qmail Digest 11 Aug 1999 10:00:00 -0000 Issue 725
Topics (messages 28788 through 28837):
20,000 mailboxes...
28788 by: Mirko Zeibig <[EMAIL PROTECTED]>
28792 by: Magnus Bodin <[EMAIL PROTECTED]>
28793 by: Stanley Horwitz <[EMAIL PROTECTED]>
28799 by: "Rick McMillin" <[EMAIL PROTECTED]>
28807 by: Magnus Bodin <[EMAIL PROTECTED]>
28808 by: Ira Abramov <[EMAIL PROTECTED]>
28811 by: Van Liedekerke Franky <[EMAIL PROTECTED]>
28813 by: Andre Oppermann <[EMAIL PROTECTED]>
28816 by: Russell Nelson <[EMAIL PROTECTED]>
28817 by: Russell Nelson <[EMAIL PROTECTED]>
Mail Queue & Alias
28789 by: Mirko Zeibig <[EMAIL PROTECTED]>
28790 by: Andre Oppermann <[EMAIL PROTECTED]>
assign file
28791 by: Ana Belén Santos <[EMAIL PROTECTED]>
28794 by: Robbie Walker <[EMAIL PROTECTED]>
28815 by: Mirko Zeibig <[EMAIL PROTECTED]>
28821 by: Ken Jones <[EMAIL PROTECTED]>
Squashing 20,000 rumors...
28795 by: Russell Nelson <[EMAIL PROTECTED]>
28810 by: Jeffrey Skelton <[EMAIL PROTECTED]>
28812 by: Ira Abramov <[EMAIL PROTECTED]>
28814 by: Andre Oppermann <[EMAIL PROTECTED]>
28818 by: Russell Nelson <[EMAIL PROTECTED]>
28819 by: "Sam" <[EMAIL PROTECTED]>
small script for linuxconf
28796 by: Mirko Zeibig <[EMAIL PROTECTED]>
queue modification
28797 by: "David Harris" <[EMAIL PROTECTED]>
28798 by: Jos Backus <[EMAIL PROTECTED]>
28800 by: "David Harris" <[EMAIL PROTECTED]>
28809 by: <[EMAIL PROTECTED]>
Web Mail on Qmail.
28801 by: "David Harris" <[EMAIL PROTECTED]>
28820 by: "Sam" <[EMAIL PROTECTED]>
28824 by: "David Harris" <[EMAIL PROTECTED]>
28825 by: "Thomas M. Sasala" <[EMAIL PROTECTED]>
28826 by: "Sam" <[EMAIL PROTECTED]>
sending a message to all users
28802 by: Eric Dahnke <[EMAIL PROTECTED]>
28804 by: "Jay D. Dyson" <[EMAIL PROTECTED]>
28806 by: "David Harris" <[EMAIL PROTECTED]>
smtp problem with quotes on hostname end of hostname
28803 by: Dave Sill <[EMAIL PROTECTED]>
28805 by: Scott Bender <[EMAIL PROTECTED]>
binaries
28822 by: Mate Wierdl <[EMAIL PROTECTED]>
28823 by: Ira Abramov <[EMAIL PROTECTED]>
compile warnings
28827 by: Mate Wierdl <[EMAIL PROTECTED]>
28828 by: "Sam" <[EMAIL PROTECTED]>
28829 by: Dustin Marquess <[EMAIL PROTECTED]>
HOWTO prevent one user from sending
28830 by: Mike McLeish <[EMAIL PROTECTED]>
28831 by: "Jay D. Dyson" <[EMAIL PROTECTED]>
28832 by: Albert Hopkins <[EMAIL PROTECTED]>
28833 by: Russell Nelson <[EMAIL PROTECTED]>
[Q] a simple but important question - how often will qmail 're-scan' the queue?
28834 by: Silver CHEN <[EMAIL PROTECTED]>
28835 by: Magnus Bodin <[EMAIL PROTECTED]>
28836 by: Silver CHEN <[EMAIL PROTECTED]>
bouncing mail for non-existant users
28837 by: Bitt Faulk <[EMAIL PROTECTED]>
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
On Mon, Aug 09, 1999 at 11:47:39PM -0400, Robbie Walker wrote:
> Yeah, hotmail.com is running >20,000 [grin]
>
> it seems to work pretty darn well, considering.
>
gmx.de runs qmail as well, which is one of the german (IMHO better) answers
to hotmail.com.
Once upon a time someone in this list told (or is it on djb's site?), Redhat
would do it's lists with qmail as well.
Regards
Mirko
On Tue, 10 Aug 1999, Marc-Adrian Napoli wrote:
> I was just wondering if anyone is running a qmail server with 20,000 users?
> And if so, how does it handle and what hardware are you running?
One of the biggest swedish ISP:s (algonet) are using qmail for their
50000+ users. Solaris, Sun and NetWork Appliances hardware.
/magnus
--
"MOST USELESS site of the year 1998"
--> http://x42.com/urlcalc/
On Tue, 10 Aug 1999, Marc-Adrian Napoli wrote:
> Hi there,
>
> I was just wondering if anyone is running a qmail server with 20,000 users?
>
> And if so, how does it handle and what hardware are you running?
>
> Any help is most appreciated!
If I am not mistaken, AOL and Hotmail both run qmail and as you
probably know, there's something like 4,000,000 AOL users. You might
find more info of this nature on the Qmail Web site.
So how do the ISP's with those large customer bases
deal with authentication? What methods do they use?
Passwd? LDAP? MySQL?
Rick
----- Original Message -----
From: Stanley Horwitz <[EMAIL PROTECTED]>
To: Marc-Adrian Napoli <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, August 10, 1999 7:51 AM
Subject: Re: 20,000 mailboxes...
>
>
> On Tue, 10 Aug 1999, Marc-Adrian Napoli wrote:
>
> > Hi there,
> >
> > I was just wondering if anyone is running a qmail server with 20,000
users?
> >
> > And if so, how does it handle and what hardware are you running?
> >
> > Any help is most appreciated!
>
> If I am not mistaken, AOL and Hotmail both run qmail and as you
> probably know, there's something like 4,000,000 AOL users. You might
> find more info of this nature on the Qmail Web site.
>
>
On Tue, 10 Aug 1999, Rick McMillin wrote:
> So how do the ISP's with those large customer bases
> deal with authentication? What methods do they use?
> Passwd? LDAP? MySQL?
At this point (large customer based, complex professional installation)
I would definitely consider consulting a professional (non-free)
consultant.
/magnus
--
"MOST USELESS site of the year 1998"
--> http://x42.com/urlcalc/
On Tue, 10 Aug 1999, Magnus Bodin wrote:
> One of the biggest swedish ISP:s (algonet) are using qmail for their
> 50000+ users. Solaris, Sun and NetWork Appliances hardware.
Internet Zahav here in Israel is THE biggest ISP in the country
currently... 150k users. we use Qmail for all outgoing mail since about a
week ago (I pushed it, got no help from the bosses), having to prove it's
good, I redirected all the users to relay through a Pentium II-350 with an
IDE drive instead of the sendmail over an Enterprise Solaris box, and
things turned out to work faster. now that the bigwigs saw the success,
I'll move in to change the rest of the servers to Qmail too (main
incoming, virtual domains, pop etc)
High time I switch to a DB instead of a multi-megabyte passwd file. any
ideas, ready-made delivery tools? same DB should also authenticate for
Radius and pop. non-qmail specific replies will be happily accepted
offlist too.
TIA, Ira
check out the ldap patch then...
> ----------
> From: Ira Abramov[SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, August 10, 1999 4:47 PM
> Cc: [EMAIL PROTECTED]
> Subject: Re: 20,000 mailboxes...
>
> On Tue, 10 Aug 1999, Magnus Bodin wrote:
>
> > One of the biggest swedish ISP:s (algonet) are using qmail for their
> > 50000+ users. Solaris, Sun and NetWork Appliances hardware.
>
> Internet Zahav here in Israel is THE biggest ISP in the country
> currently... 150k users. we use Qmail for all outgoing mail since about a
> week ago (I pushed it, got no help from the bosses), having to prove it's
> good, I redirected all the users to relay through a Pentium II-350 with an
> IDE drive instead of the sendmail over an Enterprise Solaris box, and
> things turned out to work faster. now that the bigwigs saw the success,
> I'll move in to change the rest of the servers to Qmail too (main
> incoming, virtual domains, pop etc)
>
> High time I switch to a DB instead of a multi-megabyte passwd file. any
> ideas, ready-made delivery tools? same DB should also authenticate for
> Radius and pop. non-qmail specific replies will be happily accepted
> offlist too.
>
> TIA, Ira
>
Ira Abramov wrote:
>
> On Tue, 10 Aug 1999, Magnus Bodin wrote:
>
> > One of the biggest swedish ISP:s (algonet) are using qmail for their
> > 50000+ users. Solaris, Sun and NetWork Appliances hardware.
>
> Internet Zahav here in Israel is THE biggest ISP in the country
> currently... 150k users. we use Qmail for all outgoing mail since about a
> week ago (I pushed it, got no help from the bosses), having to prove it's
> good, I redirected all the users to relay through a Pentium II-350 with an
> IDE drive instead of the sendmail over an Enterprise Solaris box, and
> things turned out to work faster. now that the bigwigs saw the success,
> I'll move in to change the rest of the servers to Qmail too (main
> incoming, virtual domains, pop etc)
>
> High time I switch to a DB instead of a multi-megabyte passwd file. any
> ideas, ready-made delivery tools? same DB should also authenticate for
> Radius and pop. non-qmail specific replies will be happily accepted
> offlist too.
Check out qmail-ldap at http://www.nrg4u.com. The documentation at
the moment is not as good as it could be, but when you know how
stock qmail works it ain't hard. If you ask a good question on the
qmail-ldap list you'll get a good answer soon.
--
Andre
Ira Abramov writes:
> High time I switch to a DB instead of a multi-megabyte passwd file. any
> ideas, ready-made delivery tools? same DB should also authenticate for
> Radius and pop. non-qmail specific replies will be happily accepted
> offlist too.
On a reasonably fast machine (450Mhz, Fast UW-SCSI), you can rebuild a
hundred-megabyte CDB in under 90 seconds. There is already a
checkpassword that looks into a CDB.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Magnus Bodin writes:
> On Tue, 10 Aug 1999, Rick McMillin wrote:
>
> > So how do the ISP's with those large customer bases
> > deal with authentication? What methods do they use?
> > Passwd? LDAP? MySQL?
>
> At this point (large customer based, complex professional installation)
> I would definitely consider consulting a professional (non-free)
> consultant.
Yes, speaking as a professional (non-free) consultant, I would highly
encourage everyone to seek professional counseling. :) There's that
mortgage, y'see, plus the goat barn we're building. And there's the
electric fence around the orchard if we want to stop feeding the deer.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
On Tue, Aug 10, 1999 at 02:44:59PM +1000, Waterfront Internet Service wrote:
> echo name < /var/qmail/alias/.qmail-aliasname
^^^
Shouldn't that be the other direction (>)?
Regards
Mirko
Waterfront Internet Service wrote:
>
> Hi,
>
> Is there something that will show me the messages that are in the queue and
> what their status is? I have run qmail-qstats and it says I have 50 messages
> in the queue.
man qmail-qread
--
Andre
I'm using the vchkpw package and I want to know how can I create the file
assign so
real users can get their mails with pop too. (virtual users can but no real
users because
I don't have entries for them in the assign file) . How can I do that??
Ana Santos
man qmail-pw2u
man qmail-newu
use this file to create an assign file from your password file. Edit this
file to remove the unneccessary entries (ftp, nofiles, bin and others) and
merge this information into your existing assign file. There should only be
one . on a line by itself at the end of the file.
then qmail-newu
At 08:03 AM 8/10/99 , you wrote:
>I'm using the vchkpw package and I want to know how can I create the file
>assign so
>real users can get their mails with pop too. (virtual users can but no real
>users because
>I don't have entries for them in the assign file) . How can I do that??
>
>Ana Santos
>
>
______________________
NovaMetrix Development
Robbie Walker, AMWL
P.O. Box 635 or 910-653-4006
106-B S. Main St 800-773-5647
Tabor City, NC 28463 910-653-2052 FAX
On Tue, Aug 10, 1999 at 09:00:53AM -0400, Robbie Walker wrote:
> man qmail-pw2u
> man qmail-newu
>
> use this file to create an assign file from your password file. Edit this
> file to remove the unneccessary entries (ftp, nofiles, bin and others) and
Or include the unneccessary entries in /var/qmail/users/exclude
Regards
Mirko
Ana Belén Santos wrote:
>
> I'm using the vchkpw package and I want to know how can I create the file
> assign so
> real users can get their mails with pop too. (virtual users can but no real
> users because
> I don't have entries for them in the assign file) . How can I do that??
>
> Ana Santos
vchkpw versions 3.4.4 or greater automatically authenticates and works
with /etc/passwd users. There is no need for users/assign entries for
/etc/password users. However, if you want to add pop only users in
addition to /etc/passwd users, use the vadduser command. Syntax:
vadduser username <optional-password>
username must not match a current user in /etc/passwd
--
Ken Jones
mailto:[EMAIL PROTECTED]
http://www.inter7.com/qmailadmin/ - web based qmail adminstration
Mirko Zeibig writes:
> Once upon a time someone in this list told (or is it on djb's site?), Redhat
> would do it's lists with qmail as well.
Yes, they used to, but no longer. They had some trouble with qmail,
didn't ask for help, and bagged it.
Stanley Horwitz writes:
> If I am not mistaken, AOL and Hotmail both run qmail and as you
> probably know, there's something like 4,000,000 AOL users. You might
> find more info of this nature on the Qmail Web site.
Not AOL. Hotmail only uses it for outgoing. They tried using it for
incoming, but ran into qmail-send's single-threaded processing of
incoming email. I think they were the first party to ever run into
this problem, and I didn't realize what was happening when they asked.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
At 09:10 AM 8/10/99 , Russell Nelson wrote:
>Stanley Horwitz writes:
> > If I am not mistaken, AOL and Hotmail both run qmail and as you
> > probably know, there's something like 4,000,000 AOL users. You might
> > find more info of this nature on the Qmail Web site.
>
>Not AOL. Hotmail only uses it for outgoing. They tried using it for
>incoming, but ran into qmail-send's single-threaded processing of
>incoming email. I think they were the first party to ever run into
>this problem, and I didn't realize what was happening when they asked.
What about Critical Path? Do they use qmail - or at least
something derived from qmail.
They host a lot of mailboxes.
--jeff skelton
On Tue, 10 Aug 1999, Jeffrey Skelton wrote:
> What about Critical Path? Do they use qmail - or at least
> something derived from qmail.
Egroups.com
both in and out, AFAIK, and ezmlm for the list management (or derivative
of)
Jeffrey Skelton wrote:
>
> At 09:10 AM 8/10/99 , Russell Nelson wrote:
> >Stanley Horwitz writes:
> > > If I am not mistaken, AOL and Hotmail both run qmail and as you
> > > probably know, there's something like 4,000,000 AOL users. You might
> > > find more info of this nature on the Qmail Web site.
> >
> >Not AOL. Hotmail only uses it for outgoing. They tried using it for
> >incoming, but ran into qmail-send's single-threaded processing of
> >incoming email. I think they were the first party to ever run into
> >this problem, and I didn't realize what was happening when they asked.
>
> What about Critical Path? Do they use qmail - or at least
> something derived from qmail.
The do qmail. AFAIK it's pretty much hacked up.
> They host a lot of mailboxes.
Yep. tons.
--
Andre
Jeffrey Skelton writes:
> What about Critical Path? Do they use qmail - or at least
> something derived from qmail.
Yes, although they've modified it considerably.
> They host a lot of mailboxes.
Millions and millions.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Jeffrey Skelton writes:
> What about Critical Path? Do they use qmail - or at least
> something derived from qmail.
>
> They host a lot of mailboxes.
Netzero runs Qmail on their mail servers.
However, it appears that they run qmail-smtpd as root...
Naughty boys.
--
Sam
Hello,
I wrote a small script for userconf (part of linuxconf, the
redhat-system-manager), which will update some qmail-entries each time a
user is created/deleted.
What it'll do:
- create/delete a new entry in /var/qmail/users/mailnames to automatically
send redirect mail for [EMAIL PROTECTED] to the useraccount
- create/delete an entry in .qmail-alle (may be changed) for messages to
all users of the machine.
- create/delete a link from $HOME/Mailbox to /var/spool/mail/$USER for older
pop/imap/mail-clients
To install:
- copy somewhere, make a link from useradd.local to userdel.local
- configure userconf to execute user(add|del).local after creating/deleting
an account
Any comments are welcome!
Regards
Mirko
#!/bin/sh
. /usr/lib/linuxconf/lib/accountcmd.sh
PATH="/var/qmail/bin:$PATH"
mCMD="$(basename $0)"
HOMEDIR="/$HOMEDIR"
ALIAS_ALL=/var/qmail/alias/.qmail-alle
F_ASSIGN=/var/qmail/users/assign
F_MAILNS=/var/qmail/users/mailnames
F_PASSWD=/etc/passwd
NAME_ALIAS=$(echo "$NAME" | sed 's/\ /\./')
{
case "$mCMD" in
useradd.local)
echo " ""Create alias: $NAME_ALIAS -> $USERID"
echo "$USERID:$USERID:$NAME_ALIAS" >> $F_MAILNS
echo " ""Create $ALIAS_ALL-entry: $USERID"
echo $USERID >> $ALIAS_ALL
echo " ""Create link $HOMEDIR/Mailbox ->
/var/spool/mail/$USERID"
ln -sf $HOMEDIR/Mailbox /var/spool/mail/$USERID
chown alias.nofiles $ALIAS_PATH/.*
;;
userdel.local)
echo " ""Delete alias: $NAME_ALIAS"
sed '/^'$USERID':/d' $F_MAILNS > $F_MAILNS.tmp && {
cp -f $F_MAILNS.tmp $F_MAILNS
rm -f $F_MAILNS.tmp
}
echo " ""Delete $ALIAS_ALL-entry: $USERID"
sed '/^'"$USERID"'$/d' $ALIAS_ALL > $ALIAS_ALL.tmp && {
cp -f $ALIAS_ALL.tmp $ALIAS_ALL
rm -f $ALIAS_ALL.tmp
}
echo " ""Delete mail-link /var/spool/mail/$USERID"
rm -f /var/spool/mail/$USERID
;;
esac
qmail-pw2u < $F_PASSWD > $F_ASSIGN
qmail-newu
}
exit 0
Hi,
I've got a queue full of messages to an SMTP server that is dead. I don't want
them all to be bounced, but rather, I want to have these messages sent to
another address and thus SMTP server than they are destined. Is there any way
to muck with the queue to implement this? I don't mind taking down qmail-send
for a bit to change things.
- David Harris
Principal Engineer, DRH Internet Services
On Tue, Aug 10, 1999 at 09:22:03AM -0400, David Harris wrote:
> I've got a queue full of messages to an SMTP server that is dead. I don't want
> them all to be bounced, but rather, I want to have these messages sent to
> another address and thus SMTP server than they are destined. Is there any way
> to muck with the queue to implement this? I don't mind taking down qmail-send
> for a bit to change things.
Use an smtproutes entry perhaps, and SIGALRM qmail-send?
dead.host:[my.ip.add.ress]
?
--
Jos Backus _/ _/_/_/ "Reliability means never
_/ _/ _/ having to say you're sorry."
_/ _/_/_/ -- D. J. Bernstein
_/ _/ _/ _/
[EMAIL PROTECTED] _/_/ _/_/_/ use Std::Disclaimer;
Jos Backus [mailto:[EMAIL PROTECTED]] wrote:
> Use an smtproutes entry perhaps, and SIGALRM qmail-send?
I thought about that, but I need to change more than just the SMTP server
otherwise the old recipient would be rejected by the new SMTP server. This is
weird because the recipient of the messages in the queue no longer exists
(along with the MX host), so I need to give those messages a new recipient.
I found that I could modify queue/remote/*/* files with qmail down. (It might
work with qmail up, but I don't know.)
This command did the trick for me:
perl -i -pe 's|Told\@old.com\0|Tnew\@new.com\0|g' remote/*/*
- David Harris
Principal Engineer, DRH Internet Services
On Tue, 10 Aug 1999, David Harris wrote:
> Hi,
>
> I've got a queue full of messages to an SMTP server that is dead. I don't want
> them all to be bounced, but rather, I want to have these messages sent to
> another address and thus SMTP server than they are destined. Is there any way
> to muck with the queue to implement this? I don't mind taking down qmail-send
> for a bit to change things.
if you want to sewnd them to another smtp server which can regocgnise the
addresses then put a static entry in smtproutes and send qmail-send a
SIGALRM
qmail-remote qill then deliver to the other SMTP server, but make sure it
knows how to deliver to the addresses first
RjL
==================================================================
You know that. I know that. But when || Fax: +44 870 0521198
when you talk to a monkey you have || Email: [EMAIL PROTECTED]
to grunt and wave your arms -ck || Phone: +44 1706 882419
Sam [mailto:[EMAIL PROTECTED]] wrote:
> I presume then you leave your telnet port open on your servers because,
> after all, it is secure.
I presume you never make a mistake programming.
You can't have it both ways. If you place the following disclaimer on your
SqWebMail site, please don't get ticked off when people don't want to use your
code because it is set-uid root.
"This is alpha code. It may crash. Your hard drive
may catch fire as a result of using this CGI client.
It may not work at all. It may work, but have a
security hole or exploit, somewhere."
...or you don't stand behind that disclaimer and have no problem being
personally liable for any security exploits your software might have?
- David Harris
Principal Engineer, DRH Internet Services
David Harris writes:
>
> Sam [mailto:[EMAIL PROTECTED]] wrote:
> > I presume then you leave your telnet port open on your servers because,
> > after all, it is secure.
>
> I presume you never make a mistake programming.
>
> You can't have it both ways. If you place the following disclaimer on your
> SqWebMail site, please don't get ticked off when people don't want to use your
> code because it is set-uid root.
>
> "This is alpha code. It may crash. Your hard drive
> may catch fire as a result of using this CGI client.
> It may not work at all. It may work, but have a
> security hole or exploit, somewhere."
>
> ...or you don't stand behind that disclaimer and have no problem being
> personally liable for any security exploits your software might have?
If it's good enough for Microsoft, it's good enough for me. If I lifted
the exact verbiage from their End User License Agreement (any actual
product, pick your favorite), and used it instead, would that make you feel
more comfortable?
The problem with that is that both of them are completely identical, once
you strip away the legalese in MS EULA.
The real answer is that I wrote that paragraph about six months ago.
Revising that paragraph is probably the last on my list of priorities.
--
Sam
Sam [mailto:[EMAIL PROTECTED]] wrote:
> If it's good enough for Microsoft, it's good enough for me. If I lifted
> the exact verbiage from their End User License Agreement (any actual
> product, pick your favorite), and used it instead, would that make you feel
> more comfortable?
>
> The problem with that is that both of them are completely identical, once
> you strip away the legalese in MS EULA.
Who cares where you got that verbiage?
> The real answer is that I wrote that paragraph about six months ago.
> Revising that paragraph is probably the last on my list of priorities.
Oh, so you _do_ wish to be personally stand behind and be personally liable for
your setuid-root code?
The only thing I'm saying is that it's inappropriate for you to get ticked off
that people don't want to use your code simply because it is setuid-root and at
the same time publicly call it "alpha" code. Some people are not going to trust
your code as a setuid-root CGI application... or any setuid-root CGI
application... get over it.
If you want your code to be trusted more, please use some other programming
methods which are generally more secure (i.e. your code does not have to be
_perfect_ to be secure) and responsible, instead of the setuid-root CGI app
which can very reasonably be considered a sloppy solution. An example of a
better solution would be having a front-end that runs without permissions, but
invokes a small backend that runs setuid-root through a well defined API will
full taint checks in the backend.
Perhaps your time would be better spent updating your web page and developing
your applications with better security models than picking on people saying
that if they don't trust your program they should remove the "su" from their
system.
<that's all> -- I'll not be posting on this thread anymore...
- David Harris
Principal Engineer, DRH Internet Services
Please take it offline. Thanks.
David Harris wrote:
>
> Sam [mailto:[EMAIL PROTECTED]] wrote:
> > If it's good enough for Microsoft, it's good enough for me. If I lifted
> > the exact verbiage from their End User License Agreement (any actual
> > product, pick your favorite), and used it instead, would that make you feel
> > more comfortable?
> >
> > The problem with that is that both of them are completely identical, once
> > you strip away the legalese in MS EULA.
>
> Who cares where you got that verbiage?
>
> > The real answer is that I wrote that paragraph about six months ago.
> > Revising that paragraph is probably the last on my list of priorities.
>
> Oh, so you _do_ wish to be personally stand behind and be personally liable for
> your setuid-root code?
>
{snip}
--
+-------------------------------------------------------------------+
+ Thomas M. Sasala, Electrical Engineer [EMAIL PROTECTED] +
+ MRJ Technology Solutions http://www.mrj.com +
+ 10461 White Granite Drive, Suite 102 (W)(703)277-1714 +
+ Oakton, VA 22124 (F)(703)277-1702 +
+-------------------------------------------------------------------+
David Harris writes:
> Sam [mailto:[EMAIL PROTECTED]] wrote:
> > If it's good enough for Microsoft, it's good enough for me. If I lifted
> > the exact verbiage from their End User License Agreement (any actual
> > product, pick your favorite), and used it instead, would that make you feel
> > more comfortable?
> >
> > The problem with that is that both of them are completely identical, once
> > you strip away the legalese in MS EULA.
>
> Who cares where you got that verbiage?
Well, if you don't care about facts, there's no point in arguing anything
with you.
> > The real answer is that I wrote that paragraph about six months ago.
> > Revising that paragraph is probably the last on my list of priorities.
>
> Oh, so you _do_ wish to be personally stand behind and be personally liable for
> your setuid-root code?
>
> The only thing I'm saying is that it's inappropriate for you to get ticked off
Who's ticked off around here? Not me.
> If you want your code to be trusted more, please use some other programming
> methods which are generally more secure (i.e. your code does not have to be
> _perfect_ to be secure) and responsible, instead of the setuid-root CGI app
Feel free to show off your superior skills, and write your own CGI. Until
you do, your assertions don't have much substance behind them.
--
Sam
Hello Kind List,
I know this has been asked before, but couldn't come up with anything in
the archives.
This is for a system with about 5000 users.
I've got a perl script which will deliver the message to every user on
the system who has a Maildir. But can't figure out the best mechanism
for injecting the message.
- Mailsubj would work beautifully, but the message won't arrive to the
users with anything other than a [EMAIL PROTECTED] It needs to arrive
with a friendly name, Director.
- Copying a file into everyones Maildir works, but doing that gives me
screwy line lengths and the date of the message upon arrival seems iffy.
- qmail-inject, incorporating qmail-inject into the script seems clumsy
The server I'm doing this on has ezmlm installed. But I haven't
investigated this as an option.
HOW WOULD YOU GUYS DO THIS?
thx - eric
+ + + + + + + + + + + + + + + + + + + +
Spark Sistemas
- presentado por IWCC Argentina S.A.
Tel: 4702-1958
e-mail: [EMAIL PROTECTED]
+ + + + + + + + + + + + + + + + + + + +
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 10 Aug 1999, Eric Dahnke wrote:
> I've got a perl script which will deliver the message to every user on
> the system who has a Maildir. But can't figure out the best mechanism
> for injecting the message.
<snip>
> The server I'm doing this on has ezmlm installed. But I haven't
> investigated this as an option.
>
> HOW WOULD YOU GUYS DO THIS?
I'm generally for kludges in situations like this.
(On Solaris)
su -
cd /export/home
echo "" >> /etc/aliases
echo "allusers:" >> /etc/aliases
ls -al |grep drw |grep -v "\." |cut -b54-70 >> /etc/aliases
echo "" >> /etc/aliases
newaliases
Then email allusers@mydomain.
Simple, unrefined, but efficient. Kinda like me.
- -Jay
( ______
)) .--- "There's always time for a good cup of coffee" ---. >===<--.
C|~~| (>--- Jay D. Dyson - [EMAIL PROTECTED] ---<) | = |-'
`--' `----------- My other car is a Sparc Ultra. -----------' `-----'
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBN7A2O82OVDpaKXD9AQFmsQQAsTixms2c6EIVnq5QiE/epl41SOZfGJ1/
S9Sf2Qi1ZndkQIo5e378xovRzb7SVF59hifzzeJJVwBISAzAKRonYDxMh/xSWi9V
LFnT1xCF/Hlyz3ha9nRH9oIZBbuvZi/peSnwPXW+LEwIonIcU7AsMGVlMmv3fEQl
oMAXfxthOuM=
=4foU
-----END PGP SIGNATURE-----
Jay D. Dyson [mailto:[EMAIL PROTECTED]] wrote:
>
> I'm generally for kludges in situations like this.
>
> (On Solaris)
>
> su -
> cd /export/home
> echo "" >> /etc/aliases
> echo "allusers:" >> /etc/aliases
> ls -al |grep drw |grep -v "\." |cut -b54-70 >> /etc/aliases
> echo "" >> /etc/aliases
> newaliases
>
> Then email allusers@mydomain.
>
> Simple, unrefined, but efficient. Kinda like me.
>
> Then email allusers@mydomain.
>
> Simple, unrefined, but efficient. Kinda like me.
Actually, not that bad! The big win is that fastforward will only inject _one_
message into the system a whole bunch of recipients.
Just as long as you don't inject N messages for N users, then you've got a
pretty efficient way of doing this.
- David Harris
Principal Engineer, DRH Internet Services
[EMAIL PROTECTED] wrote:
>
>I'm having trouble when using qmail to relay mail via smtp. When I
>send email to an address like [EMAIL PROTECTED], I get a failire
>notice which says:
>
><[EMAIL PROTECTED]"">:
>Sorry, I couldn't find any host named harmony-ds.com"". (#5.1.2)
>
>Note the two quotes on the end of the host name.
Looks like a problem with the setting of RELAYCLIENT. I.e.,
RELAYCLIENT is set to the string `""', not the null string. How is
your relay control implemented/configured?
See also:
http://Web.InfoAve.Net/~dsill/lwq.html#RELAYCLIENT
-Dave
Yep, that was the problem.
Is it me, or is the FAQ wrong about setting up relaying with tcpd. It say
to put the following in hosts.allow:
tcp-env: 1.2.3.4, 1.2.3.5: setenv = RELAYCLIENT
This sets the variable "=" to RELAYCLIENT. Am I missing something? I'm
just doing "setenv RELAYCLIENT".
thanks,
- Scott
Dave Sill wrote:
> [EMAIL PROTECTED] wrote:
> >
> >I'm having trouble when using qmail to relay mail via smtp. When I
> >send email to an address like [EMAIL PROTECTED], I get a failire
> >notice which says:
> >
> ><[EMAIL PROTECTED]"">:
> >Sorry, I couldn't find any host named harmony-ds.com"". (#5.1.2)
> >
> >Note the two quotes on the end of the host name.
>
> Looks like a problem with the setting of RELAYCLIENT. I.e.,
> RELAYCLIENT is set to the string `""', not the null string. How is
> your relay control implemented/configured?
>
> See also:
>
> http://Web.InfoAve.Net/~dsill/lwq.html#RELAYCLIENT
>
> -Dave
var-qmail packages and binary rpms are in
ftp://moni.msci.memphis.edu/pub/qmail/var-qmail
It is absolutely necessary that you read the README and INSTALL.rpm in
that dir. In particular, the var-qmail rpm is named qmail for now
since rpm just cannot upgrade properly a package with a different name.
But the qmail rpm in this dir *is* a var-qmail package in that it
installs the basic qmail distribution as closely following Dan's
instructions as I could (it is *not* a standard rpm installation!).
The var-qmail-create packages (rpms) create the var-qmail distribution.
The packages were compiled on an RH 6.0 system, so the binaries will
not run if you do not have glibc2.
WARNING: this qmail rpm does not contain initscripts and such,
hence present users of the "memphis" rpm should just be happy with
their present system. In a few days, I will have a qmail-run rpm out,
and qmail-run together with the "var-qmail" rpm should then provide a
proper upgrade to the present memphis rpms.
Comments are welcome
Mate
On Tue, 10 Aug 1999, Mate Wierdl wrote:
> var-qmail packages and binary rpms are in
>
> ftp://moni.msci.memphis.edu/pub/qmail/var-qmail
> Comments are welcome
please don't take this the wrong way... but compared to the RPMs I like to
use (one directory above it, same FTP site), what are the added bonuses? I
couldn't find any reference to that in the two packages' readme files,
though it reads as if you maintain both of those parallel (conflicting?)
distribs.
and while I'm at it... can it be a runtime option for the "rpm --rebuild"
stage to include extra optional patches? i.e. the SRPM will include the
files to patch qmail-smtpd for UCE, and use them during rebuild if
requested in the commandline.
When I compile any of the djb software on my RedHat 6.0 system
(glibc2, egcs-1.1.2), I get warnings like
instcheck.c: In function `main':
instcheck.c:103: warning: return type of `main' is not `int'
Is there a particular reason why these warnings started to come up?
Thx
Mate
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Mate Wierdl writes:
> When I compile any of the djb software on my RedHat 6.0 system
> (glibc2, egcs-1.1.2), I get warnings like
>
> instcheck.c: In function `main':
> instcheck.c:103: warning: return type of `main' is not `int'
>
> Is there a particular reason why these warnings started to come up?
RH 6.0 compiles with egcs by default. RH 5.2 and earlier used gcc. egcs
tends to be paranoid about stuff that gcc has no problems with.
I'm not sure about this one, whether it's right or wrong, but when I code
something, I just do it the egcs way just to shut it up.
--
Sam
At 04:45 PM 8/10/99 , Mate Wierdl wrote:
>When I compile any of the djb software on my RedHat 6.0 system
>(glibc2, egcs-1.1.2), I get warnings like
>
>instcheck.c: In function `main':
>instcheck.c:103: warning: return type of `main' is not `int'
>
>Is there a particular reason why these warnings started to come up?
>
>Thx
>
>Mate
>---
>Mate Wierdl | Dept. of Math. Sciences | University of Memphis
This is a warning that gcc issues. It usually happens when main is
declared as returning void (nothing). Most programs usually exit with a
status code that gets returned to your shell. This is used so you can test
the return value in shell scripts and such. This isn't a big problem...
-Dustin
I have an abuser who loves to send tons of email jokes from his account on
my machine, but doesn't seem to be reading any! He's an employee, so I
can't just disable his account completely. What I'd like to do is prevent
him from sending any more email, but allow him to continue to receive email.
Sorry, I'm sure this is a no-brainer, but that's the story of my life ....
Mike
--
Mike McLeish
Senior Manager, Unix/Oracle Division
Chateaux Software Development, Inc.
http://www.ChatSoft.com
Office: 765.828.1336
Cell: 914.646.3715
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 10 Aug 1999, Mike McLeish wrote:
> I have an abuser who loves to send tons of email jokes from his account
> on my machine, but doesn't seem to be reading any! He's an employee, so
> I can't just disable his account completely. What I'd like to do is
> prevent him from sending any more email, but allow him to continue to
> receive email.
>
> Sorry, I'm sure this is a no-brainer, but that's the story of my life
> ....
I generally create a group called "mailpriv"; chgrp mail-related
files to that group, change perms such that the "other" area has no perms
to execute it, and don't grant membership to that group to known abusers.
I'd suggest you just fire the guy, though. Much more elegant
solution.
- -Jay
( ______
)) .--- "There's always time for a good cup of coffee" ---. >===<--.
C|~~| (>--- Jay D. Dyson - [EMAIL PROTECTED] ---<) | = |-'
`--' `----------- My other car is a Sparc Ultra. -----------' `-----'
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBN7Cjhs2OVDpaKXD9AQF49QQAvlQoH6/mxPn2QfEFjOL+DaNPwF1eqCRx
NGylq41lGGnlCiVsMeJqOfsyqY7fELZE4BiiEXQF7/oNbRbKsAHOzeFm/A2lUofx
+DPzIJkc32lnaqemAYj2pm0AEkQzOc6wOvByFAqmsbqZG8MnmAn3lA0vynx/mGNt
Ni9FbD+Hlds=
=qW09
-----END PGP SIGNATURE-----
On Tue, 10 Aug 1999, Mike McLeish wrote:
>
> I have an abuser who loves to send tons of email jokes from his account on
> my machine, but doesn't seem to be reading any! He's an employee, so I
> can't just disable his account completely. What I'd like to do is prevent
> him from sending any more email, but allow him to continue to receive email.
Well, in my opinion, you should cut him off. That's what we did with an
employee here that was abusing the net. We have acceptable terms for
email/web access and cutting him off was being nice (he should have been
fired). This is, of course, after having given him a warning.
--
Albert Hopkins
Sr. Systems Specialist
Dynacare, Inc
[EMAIL PROTECTED]
Mike McLeish writes:
> I have an abuser who loves to send tons of email jokes from his account on
> my machine, but doesn't seem to be reading any! He's an employee, so I
> can't just disable his account completely. What I'd like to do is prevent
> him from sending any more email, but allow him to continue to receive email.
Tell him: "You will not use company resources to send tons of email
jokes." If he continues, fire him. If you don't have management
authority over him, then your engineering blocks will be seen as
inappropriate.
If you try to use technical solutions, you will be setting him up to
try to bypass them.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Government schools are so
521 Pleasant Valley Rd. | +1 315 268 1925 voice | bad that any rank amateur
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | can outdo them. Homeschool!
Dear All:
I have a simple question, how often will qmail 're-scan' the queue?
In sendmail, I can set '-q15m' to let sendmail process mqueue
every 15 minutes, but in qmail, how can I achieve this?
- I don't want to compare them here, just some example.
The man page onlye said it will retry the delivery 'later', but
I don't like/understand the answer very much.
Sould I send ALRM to qmail-send peroidically? Someone told me
that their letters were returned after queuelifetime, but I suspect
that qmail didn't try as many times as possible. The instance
recipient is an BIG ISP user, I don't think it will reject one single
mail for 7 days long.
Thanks for your response.
Best regards.
--
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
| Shan-Ta CHEN E-Mail : [EMAIL PROTECTED] |
| Silver CHEN Tel(O) : +886-2-2773-9858-288 |
| ³¯µ½¹F Tel(H) : +886-2-2914-1402 |
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
_____________________________________________________________
Get Your Free E-Mail at http://www.ToMail.com.tw Right Now!
On Wed, 11 Aug 1999, Silver CHEN wrote:
> I have a simple question, how often will qmail 're-scan' the queue?
>
> In sendmail, I can set '-q15m' to let sendmail process mqueue
> every 15 minutes, but in qmail, how can I achieve this?
> - I don't want to compare them here, just some example.
New items in the queue are dealt with immediately. And that's
immediately.
For the retry-schedule, see Dave Sills "life with qmail".
http://Web.InfoAve.Net/~dsill/lwq.html#retry-schedule
/magnus
--
"MOST USELESS site of the year 1998"
--> http://x42.com/urlcalc/
Thank you very much!
--
Silver CHEN
Magnus Bodin wrote:
>
> On Wed, 11 Aug 1999, Silver CHEN wrote:
>
> > I have a simple question, how often will qmail 're-scan' the queue?
> >
> > In sendmail, I can set '-q15m' to let sendmail process mqueue
> > every 15 minutes, but in qmail, how can I achieve this?
> > - I don't want to compare them here, just some example.
>
> New items in the queue are dealt with immediately. And that's
> immediately.
>
> For the retry-schedule, see Dave Sills "life with qmail".
>
> http://Web.InfoAve.Net/~dsill/lwq.html#retry-schedule
>
> /magnus
>
> --
> "MOST USELESS site of the year 1998"
> --> http://x42.com/urlcalc/
--
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
| Shan-Ta CHEN E-Mail : [EMAIL PROTECTED] |
| Silver CHEN Tel(O) : +886-2-2773-9858-288 |
| ³¯µ½¹F Tel(H) : +886-2-2914-1402 |
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
_____________________________________________________________
Get Your Free E-Mail at http://www.ToMail.com.tw Right Now!
I'm trying to use qmail with the Cyrus IMAP server with no local users,
and I've almost got it completely down. I've got a number of
virtualdomains being sent to alias-<domain> and then a
~alias/.qmail-<domain>-default is delivering it to the Cyrus server.
However, Cyrus doesn't have any inherent notion of domains, so if I want
to have [EMAIL PROTECTED] and [EMAIL PROTECTED] be different users, I have to
give them separate ids in the Cyrus server. The problem here is that if
[EMAIL PROTECTED]'s id is bob and [EMAIL PROTECTED]'s is bob2, and then
someone sends mail to [EMAIL PROTECTED], Cyrus will just try to deliver it
into [EMAIL PROTECTED]'s maildrop, which is not what I want. I want qmail
to bounce it. Now qmail has no way to know to do this unless I tell it
to, which is fine, but I can find no way to get it to manually reject them
cleanly.
I've tried using fastforward and having a catch-all @domain3.com:nosuchuser
and then creating a ~alias/.qmail-nosuchuser that returns a hard error,
but then the sender gets back a bounce that [EMAIL PROTECTED] was
rejected, and if they look hard enough, they'll see what it refers to, but
it's still confusing at best. It'd be nice if there was some way to tell
qmail that messages to this address should be bounced, but I can't figure
out how. Can someone tell me how I might be able to do that?
-Bitt
