qmail Digest 10 Feb 2000 11:00:00 -0000 Issue 907

[qmail-digest-help]

qmail Digest 10 Feb 2000 11:00:00 -0000 Issue 907

Topics (messages 36965 through 37041):

Re: concurrencyremote
        36965 by: Dave Sill

Documentation
        36966 by: Allen Versfeld
        36971 by: Russell Nelson

Re: qmail-imap, cyrus imap, qmail
        36967 by: Dave Sill
        36970 by: Mullen, Patrick
        36972 by: Mitja Sarp
        36976 by: Greg Owen
        37011 by: Sam

Re: unable to bind
        36968 by: Jim Baxter

qmail+majordomo problem
        36969 by: stevenma.uc.shu.edu
        36999 by: Russ Allbery

Re: Big and/or famous sites using qmail?
        36973 by: Mate Wierdl
        36974 by: Greg Owen
        36979 by: Bruce Guenter
        36981 by: Kai MacTane
        36984 by: cmikk.uswest.net
        36986 by: Dave Sill
        36987 by: petervd.vuurwerk.nl
        36989 by: Troy Frericks
        36990 by: Bruce
        36992 by: Dave Sill
        36993 by: Blaine Lefler
        36995 by: Racer X
        36997 by: Russ Allbery
        37008 by: petervd.vuurwerk.nl
        37009 by: Russ Allbery
        37010 by: petervd.vuurwerk.nl
        37012 by: Russ Allbery
        37024 by: Bruce Guenter
        37026 by: Bruce Guenter
        37039 by: petervd.vuurwerk.nl
        37040 by: Fred Backman
        37041 by: Keith Warno

scripting using qmail-queue?
        36975 by: Jeremy Hansen
        37005 by: Jason Haar

selecting relay
        36977 by: Ramon Anfruns

Re: courier-imapd + vmailmgr
        36978 by: Bruce Guenter

[Already solved.] ezmlm without <username>-<listname>?
        36980 by: Henrik Öhman
        37006 by: Fred Lindberg
        37035 by: Henrik Öhman

Easy admin interface
        36982 by: Roy Kerwood
        37000 by: Russ Allbery
        37002 by: Olivier M.

This makes no sense - failed delivery to some users....
        36983 by: Doug McClure
        36985 by: Mark Delany

Re: viewing an ezmlm archive with web
        36988 by: David Dyer-Bennet
        37019 by: Marc-Adrian Napoli
        37027 by: Barry Smoke

more logging
        36991 by: clifford thurber
        36996 by: Dave Sill

badmailfrom - badmailto???
        36994 by: Marco Leeflang

Re: dns
        36998 by: John White

dos attacks
        37001 by: Marek Narkiewicz
        37003 by: Mullen, Patrick
        37014 by: Marek Narkiewicz
        37016 by: Delanet Administration
        37017 by: Sam
        37020 by: Martin A. Brown
        37021 by: Marek Narkiewicz
        37023 by: Robert Sanderson
        37025 by: Robert Sanderson
        37033 by: Anand Buddhdev

Re: Databytes and users?
        37004 by: Russell Nelson

deliverwrapper.pl
        37007 by: Mullen, Patrick

cyrus imapd w/ multiple server architecture?
        37013 by: Eric Dahnke
        37015 by: Greg Owen

Cannot send external mail...
        37018 by: Lal, Vivian

Egg on my face
        37022 by: Russell Nelson
        37031 by: Sam
        37032 by: Russell Nelson
        37038 by: Petri Kaukasoina

My turn for egg on my face - Re: dos attacks
        37028 by: Robert Sanderson

Re: Virtual Domains & Aliases
        37029 by: Russell Nelson

Re: courier-imap rpm
        37030 by: Barry Smoke

Re: Retry Schedule and bounce time?
        37034 by: Rogerio Brito

maxrcpts patch and user groups?
        37036 by: TAG
        37037 by: Chris Johnson

Administrivia:

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To bug my human owner, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        [EMAIL PROTECTED]


----------------------------------------------------------------------

---

Anand Buddhdev <[EMAIL PROTECTED]> wrote:

>120 is a compile-time upper limit imposed on concurrency for
>qmail-lspawn and qmail-rspawn. You can raise it to 255 on some systems.
>See the file conf-spawn in the qmail source.

There's also a patch, which I use on my list server, to raise the
limit to 64k. (I use a concurrencyremote of 500.)

-Dave

---

---

I never noticed this before (having relied entirely on Dave Sill's LWQ
for installation), but daemontools 0.61 does not ship with
documentation...   Why?!?
--
Allen Versfeld
[EMAIL PROTECTED]

QVANTI CANICVLA ILLE IN FENESTRA

---

---

Allen Versfeld writes:
 > I never noticed this before (having relied entirely on Dave Sill's LWQ
 > for installation), but daemontools 0.61 does not ship with
 > documentation...   Why?!?

Because Dan doesn't want to be stuck with obsolete documentation, as
has happened with qmail 1.03.  For example, the installation
instructions tell users to use inetd, or optionally tcpserver.  The
current best wisdom is NOT to use inetd but instead tcpserver.

Personally, I'm going to be running:
    wget -m -I <package> http://cr.yp.to/<package>.html

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | do for you..."  -Perry M.

---

---

[EMAIL PROTECTED] wrote:

>Someone tracked this one down and confirmed it to be a bug in Netscape
>Messenger's IMAP client.

And the "fix" is to wait for Time/Warner/CNN/AOL/Netscape to release a 
working Messenger, and get all 50 million users to install it, rather
than accommodating the bug in the handful of courier-imap servers?

Sometimes "right" is wrong. I don't know if this is one of those
times, but it seems likely.

Another possible imap solution is David Harris' patches to the UW IMAP 
daemon. See:

  http://Web.InfoAve.Net/~dsill/lwq.html#imap-maildir

-Dave

---

---

> Cyrus format is probably higher performance)

Hm.  Good enough.  My mail concern is really that of I
have everything set up based around maildirs right now.

>     It will of course exist happily with qmail; it's just a 
> matter of using
> the right invocation of 'deliver' in .qmail-default.

Could you expand upon this please?  Is there a global
.qmail-default somewhere, or would each user have to
have this?  Isn't .qmail-default only for addresses
in the form user-something, where the -something isn't
already handled by a specific .qmail- file?

Here is my real problem.  This is what I have right
now.  I want to keep this while expanding on to Cyrus
(if that seems the best choice).

Mail arrives.  If it is of the form user-something,
my perl script is called.  My perl script determines
if it needs to do anything special with the mail, and
if not, it hands it off to maildrop for delivery into
my Maildir.  Of course, maildrop could do further
filtering but that's not something I'm doing right now.

How can I get something similar to the above to work
using Cyrus?  For the curious, my perl script takes
certain emails and stuffs it into a database.
Otherwise, it is treated as a normal email.


Thanks,

~Patrick

---

---

On Wed, Feb 09, 2000 at 08:58:07AM -0500, Dave Sill wrote:
> [EMAIL PROTECTED] wrote:
> 
> >Someone tracked this one down and confirmed it to be a bug in Netscape
> >Messenger's IMAP client.
> 
> And the "fix" is to wait for Time/Warner/CNN/AOL/Netscape to release a 
> working Messenger, and get all 50 million users to install it, rather
> than accommodating the bug in the handful of courier-imap servers?
> 
> Sometimes "right" is wrong. I don't know if this is one of those
> times, but it seems likely.
> 

I have to agree here, I understand it might be painful but a -DNETSCAPE_BUG
switch might make the life better for us that are planning to use Courier
for production/public environments.

/Mitja

---

---

> >     It will of course exist happily with qmail; it's just a 
> > matter of using the right invocation of 'deliver' in
> > .qmail-default.
> 
> Could you expand upon this please?  Is there a global
> .qmail-default somewhere, or would each user have to
> have this?  Isn't .qmail-default only for addresses
> in the form user-something, where the -something isn't
> already handled by a specific .qmail- file?

        Ah, sorry, you're right.  I meant defaultdelivery, not
.qmail-default.  (I use some pretty funky setups on some of my relays and
get confused as to which I'm referring to).  Of course, you can put the
right line in defaultdelivery, in ~user/.qmail, in ~alias/.qmail-user, in
~alias/.qmail-default, etc. etc. etc.

        So, for example, I have a machine that runs qmail and cyrus.  In the
/var/qmail/rc, the qmail-start invocation is:

qmail-start '|preline -f /usr/cyrus/bin/deliver -e -a $USER -- $USER' \ 
    splogger qmail

        The '|preline -f /usr/cyrus....' portion is the "defaultdelivery"
recipe, and it says, "Pass the message onto cyrus's Deliver program after
stripping the 'From ' line which would cause Deliver to puke."

        So, if I understand what you're saying below, all you'd need to do
is modify your perl script to call a similar cyrus/bin/deliver line instead
of maildrop.

> Here is my real problem.  This is what I have right
> now.  I want to keep this while expanding on to Cyrus
> (if that seems the best choice).

        Just remember, if it ain't broke, don't fix it.  I like cyrus a lot,
but you need to evaluate if your load is causing any problems, and then if
this sort of switch is the best fix.

> Mail arrives.  If it is of the form user-something,
> my perl script is called.  My perl script determines
> if it needs to do anything special with the mail, and
> if not, it hands it off to maildrop for delivery into
> my Maildir.  Of course, maildrop could do further
> filtering but that's not something I'm doing right now.
> 
> How can I get something similar to the above to work
> using Cyrus?  For the curious, my perl script takes
> certain emails and stuffs it into a database.
> Otherwise, it is treated as a normal email.

        There are some caveats about regular users using 'deliver' to put
mail in their mailboxes.  IIRC, it should be wrapped so that they can't
abuse it to get around mailbox quotas.  Then again, if not using quotas,
then it isn't a problem...  The cyrus documentation goes into these issues
better than I can remember.

-- 
        gowen -- Greg Owen -- [EMAIL PROTECTED]

---

---

Dave Sill writes:

> [EMAIL PROTECTED] wrote:
> 
> >Someone tracked this one down and confirmed it to be a bug in Netscape
> >Messenger's IMAP client.
> 
> And the "fix" is to wait for Time/Warner/CNN/AOL/Netscape to release a 
> working Messenger, and get all 50 million users to install it, rather
> than accommodating the bug in the handful of courier-imap servers?

And tolerating sheer incompetence, and lack of due diligence, on the part
of commercial software vendors is how we got into this situation in the
first place.

I've already given both Messenger and Outlook Express enough slack when it
could be reasonably argued that there is a difference of opinion as to what
IMAP4rev1 is actually saying, which I consider to be the worst written RFC
I have ever read - but that's another story.

However, when there's a failure in implementing a rather clear and
unambiguous portion of the protocol, working around that particular problem
is going to get the lowest priority.

I'll fix Netscape's bugs when I have the time for it.  But for now, I have
better things to do.

Until then, and I hate to say it, people should use Outlook Express's IMAP
client.

-- 
Sam

---

---

Clifford.,

    This sounds like an error I've encountered.. Did you remove all
instances of 'smtp' from your /etc/inetd.conf file?  And is smtp listed in
your /etc/services file?  Did you restart or kill -HUP inetd after removing
it from inetd.conf?  I think I got this error when I tryed running tcpserver
on a port that was already in use by inetd..

Jim
[EMAIL PROTECTED]

----- Original Message -----
From: clifford thurber <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 08, 2000 11:41 AM
Subject: unable to bind


> Hello,
> I just installed  the tcpserver package. I then isssued  the
> /etc/init.d/qmail stop command. When I grep for qmail from ps I get no
> output. Yet when I go to start qmail under tcp server I get the following
> error:
>
> > tcpserver -x/etc/tcp.smtp.cdb -c400 -u101 -g100 0 smtp
> /usr/local/var/qmail/bin/qmail-smtpd &
> tcpserver: fatal: unable to bind: address already used
>
> [1] 8963
> [1]    Exit 111                      tcpserver -x/etc/tcp.smtp.cdb -c400
> -u101 -g100 0 smtp  ...
> >
>
> When I run qmail-qread I see that there are 2000 messages in the queue. I
> have attempted to send a kill -14 to qmaild in order to run the queue
which
> takes a seemignly inordinate amount of time. My question is does mail
> sitting in the queue cause the above error message and if so what is the
> best way to restart qmail with mail sitting in the queue so that I may
bind
> to port 25 ?
> Thanks in advance.
>
> Clifford Thurber
> Web Systems Administrator
> LiveUniverse.com
> [EMAIL PROTECTED]
> 565 5th Ave. 29th Fl.
> New York, NY 10017
> Ph:212 883 6940  (131)
> Fax:212 856 9134
>

---

---

Hi all, I'm using qmail 1.03 and Majordomo 1.95 on a Linux platform and
I'm having a strange problem.  It's probably an easy fix but I can't think
of it yet, so I'm hoping for some help!

All my lists work fine, except sending email to the "owner" of the list,
it seems qmail is tacking an extra "-" onto the
"[EMAIL PROTECTED]" address, so instead of
"[EMAIL PROTECTED]" I get "[EMAIL PROTECTED]"
why is it adding the "-" after the real owner name?  Feb  9 09:45:31

Like this:

pirate qmail: 950107531.504978 info msg 63248: bytes 887 from
<[EMAIL PROTECTED]@[]> qp 3289 uid 5002
 
which is of course bounced as an unknown message.

In /var/qmail/alias I have the aliases setup as:

.qmail-testlist-owner
.qmail-owner-testlist (symlink to .qmail-testlist-owner)
.qmail-testlist-owner-default (same symlink as above)

all of them have my email address as one line in the file.

What's wrong here?  Any ideas?

Thanks for your help!

Matt

---

---

stevenma <[EMAIL PROTECTED]> writes:

> All my lists work fine, except sending email to the "owner" of the list,
> it seems qmail is tacking an extra "-" onto the
> "[EMAIL PROTECTED]" address, so instead of
> "[EMAIL PROTECTED]" I get
> "[EMAIL PROTECTED]" why is it adding the "-" after the
> real owner name?

It's doing VERP, variable envelope return path, so that bounces go back to
an address that includes the address that bounced for easier handling with
scripts.  If the address bounces in the SMTP dialog rather than being
successfully delivered to the remote system, the message will be sent to
owner-listname-; otherwise, it will go to owner-listname-user=example.com
or the like.

> pirate qmail: 950107531.504978 info msg 63248: bytes 887 from
> <[EMAIL PROTECTED]@[]> qp 3289 uid 5002

The -@[] is the magic token telling it to use VERP.

> which is of course bounced as an unknown message.

That shouldn't have caused a bounce, although I'm wondering why the
message is going out as owner-testlist instead of testlist-owner like
qmail normally does.

> In /var/qmail/alias I have the aliases setup as:

> .qmail-testlist-owner
> .qmail-owner-testlist (symlink to .qmail-testlist-owner)
> .qmail-testlist-owner-default (same symlink as above)

> all of them have my email address as one line in the file.

You may need .qmail-owner-testlist-default if you want to put the "owner-"
part first.  That's a sendmailism, though, and qmail normally puts the
list name first.  See also dot-qmail(5):

     When qmail-local forwards a message as instructed in .qmail-ext (or
     .qmail-default), it checks whether .qmail-ext-owner exists.  If so,
     it uses local-owner@domain as the envelope sender for the forwarded
     message.  Otherwise it retains the envelope sender of the original
     message.  Exception:  qmail-local always retains the original
     envelope sender if it is the empty address or #@[], i.e., if this is
     a bounce message.

     qmail-local also supports variable envelope return paths (VERPs):  if
     .qmail-ext-owner and .qmail-ext-owner-default both exist, it uses
     local-owner-@domain-@[] as the envelope sender.  This will cause a
     recipient recip@reciphost to see an envelope sender of
     local-owner-recip=reciphost@domain.

-- 
Russ Allbery ([EMAIL PROTECTED])         <URL:http://www.eyrie.org/~eagle/>

---

---

How about this: while RedHat has serious (I'd guess partly personal)
problems with distributing qmail, it uses qmail as its mailinglist
server; it is lists.redhat.com.

This is probably not the greatest site, but certainly illustrates
qmail's usefullness.

Mate

---

---

 Frank Tegtmeyer wrote:
> Glenn R. Crownover wrote:
> > Just as an aside, the phrase "everyone else is using it" 
> > could also be considered a downside when taking security
> > into consideration.  The more something is used, the more
> > hackers know about it.
> 
> When do people stop to make such statements? I would like to 
> repeat my answer in the DNS thread - but I know it was a little
> bit rude.
> 
> Security by obscurity is NO solution to security problems. It 
> keeps people thinking they are secure when they really aren't.

        The argument is not security through obscurity.  The argument is
that attackers spend more time cracking a package that allows them to
exploit a larger number of hosts.

        In the case of sendmail, it's also easier for attackers to spend
more time cracking a package that has a long and distinguished history of
security holes than one which has been reviewed and no integral holes were
found.

-- 
        gowen -- Greg Owen -- [EMAIL PROTECTED]

---

---

On Wed, Feb 09, 2000 at 12:02:17PM +0800, Michael Boman wrote:
> Wouldn't it great if there was a list of big/famous sites that uses qmail
> as their MTA?

I just compiled a list of these from searching through the qmail mailing
list archives:

OneList
Yahoo
egroups
InterNIC
RIPE (European research organiziation, I believe)
xoom.com (heavily modified)
USA.net
MatchLogic
Algonet (Sweedish ISP with 50,000+ users)
gmx.de (German ISP)
NetZero
Critical Path
-- 
Bruce Guenter <[EMAIL PROTECTED]>                       http://em.ca/~bruceg/

---

---

At 11:55 AM 2/9/00 -0600, Bruce Guenter wrote or quoted:
>
>I just compiled a list of these from searching through the qmail mailing
>list archives:
>
>OneList
>Yahoo
>egroups
>InterNIC
>RIPE (European research organiziation, I believe)
>xoom.com (heavily modified)
>USA.net
>MatchLogic
>Algonet (Sweedish ISP with 50,000+ users)
>gmx.de (German ISP)
>NetZero
>Critical Path

Since OneList and eGroups are currently merging, we may want to list them
as "OneList/eGroups" on any list that's likely to be generated out of this.

Just a thought.

-----------------------------------------------------------------
                             Kai MacTane
                         System Administrator
                      Online Partners.com, Inc.
-----------------------------------------------------------------
>From the Jargon File: (v4.0.0, 25 Jul 1996)

house wizard /n./ 

A hacker occupying a technical-specialist, R&D, or systems position
at a commercial shop. A really effective house wizard can have influ-
ence out of all proportion to his/her ostensible rank and still not
have to wear a suit. 

---

---

On Wed, 9 Feb 2000 11:55:04 -0600 , Bruce Guenter writes:
> On Wed, Feb 09, 2000 at 12:02:17PM +0800, Michael Boman wrote:
> > Wouldn't it great if there was a list of big/famous sites that uses qmail
> > as their MTA?
> 
> I just compiled a list of these from searching through the qmail mailing
> list archives:
> 
[snip]

If I may be so bold, you could add U S West.net to that also.

If, of course, we're big enough ;-)

-- 
Chris Mikkelson  | The genius of you Americans is that you never make 
[EMAIL PROTECTED] | clear-cut stupid moves, only complicated stupid 
                 | moves which make us wonder at the possibility that
                 | there may be something to them we are missing. 
                 |   -- Gamel Nasser 

---

---

Bruce Guenter <[EMAIL PROTECTED]> wrote:

>I just compiled a list of these from searching through the qmail mailing
>list archives:
>
>OneList
>Yahoo
>egroups
>InterNIC

And Network Solutions, of course.

>RIPE (European research organiziation, I believe)
>xoom.com (heavily modified)
>USA.net

USA.net is not using qmail now, as far as I can tell.

>MatchLogic
>Algonet (Sweedish ISP with 50,000+ users)
>gmx.de (German ISP)
>NetZero
>Critical Path

Add PayPal/Confinity and Red Hat.

-Dave

---

---

On Wed, Feb 09, 2000 at 01:52:55PM -0500, Dave Sill wrote:
> Bruce Guenter <[EMAIL PROTECTED]> wrote:
> 
> >I just compiled a list of these from searching through the qmail mailing
> >list archives:
> >
> >OneList
> >Yahoo
> >egroups
> >InterNIC
> 
> And Network Solutions, of course.

I think he meant those :)

> >RIPE (European research organiziation, I believe)

RIPE is like ARIN, RIPE manages EU IP adress space.

> >xoom.com (heavily modified)
> >USA.net
> 
> USA.net is not using qmail now, as far as I can tell.

I thought they were using it for outgoing mail, just like hotmail.

> >MatchLogic
> >Algonet (Sweedish ISP with 50,000+ users)
> >gmx.de (German ISP)
> >NetZero
> >Critical Path
> 
> Add PayPal/Confinity and Red Hat.

And hypermart.net, free hosting (lots of sites), casema.net (cable ISP in
The Netherlands. They have a distributed setup based on LDAP).

Also, my employer, vuurwerk.nl (web+mailhosting of 20-30.000 domains) will be
migrating to qmail [my project] over the next months.

Greetz, Peter.
-- 
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder 
|  
| 'C makes it easy to shoot yourself in the foot;
|  C++ makes it harder, but when you do it blows your whole leg off.'
|                             Bjarne Stroustrup, Inventor of C++

---

---

At 10:51 AM 2/9/00 , Greg Owen wrote:
[snip]
>> 
>> Security by obscurity is NO solution to security problems. It 
>> keeps people thinking they are secure when they really aren't.
>
>       The argument is not security through obscurity.  The argument is
>that attackers spend more time cracking a package that allows them to
>exploit a larger number of hosts.

How do you know this?  It makes sense to me that they would spend time on
what ever system has the weakest security, ie: path of least resistance.  I
don't know this, so my question applies to me too.
#

>
[snip]

---

---

> -----Original Message-----
> From: Dave Sill [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, February 09, 2000 10:53 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Big and/or famous sites using qmail?
> 
> 
> Bruce Guenter <[EMAIL PROTECTED]> wrote:
> 
> >I just compiled a list of these from searching through the 
> qmail mailing
> >list archives:
> >
> >OneList
> >Yahoo
> >egroups
> >InterNIC
> 
> And Network Solutions, of course.

Not something to be proud of, as 2 days ago Jon Rust claimed
in message <v0421013fb4c4c040b1e4@[209.239.239.22]> that
Network Solutions runs an open relay.

I expect unsophisticated users like myself to stuff up, but
if large sites can't run qmail properly, maybe qmail could
benefit from some more guard-rails.  Or does SMTP make that
impractical?

- Bruce

---

---

<[EMAIL PROTECTED]> wrote:

>> And Network Solutions, of course.
>
>Not something to be proud of, as 2 days ago Jon Rust claimed
>in message <v0421013fb4c4c040b1e4@[209.239.239.22]> that
>Network Solutions runs an open relay.

It's no longer an open relay.

>I expect unsophisticated users like myself to stuff up, but
>if large sites can't run qmail properly,

Large sites *can* run qmail properly. People--even people at large
sites--make mistakes.

>maybe qmail could benefit from some more guard-rails.

Arguably, qmail should deny relaying in the absence of
control/rcphosts. Hopefully this will change with qmail 2. BTW, the
historical record shows that the by-the-docs qmail installation
disabled relaying well before the by-the-docs sendmail
installation. qmail was anti-relaying before anti-relaying was cool.

-Dave

---

---

OK all
        For the record. USA.Net uses qmail for all of our outbound traffic.
Very happy with it and not planning on changing.
[EMAIL PROTECTED] wrote:
> 
> On Wed, Feb 09, 2000 at 01:52:55PM -0500, Dave Sill wrote:
> > Bruce Guenter <[EMAIL PROTECTED]> wrote:
> >
> > >I just compiled a list of these from searching through the qmail mailing
> > >list archives:
> > >
> > >OneList
> > >Yahoo
> > >egroups
> > >InterNIC
> >
> > And Network Solutions, of course.
> 
> I think he meant those :)
> 
> > >RIPE (European research organiziation, I believe)
> 
> RIPE is like ARIN, RIPE manages EU IP adress space.
> 
> > >xoom.com (heavily modified)
> > >USA.net
> >
> > USA.net is not using qmail now, as far as I can tell.
> 
> I thought they were using it for outgoing mail, just like hotmail.
> 
> > >MatchLogic
> > >Algonet (Sweedish ISP with 50,000+ users)
> > >gmx.de (German ISP)
> > >NetZero
> > >Critical Path
> >
> > Add PayPal/Confinity and Red Hat.
> 
> And hypermart.net, free hosting (lots of sites), casema.net (cable ISP in
> The Netherlands. They have a distributed setup based on LDAP).
> 
> Also, my employer, vuurwerk.nl (web+mailhosting of 20-30.000 domains) will be
> migrating to qmail [my project] over the next months.
> 
> Greetz, Peter.
> --
> Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder
> |
> | 'C makes it easy to shoot yourself in the foot;
> |  C++ makes it harder, but when you do it blows your whole leg off.'
> |                             Bjarne Stroustrup, Inventor of C++

-- 
Blaine Lefler 
USA.Net System Administrator
[EMAIL PROTECTED]
Phone (719) 785-2373

---

---

let's take a step back for a moment too and remember that this is Network
Solutions we're talking about here, who seem to have an amazing ability to
screw up anything they get their hands on.

shag


----- Original Message -----
From: Dave Sill <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wed 9 Feb 2000 11.35
Subject: RE: Big and/or famous sites using qmail?


<[EMAIL PROTECTED]> wrote:

>> And Network Solutions, of course.
>
>Not something to be proud of, as 2 days ago Jon Rust claimed
>in message <v0421013fb4c4c040b1e4@[209.239.239.22]> that
>Network Solutions runs an open relay.

It's no longer an open relay.

>I expect unsophisticated users like myself to stuff up, but
>if large sites can't run qmail properly,

Large sites *can* run qmail properly. People--even people at large
sites--make mistakes.

>maybe qmail could benefit from some more guard-rails.

Arguably, qmail should deny relaying in the absence of
control/rcphosts. Hopefully this will change with qmail 2. BTW, the
historical record shows that the by-the-docs qmail installation
disabled relaying well before the by-the-docs sendmail
installation. qmail was anti-relaying before anti-relaying was cool.

-Dave

---

---

Bruce <[EMAIL PROTECTED]> writes:

> Not something to be proud of, as 2 days ago Jon Rust claimed in message
> <v0421013fb4c4c040b1e4@[209.239.239.22]> that Network Solutions runs an
> open relay.

I think he was saying that they were on ORBS instead, wasn't he?  There
are lots of things on ORBS that aren't open relays; this is one of them
(to my knowledge Network Solutions isn't actually relaying, only spamming
their customer base on a depressingly regular basis).

-- 
Russ Allbery ([EMAIL PROTECTED])         <URL:http://www.eyrie.org/~eagle/>

---

---

On Wed, Feb 09, 2000 at 11:57:22AM -0800, Russ Allbery wrote:
> Bruce <[EMAIL PROTECTED]> writes:
> 
> > Not something to be proud of, as 2 days ago Jon Rust claimed in message
> > <v0421013fb4c4c040b1e4@[209.239.239.22]> that Network Solutions runs an
> > open relay.
> 
> I think he was saying that they were on ORBS instead, wasn't he?  There
> are lots of things on ORBS that aren't open relays; this is one of them
> (to my knowledge Network Solutions isn't actually relaying, only spamming
> their customer base on a depressingly regular basis).

I have seen false positives on ORBS, but only due to cluelessness: ORBSing
the insertion point of a relay-abusable setup instead of the machine that
actually sends the mail out. But nothing more than that.

Greetz, Peter.
-- 
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder 
|  
| 'C makes it easy to shoot yourself in the foot;
|  C++ makes it harder, but when you do it blows your whole leg off.'
|                             Bjarne Stroustrup, Inventor of C++

---

---

petervd <[EMAIL PROTECTED]> writes:
> On Wed, Feb 09, 2000 at 11:57:22AM -0800, Russ Allbery wrote:

>> I think he was saying that they were on ORBS instead, wasn't he?  There
>> are lots of things on ORBS that aren't open relays; this is one of them
>> (to my knowledge Network Solutions isn't actually relaying, only
>> spamming their customer base on a depressingly regular basis).

> I have seen false positives on ORBS, but only due to cluelessness:
> ORBSing the insertion point of a relay-abusable setup instead of the
> machine that actually sends the mail out. But nothing more than that.

It's not a false positive per se; I think I remember this one.  MAPS
refused to list Network Solutions for spamming due to the disruption it
could cause with processing domain registrations, despite the fact that
they *are* spamming, and ORBS said "well screw it, if you won't list them,
we will."  Or at least that's what's surfacing from the murky depths of my
uncertain memory.

ORBS is not strictly an open-relay list.

-- 
Russ Allbery ([EMAIL PROTECTED])         <URL:http://www.eyrie.org/~eagle/>

---

---

On Wed, Feb 09, 2000 at 02:20:37PM -0800, Russ Allbery wrote:
> petervd <[EMAIL PROTECTED]> writes:
> > On Wed, Feb 09, 2000 at 11:57:22AM -0800, Russ Allbery wrote:
> 
> >> I think he was saying that they were on ORBS instead, wasn't he?  There
> >> are lots of things on ORBS that aren't open relays; this is one of them
> >> (to my knowledge Network Solutions isn't actually relaying, only
> >> spamming their customer base on a depressingly regular basis).
> 
> > I have seen false positives on ORBS, but only due to cluelessness:
> > ORBSing the insertion point of a relay-abusable setup instead of the
> > machine that actually sends the mail out. But nothing more than that.
> 
> It's not a false positive per se; I think I remember this one.  MAPS
> refused to list Network Solutions for spamming due to the disruption it
> could cause with processing domain registrations, despite the fact that
> they *are* spamming, and ORBS said "well screw it, if you won't list them,
> we will."  Or at least that's what's surfacing from the murky depths of my
> uncertain memory.

I don't really think you remember this one, I administer the host that got
falsely (as in 'host properly configured') listed.

> ORBS is not strictly an open-relay list.

Hmm I see your point. Anyway, after the bugtraq-issue we removed ORBS from
our servers..

Greetz, Peter.
-- 
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder 
|  
| 'C makes it easy to shoot yourself in the foot;
|  C++ makes it harder, but when you do it blows your whole leg off.'
|                             Bjarne Stroustrup, Inventor of C++

---

---

petervd <[EMAIL PROTECTED]> writes:
> On Wed, Feb 09, 2000 at 02:20:37PM -0800, Russ Allbery wrote:
>> petervd <[EMAIL PROTECTED]> writes:

>>> I have seen false positives on ORBS, but only due to cluelessness:
>>> ORBSing the insertion point of a relay-abusable setup instead of the
>>> machine that actually sends the mail out. But nothing more than that.

>> It's not a false positive per se; I think I remember this one.  MAPS
>> refused to list Network Solutions for spamming due to the disruption it
>> could cause with processing domain registrations, despite the fact that
>> they *are* spamming, and ORBS said "well screw it, if you won't list
>> them, we will."  Or at least that's what's surfacing from the murky
>> depths of my uncertain memory.

> I don't really think you remember this one, I administer the host that
> got falsely (as in 'host properly configured') listed.

No, wasn't talking about you, was talking about Network Solutions.  Sorry,
wasn't clear.  I wasn't commenting at all about the incident you referred
to, since I don't know anything about it.

-- 
Russ Allbery ([EMAIL PROTECTED])         <URL:http://www.eyrie.org/~eagle/>

---

---

On Wed, Feb 09, 2000 at 12:44:16PM +0000, Blaine Lefler wrote:
>       For the record. USA.Net uses qmail for all of our outbound traffic.

Could you clarify what you mean by "outbound traffic"?

Thanks.
-- 
Bruce Guenter <[EMAIL PROTECTED]>                       http://em.ca/~bruceg/

---

---

On Wed, Feb 09, 2000 at 11:55:04AM -0600, Bruce Guenter wrote:
> > Wouldn't it great if there was a list of big/famous sites that uses qmail
> > as their MTA?
> I just compiled a list of these from searching through the qmail mailing
> list archives:

I've made a web page out of this.  Check out
        http://em.ca/~bruceg/qmail-sites.html
-- 
Bruce Guenter <[EMAIL PROTECTED]>                       http://em.ca/~bruceg/

---

---

On Wed, Feb 09, 2000 at 10:38:54PM -0600, Bruce Guenter wrote:
> On Wed, Feb 09, 2000 at 11:55:04AM -0600, Bruce Guenter wrote:
> > > Wouldn't it great if there was a list of big/famous sites that uses qmail
> > > as their MTA?
> > I just compiled a list of these from searching through the qmail mailing
> > list archives:
> 
> I've made a web page out of this.  Check out
>       http://em.ca/~bruceg/qmail-sites.html

One correction: casema.net is dutch :)

Greetz, Peter.
-- 
Peter van Dijk - student/sysadmin/ircoper/madly in love/pretending coder 
|  
| 'C makes it easy to shoot yourself in the foot;
|  C++ makes it harder, but when you do it blows your whole leg off.'
|                             Bjarne Stroustrup, Inventor of C++

---

---

I'm not speaking for USA.NET as I have no clue what they use or do, but
it's
possible they have a non-qmail smtp mail server for incoming traffic,
and
separate qmail processes running for the outgoing traffic.


Bruce Guenter wrote:

> On Wed, Feb 09, 2000 at 12:44:16PM +0000, Blaine Lefler wrote:
> >       For the record. USA.Net uses qmail for all of our outbound traffic.
>
> Could you clarify what you mean by "outbound traffic"?

---

---

SuSE.com and -- I'm presuming SuSE.de -- also use qmail, as well as ezmlm
for their mailing lists.

http://www.suse.com/Maillist/index_en.html

1 of the 3 lists I'm on (the English discussion list, suse-linux-e)
generates about 2 or 3 times as much traffic as this list daily.  Can't say
much more about how much traffic they get.  :>



----- Original Message -----
From: "Michael Boman" <[EMAIL PROTECTED]>
To: "qmail mailing list" <[EMAIL PROTECTED]>
Sent: 08 February 2000, Tuesday 23:02
Subject: Big and/or famous sites using qmail?


| Wouldn't it great if there was a list of big/famous sites that uses qmail
| as their MTA? It would be nice if you need to presuiade your boss that
| qmail is a great MTA, as most people say: "Use sendmail, everyone else
| using it. It's dafacto standard."
|
| If not on the site, why not send me some examples of sites that uses
| qmail?
|
| Best regards
|  Michael Boman
|
| --
| W I Z O F F I C E . C O M   P T E   L T D  -  Your Online Wizard
| 16 Tannery Lane, Crystal Time Building, #06-00, Singapore 347778
| Voice : (65) 844 3228 [ext 118]  Fax : (65) 842 7228
| Pager : (65) 92 93 29 49         ICQ : 5566009
| eMail : [EMAIL PROTECTED]    URL : http://www.wizoffice.com
|

---

---

Can someone possible show me an example script in perl that puts a message
into the queue using qmail-queue directly?  I'm trying to experiment with
ways to deliver mail at fair and low overhead kind of way.

Thanks
-jeremy

---

---

On Wed, Feb 09, 2000 at 12:06:59PM -0500, Jeremy Hansen wrote:
> 
> Can someone possible show me an example script in perl that puts a message
> into the queue using qmail-queue directly?  I'm trying to experiment with
> ways to deliver mail at fair and low overhead kind of way.

Check out my virus scanner wrapper scan4virus - it calls qmail-queue
directly from perl.

http://www.geocities.com/jhaar/scan4virus/


-- 
Cheers

Jason Haar

Unix/Network Specialist, Trimble NZ
Phone: +64 3 3391 377 Fax: +64 3 3391 417
               

---

---

Hi there,
we are running Qmail and Spammers are using our SMTP as a relay. We've
configured our sistem as it is at:
http://www.palomine.net/qmail/selectiverelay.html,
where we have on tcp.smtp :

[root@correos /etc]# cat tcp.smtp
194.179.87.:allow,RELAYCLIENT=""
195.76.4.:allow,RELAYCLIENT=""
195.76.5.:allow,RELAYCLIENT=""
195.76.107.:allow,RELAYCLIENT=""

and we start tcpserver with :

env - PATH="/bin:/usr/bin:/usr/local/bin" \
/bin/sh -c "ulimit -m 8192 ; \
exec tcpserver -x/etc/tcp.smtp.cdb \
-c60 -g500 -u20001 0 25 /var/qmail/bin/qmail-smtpd" &

and on /var/qmail/control/rcpthosts we have listed all our domains hosted.
But
when we put all this together, users can't use our SMTP as relay, but our
users can't either if they send to a domain not listed on our rctphosts.

If any body can help...

Ray

---

---

On Tue, Feb 08, 2000 at 05:22:33PM -0600, Barry Smoke wrote:
> I know the author of vmailmgrd is working on that very thing....and I
> believe was close to finishing....due to be released in the next version.

Yes, I am.  In fact, I've written the code but haven't had time to test
it yet.  I'll put out a snapshot of the current code base on the web
site.
-- 
Bruce Guenter <[EMAIL PROTECTED]>                       http://em.ca/~bruceg/

---

---

It's funny how you often manage to solve problems you've been haunted by
for days just after you've mailed the proper mailing list about it,
isn't it? Well, this time I managed to be one step ahead, but as I had
already written most of the message when I realised the solution, I
guess I might as well send it. Maybe it can help someone else..

The correct solution was of course to change ~/testlist/inlocal and
~/testlist/outlocal from user-testlist to saying just testlist.

Thanks for the attention I WOULD have gotten had I not solved the
problem myself. ;)

Below is the original message.

Henrik.

---
Ok, I've been trying to do this in several ways now, without complete
success.

Some (or rather, one) users on our mail server want their own mailing
lists, but would rather not have the user name preceeding the list name.
<first.last-list>@gammadata.se is quite long and quite inconsequent.
It's OK with me, provided that I don't have to have him running around
in /var/qmail/alias to do it.

I tried with placing the usual .qmail-<list> aliases in
/var/qmail/alias, but naturally that fails. A simple .qmail-<list> for
forwarding works for sending to the list, and is what I use now, but it
works badly for requests and bounces.
Just now I tried to work it out with putting aliases in
/var/qmail/users, which seems to be the proper way to do it (if there is
any at all.)

My /var/qmail/users/assign looks like this (and this is just for my own
testlist.)
---
=testlist:spiff:9999:999:/home/spiff:-:testlist:
+testlist-:spiff:9999:999:/home/spiff:-:testlist-:
.
---

I succeed in sending messages to testlist, but testlist-help,
testlist-subscribe and others do not work. (Yes, they work if I use
spiff-testlist-help and spiff-testlist-subscribe.) And here is the error
message..

---
Hi. This is the qmail-send program at mail.gammadata.se.
I'm afraid I wasn't able to deliver your message to the following
addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<[EMAIL PROTECTED]>:
ezmlm-manage: fatal: I do not accept messages at this address (#5.1.1)
---

Does anyone know a way to solve this? Are the requests being processed

---

---

On Wed, 09 Feb 2000 18:05:02 +0100, Henrik Öhman wrote:

>The correct solution was of course to change ~/testlist/inlocal and
>~/testlist/outlocal from user-testlist to saying just testlist.

The correct solution is to set up the list with the correct name right
away. If you don't then the list name will be incorrect in the DIR/text
files.

If the user name is too long, you can alias the user and use e.g.
cfl-list instead of Fred.Lindberg-list.

Easiest is to give the user their own virtual domain, especially if
they run many lists. Thus, [EMAIL PROTECTED] could become
[EMAIL PROTECTED]

[[EMAIL PROTECTED] discusses lots of ezmlm stuff and there is a FAQ
on line at http://www.ezmlm.org]


-Sincerely, Fred

(Frederik Lindberg, Infectious Diseases, WashU, St. Louis, MO, USA)

---

---

Fred Lindberg wrote:

> On Wed, 09 Feb 2000 18:05:02 +0100, Henrik Öhman wrote:
>
> >The correct solution was of course to change ~/testlist/inlocal and
> >~/testlist/outlocal from user-testlist to saying just testlist.
>
> The correct solution is to set up the list with the correct name right
> away. If you don't then the list name will be incorrect in the DIR/text
> files.

for file in `ls -1 DIR`; do cat $file |sed s/spiff-testlist/testlist/
>$file.new; mv $file.new $file; done

Yes, of course there is a better solution, but I wanted a quick one, where
the user could have a listname without a prefix and still being able to
maintain it himself.

Also, the lists already exists. Changing the domain would cause annoyance
among the subscribers.

Although, I'll at least look into it.

Henrik.

>[snip]

---

---

Hi is there  a script based administration interface that takes some of the
drudgery out of setting up new users on Qmail?

Roy Kerwood
Network Administrator
Cityxpress.com
604-638-3800
Local 311

---

---

Roy Kerwood <[EMAIL PROTECTED]> writes:

> Hi is there a script based administration interface that takes some of
> the drudgery out of setting up new users on Qmail?

What all are you doing to set up a new user?  For the default
installation, I don't believe you have to do anything at all.

-- 
Russ Allbery ([EMAIL PROTECTED])         <URL:http://www.eyrie.org/~eagle/>

---

---

On Wed, Feb 09, 2000 at 10:26:39AM -0800, Roy Kerwood wrote:
> Hi is there  a script based administration interface that takes some of the
> drudgery out of setting up new users on Qmail?

If you want to let you users administer they own domains, you may
have a look at the oMail project : http://omail.omnis.ch .

Regards & good luck,
Olivier

---

---

info msg 25541042: bytes 492 from <[EMAIL PROTECTED]> qp 686 uid 412
starting delivery 102: msg 25541042 to local [EMAIL PROTECTED]
status: local 2/10 remote 2/20
delivery 102: deferral: Unable_to_chdir_to_maildir._(#4.2.1)/
status: local 1/10 remote 2/20

The user's Maildir is there, it's intact ...

drwx------    5 xxxxx     domainusr     45 Feb  9 13:23 .
drwxr-x---    4 xxxxx     domainusr     84 Feb  9 13:23 ..
drwx------    2 xxxxx     domainusr      9 Feb  9 13:23 cur
drwx------    2 xxxxx     domainusr      9 Feb  9 13:23 new
drwx------    2 xxxxx     domainusr      9 Feb  9 13:23 tmp

It's on an NFS partition and apparently is the only one with 
problems. qmail is running using the users/assign and all the info in 
there is correct and matches the passwd entry.

help!
-doug

---

---

On Wed, Feb 09, 2000 at 01:19:56PM -0500, Doug McClure wrote:
> info msg 25541042: bytes 492 from <[EMAIL PROTECTED]> qp 686 uid 412
> starting delivery 102: msg 25541042 to local [EMAIL PROTECTED]
> status: local 2/10 remote 2/20
> delivery 102: deferral: Unable_to_chdir_to_maildir._(#4.2.1)/
> status: local 1/10 remote 2/20
> 
> The user's Maildir is there, it's intact ...
> 
> drwx------    5 xxxxx     domainusr     45 Feb  9 13:23 .
> drwxr-x---    4 xxxxx     domainusr     84 Feb  9 13:23 ..
> drwx------    2 xxxxx     domainusr      9 Feb  9 13:23 cur
> drwx------    2 xxxxx     domainusr      9 Feb  9 13:23 new
> drwx------    2 xxxxx     domainusr      9 Feb  9 13:23 tmp
> 
> It's on an NFS partition and apparently is the only one with 
> problems. qmail is running using the users/assign and all the info in 
> there is correct and matches the passwd entry.

Is it only *this* user that is having problems or is it the only user
who happens to have their home on an NFS mount that is having problems?

As I'm sure you know, the deferral is just that, not a bounce. Is the
home mounted by automount? I find that to be a disaster for
mail delivery too.

If nothing else, it may simply be a flaky NFS connection for some
reason. It's a pity qmail doesn't attach the errno with the messages
associated with system call failures.


Mark.

---

---

Barry Smoke <[EMAIL PROTECTED]> writes on 9 February 2000 at 02:10:18 -0600
 > Any suggestions on what to set up to view a threaded mailing list archive on the 
 >web.  Is there anything out there in php3?  There are several php forum packages that 
 >could be adapted....how easy would this be?
 > 
 > I noticed that ezmlm-web was at 2.0 now....how good is this?...and does it do the 
 >web archive?
 > 
 > What is everyone else using?

There's now web archive display in ezmlm+idx, as of 0.40
-- 
Photos: http://dd-b.lighthunters.net/ Minicon: http://www.mnstf.org/minicon
Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b 
David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]

---

---

Hi there,

> Barry Smoke <[EMAIL PROTECTED]> writes on 9 February 2000 at
02:10:18 -0600
>  > Any suggestions on what to set up to view a threaded mailing list
archive on the web.  Is there anything out there in php3?  >There are
several php forum packages that could be adapted....how easy would this be?
>  >
>  > I noticed that ezmlm-web was at 2.0 now....how good is this?...and does
it do the web archive?
>  >
>  > What is everyone else using?
>
> There's now web archive display in ezmlm+idx, as of 0.40

Yep, i use this and it works very very well.

I'd highly suggest you use it.

Regards,

Marc-Adrian Napoli
Connect Infobahn Australia
+61 2 92811750

---

---

Thanks......has someone built an rpm for ezmlm+idx 4.0 yet?
I currently have ezmlm-idx-std-0.53.324-1.i386.rpm

Barry Smoke

-----Original Message-----
From: Marc-Adrian Napoli <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, February 09, 2000 8:02 PM
Subject: Re: viewing an ezmlm archive with web


>Hi there,
>
>> Barry Smoke <[EMAIL PROTECTED]> writes on 9 February 2000 at
>02:10:18 -0600
>>  > Any suggestions on what to set up to view a threaded mailing list
>archive on the web.  Is there anything out there in php3?  >There are
>several php forum packages that could be adapted....how easy would this be?
>>  >
>>  > I noticed that ezmlm-web was at 2.0 now....how good is this?...and
does
>it do the web archive?
>>  >
>>  > What is everyone else using?
>>
>> There's now web archive display in ezmlm+idx, as of 0.40
>
>Yep, i use this and it works very very well.
>
>I'd highly suggest you use it.
>
>Regards,
>
>Marc-Adrian Napoli
>Connect Infobahn Australia
>+61 2 92811750
>
>

---

---

Hello,
I am interested in more verbose/debugging logging under qmail. Currently I
just get the default processing messages logged to /var/log/maillog. I
would like to get incomming connection messages with the full smtp
conversation. I looked at the following URLL

http://cr.yp.to/qmail/faq/servers.html#tcpserver-smtpd

and noted the following:

How do I record all incoming SMTP traffic? 

Answer: This answer assumes that you are running qmail-smtpd under
tcpserver, using tcpserver 0.84 or above, with tcpserver's
connection messages being sent to syslog. 

Simply insert recordio before qmail-smtpd. SMTP traffic will be sent to
syslog. 

Can someone tell me what the complete command line or inetd.conf line would
be to enable this? I am currently using tcp-server to run qmail. Do I need
to install any additional packages to do this? Thanks as always in advance.


Clifford Thurber
Web Systems Administrator
LiveUniverse.com
[EMAIL PROTECTED]
565 5th Ave. 29th Fl.
New York, NY 10017
Ph:212 883 6940  (131)
Fax:212 856 9134

---

---

clifford thurber <[EMAIL PROTECTED]> wrote:

>How do I record all incoming SMTP traffic? 
>
>Answer: This answer assumes that you are running qmail-smtpd under
>tcpserver, using tcpserver 0.84 or above, with tcpserver's
>connection messages being sent to syslog. 
>
>Simply insert recordio before qmail-smtpd. SMTP traffic will be sent to
>syslog. 
>
>Can someone tell me what the complete command line or inetd.conf line would
>be to enable this? I am currently using tcp-server to run qmail. Do I need
>to install any additional packages to do this? Thanks as always in advance.

I don't want to be rude, but what part of "Simply insert recordio
before qmail-smtpd" was unclear? :-) Likewise, "tcpserver 0.84 or
above" should be pretty obvious.

So if you currently have something like:

  ... tcpserver ... qmail-smtpd ...

You change that to read:

  ... tcpserver ... recordio qmail-smtpd ...

-Dave

---

---

With control/badmailfrom i can refuse mail send from emailaddresses list
in this file.
Is it possible to refuse mail for emailaddresses list in this file ore
some file ,send by local users?

greetings
marco leeflang

---

---

On Wed, Feb 09, 2000 at 11:22:20AM -0800, kevin olson wrote:
> sorry to throw such primitive questions inbetween all
> these expert posts, but 
> 
> a.    does tinydns/dnscache run on solaris? if so does
>       anyone here use it on a sparc?
 
I'm using the dnscache server on a sparc, but I compiled
it with gcc-2.95.2.

John

---

---

Would it be possible to lmit the number of spawns that tcpserver can make from one ip 
address concurrently to 
preven one ip spawning up to the limit of concurrent daemons and denying access to 
that daemon? I can't think 
of a way to do it from what i've read of the docs but it seems like quite a useful 
feature so i was wondering if there 
was a patch or a plan to add that functionality?
If not can someone give me a few pointers on what would be involved in such a 
modification so I can have a go 
myselgf?
cheers
--
Marek Narkiewicz, Systems Director WelshDragon ltd
[EMAIL PROTECTED]
02/08/2000 at 20:09:05

---

---

> Would it be possible to lmit the number of spawns that 
> tcpserver can make from one ip address concurrently to 
> preven one ip spawning up to the limit of concurrent daemons 
> and denying access to that daemon? I can't think 
> of a way to do it from what i've read of the docs but it 

I don't know about the "one-ip" part, but tcpserver DOES
have a limit on the number of concurrent processes.  I
think it's the "-c" switch.  `man tcpserver` is quite
informative.


~Patrick

---

---

I am aware of that fact as I have read the man page.  But I appreciate the effort. :-)
Oh and I am subscribed so I don't need you to add me to the to: list.

On Wed, 09 Feb 2000 15:44:26 -0500, [EMAIL PROTECTED] wrote:
>> Would it be possible to lmit the number of spawns that 
>> tcpserver can make from one ip address concurrently to 
>> preven one ip spawning up to the limit of concurrent daemons 
>> and denying access to that daemon? I can't think 
>> of a way to do it from what i've read of the docs but it 
>
>I don't know about the "one-ip" part, but tcpserver DOES
>have a limit on the number of concurrent processes.  I
>think it's the "-c" switch.  `man tcpserver` is quite
>informative.
>
>
>~Patrick
--
Marek Narkiewicz, Systems Director WelshDragon ltd
[EMAIL PROTECTED]
02/08/2000 at 23:22:36

---

---

I have a few questions along the same lines.. I have tcp server set to
limit to 900 as indicated below. However I've had several sites in the
past month who send mail with stray linfeeds..it's becomming alot more
common lately unfortunately. But the problem I have is qmail kills the
connection with code 256, as expected. Their end immediately retries
with no delay. I see a volume from one site alone of 36 attempts per
second, with as much as 2,200 simultaneous connections to my smtp port
from the site. It takes my mail server to it's knees, the queue builds
up and no mail is processed until I block the site via tcp.smtp. This is
then essentially a dos attack is it not? The server btw is a intel
pII/300 with 256mb ram, qmail 1.03 with vpopmail and about 12k pop
accounts covering 125 domains. Maildirs are mounted via nfs from a
metastor raid array and queue is on a seperate scsi-2 drive from the OS
(FreeBSD 3.4 stable).

    Is this a problem other people are having? I've scanned the lists
concerning the stray linefeed problems and not found anything quite
describing it the way it's happening to me. I end up contacting a more
often than not clueless isp or company who is sending the message thats
causing the overload. Usually I leave them blocked till the message
expires in their queue. As a result, I have 9 sites now blocked in this
manner. Is there a better way to handle this or is it a configuration
problem on my server that causes the severe overload?

--
Stephen Comoletti
Systems Administrator
Delanet, Inc.  http://www.delanet.com
ph: (302) 326-5800 fax: (302) 326-5802

"Mullen, Patrick" wrote:

> > Would it be possible to lmit the number of spawns that
> > tcpserver can make from one ip address concurrently to
> > preven one ip spawning up to the limit of concurrent daemons
> > and denying access to that daemon? I can't think
> > of a way to do it from what i've read of the docs but it
>
> I don't know about the "one-ip" part, but tcpserver DOES
> have a limit on the number of concurrent processes.  I
> think it's the "-c" switch.  `man tcpserver` is quite
> informative.
>
> ~Patrick

---

---

On Wed, 9 Feb 2000, Delanet Administration wrote:

> common lately unfortunately. But the problem I have is qmail kills the
> connection with code 256, as expected. Their end immediately retries
> with no delay. I see a volume from one site alone of 36 attempts per
> second, with as much as 2,200 simultaneous connections to my smtp port
> from the site. It takes my mail server to it's knees, the queue builds
> up and no mail is processed until I block the site via tcp.smtp. This
> is then essentially a dos attack is it not?

Yes.  Firewall the mail server, and separately mail a notice to their
admins to get in touch with you once their mail relay properly implement
RFC 821.

>     Is this a problem other people are having? I've scanned the lists
> concerning the stray linefeed problems and not found anything quite

Well, the stray linefeed is one issue.  The second issue is the sending
mail server trying again immediately.

> describing it the way it's happening to me. I end up contacting a more
> often than not clueless isp or company who is sending the message thats
> causing the overload. Usually I leave them blocked till the message
> expires in their queue. As a result, I have 9 sites now blocked in this
> manner. Is there a better way to handle this or is it a configuration
> problem on my server that causes the severe overload?

Nope.  This is probably the best way to handle the issue.  What I might
also suggest doing is to copy off the headers of some messages from those
relays that do make it through, to see if the mail software that they are
running can be identified in the last-hop Received: header.  If so, make
some modifications to your code which will automatically firewall all mail
relays that identify themselves as running the same software, in order to
head off future problems from those nodes.

---

---

Here's what I would do.

I'd run a different process on each IP...in bash pseudocode:

for i in $(ifconfig | perl -ne '/inet addr:\d+(\.\d+){3}/ && print "$1 "'); do
        tcpserver opts $i port proggie
done

I'm sure there are some sed/awk gurus that can run that command a whole
lot faster than my 4Mb perl interpreter, but it's quick and dirty, and
will grab all of your IPs (including IP aliases).

Then you make sure to set concurrency on each tcpserver process.

Ain't these tools wonderful?!

-Martin

-- 
Martin A. Brown --- Wonderfrog Enterprises --- [EMAIL PROTECTED]

On Tue, 8 Feb 2000, Marek Narkiewicz wrote:

:I am aware of that fact as I have read the man page.  But I appreciate the effort. :-)
:Oh and I am subscribed so I don't need you to add me to the to: list.
:
:On Wed, 09 Feb 2000 15:44:26 -0500, [EMAIL PROTECTED] wrote:
:>> Would it be possible to lmit the number of spawns that 
:>> tcpserver can make from one ip address concurrently to 
:>> preven one ip spawning up to the limit of concurrent daemons 
:>> and denying access to that daemon? I can't think 
:>> of a way to do it from what i've read of the docs but it 
:>
:>I don't know about the "one-ip" part, but tcpserver DOES
:>have a limit on the number of concurrent processes.  I
:>think it's the "-c" switch.  `man tcpserver` is quite
:>informative.
:>
:>
:>~Patrick
:--
:Marek Narkiewicz, Systems Director WelshDragon ltd
:[EMAIL PROTECTED]
:02/08/2000 at 23:22:36
:
:

---

---

I'm sorry if I haven't made myself clear on this occasion.
I meant that I wish to limit spawnings per remote ip eg if a remote machine is logged 
in to the popserver they 
cannot log in a second time

On Wed, 9 Feb 2000 21:30:08 -0600 (CST), [EMAIL PROTECTED] wrote:
>Here's what I would do.
>
>I'd run a different process on each IP...in bash pseudocode:
>
>for i in $(ifconfig | perl -ne '/inet addr:\d+(\.\d+){3}/ && print "$1 "'); do
>       tcpserver opts $i port proggie
>done
>
>I'm sure there are some sed/awk gurus that can run that command a whole
>lot faster than my 4Mb perl interpreter, but it's quick and dirty, and
>will grab all of your IPs (including IP aliases).
>
>Then you make sure to set concurrency on each tcpserver process.
>
>Ain't these tools wonderful?!
>
>-Martin
>
>-- 
>Martin A. Brown --- Wonderfrog Enterprises --- [EMAIL PROTECTED]
>
>On Tue, 8 Feb 2000, Marek Narkiewicz wrote:
>
>:I am aware of that fact as I have read the man page.  But I appreciate the effort. 
>:-)
>:Oh and I am subscribed so I don't need you to add me to the to: list.
>:
>:On Wed, 09 Feb 2000 15:44:26 -0500, [EMAIL PROTECTED] wrote:
>:>> Would it be possible to lmit the number of spawns that 
>:>> tcpserver can make from one ip address concurrently to 
>:>> preven one ip spawning up to the limit of concurrent daemons 
>:>> and denying access to that daemon? I can't think 
>:>> of a way to do it from what i've read of the docs but it 
>:>
>:>I don't know about the "one-ip" part, but tcpserver DOES
>:>have a limit on the number of concurrent processes.  I
>:>think it's the "-c" switch.  `man tcpserver` is quite
>:>informative.
>:>
>:>
>:>~Patrick
>:--
>:Marek Narkiewicz, Systems Director WelshDragon ltd
>:[EMAIL PROTECTED]
>:02/08/2000 at 23:22:36
>:
>:
--
Marek Narkiewicz, Systems Director WelshDragon ltd
[EMAIL PROTECTED]
02/09/2000 at 03:48:41

---

---

I had the same problem a couple of months back.  After repeated attempts to
contact the admins of the broken servers (one of which was within
Microsoft), I patched qmail-smtpd.c to reject messages from servers sending
bare lfs.  I've attached the patch.

I've tried blocking the broken servers via tcpserver with much less
success.  They seem to startup again as soon as they are un-blocked.


Delanet Administration wrote:

> I have a few questions along the same lines.. I have tcp server set to
> limit to 900 as indicated below. However I've had several sites in the
> past month who send mail with stray linfeeds..it's becomming alot more
> common lately unfortunately. But the problem I have is qmail kills the
> connection with code 256, as expected. Their end immediately retries
> with no delay. I see a volume from one site alone of 36 attempts per
> second, with as much as 2,200 simultaneous connections to my smtp port
> from the site. It takes my mail server to it's knees, the queue builds
> up and no mail is processed until I block the site via tcp.smtp. This is
> then essentially a dos attack is it not? The server btw is a intel
> pII/300 with 256mb ram, qmail 1.03 with vpopmail and about 12k pop
> accounts covering 125 domains. Maildirs are mounted via nfs from a
> metastor raid array and queue is on a seperate scsi-2 drive from the OS
> (FreeBSD 3.4 stable).
>
>     Is this a problem other people are having? I've scanned the lists
> concerning the stray linefeed problems and not found anything quite
> describing it the way it's happening to me. I end up contacting a more
> often than not clueless isp or company who is sending the message thats
> causing the overload. Usually I leave them blocked till the message
> expires in their queue. As a result, I have 9 sites now blocked in this
> manner. Is there a better way to handle this or is it a configuration
> problem on my server that causes the severe overload?
>
> --
> Stephen Comoletti
> Systems Administrator
> Delanet, Inc.  http://www.delanet.com
> ph: (302) 326-5800 fax: (302) 326-5802
>

--
Robert Sanderson <[EMAIL PROTECTED]>
http://www.ETRN.com



--- qmail-smtpd.c.orig  Fri Nov 12 23:08:08 1999
+++ qmail-smtpd.c       Wed Dec  8 23:01:18 1999
@@ -47,7 +47,7 @@
 void die_nomem() { out("421 out of memory (#4.3.0)\r\n"); flush(); _exit(1); }
 void die_control() { out("421 unable to read controls (#4.3.0)\r\n"); flush(); 
_exit(1); }
 void die_ipme() { out("421 unable to figure out my IP addresses (#4.3.0)\r\n"); 
flush(); _exit(1); }
-void straynewline() { out("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n"); 
flush(); _exit(1); }
+void straynewline() { out("551 See http://pobox.com/~djb/docs/smtplf.html also, NT 
+users see http://support.microsoft.com/support/kb/articles/Q224/9/83.ASP\r\n"); 
+flush(); _exit(1); }
 
 void err_bmf() { out("553 sorry, your envelope sender is in my badmailfrom list 
(#5.7.1)\r\n"); }
 void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed 
rcpthosts (#5.7.1)\r\n"); }
@@ -58,6 +58,7 @@
 void err_noop() { out("250 ok\r\n"); }
 void err_vrfy() { out("252 send some mail, i'll try my best\r\n"); }
 void err_qqt() { out("451 qqt failure (#4.3.0)\r\n"); }
+void err_etrn() { out("251 No need for ETRN. Delivery to your domain already 
+started.\r\n"); }
 
 
 stralloc greeting = {0};
@@ -229,7 +230,7 @@
 }
 void smtp_ehlo(arg) char *arg;
 {
-  smtp_greet("250-"); out("\r\n250-PIPELINING\r\n250 8BITMIME\r\n");
+  smtp_greet("250-"); out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n250 ETRN\r\n");
   seenmail = 0; dohelo(arg);
 }
 void smtp_rset()
@@ -405,6 +406,7 @@
 , { "help", smtp_help, flush }
 , { "noop", err_noop, flush }
 , { "vrfy", err_vrfy, flush }
+, { "etrn", err_etrn, flush }
 , { 0, err_unimpl, flush }
 } ;
 

---

---

Try adding:

/usr/local/bin/setlock -nx Maildir/.poplock

between checkpassword and qmail-pop3d in your tcpserver command line.  For example:

tcpserver 0 pop-3 qmail-popup your.mail.host /bin/checkpassword /usr/local/bin/setlock 
-nx Maildir/.poplock
qmail-pop3d Maildir &

This will limit each POP3 user to only one session at a time.


Marek Narkiewicz wrote:

> I'm sorry if I haven't made myself clear on this occasion.
> I meant that I wish to limit spawnings per remote ip eg if a remote machine is 
>logged in to the popserver they
> cannot log in a second time
>
> On Wed, 9 Feb 2000 21:30:08 -0600 (CST), [EMAIL PROTECTED] wrote:
> >Here's what I would do.
> >
> >I'd run a different process on each IP...in bash pseudocode:
> >
> >for i in $(ifconfig | perl -ne '/inet addr:\d+(\.\d+){3}/ && print "$1 "'); do
> >       tcpserver opts $i port proggie
> >done
> >
> >I'm sure there are some sed/awk gurus that can run that command a whole
> >lot faster than my 4Mb perl interpreter, but it's quick and dirty, and
> >will grab all of your IPs (including IP aliases).
> >
> >Then you make sure to set concurrency on each tcpserver process.
> >
> >Ain't these tools wonderful?!
> >
> >-Martin
> >
> >--
> >Martin A. Brown --- Wonderfrog Enterprises --- [EMAIL PROTECTED]
> >
> >On Tue, 8 Feb 2000, Marek Narkiewicz wrote:
> >
> >:I am aware of that fact as I have read the man page.  But I appreciate the effort. 
>:-)
> >:Oh and I am subscribed so I don't need you to add me to the to: list.
> >:
> >:On Wed, 09 Feb 2000 15:44:26 -0500, [EMAIL PROTECTED] wrote:
> >:>> Would it be possible to lmit the number of spawns that
> >:>> tcpserver can make from one ip address concurrently to
> >:>> preven one ip spawning up to the limit of concurrent daemons
> >:>> and denying access to that daemon? I can't think
> >:>> of a way to do it from what i've read of the docs but it
> >:>
> >:>I don't know about the "one-ip" part, but tcpserver DOES
> >:>have a limit on the number of concurrent processes.  I
> >:>think it's the "-c" switch.  `man tcpserver` is quite
> >:>informative.
> >:>
> >:>
> >:>~Patrick
> >:--
> >:Marek Narkiewicz, Systems Director WelshDragon ltd
> >:[EMAIL PROTECTED]
> >:02/08/2000 at 23:22:36
> >:
> >:
> --
> Marek Narkiewicz, Systems Director WelshDragon ltd
> [EMAIL PROTECTED]
> 02/09/2000 at 03:48:41

--
Robert Sanderson <[EMAIL PROTECTED]>
http://www.ETRN.com

---

---

On Thu, Feb 10, 2000 at 04:32:59AM +0000, Robert Sanderson wrote:

> Try adding:
> 
> /usr/local/bin/setlock -nx Maildir/.poplock

I extended this idea a little for my site, to allow per-ip limits.
Suppose I only want to allow up to 3 connections from 1.2.3.4, I make a
wrapper around qmail-smtpd, which sequentially attempts to lock:

1.2.3.4.1
1.2.3.4.2
1.2.3.4.3

If any of them succeeds, the qmail-smtpd is allowed. Otherwise, it means
that there are already 3 sessions from 1.2.3.4, and the wrapper prints:

421 too many sessions

And exits. I had posted my shell scripts to the list a couple on months
ago. If anyone's interested, they can search the archives.

-- 
See complete headers for more info

---

---

TAG writes:
 > Is it possible to set a databytes file for a specific user that will
 > overide the system wide databytes file??

Only if that user has a fixed IP address.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | do for you..."  -Perry M.

---

---

Hello!  I know this is probably more appropriate in a Cyrus
mailing list, but I wrote this so qmail users can deliver
to their own mailbox in a secure fashion.

The script is explained in the comments.  Please review
it and let me know of any security holes that may be present
as well as ways to fix it.  It *should* be tight because
there is absolutely no user input anywhere.

If this script is satisfactory, copy it to

$CYRUS_BASE_DIR/bin/deliverwrapper.pl

Then execute, as root --
# chown cyrus.mail $CYRUS_BASE_DIR/bin/deliverwrapper.pl
# chmod 6751 $CYRUS_BASE_DIR/bin/deliverwrapper.pl 

and leave deliver mode 750 (as installed).

Now, any user can call the wrapper and deliver mail
to their own mailbox and no others.

If you wish to add any parameters, they may be added
to the $deliver_args variable.  Oh, I also assume
usernames only contain A-Z, a-z, 0-9, and "-.".  If you
have any other names, then you'll have to add them
yourself  and please let me know what you added so
I can do the same.


Again, please let me know of any shortcomings, bugs,
holes, praises, wtf's, etc.  :)


Thanks,

~Patrick



#!/usr/bin/perl

# Wrapper for securely (hopefully ;) calling Cyrus IMAPd's deliver program
# from any user.  This program accepts no arguments and will only deliver
# to the mailbox of the user using only the command line parameters supplied
# by this script.
#
# There is no user input except stdin, which is presumably a message.  If
# it's not a message, then it only munges their own mailbox.  (Actually,
# deliver will complain about invalid headers.)
#
# Calls deliver with -e -a $USER -- $USER
#

$deliver_exe = "/usr/local/cyrus/bin/deliver";
$deliver_args = "-e -a ";  # We tack on "$USER -- $USER" later.
$id_exe = "/usr/bin/id";
$username_chars = "-A-Za-z0-9.";

# Needed for security reasons
$ENV{'PATH'} = "";
$ENV{'BASH_ENV'} = "";

# We need to get the caller's UID
# There is probably a better way of doing this.
$id = `$id_exe`;

# Strip out the user's name and uid.
if( $id =~ /uid=([0-9]+)\(([$username_chars]+)\).*/) {
   $uid = $1;
   $user = $2;

   # Deliver the message
   $deliver_args .= "$user -- $user";
   open(DELIVER, "|$deliver_exe $deliver_args") || die "Can't open
deliver!";
   print DELIVER <STDIN>;
}  else {
   die("Cannot determine username!");
}

---

---

Hello List,

In order to support an unlimited number of virtual domains (and
consequently lots of users), does anyone know of a way to utilize qmail
w/ cyrus imap over a more than one server architecture?

I'm keen on having front end qmail servers accepting mail and
smtproute'ing it to back-end cyrus imap servers. The question is: when a
user imaps in, how can I authenticate the user to the appropriate
back-end cyrus server which holds their mail.

Pipe Dream? - thx eric

---

---

>In order to support an unlimited number of virtual domains (and
>consequently lots of users), does anyone know of a way to utilize qmail
>w/ cyrus imap over a more than one server architecture?
>
>I'm keen on having front end qmail servers accepting mail and
>smtproute'ing it to back-end cyrus imap servers. The question is: when a
>user imaps in, how can I authenticate the user to the appropriate
>back-end cyrus server which holds their mail.


    I don't know of any good, working solutions for redirecting users from a
"virtual" IMAP server to another physical server.  I think the direction
that this is supposed to take is use ACAP to find out your server and then
automatically go there.

    However, if you've got a bunch of virtual domains, why not have a bunch
of IMAP hosts and have each IMAP host pointed to by a number of
"imap.virtualdomain.com" names.  So, all the "virtualdomain.com" users point
to that, and if you need to move their server you just change DNS.  This
means that you can't split users from one virtdomain across multiple IMAP
servers, but with multiple IMAP servers you can balance "an unlimited number
of virtual domains."  You only run into trouble when one virtualdomain has
so many users it alone can overload one of your IMAP servers.

    Just a question - I don't virtual so there may be a great reason not to
that I don't know about.

-- Greg

---

---

When I try and send external mail I get the following message:

[Mail not sent: sorry, that domain isn't in my list of allowed rcpthosts
(#5]

I sending mail from Pine.

Thanks


Vivian Lal

---

---

 >Life is full of risks, Craig.  On an active mail server, a crash might
 >cause one out of a billion email messages to be lost (assuming a crash
 >ten times per year, a 1/30 chance of losing a file in each crash, and
 >a million messages a day).  That's 99.9999999% reliability, and those
 >estimates are WAY out of line with my real-world experience.  My Linux
 >server never *ever* crashed until it's CPU fan died -- not unless you
 >count the various times my cheezy colocation site lost power.
 >
 >Worry about significant risks in your life, like getting hit by a car.

Sorry about taking so long to reply to this, but it takes time to wipe
that much egg off one's face.  You see, I recently upgraded to
Debian's potato, which helpfully grovels through your lost+found
directories and reminds you if they're non-empty.  Well lookee here,
see what I found??  Yep.  Lost mail.  A bunch of files that should
have been in /var/qmail/queue, and were in /lost+found.  At least, I
don't remember having ever received that email, so I have to count it
as lost.

So yeah, Linux does seem to be able to lose mail.  On the other hand,
there were only four pieces of email lost in about fifty reboots.
Most people have the good sense to run Linux on reliable hardware and
then it never crashes.

Apologies to anyone whose intelligence or integrity I insulted.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | do for you..."  -Perry M.

---

---

On Wed, 9 Feb 2000, Russell Nelson wrote:

> Sorry about taking so long to reply to this, but it takes time to wipe
> that much egg off one's face.  You see, I recently upgraded to
> Debian's potato, which helpfully grovels through your lost+found
> directories and reminds you if they're non-empty.  Well lookee here,
> see what I found??  Yep.  Lost mail.  A bunch of files that should
> have been in /var/qmail/queue, and were in /lost+found.  At least, I
> don't remember having ever received that email, so I have to count it
> as lost.
> 
> So yeah, Linux does seem to be able to lose mail.  On the other hand,
> there were only four pieces of email lost in about fifty reboots.
> Most people have the good sense to run Linux on reliable hardware and
> then it never crashes.

This should not happen on orderly shutdowns.

They did, actually, find some obscure bug in ext2 filesystem code a couple
of months ago, which only shows up under extreme load conditions.
However, the filesystem corruption gets logged, so if you monitor the
syslog, you'd know when it happened.

--
Sam

---

---

Sam writes:
 > > So yeah, Linux does seem to be able to lose mail.  On the other hand,
 > > there were only four pieces of email lost in about fifty reboots.
 > > Most people have the good sense to run Linux on reliable hardware and
 > > then it never crashes.
 > 
 > This should not happen on orderly shutdowns.

Right, these were ... "unscheduled" shutdowns.  My desktop is slightly 
unreliable because its fan is insufficient for cooling the processor.
It's gotten a lot better since I put some silicon heat sink grease on
it.  However, the machine still crashes from time to time.  And
apparently a few times it lost mail.

One of these days I'm going to spend some of my ill-gotten gains on a
new machine.  Then again, maybe I'll keep this one for a while, if
only to temper my hubris.

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | do for you..."  -Perry M.

---

---

On Thu, Feb 10, 2000 at 12:47:08AM -0500, Russell Nelson wrote:
> However, the machine still crashes from time to time.  And
> apparently a few times it lost mail.

I guess my fsync patch would have helped.

---

---

I guess its my turn to put some egg on my face.  The patch that I had included earlier 
also had some ETRN related changes in it.  Below is the relevant portion of the patch:

--- qmail-smtpd.c.orig  Fri Nov 12 23:08:08 1999
+++ qmail-smtpd.c       Wed Dec  8 23:01:18 1999
@@ -47,7 +47,7 @@
 void die_nomem() { out("421 out of memory (#4.3.0)\r\n"); flush(); _exit(1); }
 void die_control() { out("421 unable to read controls (#4.3.0)\r\n"); flush(); 
_exit(1); }
 void die_ipme() { out("421 unable to figure out my IP addresses (#4.3.0)\r\n"); 
flush(); _exit(1); }
-void straynewline() { out("451 See http://pobox.com/~djb/docs/smtplf.html.\r\n"); 
flush(); _exit(1); }
+void straynewline() { out("551 See http://pobox.com/~djb/docs/smtplf.html also, NT 
+users see http://support.microsoft.com/support/kb/articles/Q224/9/83.ASP\r\n"); 
+flush(); _exit(1); }

 void err_bmf() { out("553 sorry, your envelope sender is in my badmailfrom list 
(#5.7.1)\r\n"); }
 void err_nogateway() { out("553 sorry, that domain isn't in my list of allowed 
rcpthosts (#5.7.1)\r\n"); }



Sorry for the wasted bandwidth.

Bob

--
Robert Sanderson <[EMAIL PROTECTED]>
http://www.ETRN.com

---

---

[EMAIL PROTECTED] writes:
 > We are presently Qmail 1.03.  We added a virtual domain.  To route the mail
 > to the virtual domain users, we had to add an alias for each user.  We're
 > actually routing the mail for that domain to a specific mail server.  Is
 > there a way to route that email w/o adding an alias for each emember of that
 > domain.

Hmmm....  I don't remember anyone answering your question.  Basically, 
the answer is "yes".  When mail comes in to a virtualdomain, it's
controlled by the right-hand side.  Let's say that mail for
example.com is controlled by alias-example.  And let's also say that
all users @example.com should be delivered to example.crynwr.com.
You'd do it like this:

~alias/.qmail-example-default would contain:
|forward "$[EMAIL PROTECTED]"

-- 
-russ nelson <[EMAIL PROTECTED]>  http://russnelson.com
Crynwr sells support for free software  | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213  | +1 315 268 9201 FAX   | do for you..."  -Perry M.

---

---

I must appologize....looks like I'm going to be reloading a server here
soon.....:-)

I have 2 servers set up almost identical...but with different histories.
One was a fresh RedHat 6.0 install upgraded to 6.1
the other was a RH 4/5.2/6.0/6.1 upgraded server.....
I've had problems with 2 rpm's now that install just fine...but don't run
correctly.  No rhyme or reason.

Courier-imap compiles...installs....won't run.
Zope ....compiles(from source rpm)....installs...runs.....but i can't log in
to manage

These 2 flukes have happened on the same server......and using the same
software, work fine on my other one.

Sorry for the snide remarks about courier not working from the rpm......
I should know by now to test on 2 servers before comenting.

Thanks,
Barry Smoke
Network Admin
Bryant Public Schools

-----Original Message-----
From: Sam <[EMAIL PROTECTED]>
Cc: Qmail <[EMAIL PROTECTED]>
Date: Tuesday, February 08, 2000 9:38 PM
Subject: Re: courier-imap rpm


>On Tue, 8 Feb 2000, Barry Smoke wrote:
>
>> I will say that I was impressed about the rpm building straight from the
>> tarball.....but it should also work after installation.
>
>It works for me.
>
>--
>Sam
>
>
>

---

---

On Feb 02 2000, [EMAIL PROTECTED] wrote:
> Hello all qmailers!
> 
> I'm new to qmail, so I'm still getting my sea legs. One question that has
> come up is how does qmail handle delivery problems and what schedule does it
> use?
> 
> I think I've found the retry schedule...
> 
> t(0) = start time [secs]
> t(i) = t(0) + (sqrt(t(i - 1) - t(0)) + 10)^2  [Local]
> t(i) = t(0) + (sqrt(t(i - 1) - t(0)) + 20)^2  [Remote]

        Yes, that's right. But what about writing it this way

        t(i) = t(0) + (c*i)^2,

        where c = 10 or 20, for local and remote deliveries? This
        shows more clearly the so often claimed quadratic delivery
        behaviour that qmail possesses.

        This is basically what is computed by the function
        next_retry() in the qmail-send.c source.

> But I can't seem to find how qmail decides to give up on delivering
> a msg.  My experience is that it's around 3 days, but I'd like to
> know exactly.  Anyone know where/how this is handled ?

        From qmail-send.c:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(...)
int lifetime = 604800;
(...)
         if (jo[d[c][delnum].j].flagdying)
          {
           dline[c].s[1] = 'D';
           --dline[c].len;
           while (!stralloc_cats(&dline[c],"I'm not going to try again; this message
has been in the queue too long.\n")) nomem();
           while (!stralloc_0(&dline[c])) nomem();
          }
(...)
   jo[pass[c].j].retry = nextretry(birth,c);
   jo[pass[c].j].flagdying = (recent > birth + lifetime);
(...)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

        Well, as an aside, what do you guys use to mirror cr.yp.to? I
        tried using some programs, but they don't understand djb's ftp
        listing format... :-(

        I tried using Uwe Ohse's ftpcopy, but it still has some bugs
        (which do not bother me very much, since I can tolerate them),
        but it is slow. :-(


        []s, Roger...

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  Rogerio Brito - [EMAIL PROTECTED] - http://www.ime.usp.br/~rbrito/
     Nectar homepage: http://www.linux.ime.usp.br/~rbrito/opeth/
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

---

---

HI ALL,

I have used the maxrcpts patch and I want to configure it so that
certain user groups can have different settings to others.

The problem is I do not want them to be set by IP as we assign IP's to
dial-up users

PLESE HELP

MANY THANKS
Tonino

---

---

On Thu, Feb 10, 2000 at 11:48:11AM +0200, TAG wrote:
> I have used the maxrcpts patch and I want to configure it so that certain
> user groups can have different settings to others.
> 
> The problem is I do not want them to be set by IP as we assign IP's to
> dial-up users

If you don't disinguish one user from another by IP, how do you propose to do
it?

Chris

---