qmail Digest 25 Jan 1999 11:00:15 -0000 Issue 531
Topics (messages 20895 through 20921):
(off topic) required mx?
20895 by: Peter van Dijk <[EMAIL PROTECTED]>
qmtp issue
20896 by: Peter van Dijk <[EMAIL PROTECTED]>
tool to convert/simulate Exchange to normal mbox/maildir
20897 by: [EMAIL PROTECTED] (Mirko Zeibig)
relay for reserved IPs / proxy question
20898 by: Andrew Richards <[EMAIL PROTECTED]>
qmail stats (mostly GNU/Linux)
20899 by: Mate Wierdl <[EMAIL PROTECTED]>
20900 by: Peter van Dijk <[EMAIL PROTECTED]>
tcpd and paranoid mode
20901 by: "Martin Searancke" <[EMAIL PROTECTED]>
20902 by: Vince Vielhaber <[EMAIL PROTECTED]>
20903 by: Stuart Young <[EMAIL PROTECTED]>
20919 by: Russ Allbery <[EMAIL PROTECTED]>
20920 by: Dax Kelson <[EMAIL PROTECTED]>
20921 by: Russ Allbery <[EMAIL PROTECTED]>
Why ignore virtualdomains lines w/o colon?
20904 by: Russell Nelson <[EMAIL PROTECTED]>
20905 by: "Sam" <[EMAIL PROTECTED]>
20906 by: Russell Nelson <[EMAIL PROTECTED]>
20908 by: Mate Wierdl <[EMAIL PROTECTED]>
Here's why mail to nonexistent users should be bounced.
20907 by: "Sam" <[EMAIL PROTECTED]>
20909 by: Peter Gradwell <[EMAIL PROTECTED]>
20912 by: Anand Buddhdev <[EMAIL PROTECTED]>
20914 by: Andy Smith <[EMAIL PROTECTED]>
Netscape and Maildir
20910 by: Anand Buddhdev <[EMAIL PROTECTED]>
20911 by: Steve Vertigan <[EMAIL PROTECTED]>
20913 by: Anand Buddhdev <[EMAIL PROTECTED]>
20915 by: Steve Vertigan <[EMAIL PROTECTED]>
ETRN support on Qmail
20916 by: "Γιώργος Κουλογιάννης" <[EMAIL PROTECTED]>
20917 by: Thomas Neumann <[EMAIL PROTECTED]>
20918 by: Anand Buddhdev <[EMAIL PROTECTED]>
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
On Sat, Jan 23, 1999 at 08:56:42PM +0100, Niklas Alberth wrote:
> Hello
>
> I guess this is abit of topic but I don't knew any one else to ask.
>
> (bakground: I'm doing a kind of exam work, using linux to set up a (q)mail
> and web server for the other students at my school, I've only got control
> over my own server)
>
> My qmail server is at student.nystromska.soderkoping.se, I'm only accepting
> mail for that domain. Is a mx required for that domain? I've tried to set
> up a dns server but i don't think the rest of the net is aware of it. I
> can't other A or CNAME i've setup.
There is an A record pointing to your server. That's enough to receive mail.
To run your own nameserver, you would have to get the admin for nystromska
to set an NS pointer to your machine.
> Please take a look, and if you like - see if I've configured my server right.
I think everything's ok.
Greetz, Peter.
--
<squeezer> AND I AM GONNA KILL MIKE | Peter van Dijk
<squeezer> hardbeat, als je nog nuchter bent: | [EMAIL PROTECTED]
<squeezer> @date = localtime(time); | realtime security d00d
<squeezer> $date[5] += 2000 if ($date[5] < 37); |
<squeezer> $date[5] += 1900 if ($date[5] < 99); | * blah *
On Sun, Jan 24, 1999 at 02:27:07AM +0100, Balazs Nagy wrote:
> Hiyas,
>
> I want to write an article about Qmail for a Linux related special issue of
> the Hungarian Chip and it's work but I don't know whether I can give my
> readers a solution for send letters via QMTP protocol.
>
> There's a qmail-qmtpd which accepts connections from qmtp-capable clients
> but I cannot find any client for this task.
>
> Is QMTP a hypothetical protocol?
I use QMTP. The only QMTP client is serialqmtp, part of serialmail.
Greetz, Peter.
--
<squeezer> AND I AM GONNA KILL MIKE | Peter van Dijk
<squeezer> hardbeat, als je nog nuchter bent: | [EMAIL PROTECTED]
<squeezer> @date = localtime(time); | realtime security d00d
<squeezer> $date[5] += 2000 if ($date[5] < 37); |
<squeezer> $date[5] += 1900 if ($date[5] < 99); | * blah *
Hello,
I installed qmail in a company and it just runs like it should. Now these guys
want to install some workflow-program which will only work with MAPI and
Exchange΄s "Shared Folders". Is there any way to simulate these sick
MS-implementations using qmail+xxxx.
Regards
Mirko
--
mailto:[EMAIL PROTECTED] myhome_aka_~:http://sites.inka.de/picard
RedHat=~/rh52_isdn.html teles16.3c=~/teles163c/teles163c_contents.html
life's a http://www.uni-karlsruhe.de/~etcetera
Axw,
Use the fwtk as follows for SMTP coming in:
- Setup the smtp port in /etc/inetd.conf to invoke the fwtk's smap program.
- Have smapd running as a background process (this calls sendmail)
- Have a mail program (e.g. sendmail) running say once per day from
cron to clear out anything left behind in the mail queue
- You'll need to edit /usr/local/etc/netperm-table for the above
- You'll need your DNS setup too, with the real mail machine
having a greater priority than the firewall
For POP, you'll probably need to mess with the plug proxy (plug-gw)
application.
cheers,
Andrew Richards.
----------
From: Ludwig Pummer[SMTP:[EMAIL PROTECTED]]
Sent: 24 January 1999 03:00
To: axw; [EMAIL PROTECTED]
Subject: Re: relay for reserved IPs / proxy question
At 05:06 AM 2/23/99 , axw wrote:
>I have successfuly set up qmail to receive and send mail on a firewall (tis
>fwtk 2.1) proxy.
>I know that perhaps I shouldn't have done this for security reasons;
>however, the trouble is, I can not make qmail pass emails from the internal
>network (192.168.etc). It means that it's impossible to reach any external
>account via pop3 nor send any mail. This concerns only windows 95 machines
>behind the firewall/proxy (which works fine itself).
>So, my question is: how do I set up qmail to act as a relay (pop3 & smtp)
>for reserved IPs behind the proxy?
Proxying POP3 is not a qmail-related thing. If you run a SOCKS server on
the qmail/firewall/proxy machine, you can get your Win95 machines to use
the SOCKS server. If their mail clients don't support SOCKS, you can use
the SocksCap program at www.socks.nec.com to make them go through the SOCKS
server. Or you can use something like Linux's masq or FreeBSD's natd and
proxy everything.
Proxying SMTP could be done by the solution above, or you could develop a
messy smtproutes method. A simple, blanket smtproute would work, except
that it would stop the mail which goes only behind the firewall.
--Ludwig Pummer ( [EMAIL PROTECTED] )
ICQ UIN: 692441 ( [EMAIL PROTECTED] )
The entries in my xferlog* files start on Jan 03.
# cat xferlog*|awk '{ print $9, $7 }' | grep qmail-1.03-11ucspi.src.rpm |
> sort -k 2| uniq -1|wc -l
653
# cat xferlog*|awk '{ print $9, $7 }' | grep "qmail.*.rpm" |
> sort -k 2| uniq -1|wc -l
898
# cat xferlog*|awk '{ print $9, $7 }' | grep pub/qmail |
> sort -k 2| uniq -1|wc -l
1462
What is the estimated number of sites that run qmail?
Mate
On Sun, Jan 24, 1999 at 03:24:20PM -0600, Mate Wierdl wrote:
> The entries in my xferlog* files start on Jan 03.
>
> # cat xferlog*|awk '{ print $9, $7 }' | grep qmail-1.03-11ucspi.src.rpm |
> > sort -k 2| uniq -1|wc -l
> 653
>
> # cat xferlog*|awk '{ print $9, $7 }' | grep "qmail.*.rpm" |
> > sort -k 2| uniq -1|wc -l
> 898
>
> # cat xferlog*|awk '{ print $9, $7 }' | grep pub/qmail |
> > sort -k 2| uniq -1|wc -l
> 1462
>
> What is the estimated number of sites that run qmail?
I think djb as a rough estimate, because of the line in INSTALL that reads:
% ( echo 'First M. Last'; cat `cat SYSDEPS` ) | mail [EMAIL PROTECTED]
Greetz, Peter.
--
<squeezer> AND I AM GONNA KILL MIKE | Peter van Dijk
<squeezer> hardbeat, als je nog nuchter bent: | [EMAIL PROTECTED]
<squeezer> @date = localtime(time); | realtime security d00d
<squeezer> $date[5] += 2000 if ($date[5] < 37); |
<squeezer> $date[5] += 1900 if ($date[5] < 99); | * blah *
Strange problem. I compiled a new copy of my tcp wrapper program with
Paranoid mode turned off so as to allow mail to get through from sites that
have a problem with this. The new problem is whenever I use the new copy it
stops us from using that server for SMTP on our local lan. Its as if the
tcpd is not even looking at the hosts.allow file. Im stuck between a rock
and a hard place, we have to be able to use the machine to rely, but im
getting heaps of complaints about mail not getting through. Anyone come
across this one?
Thanks,
Martin
Martin Searancke
The Really Useful Solutions Group Ltd.
Level 6, 90 Symonds St
Auckland, New Zealand
[EMAIL PROTECTED]
+64 21 778592
"Time is an illusion. Lunchtime doubly so." - Douglas Adams
On 24-Jan-99 Martin Searancke wrote:
> Strange problem. I compiled a new copy of my tcp wrapper program with
> Paranoid mode turned off so as to allow mail to get through from sites that
> have a problem with this. The new problem is whenever I use the new copy it
> stops us from using that server for SMTP on our local lan. Its as if the
> tcpd is not even looking at the hosts.allow file. Im stuck between a rock
> and a hard place, we have to be able to use the machine to rely, but im
> getting heaps of complaints about mail not getting through. Anyone come
> across this one?
Don't use tcp-wrappers. It's no longer supported. You'll find that Dan's
tcpserver package (ucspi-tcp-0.84.tar.gz on koobera.math.uic.edu) is more
robust and will solve both problems.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] flame-mail: /dev/null
# include <std/disclaimers.h> TEAM-OS2
Online Searchable Campground Listings http://www.camping-usa.com
"There is no outfit less entitled to lecture me about bloat
than the federal government" -- Tony Snow
==========================================================================
At 11:31 25/01/99 +1300, Martin Searancke wrote:
>Strange problem. I compiled a new copy of my tcp wrapper program with
>Paranoid mode turned off so as to allow mail to get through from sites that
>have a problem with this. The new problem is whenever I use the new copy it
>stops us from using that server for SMTP on our local lan. Its as if the
>tcpd is not even looking at the hosts.allow file. Im stuck between a rock
>and a hard place, we have to be able to use the machine to rely, but im
>getting heaps of complaints about mail not getting through. Anyone come
>across this one?
Just a note that there is a CERT advisory about TCP wrappers at the moment.
It seems that it was replaced (trojan code) and isn't exactly 'friendly'
anymore.
http://www.cert.org/advisories/CA-99-01-Trojan-TCP-Wrappers.html
Seems this sort of thing is becoming more prevalent. You might want to
check your code if you downloaded it recently.
Stuart Young - [EMAIL PROTECTED] - [EMAIL PROTECTED]
(aka Cefiar) - http://amarok.glasswings.com.au/
[All opinions expressed in the above message are my]
[own and not necessarily the views of my employer..]
Stuart Young <[EMAIL PROTECTED]> writes:
> Just a note that there is a CERT advisory about TCP wrappers at the
> moment. It seems that it was replaced (trojan code) and isn't exactly
> 'friendly' anymore.
> http://www.cert.org/advisories/CA-99-01-Trojan-TCP-Wrappers.html
Note that this only affects downloads from the main archive site over a
fairly short period of time, and that all hosts downloading from that site
over that time period have already been contacted. The canonical archive
has also been moved to a new server.
> Seems this sort of thing is becoming more prevalent. You might want to
> check your code if you downloaded it recently.
This is probably better sent to a different list, but I'd start using
Dan's FTP daemon rather than a huge package like wu-ftpd that I really
don't trust if it only had a few more features. The two I really need are
more standard "dir" output that doesn't confuse some clients and automatic
gunzip of .gz files if downloaded without the .gz extension.
I've wanted this badly enough that I've considered a few times just
patching Dan's code for both of these features.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
You are assuming the security breach was in the ftp server.
Dax Kelson
On 25 Jan 1999, Russ Allbery wrote:
> This is probably better sent to a different list, but I'd start using
> Dan's FTP daemon rather than a huge package like wu-ftpd that I really
> don't trust if it only had a few more features. The two I really need are
> more standard "dir" output that doesn't confuse some clients and automatic
> gunzip of .gz files if downloaded without the .gz extension.
>
> I've wanted this badly enough that I've considered a few times just
> patching Dan's code for both of these features.
>
> --
> Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
>
Dax Kelson <[EMAIL PROTECTED]> writes:
> You are assuming the security breach was in the ftp server.
No, not really. It could have been any number of things. But on my
system, I'm currently running Apache, qmail, ssh, Kerberos, and an
anonymous ftp server, and of all of those things the package that I trust
least is the anonymous ftp server.
Hearing about break-ins always makes me think over the potential access
vulnerabilities in my own system. Dan's ftp server is *much*
lighter-weight and far more likely to be secure than wu-ftpd, and I'd like
to use it.
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
Why does qmail-send merely silently discard virtualdomains lines that
have no colon? Isn't it likely that such a line is in error, and
needs to be pointed out?
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Russell Nelson writes:
> Why does qmail-send merely silently discard virtualdomains lines that
> have no colon? Isn't it likely that such a line is in error, and
> needs to be pointed out?
Don't you get bounces this way? If it's going to be considered an error,
you'll just get a different bounce. So, what difference does it make what
error message you are bounced with?
Sam writes:
> Russell Nelson writes:
>
> > Why does qmail-send merely silently discard virtualdomains lines that
> > have no colon? Isn't it likely that such a line is in error, and
> > needs to be pointed out?
>
> Don't you get bounces this way? If it's going to be considered an error,
> you'll just get a different bounce. So, what difference does it make what
> error message you are bounced with?
"?" -ed.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Is not there a similar behavior in a tcprules file?
Mate
Looks like someone's E-mail harvester isn't working quite right. Basically
someone harvested a bunch of Usenet message IDs, thinking that they were
E-mail addresses. Because stuff to the right of @ is my machine name, mail
addressed this way will be attempted a delivery here.
So, AOL's outgoing mail servers are now busy spitting garbage at me. If I
was running a standard unpatched Qmail, I'd be wasting a whole crapload of
bandwidth accepting mail to nonexistent users, generating a bounce for it,
and shoving it back at AOL. Instead, since I've patched it to refuse
E-mail to nonexistent local addresses, I'm just rejecting the RCPT TO: with
significant savings in bandwidth and time. I hardly need to do anything
about it, except watch the mail logs scroll, with some detached amusement.
At 5:57 am +0000 on 25/1/99, the great Sam wrote:
>Instead, since I've patched it to refuse
>E-mail to nonexistent local addresses, I'm just rejecting the RCPT TO: with
>significant savings in bandwidth and time. I hardly need to do anything
>about it, except watch the mail logs scroll, with some detached amusement.
and what do us newbies need to do to achive this wonderful 'feature' as well?
Many Thanks
Peter.
--
gradwell dot com ltd - writing the bits of the web you don't see
online @ http://www.gradwell.com/ mailto:[EMAIL PROTECTED]
"To look back all the time is boring. Excitement lies in tomorrow"
On Mon, Jan 25, 1999 at 06:21:31AM +0000, Peter Gradwell wrote:
> At 5:57 am +0000 on 25/1/99, the great Sam wrote:
> >Instead, since I've patched it to refuse
> >E-mail to nonexistent local addresses, I'm just rejecting the RCPT TO: with
> >significant savings in bandwidth and time. I hardly need to do anything
> >about it, except watch the mail logs scroll, with some detached amusement.
>
> and what do us newbies need to do to achive this wonderful 'feature' as well?
Apply Sam's qmail-uce patches. Find them at:
http://www.geocities.com/SiliconValley/Peaks/5799/qmail-uce.html
--
Anand
On Mon, 25 Jan 1999, Anand Buddhdev wrote:
> Apply Sam's qmail-uce patches. Find them at:
>
> http://www.geocities.com/SiliconValley/Peaks/5799/qmail-uce.html
Do the patches still allow mail to postmaster from anyone? Can't see any
mention of it on the page, it's a feature I think I'd like.
--
Andy J. Smith ... <[EMAIL PROTECTED]> ... <http://www.strugglers.net/andy>
Mail to [EMAIL PROTECTED] for PGP Key, or check the key servers ......
KeyID: 0xBF15490B FP: 0E42 36CB 5295 1E14 5360 6622 2099 B64C BF15 490B
On Sat, Jan 23, 1999 at 01:27:28AM +0800, Steve Vertigan wrote:
> the files in cur owned by root while fiddling with them. Speaking of
This should not matter. As long as a user has write access in their
Maildir, they can even delete root-owned files. I often insert a root-owned
file into a user's maildir to manually send them some sort of message, like
perhaps a quota overflow. This way, I can insert the message at the 'top'
of their list, and also it does not use any of their quota. Finally, when
the POP their mail out, the root-owned warning message will also disappear.
> Netscape I applied the octets patch mentioned in the archives but compiling
> gives me
> qmail-pop3d.c: In function `pop3_top':
> qmail-pop3d.c:272: `foo' undeclared (first use this function)
>
> Does anyone know how to fix this? The lines inserted are evidently
> puts("+OK ");
> foo[fmt_uint(foo,m[i].size)] = 0;
> puts(foo);
>
> puts(" octets \r\n");
> flush();
Oops. I also ran into this, and I remember declaring foo somewhere towards
the top of the file, somewhat like this:
char foo[128];
--
Anand
Anand Buddhdev wrote:
> On Sat, Jan 23, 1999 at 01:27:28AM +0800, Steve Vertigan wrote:
>
> > the files in cur owned by root while fiddling with them. Speaking of
>
> This should not matter. As long as a user has write access in their
> Maildir, they can even delete root-owned files.
This is very strange. I telnetted in to port 110 and couldn't even issue a RETR
on a message, although I could get the results from LIST ok. After transferring
ownership to the user I could RETR and assume the user successfully retrieved and
deleted as I didn't hear any more about it. The Maildir directory is owned by
the correct user and group...
--
Regards,
Steve
On Mon, Jan 25, 1999 at 04:13:00PM +0800, Steve Vertigan wrote:
> > This should not matter. As long as a user has write access in their
> > Maildir, they can even delete root-owned files.
>
> This is very strange. I telnetted in to port 110 and couldn't even
> issue a RETR
> on a message, although I could get the results from LIST ok. After
> transferring
> ownership to the user I could RETR and assume the user successfully
> retrieved and
> deleted as I didn't hear any more about it. The Maildir directory is owned by
> the correct user and group...
If the message file is owned by root, then it needs to have a minimum mode
of 444, ie. read access for everyone. In your case, the root-owned files
most likely have modes that don't allow the user to read the file. Remember
that qmail-pop3d runs under the permissions of the user, not root. You are
however able to list the file, since the ordinary user has the permissions
to list the contents of a directory, even if the files themselves are not
readable by that user. Basically, if you are that ordinary user and you can
use a pager like more or less to view the file, then you will be able to
RETR the message. If not, the permissions need to be checked.
--
Anand
Anand Buddhdev wrote:
> If the message file is owned by root, then it needs to have a minimum mode
> of 444, ie. read access for everyone. In your case, the root-owned files
> most likely have modes that don't allow the user to read the file. Remember
> that qmail-pop3d runs under the permissions of the user, not root.
Yes I'm aware of that and the permissions were set to readable only by owner as
you'd expect email to be but I'm mystified that you said the user can delete message
then that are owned by root if they own the directory. Are you saying I could've
done a DELE on the messages even though I couldn't view them?
Regards,
Steve
Question for the experts out there:
Qmail does not seem to support the ETRN function. Thus there is virtually
no way for a remote SMTP dialup server to connect ot the net and
emeediatelly request retrieval of the mails residing in the qmail queue for
that server. Is there any fisible solution to the problem? Is there going to
be ETRN support in future releases?
Regards,
George Koulogiannis.
On Mon, Jan 25, 1999 at 11:05:02AM +0200, Γιώργος Κουλογιάννης wrote:
>
> Qmail does not seem to support the ETRN function. Thus there is virtually
> no way for a remote SMTP dialup server to connect ot the net and
> emeediatelly request retrieval of the mails residing in the qmail queue for
> that server. Is there any fisible solution to the problem? Is there going to
> be ETRN support in future releases?
I think there are ETRN patches on www.qmail.org, but I'd rather
avoid ETRN because it sucks as far as security is concerned
(ETRN does not allow sufficient authorization of the client
that connects and requests to be sent the contents of a
mail queue).
There are alternative solutions that should give better results
than ETRN. You might have a look at the "serialmail" package, also
available via www.qmail.org. With serialmail installed on the
qmail server you can deliver all mail for your wannebe ETRN
customer into a Maildir and then have the contents of that
Maildir be sent to the client via SMTP once he connects. This
is usually what people with MS Exchange or Lotus Domino SMTP
servers want and why they're asking for ETRN in the first place.
The only thing you'll have to arrange for is that you need a
mechanism for the client to "trigger" the serialmail process
on the qmail server, and that mechanism can be written to offer
sufficient security and it's easy to do.
Another, maybe even easier solution is to deliver all mail
for the ETRN customer into a Maildir like outlined in the
previous solution but instead of using serialmail in the
qmail server have the client use a program that retrieves
to contents of his Maildir via POP3 and re-injects the mail
into the clients local SMTP server -- basically a poor
mans "fetchmail".
-t
On Mon, Jan 25, 1999 at 11:05:02AM +0200, Γιώργος Κουλογιάννης wrote:
> Question for the experts out there:
>
> Qmail does not seem to support the ETRN function. Thus there is virtually
> no way for a remote SMTP dialup server to connect ot the net and
> emeediatelly request retrieval of the mails residing in the qmail queue for
> that server. Is there any fisible solution to the problem? Is there going to
> be ETRN support in future releases?
qmail does not support ETRN, but it has support for a much better system
called AutoTURN. It does not require your client to send an ETRN to request
dequeuing of their email. All they have to do is connect and start sending
email, and qmail will in turn dequeue their messages. For setup details,
download the serialmail package from
ftp://koobera.math.uic.edu/pub/software
and read the document called AUTOTURN in that distribution.
--
Anand
