qmail Digest 30 May 2000 10:00:00 -0000 Issue 1017
Topics (messages 42434 through 42468):
Re: SMTP SIZE command? --> Ignore previous post!!!
42434 by: Will Harris
Re: SMTP SIZE command?
42435 by: Petr Novotny
42458 by: Rodrigo Severo
42467 by: Will Harris
Re: IMHO, qmail should exit ....
42436 by: Peter van Dijk
42439 by: Robert Sander
42440 by: Peter van Dijk
42455 by: Russell Nelson
42456 by: Robert Sander
42457 by: Peter van Dijk
I can't resolve problem with ISP and PPP
42437 by: Sinisa Malesevic
42454 by: Jörgen Persson
Re: smtp-auth and 421 out of memory
42438 by: Denise Williams
Re: qmail+patches RPM + logging
42441 by: Christian Wiese
Re: smtp-auth and MS Outlook Express 5
42442 by: Denise Williams
42443 by: Peter van Dijk
42444 by: Petr Novotny
42447 by: Krzysztof Dabrowski
42448 by: Petr Novotny
42450 by: Krzysztof Dabrowski
42451 by: Petr Novotny
42452 by: Krzysztof Dabrowski
Mail Routing question
42445 by: david.heydari.sl.se
Re: POP and biff
42446 by: Chris Johnson
qmail-smtpd-auth 0.24
42449 by: Krzysztof Dabrowski
Re: I want to leave this list
42453 by: Tullio Andreatta
42460 by: Troy Frericks
qmail + vpopmail error
42459 by: Christian Wiese
42461 by: Andy Grimberg
tcpserver & ftpd
42462 by: Craig Tickle
42463 by: Chris Johnson
Re: A good book for qmail
42464 by: Tim O'Reilly
help - very slow POP3 mail retrieval
42465 by: Greg Jorgensen
Problems with IPv4 mapped IPv6 Addresses
42466 by: Erwin Hoffmann
vpopmail + qmail
42468 by: Toni
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Sorry, I just realised I forgot about the "-" conventions... this is the correct patch. regards, Will At 20:11 27.05.2000, Jim Breton wrote: >Are there any patches available that will make qmail support the RFC 1870 >SMTP SIZE extension? > >(I tried searching the ORNL list archive but since the word "size" is >returned with every response, my search was useless and returned tons of >irrelevant responses. :( ) > >Thanks. Here's one: *** qmail-smtpd.c.orig Mon May 29 11:54:41 2000 --- qmail-smtpd.c.new Mon May 29 11:54:59 2000 *************** *** 227,235 **** --- 227,242 ---- smtp_greet("250 "); out("\r\n"); seenmail = 0; dohelo(arg); } + char size_buf[FMT_ULONG]; + void smtp_size() + { + size_buf[fmt_ulong(size_buf,(unsigned long) databytes)] = 0; + out("250 SIZE "); out(size_buf); out("\r\n"); + } void smtp_ehlo(arg) char *arg; { smtp_greet("250-"); out("\r\n250-PIPELINING\r\n250-8BITMIME\r\n"); + smtp_size(); seenmail = 0; dohelo(arg); } void smtp_rset() regards, Will __________________________________________________________________________ "I was going to be a Neo-Deconstructivist, but Mom wouldn't let me..." multimedia laboratorium [EMAIL PROTECTED] institut fuer informatik (pgp id) F703D035 der universitaet zuerich (office) +41 1 635 4346 winterthurerstr. 190 (fax) +41 1 635 6809 ch-8057 zuerich (mobile) +41 76 372 0913 switzerland www.ifi.unizh.ch/~harris __________________________________________________________________________
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29 May 00, at 11:56, Will Harris wrote: > void smtp_ehlo(arg) char *arg; > { > smtp_greet("250-"); out("\r\n250-PIPELINING\r\n250 > 8BITMIME\r\n"); > + smtp_size(); Not quite; you'd need "250-8BITMIME" instead of "250 8BITMIME" and also you'd need "250 SIZE" instead of "250-SIZE" (if SIZE is the last line of the EHLO reply). -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOTIx/FMwP8g7qbw/EQIOAwCdFMRmehiTNIZaFfbhxE4ZiAOdH24An3YC iJOWAbMlDBrgaovWmzcFPaqp =6pTf -----END PGP SIGNATURE----- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
I was just taking a look at RFC 1870. Just at the end section: "7. Minimal usage" I found: "A minimal server (...) must accept the extended MAIL command and return a 552 reply code if the client's declared size exceeds its fixed size limit (if any), but it need not detect "temporary" limitations on message size." Won´t we need this extra feature do use the SIZE extention properly? I am asking this AFTER I put Will Harris patch to work... Bad timing, uh? Anyway my smtp server has it and the gretting part seems to be working just fine. Rodrigo Severo Will Harris wrote: > > Sorry, I just realised I forgot about the "-" conventions... this is the > correct patch. > > regards, > Will > > At 20:11 27.05.2000, Jim Breton wrote: > >Are there any patches available that will make qmail support the RFC 1870 > >SMTP SIZE extension? > > > > Here's one: > > *** qmail-smtpd.c.orig Mon May 29 11:54:41 2000 > --- qmail-smtpd.c.new Mon May 29 11:54:59 2000 > *************** > *** 227,235 **** > --- 227,242 ---- -- ------------------------------------------- Fábrica de Idéias sbs - ed. empire center - bl. s - sala 109 cep 70070-904 - brasília-df - brazil tel: (61) 321 1357 fax: (61) 321 6096 [EMAIL PROTECTED] -------------------------------------------
On 23:33 29.05.2000, Rodrigo Severo could be heard musing >I was just taking a look at RFC 1870. Just at the end section: "7. >Minimal usage" I found: > >"A minimal server (...) must accept the > extended MAIL command and return a 552 reply code if the client's > declared size exceeds its fixed size limit (if any), but it need not > detect "temporary" limitations on message size." > >Won´t we need this extra feature do use the SIZE extention properly? > >I am asking this AFTER I put Will Harris patch to work... Bad timing, >uh? > >Anyway my smtp server has it and the gretting part seems to be working >just fine. > > Well, to be strict I guess so... but that requires a bigger patch ;-) The thing is, *I* think an MTA should check the response it receives to an EHLO command, and check the SIZE parameter internally before deciding whether to send a message or not (assuming it implements SIZE limitations). Unfortunately, I don't think many MTAs do (sendmail doesn't)... It's a half-measure patch I guess, but it perhaps does the job sometimes. I'll look at how much work the other bit of the RFC requires. regards, Will __________________________________________________________________________ "I was going to be a Neo-Deconstructivist, but Mom wouldn't let me..." multimedia laboratorium [EMAIL PROTECTED] institut fuer informatik (pgp id) F703D035 der universitaet zuerich (office) +41 1 635 4346 winterthurerstr. 190 (fax) +41 1 635 6809 ch-8057 zuerich (mobile) +41 76 372 0913 switzerland www.ifi.unizh.ch/~harris __________________________________________________________________________
On Mon, May 29, 2000 at 09:48:09AM +0200, Robert Sander wrote: > On Mon, May 29, 2000 at 06:19:46AM -0000, Russell Nelson wrote: > > It's *always* a mistake for an alias to match a real user's name. > > No, I do not think so. It is even impossible to determine all the aliases at > startup, because the underlying system is a "living" one. And in ~alias > there may exist .qmail-user entries for existing users. They are used when > the homedir of the user is not accessible. Russell is stating that it is always a mistake for an alias to match a real user. Russell is not stating qmail should do this, he just throws this observation in to enhance his point. He's not saying (and I don't think he would :) that it's feasible to check that at startup. For the 'unaccessible homedir' part: you have a good point, but users/assign is really a much better solution for that. Greetz, Peter. -- [EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
On Mon, May 29, 2000 at 12:23:54PM +0200, Peter van Dijk wrote: > For the 'unaccessible homedir' part: you have a good point, but > users/assign is really a much better solution for that. Yes, but this is just another place for me to define aliases, or not? And why it is so much better than plain ~alias/.qmail, performance left aside? Greetings -- Robert Sander www.gurubert.de
On Mon, May 29, 2000 at 01:28:19PM +0200, Robert Sander wrote: > On Mon, May 29, 2000 at 12:23:54PM +0200, Peter van Dijk wrote: > > For the 'unaccessible homedir' part: you have a good point, but > > users/assign is really a much better solution for that. > Yes, but this is just another place for me to define aliases, or not? > And why it is so much better than plain ~alias/.qmail, performance left aside? It's much easier to keep an overview in one file instead of in ~alias. Greetz, Peter. -- [EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
Peter van Dijk writes: > He's not saying (and I don't think he would :) that it's feasible to check > that at startup. Actually, I do. It would be quite reasonable to run through the files in ~alias to see if qmail-getpw or users/assign returns a match for any of them. If so, qmail should not start up, because something is Obviously Wrong. I'm not talking about -default files, just the rest of them. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | "Ask not what your country 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
On Mon, May 29, 2000 at 01:25:14PM -0400, Russell Nelson wrote: > any of them. If so, qmail should not start up, because something is > Obviously Wrong. I'm not talking about -default files, just the rest > of them. No, I do not think that there is something wrong when there are alias entries for existing users. I need them, because I have some of my users homedir mounted via an unreliable network. Greetings -- Robert Sander www.gurubert.de
On Mon, May 29, 2000 at 09:18:11PM +0200, Robert Sander wrote: > On Mon, May 29, 2000 at 01:25:14PM -0400, Russell Nelson wrote: > > any of them. If so, qmail should not start up, because something is > > Obviously Wrong. I'm not talking about -default files, just the rest > > of them. > > No, I do not think that there is something wrong when there are > alias entries for existing users. I need them, because I have > some of my users homedir mounted via an unreliable network. That's what users/assign is for. Greetz, Peter. -- [EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
I cant resolve my problem then I must try to describe my configuration.
We have a LAN with 9 workstation (all windows 95/98/NT) and on one PC is DNS with Windows NT 4.0 . Our ISP is eunet.yu (mail servers are relay.eunet.yu (SMTP) and solair.eunet.yu (POP)) and we connect with dial up. Our local domen is named infor.co.yu.
On my PC (named oper) is RED HAT 6.0. and is connected on isp with dial up.
We would like to use my PC like mail server and we would like all workstation send mails over my PC.
We have viritual domens infor.co.yu and motor.com and users have mail address like: [EMAIL PROTECTED]
POP server is started like:
tcpserver 0 110 /var/qmail/bin/qmail-popup oper.infor.co.yu \
/home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir &SMTP server is started like:
tcpserver -x/etc/smtp.smtp.cdb -u502 -g501 0 smtp /var/qmail/bin/smtp-smtpd &I make a maildir for outgoing mail in the "alias" home directory (/var/qmail/alias) like:
#maildirmake ~alias/pppdirI put ./pppdir/ into ~alias/.qmail-ppp-default and :alias-ppp into /var/qmai/control/viritualdomains
For masquerade my local name with name of ISP I added "[EMAIL PROTECTED]:alias-eunet.yu"
On file ./qmail-eunet.yu-myispusername (/var/qmail/alias) I added one line "&[EMAIL PROTECTED]"
I when I established PPP conection with my ISP (I determine my ppp IP with ifconfig) I use command like this:
# /usr/local/bin/mailsirsmtp /var/qmail/alias/pppdir alias-ppp- solair.eunet.yu MyIP
I get this:
"tcpclient:unable to connect to solair.eunet.yu on port 25: host unreachable
maildirserial:fatal:making no progress,giving up"I try to ping 194.247.192.52 and it is OK (194.247.192.52=ip of solair.eunet.yu)
WHAT IS WRONG.
How I automate process for sending and receive messages
I do not try to get messages from my ISP
PS: sorry for my bad english
On Mon, May 29, 2000 at 01:13:09PM +0200, Sinisa Malesevic wrote: > I cant resolve my problem then I must try to describe my configuration. > > We have a LAN with 9 workstation (all windows 95/98/NT) and on one PC > is DNS with Windows NT 4.0 . Our ISP is eunet.yu (mail servers are > relay.eunet.yu (SMTP) and solair.eunet.yu (POP)) and we connect with > dial up. Our local domen is named infor.co.yu. [snip] > # /usr/local/bin/mailsirsmtp /var/qmail/alias/pppdir alias-ppp- > solair.eunet.yu MyIP ^^^^^^^^^^^^^^^ maildirsmtp wants your ISP's SMTP - that is: # /usr/local/bin/mailsirsmtp /var/qmail/alias/pppdir alias-ppp- relay.eunet.yu MyIP [snip] > How I automate process for sending and receive messages [snip] PPP usually gives you that ability. On my system (Linux Debian, Potato) I'll find the main script at /etc/ppp/ip-up and the 'subscripts' under /etc/ppp/ip-up.d/ -- Jörgen Persson
Hello again, Some more info on the situation: %telnet myserver 25 Server: 220 myserver.com ESMTP Client: ehlo Server: 250-myserver.com Server: 250-AUTH=LOGIN CRAM-MD5 PLAIN SERVER: 250-AUTH LOGIN CRAM-MD5 PLAIN SERVER: 250 PIPELINING SERVER: 250 8BITMIME CLIENT: AUTH LOGIN SERVER: VXNlmc5hbWU6 CLIENT: <username in base64> server: UGF2c3dvcmQ6 client: <password in base64> server: 421 out of memory #4.3.0 server: 535 authorization failure Note that this is not a capture of what outlook express does, rather just telnetting into the server to see around. I am running a stock qmail program aside from the patch for oversize DNS lookups from http://www.ckdhr.com/ckd/qmail-103.patch Has anybody else seen this 421 out of memory error? This is my test machine with 256 Meg and nobody logged on, with an empty mailqueue. Best regards, Denise ------Original Message------ From: Denise Williams <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: May 29, 2000 9:32:33 AM GMT Subject: smtp-auth and MS Outlook Express 5 Hello, I am having problems using smtp-auth from an MS Outlook Express 5 client. Namely I can do pop but I can't smtp-auth. I can also smtp. My setup: Server: Running Linux 2.2.12-20, Redhat 6.1 Qmail-1.03 tcpserver out of ucspi-tcp-0.88 supervise out of daemontools-0.70 SMTP-AUTH patch: http://members.elysium.pl/brush/qmail-smtpd-auth/dist/qmail-smtpd-auth-0.23.tar.gz Client: Windows 2000/Outlook Express 5 On the Unix side my qmail-smtpd command looks as follows: /usr/local/bin/tcpserver -v -p -x /etc/tcp.smtp.cdb -u $QMAILDUID -g $NOFILESGID 0 smtp rblsmtpd /var/qmail/bin/qmail-smtpd /bin/checkpassword /bin/true /bin/cmd5checkpw /bin/true Here is the problem: I can do pop but I can't do smtp-auth. The client comes back and keeps asking for the username and password combo over and over again. Since I can do pop with the same username/password, I don't think either checkpassword or the username/password has a problem. Doing non-authenticated smtp works fine as well. Also: What I am interested in doing is allow relaying from smtp-authenticated clients and not allow relaying from anybody else. Any pointers on how to do that? Best regards, Denise ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Hi Peter, thank you very much for your help. Now the logging mechanism is working nice. Thanks Christian Peter Green schrieb: > also sprach cw: > > Hi all, > > > > for my previous qmail installations I used the "Memphis" RPMS. > > Today I've tried to setup a qmail server with the latest qmail+patches > > RPM from Bruce. > > The base system is up and running, but I can't find any logfiles. > > Where can I find some logfiles ? > > Could somebody explain me the logging machanism. > > You could also ask this on the rpms mailing list Bruce has set up for this > application. Send mail to <[EMAIL PROTECTED]> to subscribe. > > Anyhoo, the default for the RPM is to use splogger. This sends log entries > to syslog for processing. > > To set it up differently, you have two options: > > 1) <http://em.ca/~bruceg/qmail+patches/loggers/> Choose your preferred > logging method and install the appropriate RPM. I don't do this so I can't > help much beyond this... > > 2) Put your desired logging mechanism in /var/qmail/control/logger and it > will be used instead of splogger. I have the following in mine: > > /usr/bin/multilog t s100000 /var/log/{} > > This sticks the multilog entries in /var/log/SERVICE, where SERVICE is > `qmail', `pop3d', `smtpd', or whatever. > > HTH! > > /pg > -- > Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED] > --- > > : Any porters out there should feel happier knowing that DEC is shipping > > : me an AlphaPC that I intend to try getting linux running on: this will > > : definitely help flush out some of the most flagrant unportable stuff. > > : The Alpha is much more different from the i386 than the 68k stuff is, so > > : it's likely to get most of the stuff fixed. > > > > It's posts like this that almost convince us non-believers that there > > really is a god. > (A follow-up by [EMAIL PROTECTED], Anthony Lovell, to Linus's > remarks about porting)
Hi, I received mail from Krzysztof Dabrowski that solved my problem. solution: /bin/checkpassword needs to be suid'ed to root for those systems using shadow passwords. Best regards, Denise ------Original Message------ From: Denise Williams <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: May 29, 2000 9:32:33 AM GMT Subject: smtp-auth and MS Outlook Express 5 Hello, I am having problems using smtp-auth from an MS Outlook Express 5 client. Namely I can do pop but I can't smtp-auth. I can also smtp. ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
On Mon, May 29, 2000 at 08:52:05AM -0400, Denise Williams wrote: > Hi, I received mail from Krzysztof Dabrowski that solved my problem. > > solution: /bin/checkpassword needs to be suid'ed to root for those systems > using shadow passwords. Do not, EVER, do that. The moment you do, checkpassword becomes a /bin/su replacement without any logging or limiting. Greetz, Peter. -- [EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29 May 00, at 8:52, Denise Williams wrote: > solution: /bin/checkpassword needs to be suid'ed to root for those > systems using shadow passwords. Don't do that! You have just created a target for a dictionary attack; suid /bin/checkpassword is /bin/su without bad attempts logging (and with somewhat unusual interface). If you definitely need to run /bin/checkpassword as root, it's healthier to run tcpserver on port 25 as root (not as qmaild) and drop root after checking name and password. It's still far from being ideal, though. On a PAMified system, you should be able to get away with it without running code as root (root is neccessary to install the PAM script in /etc/pam.d only). -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOTJb5lMwP8g7qbw/EQKDCwCfYAjiqKwfaBU8AxRUu/rVcBBV88IAoIHO 0nw4CFMIbsIxi+OpMqRT8qvj =Lh5Y -----END PGP SIGNATURE----- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
>Do not, EVER, do that. The moment you do, checkpassword becomes a /bin/su >replacement without any logging or limiting. Don't you think that this histeric reaction is a bit too far? checkpassword is certainly safer suid program that most of suids in your system. And another one: >Don't do that! You have just created a target for a dictionary attack; >suid /bin/checkpassword is /bin/su without bad attempts logging >(and with somewhat unusual interface). >If you definitely need to run /bin/checkpassword as root, it's >healthier to run tcpserver on port 25 as root (not as qmaild) and >drop root after checking name and password. It's still far from being >ideal, though. >On a PAMified system, you should be able to get away with it >without running code as root (root is neccessary to install the PAM >script in /etc/pam.d only). On PAMified system you can still use it as dictionary cracker :) all in all, on a non-shell system (like most ISP's mail servers) where only admins have shell access. making checkpassword suid is nothing bad. CERTAINLY not as bad as you portrait it. Kris
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29 May 00, at 15:31, Krzysztof Dabrowski wrote: > Don't you think that this histeric reaction is a bit too far? > checkpassword is certainly safer suid program that most of suids in > your system. No it is not. Any program which allows to enumerating /etc/shadow is a gaping security hole. Full stop. checkpassword is "safe" only in the sense that there's no buffer overflow or race condition or something like that. It has been designed to read /etc/shadow. However, reading /etc/shadow _must_ be limited to root - that's essential. Please not DJB's installation instructions: Not only don't make it suid root, but don't even make it runnable by non-root; chmod 700 is what djb suggests. > On PAMified system you can still use it as dictionary cracker :) Yes; but after each attempt the system sleep()s before answering, and after this (three?) many failed attempts, an entry in the logs is generated. So you can use a dictionary; but only with like ten attempts per day to go unnoticed. > all in all, on a non-shell system (like most ISP's mail servers) where > only admins have shell access. making checkpassword suid is nothing > bad. CERTAINLY not as bad as you portrait it. On a box where only root is ever allowed, you're right. As soon as there's a single non-root login account, suid checkpassword is a no way. (Once the users can upload their cgi scripts, php pages, edit their .qmail files, they can spawn off the dictionary attack.) It's as simple as that. -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOTJlE1MwP8g7qbw/EQIfSgCdGePRM/BLCwHOzbH/fX9ajCZPx6AAoKLe l54ewNpLjzes+7CoGJQOqnQK =34Bd -----END PGP SIGNATURE----- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
>It's as simple as that. so we finally need a good , versatile solution for it. Because a lot of users have problems with it and not everyone wants to go ahead and patch his way through qmail-smtpd. Brush
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 29 May 00, at 15:49, Krzysztof Dabrowski wrote: > so we finally need a good , versatile solution for it. Because a lot > of users have problems with it and not everyone wants to go ahead and > patch his way through qmail-smtpd. I'm not completely sure how the authenticated SMTP conversation looks like. You have two possible approaches: 1. qmail-popup like. You start SMTP conversation as a root, grab a username/password, verify it, drop root and go on. (That's what qmail-popup -> checkpassword -> qmail-pop3d sequence accomplishes.) 2. pam_pwdb like. You patch qmail-smtpd to fork()/exec() an external program to check the password. That program is suid and is executable only for root and group of qmaild user (nofiles - doh! create a special group for qmaild user, and don't put anyone else in it). The program also has the correct logging of failed attempts and correct timeouts. [I am leaving aside other approaches like having an extra database for smtp-auth passwords, and not touching /etc/shadow. It's not a bad idea either, though. That database now can be limited to qmaild user - and there you go!] -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOTJpTVMwP8g7qbw/EQI2gwCfb+ZiquKkl8MpH6KuQSBu2HSfNFYAnj/p izVg5r5r5qNJ55rhs9LLZnvd =+5ek -----END PGP SIGNATURE----- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
>I'm not completely sure how the authenticated SMTP conversation >looks like. You have two possible approaches: > >1. qmail-popup like. You start SMTP conversation as a root, grab a >username/password, verify it, drop root and go on. (That's what >qmail-popup -> checkpassword -> qmail-pop3d sequence >accomplishes.) possible but requires major rewrite of both programs (new qmail-popup (smtpup) and qmail-smtpd). >2. pam_pwdb like. You patch qmail-smtpd to fork()/exec() an >external program to check the password. That program is suid and >is executable only for root and group of qmaild user (nofiles - doh! >create a special group for qmaild user, and don't put anyone else in >it). The program also has the correct logging of failed attempts and >correct timeouts. so this is basicaly what i have now except that logging (= make checkpassowrd suid and accessible only to root and qmaild). Kris
Hi Everybody, We use qmail as a mail gateway on two different boxes, one for incoming mail (incomingmail.foo.com), and one for outgonig mail "outgoingmail.foo.com". All incoming mail at "incomingmail.foo.com" sends to the internal networks, and there is no users account on the "incomingmail.foo.com", the file "smtproutes" looks like this: SubDomain1.foo.com:SomeMailserver.foo.com SubDomain2.foo.com:AnotherMailserver.foo.com foo.com:internal_mailserver.foo.com and so on... The question is: How kan i route incoming mail per user basis, i.e. mail for "[EMAIL PROTECTED]" should go to say "[EMAIL PROTECTED]" Best regards David Heydari
On Mon, May 29, 2000 at 04:57:29AM -0400, Larry Lindsay wrote: > I have installed qmail using Maildirs on my Linux box (Slackware). I have a > couple of questions: > > I tried setting up a pop toaster, but it is not working. Instead of looking > for the messages in the Maildirs, it looks for the messages in > /var/spool/mail/user instead. my rc file is as follows: > > exec env - Path="var/qmail/bin:$PATH" \ > qmail-start "'cat /var/qmail/control/defaultdelivery'" splogger qmail # Change ' to ` above, i.e. exec env - Path="var/qmail/bin:$PATH" \ qmail-start "`cat /var/qmail/control/defaultdelivery`" splogger qmail > tcpserver 0 110 /var/qmail/bin/qmail-popup bummer.net \ > /bin/checkpassword /var/qmail/bin/qmail-pop3d Maildir & > > when testing my pop connection, I get the following: > > $ telnet localhost 110 > Trying localhost... > Connected to bummer.net. > Escape character is '^]'. > +OK <[EMAIL PROTECTED]> > user popuser > +OK > pass > +OK 0 messages ready for popuser in /var/spool/mail/popuser This doesn't look like anything qmail-pop3d would say. Check /etc/inetd.conf and see if you're running another POP server. Chris
Hello.. New version of qmail-stmpd-auth patch is available at: http://members.elysium.pl/brush/qmail-smtpd-auth/ It fixes a nasty problem with cram-md5 auth. It worked perfectly for me for 2 months and i've found the bug only recently. Brush
>>How I do to leave this list ? > >we see a lot of these messages coming across. >did you think of a header or footer, with some text like: > >------ >to unsubscribe, send a message to [EMAIL PROTECTED] >to view the archive, take a look at: http://www.where.the/archive/is >------ > >most of the mailing lists i am subscribed have something like this. Most of the mailing lists I'm subscribed have these "newbie help" footers. But I see a lot of "How I do to leave this list ?" even on these lists ... How about this footer? -- Do not ask us how to unsubscribe. You can't. If you don't want to receive these messages, please quit Internet. -- ;-) -- Tullio Andreatta Logicom s.r.l. - Via L.Gambara, 55 - I-25100 Brescia ITALY [EMAIL PROTECTED] http://www.logicom.it/
This has been beat to death. Let it die. # At 12:35 PM 5/29/00 , Tullio Andreatta wrote: >>>How I do to leave this list ? >> >>we see a lot of these messages coming across. >>did you think of a header or footer, with some text like: >> >>------ >>to unsubscribe, send a message to [EMAIL PROTECTED] >>to view the archive, take a look at: http://www.where.the/archive/is >>------ >> >>most of the mailing lists i am subscribed have something like this. > >Most of the mailing lists I'm subscribed have these "newbie help" footers. >But I see a lot of "How I do to leave this list ?" even on these lists ... > >How about this footer? >-- >Do not ask us how to unsubscribe. You can't. If you don't want to receive >these messages, please quit Internet. >-- > >;-) > > >-- >Tullio Andreatta Logicom s.r.l. - Via L.Gambara, 55 - I-25100 Brescia ITALY >[EMAIL PROTECTED] http://www.logicom.it/
Hi all, I've installed qmail (RPM from Bruce) and vpopmail 3.4.11-2. Authentication is done via MySQL 3.22.32-1 I've installed the first virtualdomain and added the first user, and everything is ok. After some time I get the message "Sorry,no mailbox here by that name" for the same user. If I delete the virtualdomain and add the domain and the user again, the user is able to get messages for a short time, and I'll get the error message again. Does anybody knows what's going wrong ? Thank you, Christian
Yeah I just had this problem and Drazen Ferencic on the vpopmail list helped. Here's the solution: In cron.hourly there is a script that the rpm installs. If you remove this script everything will start working properly. Basically the script checks on an hourly basis looking for if new _users_ were added to the machine and cleaning up the users CDB. The drawback to this is that it cleans it of any VD that vpopmail adds in. -Andy- On Mon, 29 May 2000, you wrote: > Hi all, > > I've installed qmail (RPM from Bruce) and vpopmail 3.4.11-2. > Authentication is done via MySQL 3.22.32-1 > I've installed the first virtualdomain and added the first user, and > everything is ok. > After some time I get the message "Sorry,no mailbox here by that name" > for the same user. > If I delete the virtualdomain and add the domain and the user again, the > user is able to get messages for a short time, and I'll get the error > message again. > Does anybody knows what's going wrong ? > > Thank you, > > Christian -- Andrew J. Grimberg Programmer WebSuite.com 206-988-2233 ------------------------------------------------------- -- Andrew J. Grimberg Programmer WebSuite.com 206-988-2233
Hi, Not a qmail question I know, but after installing qmail, (no problems) I thought it would probably be a good idea to run ftpd under tcpserver so tried the command /usr/local/bin/tcpserver -x /etc/tcp.ftp.cdb 0 ftp in.ftpd -l -a where tcp.ftp.cdb was constructed from 192.168.0.:allow :deny however the command never completes and I have to issue ctrl-C to get back to the command prompt - what have I missed ? System is Redhat 6.1 Regards Craig Tickle Design Engineer ADP Industries [EMAIL PROTECTED]
On Tue, May 30, 2000 at 01:40:12PM +1200, Craig Tickle wrote: > Not a qmail question I know, but after installing qmail, (no > problems) I thought it would probably be a good idea to run ftpd > under tcpserver > > so tried the command > > /usr/local/bin/tcpserver -x /etc/tcp.ftp.cdb 0 ftp in.ftpd -l -a > > where tcp.ftp.cdb was constructed from > 192.168.0.:allow > :deny > > however the command never completes and I have to issue ctrl-C to > get back to the command prompt - what have I missed ? Stick an & at the end to put it in the background. Chris
Darren Wyn Rees wrote: > > On Thu, May 18, 2000 at 01:45:03PM +0200, > Peter van Dijk wrote in [EMAIL PROTECTED] : > > > > Can anyone recommend a good all round book for qmail? > > > Something like an O'Rielly book > > > > The O'Reilly book is Not There Yet(tm). > > I wrote to O'Reilly about a year and a half ago, and they said > the Qmail book would be ready "soon". > > I wrote to O'Reilly again about a fortnight ago, and they said > one of the authors had "dropped out" and it would not be ready > soon. > > Now, my 'Ask Tim' qmail question... What *is* really happening, Tim ? > > Darren > What *is* really happening is just what you heard a fortnight ago. It happens all the time: authors say that they can get something done, but then they can't. All this was complicated by the fact that Dan B. was apparently saying a new version is afoot, but was not willing to say just when it would arrive. I poked John Levine, who is the author of the pair who has worked with O'Reilly before, and who I know can get the book done if he gets his other committments out of the way, and here's what he said: John Levine wrote: > I am finishing up some other books, one just went in the can last week, > the other is 90% ghosted and should be done the first week in June. > After that I plan to get to work on the qmail book. I'll get Russ to > write as much as he can, but I figure I'll be writing most of it, and it > should be done before Labor Day. If John does in fact get it to O'Reilly by the end of the summer, expect it sometime in late fall. It's hard to be more specific than that, since we need a hard schedule (and some chapters in hand to demonstrate that the schedule is going to be met) from authors before we can slot the book for production and marketing. That's the problem with making any kind of affirmative statement early on. People start to depend on it, and are ticked off if it doesn't come through. If, by any chance, readers are wondering if this means that O'Reilly has only a half-hearted interest in qmail, I'll merely point out that it took us six years to get our sendmail book out, and a total of six different authors, each of whom was given about a year to produce, and given the boot when what they turned in wasn't acceptable. Sometimes a book comes in easily, other times it comes in hard. But unlike other publishers, we don't just hire a hack writer to crank something out on schedule. We try to get someone who can do it right, and that sometimes seems to mean waiting for all the stars to come into alignment. -- Tim O'Reilly @ O'Reilly & Associates, Inc. 101 Morris Street, Sebastopol, CA 95472 +1 707-829-0515, FAX +1 707-829-0104 [EMAIL PROTECTED], http://www.oreilly.com
I manage a server at a small business. The server is a P133 with 32 megs of RAM, running RedHat 6.1, Samba, and qmail 1.03. There are only five users connected to the server, all running Windows 98, and they are very light users. The entire office gets maybe 20 emails a day. For some reason email messages longer than just a few lines take a VERY long time to download, with numerous "server timeout" messages. This is not specifically a qmail problem (see my tests below), but I'm hoping someone will have some clues. The qmail-pop3d .run file (running from supervise) is: tcpserver -H -R -l server.local.net 0 110 \ qmail-popup server.local.net \ checkpassword qmail-pop3d Maildir 2>&1 \ splogger pop3d (I've tried this with & without splogger, tcpserver, and supervise.) Sending a message approx. 100K locally (never leaves the LAN) can take 5-10 minutes to retrieve. A message with several large attachments can take HOURS to download. These are all of the things I've tried, to no avail. As far as I can tell nothing has an effect. * Sending the message is fast, so SMTP service and overall network performance are OK. * Copying the same file to/from the server (onto a Samba share) is fast. * DNS checked and re-checked; all workstations see each other, and pings to/from the server are under 1ms. * Replaced qmail-qpop3d with gnu-pop3d. * Replaced entire qmail setup with postfix/gnu-pop3d. * Stopped all unnecessary services. Stopped Samba. * We're using MS Outlook Express. Downloaded Eudora 4.3 and tried it. Same problem. In fact telnetting to port 110 and retrieving the message is slow. * Authenticating to qmail-pop3d works OK, so there's no problem or reverse-DNS lookup problem. It's the actual message retrieval that takes a long time and/or times out. * NIC diagnostics are OK. Nothing unusual in the Linux boot messages or logs. * Replaced the NIC in the server. * Disconnected all workstations and the firewall (WebRamp 700s) from the switch (Bay Networks 10/100 8-port) so just the server and one workstation were connected. I have searched Deja and used Google to scour the web but I haven't found anyone else reporting this problem. I've tried everything I can think of. Please post suggestions here or send email. Thanks! Greg Jorgensen Programmer, pedant, raconteur Portland, Oregon USA gregj#pobox.com
Hallo, a QMAIL user reported problems with the IPv6 stack and QMAIL 1.03: System: - LINUX SUSE 6.4 (Kernel 2.2.15 and glibc 2.1.3) - IPv6 enabled - xinetd with IPv6 options (call to tcp-env and qmail-smtpd) - QMAIL 1.03 with my SPAMCONTROL patch Symptom: - TCPREMOTE does not return correct IPv4 address Affected QMAIL routines: - tcpenv.c - dns.c Both routines use <netinet/in.h> function "ntohs" which returns the IPv4 mapped IPv6 address (ff:IPv4). Thus, it seems that we have to modify dns.c and tcp-env.c (and other routines from tcpserver) to cope with IPv4 mapped IPv6 addresses. After disabling the IPv4 option, everything works as expected. cheers. eh. +-----------------------------------------------------------------------+ | fff hh http://www.fehcom.de Dr. Erwin Hoffmann | | ff hh | | ff eee hhhh ccc ooo mm mm mm Wiener Weg 8 | | fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln | | ff ee eee hh hh cc oo oo mm mm mm | | ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 | | ff eeee hh hh ccc ooo mm mm mm Fax 0221 484 4924 | +-----------------------------------------------------------------------+
