qmail Digest 24 Jan 2000 11:00:00 -0000 Issue 890
Topics (messages 35946 through 35978):
Re: My sister, who just turned 18 is looking for work...
35946 by: X-Stream Postmaster
mailing list member
35947 by: ruchandra.hss.hns.com
Re: High-load servers
35948 by: Stig Sandbeck Mathisen
35949 by: craig.jcb-sc.com
mail relay
35950 by: Jakob Solomon
a little confusion regarding ~user/Mailbox
35951 by: Eric Lalonde
Relay problem with Qmail?
35952 by: Jason Haar
qmail-qfilter: generic qmail-queue filter front-end
35953 by: Bruce Guenter
Re: Recieving and deliverying mail without a domain in qmail
35954 by: Wilson Fletcher
ORBS database under tcpserver's cdb?
35955 by: John Conover
35957 by: cmikk.uswest.net
Re: remote root qmail-pop with vpopmail advisory and exploit with patch
35956 by: Robert Wojciechowski Jr.
default to mailing list
35958 by: J.M. Roth \(iip\)
Newbie needs help.....
35959 by: Kevin Kling
remote root qmail-pop with vpopmail advisory and exploit with patch (fwd)
35960 by: John Gonzalez/netMDC admin
35961 by: Russell Nelson
35962 by: Derek Callaway
35963 by: Adam McKenna
35964 by: iv0
35965 by: Russell Nelson
35966 by: Russell Nelson
35967 by: Chris Johnson
architecture
35968 by: ±ióI·Ô
35970 by: Michael Boman
user maildirsmtp fail
35969 by: chenweih.PAIC.com.cn
Re: Mbox format with qmail-local possible?
35971 by: Anand Buddhdev
Unable to deliver to all but one
35972 by: Jacob Joseph
35974 by: Mads E Eilertsen
Re: POP password checking
35973 by: Alexander Jernejcic
35975 by: Alexander Jernejcic
Blocking Mails
35976 by: Shashi Dahal
35977 by: Magnus Bodin
35978 by: Alex at Starlabs
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Yeah
F**K OFF
----- Original Message -----
From: Mark Elliott <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; bossman <[EMAIL PROTECTED]>
Sent: Saturday, January 22, 2000 11:47 PM
Subject: Re: My sister, who just turned 18 is looking for work...
> WHAT THE HELL IS THIS? IF YOU HAPPENED TO READ THE NAME OF THE NEWSGROUP,
> YOU MIGHT NOTICE IT'S NOT ONE OF YOUR PORN GROUPS!!! DO NOT POST HERE!
>
> I believe I speak for everyone.
>
> ----- Original Message -----
> From: "bossman" <[EMAIL PROTECTED]>
> Newsgroups: sunsite.mail.qmail
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, January 22, 2000 2:55 PM
> Subject: My sister, who just turned 18 is looking for work...
>
>
> > My sister, who just turned 18 is looking for work...
> > she says she wants to be in movies(XXX) What do you think?
> >
> > http://www.exit69.com/members/cum/mysister.htm
> >
>
>
subscribe
* Mark Delany (Sat, Jan 22, 2000 at 04:36:21PM -0800)
> One NetApp (regardless of how huge and regardless of how
> expensive) means one point of failure, does it not?
One <anything> means one point of failure. If you do not trust
the stability of one <anything>, buy two or more, and put them
in a cluster.
--
SSM - Stig Sandbeck Mathisen
Trust the Computer, the Computer is your Friend
>One <anything> means one point of failure. If you do not trust
>the stability of one <anything>, buy two or more, and put them
>in a cluster.
But polygamy is illegal in many places.
;-)
tq vm, (burley)
Hi,
I want to close our mail server
for open relay.
I currently use qpopper (2.53) and
don't want to change it
qpooper uses users home directories ($HOME/Mailbox - where mailbox is a
file)
I didn't find any patch to make qmail-pop3d read
e-mail from users home directories therefore I can't
use any of the patches of utilities suggested regarding
checking of the pop3 before sending e-mail.
can you please guide or direct me
to a site or a doc that explain STEP BY STEP
how to close an open relay ?
Thanks in advance
-------------------------------------------------------
Jakob Solomon
|
I've been reading the INSTALL.mbox and am a little
confused on exactly how to change from using /var/spool/mail/user to
~user/Mailbox.
My understanding is that I create a symbolic link
called Mailbox in the user's directory that links to /var/spool/mail/user. Then
I tell pine (or whatever the mua is) to use ~user/Mailbox. But this does not
seem right since It doesn't really change anything about the way mail is
delivered, it just makes a link to the old mailbox.
Instead, do I copy /var/spool/mail/user to
~user/Mailbox, delete /var/spool/mail/user, and make a symbolic link from the
new file ~user/Mailbox to /var/spool/mail/user? would this work for something
like 'mail' under linux?
Any further explanation is
appreciated.
Eric
|
I think work needs to be done on Qmail-1.03 when mail is sent of the form
"rcpt to: <[EMAIL PROTECTED]@local.domain>".
If Qmail was delivering such a message locally ("local.domain" is in
/var/qmail/control/locals), that would be converted to bogus local user
"[EMAIL PROTECTED]" - and bounce - cool.
However, if Qmail is part of a - say - firewall DMZ and delivers to an
internal non-Qmail server any mail ending in @local.domain, then it does
just that. If your internal mail server is running anti-relaying checks
(i.e. sendmail-8.9), it won't pick up this as relaying as the Qmail server
is also on the same network - and as such isn't subjected to the same
relay-tests as non-local addresses.
The problem as I see it is that by default Qmail deals with "xx@yy@zzz"
addresses by only seeing the last "@" sign. Shouldn't it actually "see" it
for what it is (an explicit relayed address) and reject that instead of
relying on the local delivery agent to deal with it?
[Reason. We just got put onto the ORBS list as our Qmail-1.0.3 server
"relayed" one of their test messages. I fixed the problem by altering our
internal DNS to be unable to resolve our Qmail servers IP address - thus
making it "foreign" - but this problem should of been dealt with by Qmail
IMHO...]
--
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
Greetings.
I have just put the first release of qmail-qfilter into:
http://em.ca/~bruceg/qmail-qfilter/
This is a front end for qmail-queue that can send the body of the
message through one or more filters, such as qmail-inject or new-inject.
See the README and man page for more details.
--
Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
YOu probably need to get the ISP to configure there DNS and add your IP as an MX don't
you ?
----------
From: David F. Hepner[SMTP:[EMAIL PROTECTED]]
Sent: Saturday, 22 January 2000 11:34
To: Jacob Joseph
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Recieving and deliverying mail without a domain in qmail
This should be simple. You would setup each user with an account on the
Linux box. When mail is delivered to you by SMTP your sendmail will then
deliver it to the seperate accounts. You may have to modify sendmail but
I think that it comes with most Distrabutions to work right out of the
box.
The Win98 boxes will use POP to get mail from the Linux box. You will
need to have popd running. I found this already running on my Slackware
3.6. The POP mail clients login using there Linux userid and password
that you setup. The Win98 boxes will deliver mail to the Linux box via
SMTP and then your Linux sendmail will send it off.
I think this is how it works but could be wrong on some points.
I do this at home, but my connection to the ISP is via UUCP.
David
On Fri, 21 Jan 2000, Jacob Joseph wrote:
> Date: Fri, 21 Jan 2000 07:06:12 -0800
> From: Jacob Joseph <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: Recieving and deliverying mail without a domain in qmail
>
> I guess I need to be a little more specific in what I'm talking about here.
> I've got a domain hosted by an internet host and they obviously recieve the
> mail sent to that domain. My problem is in getting it to be delivered
> locally. They will send all mail on to my ip address via smtp. I am
> unclear of how my system should be set up. I've got a small lan of win98
> machines and linux box connected to a cable modem(static ip) on eth1 and a
> hub for the windows machines on eth0. To recieve the mail from the host,
> what should my domain be set as? I've found no documentation about this.
> Or would I be using virtual domains? If so, how? Also, those 98 machines
> will send mail to the local smtp server to have it decide where the mail
> should go. Most users will not have internet e-mail capabilities--only
> local.
>
>
> Thanks for any help,
> Jacob Joseph
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-diald" in
> the body of a message to [EMAIL PROTECTED]
>
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
Is there any way of running the ORGS IP database as a cdb under
tcpserver on port 25?
Anyone tried it?
Thanks,
John
--
John Conover [EMAIL PROTECTED] http://www.inow.com/
631 Lamont Ct. Tel. 408.370.2688 http://www.inow.com/ntropix/
Campbell, CA 95008 Fax. 408.379.9602 http://www.inow.com/nformatix/
On 23 Jan 2000 23:33:07 -0000 , John Conover writes:
> Is there any way of running the ORGS IP database as a cdb under
> tcpserver on port 25?
Ummm... you are aware of rblsmtpd, which is meant for doing
this blacklist thing, right?
Otherwise, how up-to-date do you need the list? ORBS publishes
their list after 30 days, so you could download that and send it
through a quick perl filter.
The RSS (which is much better than ORBS -- it rejects less
legitimate mail, and a large amount of spam) is available publicly
via zone transfer, so you could run the output of a zone transfer
through a similar perl filter.
Not that it would be worth it, or anything. It's much better
to subscribe via DNS, because you will only be transferring the
parts of the lists you are using, rather than the whole thing.
--
Chris Mikkelson | It was mentioned on CNN that the prime number
[EMAIL PROTECTED] | discovered recently is four times bigger than
the previous record. -- unknown
Saw this on buqtraq, may be interesting for those running vpopmail/vchkpw
Robert S. Wojciechowski Jr.
[EMAIL PROTECTED]
-----Original Message-----
From: what's your style? [mailto:[EMAIL PROTECTED]]
Sent: Saturday, January 22, 2000 7:05 PM
To: [EMAIL PROTECTED]
Subject: remote root qmail-pop with vpopmail advisory and exploit with patch
w00w00 Security Advisory - http://www.w00w00.org/
Title: qmail-pop3d with vpopmail/vchkpw
Platforms: Any
Discovered: 7th January, 2000
Local: Yes.
Remote: Yes.
Author: K2 <[EMAIL PROTECTED]>
Vendor Status: Notified.
Last Updated: N/A
1. Overview
qmail-pop3d may pass an overly long command argument to it's password
authentication service. When vpopmail is used to authenticate user
information a remote attacker may compromise the privilege level that
vpopmail is running, naturally root.
2. Background
It is Qmail's nonconformance to the pop3 specification that allows
this bug to manifest itself. qmail-pop3d trust's that it's checkpassword
mechanism will support the same undocumented "features" as it dose, it
is this extra functionality that breaks vpopmail and RFC1939.
>From RFC1939 [Post Office Protocol - Version 3]
--------------------------------------------------------
Commands in the POP3 consist of a caseinsensitive keyword, possibly
followed by one or more arguments. All commands are terminated by a
CRLF pair. Keywords and arguments consist of printable ASCII
characters. Keywords and arguments are each separated by a single
SPACE character. Keywords are three or four characters long. Each
argument may be up to 40 characters long.
--------------------------------------------------------
>From BLURB3 (qmail-1.03)
--------------------------------------------------------
POP3 service (qmail-popup, qmail-pop3d):
* RFC 1939
* UIDL support
* TOP support
* APOP hook
* modular password checking (checkpassword, available separately)
--------------------------------------------------------
3. Issue
qmail-pop3d claims compliance to RFC1939, however this is not the case
qmail breaks that compliance by allowing overly long argument lengths
to be processed. qmail then passes control to a process without
documenting this added bug/feature.
4. Impact
A remote attacker may attain the privilege level of the authentication
module.
Sample exploit code can be found at http://www.ktwo.ca/security.html
5. Recommendation
Impose the 40 character limitation specified by RFC1939 into qmail.
Apply qmail-popup patch http://www.ktwo.ca/c/qmail-popup-patch
6. References
RFC1939
qmail-1.03/BLURB3
--------------------------------------------------------
K2
www.ktwo.ca / [EMAIL PROTECTED]
|
Hi!
What do I need to put in the .qmail-default file if I want to
deliver to a mailing list ?
simply the directory of the mailing list username doesn't seem
to work (probably because there's no Mailbox directory in there)
Any idea?
Best regards!
J.M. Roth
|
Hi All !
I checked the archive and found a few items related to this but nothing
definitive..... at least I looked ....
I'm very new to the whole qmail thing and need some help.
I have a very simple test system:
Qmail system:
RHAT 6.0
QMAIL 1.3
TCPSERVER 0.84
DAEMONTOOLS 0.61
Install done according to "Life with Qmail".
Name: mail.nothing.com IP: 172.16.32.1
Currently no outside connection other than windows 95 cleint below.
Use tcpserver with the following entries:
127.:allow,RELAYCLIENT=""
172.16.0.220:allow,RELAYCLIENT=""
(I have tried 172. and 172.16 with no luck as well)
Client:
Windows 95
Outlook Configured for pointing to above IP address for smtp - no pop3
yet
IP: 172.16.0.220
I am able to do a "sendmail -t [EMAIL PROTECTED]" and see the
messages in the Mailbox file for the user, so the local side seems to
be working just fine.
What I'm trying to do is send an email to a local account on the server
from the client.
I send the message and get the following back from the SMTP server:
============================================================================
Your message did not reach some or all of the intended recipients:
The Following recipient(s) could not be reached:
'[EMAIL PROTECTED]' on date/time
No transport provider was available for delivery to this recipient.
============================================================================
I have also tried this with other users that are on the mail server as
well with the same results.
Here are my log files and configuration dump.
============================================================================
@40000000388b1b7806b79cb4 status: local 0/10 remote 0/20
@40000000388b1bb81bd26dcc status: exiting
@40000000388b1bbf03fdfedc status: local 0/10 remote 0/20
@40000000388b2efd2738a064 alert: oh no! lost spawn connection! dying...
@40000000388b2efd273b30a4 alert: oh no! lost spawn connection! dying...
@40000000388b2efd273d5b54 status: exiting
@40000000388b70591a0d5d6c status: local 0/10 remote 0/20
@40000000388b787c393ddcac status: local 0/10 remote 0/20
@40000000388b7b6a0d5f58f4 status: local 0/10 remote 0/20
@40000000388b7e6e2a40660c new msg 28615
@40000000388b7e6e2a42717c info msg 28615: bytes 238 from
<[EMAIL PROTECTED]> qp 750 uid 500
@40000000388b7e6e2fa74d7c starting delivery 1: msg 28615 to local
[EMAIL PROTECTED]
@40000000388b7e6e2faa2fc4 status: local 1/10 remote 0/20
@40000000388b7e6f086a617c delivery 1: failure:
Sorry,_no_mailbox_here_by_that_name._(#5.1.1)/
@40000000388b7e6f0a2bbca4 status: local 0/10 remote 0/20
@40000000388b7e6f0f01c624 bounce msg 28615 qp 753
@40000000388b7e6f0f0ff30c end msg 28615
@40000000388b7e6f11509c0c new msg 28641
@40000000388b7e6f115ee834 info msg 28641: bytes 795 from <> qp 753 uid
107
@40000000388b7e6f14ad1d1c starting delivery 2: msg 28641 to local
[EMAIL PROTECTED]
@40000000388b7e6f14b988cc status: local 1/10 remote 0/20
@40000000388b7e6f197ccd9c delivery 2: success: did_1+0+0/
@40000000388b7e6f1990f1dc status: local 0/10 remote 0/20
@40000000388b7e6f19ab6f1c end msg 28641
@40000000388b7eb6275027d4 new msg 28615
@40000000388b7eb6275223a4 info msg 28615: bytes 245 from
<[EMAIL PROTECTED]> qp 772 uid 501
@40000000388b7eb62d0c6ad4 starting delivery 3: msg 28615 to local
[EMAIL PROTECTED]
@40000000388b7eb62d0f454c status: local 1/10 remote 0/20
@40000000388b7eb632cbe9f4 delivery 3: success: did_1+0+0/
@40000000388b7eb632ce4384 status: local 0/10 remote 0/20
@40000000388b7eb632d02fb4 end msg 28615
@40000000388b8d2101e661ac status: local 0/10 remote 0/20
@40000000388b8f8501cd9dd4 status: exiting
@40000000388b8f8a2bffbd94 status: local 0/10 remote 0/20
@40000000388b9036182b7e0c new msg 28615
@40000000388b9036183aa8dc info msg 28615: bytes 224 from
<[EMAIL PROTECTED]> qp 609 uid 0
@40000000388b90361e6ec38c starting delivery 1: msg 28615 to local
[EMAIL PROTECTED]
@40000000388b90361e7b42c4 status: local 1/10 remote 0/20
@40000000388b90362ac17cec delivery 1: success: did_1+0+0/
@40000000388b90362ad70c74 status: local 0/10 remote 0/20
@40000000388b90362c24d1c4 end msg 28615
============================================================================
qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 120.
subdirectory split: 23.
user ids: 104, 101, 102, 0, 103, 105, 106, 107.
group ids: 501, 500.
badmailfrom: (Default.) Any MAIL FROM is allowed.
bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.
bouncehost: (Default.) Bounce host name is mail.nothing.com.
concurrencylocal: (Default.) Local concurrency is 10.
concurrencyremote: (Default.) Remote concurrency is 20.
databytes: (Default.) SMTP DATA limit is 0 bytes.
defaultdomain: Default domain name is nothing.com.
defaulthost: (Default.) Default host name is mail.nothing.com.
doublebouncehost: (Default.) 2B recipient host: mail.nothing.com.
doublebounceto: (Default.) 2B recipient user: postmaster.
envnoathost: (Default.) Presumed domain name is mail.nothing.com.
helohost: (Default.) SMTP client HELO host name is mail.nothing.com.
idhost: (Default.) Message-ID host name is mail.nothing.com.
localiphost: (Default.) Local IP address becomes mail.nothing.com.
locals:
Messages for mail.saraymca.com are delivered locally.
me: My name is mail.saraymca.com.
percenthack: (Default.) The percent hack is not allowed.
plusdomain: Plus domain name is saraymca.com.
qmqpservers: (Default.) No QMQP servers.
queuelifetime: (Default.) Message lifetime in the queue is 604800
seconds.
rcpthosts:
SMTP clients may send messages to recipients at mail.nothing.com.
morercpthosts: (Default.) No effect.
morercpthosts.cdb: (Default.) No effect.
smtpgreeting: (Default.) SMTP greeting: 220 mail.nothing.com.
smtproutes: (Default.) No artificial SMTP routes.
timeoutconnect: (Default.) SMTP client connection timeout is 60
seconds.
timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.
virtualdomains: (Default.) No virtual domains.
defaultdelivery: I have no idea what this file does.
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
_ __ _____ __ _________
______________ /_______ ___ ____ /______ John Gonzalez/Net.Tech
__ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC!
_ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com
[---------------------------------------------[system info]-----------]
8:00pm up 185 days, 6:19, 4 users, load average: 0.08, 0.12, 0.15
---------- Forwarded message ----------
Date: Sat, 22 Jan 2000 16:04:51 -0800
From: what's your style? <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: remote root qmail-pop with vpopmail advisory and exploit with
patch
w00w00 Security Advisory - http://www.w00w00.org/
Title: qmail-pop3d with vpopmail/vchkpw
Platforms: Any
Discovered: 7th January, 2000
Local: Yes.
Remote: Yes.
Author: K2 <[EMAIL PROTECTED]>
Vendor Status: Notified.
Last Updated: N/A
1. Overview
qmail-pop3d may pass an overly long command argument to it's password
authentication service. When vpopmail is used to authenticate user
information a remote attacker may compromise the privilege level that
vpopmail is running, naturally root.
2. Background
It is Qmail's nonconformance to the pop3 specification that allows
this bug to manifest itself. qmail-pop3d trust's that it's checkpassword
mechanism will support the same undocumented "features" as it dose, it
is this extra functionality that breaks vpopmail and RFC1939.
>>From RFC1939 [Post Office Protocol - Version 3]
--------------------------------------------------------
Commands in the POP3 consist of a caseinsensitive keyword, possibly
followed by one or more arguments. All commands are terminated by a
CRLF pair. Keywords and arguments consist of printable ASCII
characters. Keywords and arguments are each separated by a single
SPACE character. Keywords are three or four characters long. Each
argument may be up to 40 characters long.
--------------------------------------------------------
>>From BLURB3 (qmail-1.03)
--------------------------------------------------------
POP3 service (qmail-popup, qmail-pop3d):
* RFC 1939
* UIDL support
* TOP support
* APOP hook
* modular password checking (checkpassword, available separately)
--------------------------------------------------------
3. Issue
qmail-pop3d claims compliance to RFC1939, however this is not the case
qmail breaks that compliance by allowing overly long argument lengths
to be processed. qmail then passes control to a process without
documenting this added bug/feature.
4. Impact
A remote attacker may attain the privilege level of the authentication
module.
Sample exploit code can be found at http://www.ktwo.ca/security.html
5. Recommendation
Impose the 40 character limitation specified by RFC1939 into qmail.
Apply qmail-popup patch http://www.ktwo.ca/c/qmail-popup-patch
6. References
RFC1939
qmail-1.03/BLURB3
--------------------------------------------------------
K2
www.ktwo.ca / [EMAIL PROTECTED]
> 5. Recommendation
>
> Impose the 40 character limitation specified by RFC1939 into qmail.
> Apply qmail-popup patch http://www.ktwo.ca/c/qmail-popup-patch
I don't recommend applying that patch. Every line of it is wrong. It
makes qmail-popup less secure, by inserting a call to syslog(), which
is a security disaster. It also sucks in the string library, which
includes the well-known security hole sprintf().
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
On Sun, 23 Jan 2000, Russell Nelson wrote:
> > 5. Recommendation
> >
> > Impose the 40 character limitation specified by RFC1939 into qmail.
> > Apply qmail-popup patch http://www.ktwo.ca/c/qmail-popup-patch
>
> I don't recommend applying that patch. Every line of it is wrong. It
> makes qmail-popup less secure, by inserting a call to syslog(), which
Curious, what's so insecure about syslog()?
> is a security disaster. It also sucks in the string library, which
> includes the well-known security hole sprintf().
Does that sprintf() introduce an overflow or is it something else?
>
> --
> -russ nelson <[EMAIL PROTECTED]> http://russnelson.com
> Crynwr sells support for free software | PGPok | "Ask not what your country
> 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
> Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
>
--
/* Derek Callaway <[EMAIL PROTECTED]> char *sites[]={"http://www.geekwise.com",
Programmer; CE Net, Inc. "http://www.freezersearch.com/index.cfm?aff=dhc",
(302) 854-5440 Ext. 206 "http://www.homeworkhelp.org",0}; S@IRC */
In that case, what would you recommend?
--Adam
On Sun, Jan 23, 2000 at 10:53:31PM -0500, Russell Nelson wrote:
> > 5. Recommendation
> >
> > Impose the 40 character limitation specified by RFC1939 into qmail.
> > Apply qmail-popup patch http://www.ktwo.ca/c/qmail-popup-patch
>
> I don't recommend applying that patch. Every line of it is wrong. It
> makes qmail-popup less secure, by inserting a call to syslog(), which
> is a security disaster. It also sucks in the string library, which
> includes the well-known security hole sprintf().
>
> --
> -russ nelson <[EMAIL PROTECTED]> http://russnelson.com
> Crynwr sells support for free software | PGPok | "Ask not what your country
> 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
> Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
>
I recommend upgrading to the latest version of vpopmail which fixes
the exploit. Pick up the current stable version:
http://www.inter7.com/vpopmail/
vchkpw - which authenticates a user with information from qmail-pop
up was storing the information in a staticly defined buffer. There
was no buffer over run checking done. Current stable version now
checks for buffer overruns in several places. A security
audit of the code is being done. Which it sorely needs.
Ken Jones
http://www.inter7.com/
Adam McKenna wrote:
>
> In that case, what would you recommend?
>
> --Adam
>
> On Sun, Jan 23, 2000 at 10:53:31PM -0500, Russell Nelson wrote:
> > > 5. Recommendation
> > >
> > > Impose the 40 character limitation specified by RFC1939 into qmail.
> > > Apply qmail-popup patch http://www.ktwo.ca/c/qmail-popup-patch
> >
> > I don't recommend applying that patch. Every line of it is wrong. It
> > makes qmail-popup less secure, by inserting a call to syslog(), which
> > is a security disaster. It also sucks in the string library, which
> > includes the well-known security hole sprintf().
> >
> > --
> > -russ nelson <[EMAIL PROTECTED]> http://russnelson.com
> > Crynwr sells support for free software | PGPok | "Ask not what your country
> > 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
> > Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
> >
Adam McKenna writes:
> In that case, what would you recommend?
Securing vchkpop. There is no reason to limit the username or
password information to 40 characters, even if the RFC does say to do
it.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
Derek Callaway writes:
> Curious, what's so insecure about syslog()?
A version was subject to a buffer overflow attack.
> > is a security disaster. It also sucks in the string library, which
> > includes the well-known security hole sprintf().
>
> Does that sprintf() introduce an overflow or is it something else?
sprintf(), if used with unchecked data, practically *mandates* an
overflow.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
> Keywords are three or four characters long. Each argument
> may be up to 40 characters long.
qmail-popup's accepting arbitrarily long arguments doesn't constitute
"nonconformance to the pop3 specification." A client sending more than a
40-character argument is non-conformant; qmail-popup has only to be able to
accept *at least* 40 characters to be conformant. If a particular
implementation of checkpassword makes assumptions about the length of the
data qmail-popup gives it, that's its problem.
Chris
Dear all:
We want implement a mail service.Our user is about 1,000,000.We want to
provide SMTP ¡BPOP3¡BIMAP and Web base mail service.Except to qmail,what
kinds of softwares do we need.
Tony Chang
System Engineer
Information Technology Division
Hoshin Gigamedia Center Inc
On Mon, Jan 24, 2000 at 02:17:56PM +0800, ±ióI·Ô wrote:
> Dear all:
> We want implement a mail service.Our user is about 1,000,000.We want to
> provide SMTP ¡BPOP3¡BIMAP and Web base mail service.Except to qmail,what
> kinds of softwares do we need.
I would recomand VPopMail (www.inter7.com/vpopmail) from Inter7
(www.inter7.com) as they make things ALLOT easier to maintain. While you
are there take a look at CourierIMAP and SqWebMail (can be interesting
in the future). You might want to add you users in a mySQL database
(easier to maintain when you got allot of users).
Best regards
Michael Boman
PS
How are you planning to cluster your servers? I am looking into a powerful
and at the same time redurant solution. Please mail me offlist (or on,
if you prefer that) so we can share ideas about this.
DS
--
W I Z O F F I C E . C O M P T E L T D - Your Online Wizard
16 Tannery Lane, Crystal Time Building, #06-00, Singapore 347778
Ring : (65) 844 3228 [ext 118] Fax : (65) 842 7228
email : [EMAIL PROTECTED] URL : http://www.wizoffice.com
error message :
[root@head alias]# /usr/local/bin/maildirsmtp /var/qmail/alias/pppdir \
> alias-ppp- 202.96.134.132 'szptt.net.cn'
maildirserial: fatal: unable to run tcpclient: file does not exist
maildirserial: fatal: unable to run tcpclient: file does not exist
maildirserial: fatal: unable to run tcpclient: file does not exist
maildirserial: fatal: making no progress, giving up
can somebody help me?
chan
On Sat, Jan 22, 2000 at 05:37:29PM +0900, Kristina wrote:
> Is there a way I can get qmail-local to deliver to /var/spool/mail/username
> file??
>
> I know you can get the mbox format by using /bin/mail but I want
> mbox format delivery with qmail-local!
qmail-local runs with the permissions of the user it is delivering to,
and in general, ordinary users of a system do not have permission to
write into /var/spool/mail, unless their mbox format file already
exists, and is writable by the user. Normally, it would be present, but
some programs remove it; if you can guarantee that all your users' mbox
files will exist in /var/spool/mail, you could try:
qmail-start '/var/spool/mail/$USER' ....
--
See complete headers for more info
What does this mean? I'm unable to deliver mail to all but one user. I got
that user going by running qmail-config.
<<<<<snip>>>>>
Jan 23 23:22:44 cherryblossominn qmail: 948698564.781391 starting delivery
38: msg 25376 to local [EMAIL PROTECTED]
Jan 23 23:22:44 cherryblossominn qmail: 948698564.782697 status: local 2/10
remote 0/20
Jan 23 23:22:44 cherryblossominn qmail: 948698564.862947 delivery 37:
success: did_0+0+0/
Jan 23 23:22:44 cherryblossominn qmail: 948698564.901628 status: local 1/10
remote 0/20
Jan 23 23:22:44 cherryblossominn qmail: 948698564.984265 delivery 38:
deferral: /bin/sh:_dot-forward:_command_not_found/
<<<<<<snip>>>>>>
Thanks.
Jacob Joseph
On Sun, 23 Jan 2000, Jacob Joseph wrote:
> What does this mean?
> deferral: /bin/sh:_dot-forward:_command_not_found/
The message says that qmail can't find dot-forward.
Take a look at this user's .qmail and/or .forward file.
Have you installed dot-forward?
Mads
what does the logfile say? is the message really delivered - IMHO not,
because its not here...
pls. send more infos
a.j.
Ursprüngliche Nachricht vom 1/22/00, 12:15:28 AM
Autor: "Jacob Joseph" <[EMAIL PROTECTED]>
Thema: POP password checking
I'm having trouble getting qmail-popd to accept my password. What
could be causing the trouble. The user is in the assign file and I
have run qmail-newu and then restarted qmail. I've delivered a
message to the user for testing, but I can't see anything in that
user's directory with ls -al nor can I get in with pop.
Any ideas?
Jacob Joseph
Title: Re: POP password checking
that depends on how you start qmail. the parameter after qmail-start
says how to deliver mails.
e.g.:
... qmail-start ./Maildir/ ...
would deliver to Maildir
but
... qmail-start ./Maildir ...
will deliver in "mbox" format to a file called Maildir
and not to forget the file .qmail in users homedir. just do: %echo
./Maildir/ >.qmail; chmod 644 .qmail
and be sure to create the Maildir /var/qmail/bin/maildirmake.
and do the above in the homedir f the user, as the user or do a chown
-R user
and read LifeWithQmail by Dave Sill:
http://Web.InfoAve.Net/~dsill/lwq.html
a.j
>>>>>>>>>>>>>>>>>> Ursprüngliche Nachricht <<<<<<<<<<<<<<<<<<
Am 1/22/00, 4:06:31 AM, schrieb "Jacob Joseph" <[EMAIL PROTECTED]> zum
Thema Re: POP password checking:
> I believe my problem may be in setting up the maildirs. How exactly
can I
> have qmail send to maildirs? I've got it accepting messages for
users(the
> maillog shows success), but I have no idea where they're going.
Perhaps
> it's using normail mail files? This, however still wouldn't explain
the
> reason for the password to be rejected by popd. Must a user belong
to a
> certain group? I have installed checkpasswd and tried users in
various
> groups including qmail and popusers. Yes, the user is in the assign
config
> file and qmail-newu has been run. Any ideas?
> Jacob Joseph
> ----- Original Message -----
> From: "Sam" <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Sent: Friday, January 21, 2000 5:53 PM
> Subject: Re: POP password checking
> > On Fri, 21 Jan 2000, Jacob Joseph wrote:
> >
> > > I'm having trouble getting qmail-popd to accept my password.
What
> > > could be causing the trouble. The user is in the assign file and
I
> > > have run qmail-newu and then restarted qmail. I've delivered a
> > > message to the user for testing, but I can't see anything in that
> > > user's directory with ls -al nor can I get in with pop.
> > >
> > > Any ideas?
> >
> > AFAIK qmail-pop3d does not read assign, and it authenticates
against the
> > system username only.
> >
Dear All,
Someone is spamming through my server.
The header file looks like:
Return-Path: <[EMAIL PROTECTED]>
Received: (qmail 14914 invoked from network); 24 Jan 2000 01:54:59 -0000
Received: from ram.wlink.com.np (HELO Pupi) (@202.79.32.33)
by trishakti.wlink.com.np with SMTP; 24 Jan 2000 01:54:59 -0000
Message-ID: <[EMAIL PROTECTED]>
From: Administrator <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-Mailer: PUPI-MAIL v.0.1
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Internet problem year 2000.
Content-Type: multipart/mixed; boundary="-GOODMAN"
My question is how can I block this type of address something like:
admin_@*.com
admin_@*.net
admin_@*.org
admin_@*.edu
Thanks in Advance
Shashi
On Mon, Jan 24, 2000 at 04:00:49PM +0545, Shashi Dahal wrote:
> Dear All,
>
> Someone is spamming through my server.
If someone is spamming through your server, you should block SMTP relaying
with the traditional tcpserver way. Look in Life with qmail for good
documentation.
You shold not trust spam blocking done on username/domain basis.
/magnus
--
http://x42.com/
This is the Fix2001 virus and not spam. The person who is sending this mail
is probably unaware that they are infected. Basically, the virus
trawls through their address book, and sends this email to everyone it
finds. See http://www.datafellows.com/v-descs/fix2001.htm for more
info.
Blocking this type of email is an excellent idea - you need to
block all "admin_@" since it always picks the domain address of the
person it is sending to by forging the From: field
If possible some sort of 'this mail was blocked because it contains
the Fix2001 virus' error code would eventually help the other end to realise
they were infected, although this is of course more work.
Regards,
Alex
----- Original Message -----
From: Shashi Dahal <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 24, 2000 10:15 AM
Subject: Blocking Mails
Dear All,
Someone is spamming through my server.
The header file looks like:
Return-Path: <[EMAIL PROTECTED]>
Received: (qmail 14914 invoked from network); 24 Jan 2000 01:54:59 -0000
Received: from ram.wlink.com.np (HELO Pupi) (@202.79.32.33)
by trishakti.wlink.com.np with SMTP; 24 Jan 2000 01:54:59 -0000
Message-ID: <[EMAIL PROTECTED]>
From: Administrator <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-Mailer: PUPI-MAIL v.0.1
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: Internet problem year 2000.
Content-Type: multipart/mixed; boundary="-GOODMAN"
My question is how can I block this type of address something like:
admin_@*.com
admin_@*.net
admin_@*.org
admin_@*.edu
Thanks in Advance
Shashi
____________________________________________________________________________
____
This message has been checked for all known viruses by the Star Screening
System
http://www.star.net.uk/stats.asp
________________________________________________________________________________
This message has been checked for all known viruses by the Star Screening System
http://www.star.net.uk/stats.asp
