hi there, We try to log smtpd and pop3d transaction using cyclog. For some reason, it refuses sending the stderr to cyclog. I do put 2>&1 to my script. In /etc/init.d/qmail-smtpd, it looks like: supervise /var/lock/qmail-smtpd tcpserver -v -c60 -u51 -g50 -b20 0 smtp \ /var/qmail/bin/qmail-smtpd 2>&1 \ | setuser qmaill accustamp \ | setuser qmaill supervise /var/lock/qmail-smtpd-cyclog cyclog \ -s 1000000 /var/log/qmail/qmail-smtpd & It only logs the successful messages via cyclog, it logs errors to /var/log/syslog (maillog for Solaris) In the /etc/init.d/qmail-pop3d, it looks like: supervise /var/lock/qmail-pop3d tcpserver 0 pop-3 /var/qmail/bin/qmail-popup \ gateway.dakotacom.net checkpassword qmail-popbull /var/qmail/bulletins \ /var/qmail/bin/qmail-pop3d Maildir 2>&1 | setuser qmaill accustamp \ | setuser qmaill supervise /var/lock/qmail-pop3d-cyclog cyclog \ -s 1000000 /var/log/qmail/qmail-pop3d & I got no log info at all. The file sizes are all zero. Any suggestions are welcomed. Thanks a lot. --George
I know that this is partially off-topic, but does anyone know how reliable the Maildir support in qmail-imap (the imap server from UW, the Maildir patches from Mattias Larsson) is? While testing I found 2 bugs: * I could not move messages from a Maildir into a mbox file (Netscape client, not thoroughly tested) * I could not move/rename Maildirs (I've sent a fix to Mattias) I would like to switch to qmail+IMAP+Maildir, but I can't do that unless I'm sure that this is stable. Thanks, Manfred