qmail Digest 6 Jun 2000 10:00:01 -0000 Issue 1024
Topics (messages 42668 through 42760):
Re: patch for authenticate SMTP services
42668 by: Krzysztof Dabrowski
Re: smtp relay setup (faq 5.4)
42669 by: Frank Tegtmeyer
Why not inetd?
42670 by: Magnus Naeslund
42672 by: Peter Samuel
42673 by: Gjermund Sorseth
42712 by: John Gonzalez/netMDC admin
42715 by: Petr Novotny
42759 by: Peter Samuel
Problems with tcpserver
42671 by: Holger Haeffelin
42674 by: Frank Tegtmeyer
42686 by: Chris Johnson
Re: qmail+maildrop+amavis
42675 by: Nuno Ferreira
42678 by: Paul Schinder
42693 by: Nuno Ferreira
Sender domain must resolve
42676 by: Pablo Martínez Schroder
42685 by: Bruno Wolff III
42687 by: Pablo Martínez Schroder
42692 by: Bruno Wolff III
42720 by: clemensF
qmail-lspawn hassels
42677 by: TAG
A addition for Chris Johnson's tarpit patch.
42679 by: Rodrigo Severo
$HOME/Mailbox delivery
42680 by: Petr Novotny
42681 by: Will Harris
How to get QMQP to work
42682 by: Johan Almqvist
42684 by: Frank Tegtmeyer
42721 by: clemensF
Re: Does someone knows what is this about?
42683 by: Bruno Wolff III
42694 by: Mate Wierdl
42696 by: Peter van Dijk
42697 by: Len Budney
42698 by: Ryan Russell
42699 by: IDG New Media Support - André Paulsberg
42700 by: Peter van Dijk
42701 by: Petr Novotny
42702 by: Peter van Dijk
42703 by: Ryan Russell
42704 by: Petr Novotny
42706 by: Will Harris
42707 by: Petr Novotny
42708 by: Peter van Dijk
42709 by: Peter van Dijk
42710 by: Peter van Dijk
42711 by: Petr Novotny
42713 by: Peter van Dijk
42714 by: Petr Novotny
42717 by: Peter van Dijk
42725 by: Bruno Wolff III
42726 by: Ryan Russell
42728 by: Bruno Wolff III
42729 by: Greg Hudson
42730 by: Russ Allbery
42731 by: Peter van Dijk
42732 by: Peter van Dijk
42735 by: John R. Levine
42743 by: clemensF
42756 by: OK 2 NET - André Paulsberg
42757 by: Petr Novotny
42760 by: OK 2 NET - André Paulsberg
Under heavy load?
42688 by: Alex Povolotsky
programming with vpopmail - add account from web
42689 by: "Próspero, Esteban"
42691 by: Peter Green
42724 by: Bruno Negrão
42753 by: kingram
Re: Large organizations using dnscache?
42690 by: Mate Wierdl
Re: No log??
42695 by: clemensF
Re: qmail questions
42705 by: John Anderson
dot-qmail in vpopmail
42716 by: Pablo Martínez Schroder
42718 by: "Próspero, Esteban"
Re: Sorry, no mailbox ...
42719 by: clemensF
[newcomer] Problems installing Qmail+VMailMgr+Courier-Imap
42722 by: Martin A. Langhoff
42723 by: Peter van Dijk
system rebooted, sendmail took over, how do I send those messages now
42727 by: Susan Short
42736 by: David L. Nicol
Re: Qmail and conf-spawn
42733 by: Eric Cox
42734 by: Peter van Dijk
42742 by: clemensF
maximum recipients.
42737 by: Marc-Adrian Napoli
Users Backup
42738 by: Edilmar Alves
/bin/sh:_/home/vpopmail/bin/postmaster:_No_such_file_or_directory/
42739 by: shaoming
42748 by: shaoming
/bin/mail
42740 by: Charlie Chrisman
42741 by: Peter van Dijk
42744 by: Charlie Chrisman
Upgrading fron sendmail to Qmail, queue problems
42745 by: net admin
42749 by: Patrick Berry
Qmail problems - mail won't send
42746 by: slvrchair.monmouth.com
42747 by: Irwan Hadi
Error #4.4.2
42750 by: PipE
42751 by: List
Re: Scanning outgoing attachments
42752 by: Jason Haar
tcpserver: unable to bind
42754 by: Luca Zancan
ETRN & mail Queueing
42755 by: Tony Wade
qmail-inject's silent ignorance
42758 by: Pavel Kankovsky
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
At 09:54 2000-06-05 +0000, Nguyen Hong Son wrote:
>Dear All
>Does someone show me a patch for authentication to SMTP services in qmail ?
http://members.elysium.pl/brush/qmail-smtpd-auth/index.html
K.
> Following FAQ 5.4 steps for relay rules, I was was unsuccessful, but
> tcpd is not where the faq says it will be, so could that be the problem?
Forget tcpd and use ucspi-tcp (tcpserver) instead. It's in the FAQ how to
do it.
Regards, Frank
I run a relatively low traffic mailserver.
It runs qmail smptd and pop3 from inetd.
I hear all the time that inetd sucks, but i never hear any reasons why.
So my question is: why does inetd sucks?
/Magnus Näslund
On Mon, 5 Jun 2000, Magnus Naeslund wrote:
> I run a relatively low traffic mailserver.
> It runs qmail smptd and pop3 from inetd.
> I hear all the time that inetd sucks, but i never hear any reasons why.
> So my question is: why does inetd sucks?
Two that immediately come to mind:
No inbuilt support for access control - it requires a helper program
such as tcpd from the tcp_wrappers program. tcpserver has this built
in.
It has a rate limiting "feature" whereby it will stop servicing a port
for 10 MINUTES if it thinks the rate of incoming connections is too
high (I have flat lined a remote inetd with qmail-remote from a 14k4
modem). tcpserver doesn't care about rate, it just cares about
simultaneous connections.
Inetd will serve UDP connections which is something tcpserver will not.
Regards
Peter
----------
Peter Samuel [EMAIL PROTECTED]
Technical Consultant or at present:
eServ. Pty Ltd [EMAIL PROTECTED]
Phone: +61 2 9206 3410 Fax: +61 2 9281 1301
"If you kill all your unhappy customers, you'll only have happy ones left"
> I run a relatively low traffic mailserver.
> It runs qmail smptd and pop3 from inetd.
> I hear all the time that inetd sucks, but i never hear any reasons why.
> So my question is: why does inetd sucks?
>
> /Magnus Näslund
It does not give the programs it runs any information about the
client, like ip-address etc. It does not log connections. It does not
offer any access-control features. It may have a built-in unconfigurable
max-limit as to how many programs it will run per minute or second.
It may call listen() with a too low tcp connection backlog number.
--
Gjermund Sorseth
On Mon, 5 Jun 2000, Peter Samuel wrote:
>It has a rate limiting "feature" whereby it will stop servicing a port
>for 10 MINUTES if it thinks the rate of incoming connections is too
>high (I have flat lined a remote inetd with qmail-remote from a 14k4
>modem). tcpserver doesn't care about rate, it just cares about
>simultaneous connections.
>Regards
>Peter
>----------
>Peter Samuel [EMAIL PROTECTED]
While i agree with Peter that tcpserver is superior, i dont want people
getting the wrong idea of inetd.
inetd by default has the above behaviour, but can be overridden in the
configuration file to accept any number of connections.
--
_ __ _____ __ _________
______________ /_______ ___ ____ /______ John Gonzalez/Net.Tech
__ __ \ __ \ __/_ __ `__ \/ __ /_ ___/ MDC Computers/netMDC!
_ / / / `__/ /_ / / / / / / /_/ / / /__ (505)437-7600/fax-437-3052
/_/ /_/\___/\__/ /_/ /_/ /_/\__,_/ \___/ http://www.netmdc.com
[---------------------------------------------[system info]-----------]
12:00pm up 25 days, 17:26, 3 users, load average: 0.62, 0.29, 0.20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 5 Jun 00, at 12:02, John Gonzalez/netMDC admin wrote:
> inetd by default has the above behaviour, but can be overridden in the
> configuration file to accept any number of connections.
That's bad, too. I want to limit the number of live incoming
connections - simply because I have a limited number of open file
handles. I don't want other programs to starve because inetd-
spawned service got all the handles.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOTvXdFMwP8g7qbw/EQJKVQCg9QVjj9758ceNoKUF0RnIjjNEsCoAoPTM
Nxrg9fO2WTP98lvgP5sLcGk/
=ZA/e
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
On Mon, 5 Jun 2000, John Gonzalez/netMDC admin wrote:
>
> While i agree with Peter that tcpserver is superior, i dont want people
> getting the wrong idea of inetd.
>
> inetd by default has the above behaviour, but can be overridden in the
> configuration file to accept any number of connections.
I've never seen this. How? What operating system? What version of
inetd? You've got me curious now.
Regards
Peter
----------
Peter Samuel [EMAIL PROTECTED]
Technical Consultant or at present:
eServ. Pty Ltd [EMAIL PROTECTED]
Phone: +61 2 9206 3410 Fax: +61 2 9281 1301
"If you kill all your unhappy customers, you'll only have happy ones left"
Hi all,
I've got some problems with my tcpserver. It is configured to relay for some
ip-adresses and block all others. I use the latest version of ucspi and I
installed it as described. For most of the ip-adresses, tcpserver works
fine, but in some cases, it allows relaying (with setting RELAYCLIENT=""
!!!) for ip-adresses which should be blocked. My config file looks like
this:
123.123.123.123:allow, RELAYCLIENT=""
123.123.123.:allow,RELAYCLIENT=""
123.123.123.123-125:allow, RELAYCLIENT=""
:deny
I posted this some time ago with the log entries, but I did not recieve any
answer/hint. Didn't anyone discover this problem with his installation??
Regards,
Holger
> fine, but in some cases, it allows relaying (with setting RELAYCLIENT=""
> !!!) for ip-adresses which should be blocked.
Which addresses?
Frank
On Mon, Jun 05, 2000 at 12:29:39PM +0200, Holger Haeffelin wrote:
> I've got some problems with my tcpserver. It is configured to relay for some
> ip-adresses and block all others. I use the latest version of ucspi and I
> installed it as described. For most of the ip-adresses, tcpserver works
> fine, but in some cases, it allows relaying (with setting RELAYCLIENT=""
> !!!) for ip-adresses which should be blocked. My config file looks like
> this:
Huh? It allows relaying with RELAYCLIENT="" for IP addresses which should be
blocked? Setting RELAYCLIENT="" is what you do to allow relaying.
> 123.123.123.123:allow, RELAYCLIENT=""
^
> 123.123.123.:allow,RELAYCLIENT=""
> 123.123.123.123-125:allow, RELAYCLIENT=""
^
> :deny
This may have nothing to do with your problem (and I'm not sure what your
problem is), but you need to remove the space between "allow," and
"RELAYCLIENT"
Also, do you really mean to deny altogether connections from clients to which
you don't want to allow relaying? Do you receive your inbound mail through some
other SMTP server?
Chris
Alright, what I am seeing is this.
~/.qmail is working, forward works swell for example, but I either cannot
get the program (the | program) to work or I can but it is the program
that's not working.
My specific problem is this:
in ~/.qmail I have
./Maildir/
| preline /var/local/bin/maildrop user
in ~/.mailfilter I have
DEFAULT="./Maildir/"
if ( /^(To|Cc|From|Reply-To): .*guy_I_want_to_caught*/ )
to [EMAIL PROTECTED]
other destination never gets the message.
Also, I would really appreciate any info, pointers on AMaVIS and QMail.
TIA,
----------------------------------------------------------------
Nuno Ferreira
Departamento de Informática da APCMC
Tel: 22 5074212
Fax: 22 5074219
[EMAIL PROTECTED]
-----------------------------------------------------------------
----- Original Message -----
From: "Eric Cox" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, June 05, 2000 10:14 AM
Subject: Re: qmail+maildrop+amavis
>
>
> Nuno Ferreira wrote:
> >
> > Hi,
> >
> > Two questions.
> > Seems my ~/.qmail never gets executed by Qmail, so I am not able to have
a
> > functional maildrop or procmail. BTW, is ~/.qmail a script that gets
> > executed by QMail or is it a file that is read by it to know how to
perform
> > to specific users.
>
> Nope, ~/.qmail isn't a script...
>
> There are copious numbers of man pages that come with the default
> installation. The one you want is 'man dot-qmail'.
>
> Hope that helps,
> Eric
>
At 11:59 AM +0100 6/5/00, Nuno Ferreira wrote:
>Alright, what I am seeing is this.
>~/.qmail is working, forward works swell for example, but I either cannot
>get the program (the | program) to work or I can but it is the program
>that's not working.
>
>My specific problem is this:
>
>in ~/.qmail I have
>./Maildir/
>| preline /var/local/bin/maildrop user
>
>in ~/.mailfilter I have
>DEFAULT="./Maildir/"
>if ( /^(To|Cc|From|Reply-To): .*guy_I_want_to_caught*/ )
> to [EMAIL PROTECTED]
What Do The Logs Say (TM)? In particular, the maildrop log that you
should be writing to since you're having trouble. man maildropfilter
and look for logfile.
>
>
>other destination never gets the message.
>
>Also, I would really appreciate any info, pointers on AMaVIS and QMail.
>
>TIA,
>----------------------------------------------------------------
>Nuno Ferreira
>Departamento de Informática da APCMC
> Tel: 22 5074212
> Fax: 22 5074219
> [EMAIL PROTECTED]
>-----------------------------------------------------------------
>----- Original Message -----
>From: "Eric Cox" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Monday, June 05, 2000 10:14 AM
>Subject: Re: qmail+maildrop+amavis
>
>
>>
>>
>> Nuno Ferreira wrote:
>> >
>> > Hi,
>> >
>> > Two questions.
>> > Seems my ~/.qmail never gets executed by Qmail, so I am not able to have
>a
>> > functional maildrop or procmail. BTW, is ~/.qmail a script that gets
>> > executed by QMail or is it a file that is read by it to know how to
>perform
>> > to specific users.
>>
>> Nope, ~/.qmail isn't a script...
>>
>> There are copious numbers of man pages that come with the default
>> installation. The one you want is 'man dot-qmail'.
>>
>> Hope that helps,
>> Eric
>>
--
--
Paul J. Schinder
NASA Goddard Space Flight Center
Code 693
[EMAIL PROTECTED]
There are nothing out of the ordinary in the logs.
With this configuration, however I am receiving the same mails several times
and the queue grows, which means I must be injecting the same mail in the
queue instead of forwarding it to another user.
I read the maildrop man page, but I cannot figure it out.
Help would be apreciated,
Thanks
----------------------------------------------------------------
Nuno Ferreira
Departamento de Informática da APCMC
Tel: 22 5074212
Fax: 22 5074219
[EMAIL PROTECTED]
-----------------------------------------------------------------
----- Original Message -----
From: "Paul Schinder" <[EMAIL PROTECTED]>
To: "Nuno Ferreira" <[EMAIL PROTECTED]>
Cc: "Qmail mailing-list" <[EMAIL PROTECTED]>
Sent: Monday, June 05, 2000 1:15 PM
Subject: Re: qmail+maildrop+amavis
At 11:59 AM +0100 6/5/00, Nuno Ferreira wrote:
>Alright, what I am seeing is this.
>~/.qmail is working, forward works swell for example, but I either cannot
>get the program (the | program) to work or I can but it is the program
>that's not working.
>
>My specific problem is this:
>
>in ~/.qmail I have
>./Maildir/
>| preline /var/local/bin/maildrop user
>
>in ~/.mailfilter I have
>DEFAULT="./Maildir/"
>if ( /^(To|Cc|From|Reply-To): .*guy_I_want_to_caught*/ )
> to [EMAIL PROTECTED]
What Do The Logs Say (TM)? In particular, the maildrop log that you
should be writing to since you're having trouble. man maildropfilter
and look for logfile.
>
>
>other destination never gets the message.
>
>Also, I would really appreciate any info, pointers on AMaVIS and QMail.
>
>TIA,
>----------------------------------------------------------------
>Nuno Ferreira
>Departamento de Informática da APCMC
> Tel: 22 5074212
> Fax: 22 5074219
> [EMAIL PROTECTED]
>-----------------------------------------------------------------
>----- Original Message -----
>From: "Eric Cox" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Monday, June 05, 2000 10:14 AM
>Subject: Re: qmail+maildrop+amavis
>
>
>>
>>
>> Nuno Ferreira wrote:
>> >
>> > Hi,
>> >
>> > Two questions.
>> > Seems my ~/.qmail never gets executed by Qmail, so I am not able to
have
>a
>> > functional maildrop or procmail. BTW, is ~/.qmail a script that gets
>> > executed by QMail or is it a file that is read by it to know how to
>perform
>> > to specific users.
>>
>> Nope, ~/.qmail isn't a script...
>>
>> There are copious numbers of man pages that come with the default
>> installation. The one you want is 'man dot-qmail'.
>>
>> Hope that helps,
>> Eric
>>
--
--
Paul J. Schinder
NASA Goddard Space Flight Center
Code 693
[EMAIL PROTECTED]
I'm having some problems sending mail to a specific domain...
When qmail tries to send mail to [EMAIL PROTECTED] from our mail server
(212.49.139.237) and the sender is [EMAIL PROTECTED], bt.es mail
server says "Sender domain must resolve".
This don't happen when the mail server sends mails to others domain, so
I really do not have a clue of what can be happening. I think it's
related with DNS, but I don't know what can I be doing wrong, or what it
supossed to be the right configuration.
Thanks in advance!
--
Pablo Martínez Schroder
Departamento de Administracion de Sistemas
On Mon, Jun 05, 2000 at 12:27:49PM +0200,
Pablo Martínez Schroder <[EMAIL PROTECTED]> wrote:
> I'm having some problems sending mail to a specific domain...
>
> When qmail tries to send mail to [EMAIL PROTECTED] from our mail server
> (212.49.139.237) and the sender is [EMAIL PROTECTED], bt.es mail
> server says "Sender domain must resolve".
>
> This don't happen when the mail server sends mails to others domain, so
> I really do not have a clue of what can be happening. I think it's
> related with DNS, but I don't know what can I be doing wrong, or what it
> supossed to be the right configuration.
There isn't any MX or A record associated with hidratel.com. Some sites
check for the existance of an A record or MX record and refuse email
if there isn't one. Not all sites do this. This also might be a problem
with only some of the DNS servers authoritative for hidratel.com.
Bruno Wolff III wrote:
> There isn't any MX or A record associated with hidratel.com. Some sites
> check for the existance of an A record or MX record and refuse email
> if there isn't one. Not all sites do this. This also might be a problem
> with only some of the DNS servers authoritative for hidratel.com.
The domain hidratel.com has a MX record, but it doesn't have any A
record. Does a domain need to have both records configured? Or it
depends of the configuration of the other SMTP servers?
--
Pablo Martínez Schroder
Departamento de Administracion de Sistemas
On Mon, Jun 05, 2000 at 03:37:30PM +0200,
Pablo Martínez Schroder <[EMAIL PROTECTED]> wrote:
> Bruno Wolff III wrote:
> > There isn't any MX or A record associated with hidratel.com. Some sites
> > check for the existance of an A record or MX record and refuse email
> > if there isn't one. Not all sites do this. This also might be a problem
> > with only some of the DNS servers authoritative for hidratel.com.
>
> The domain hidratel.com has a MX record, but it doesn't have any A
> record. Does a domain need to have both records configured? Or it
> depends of the configuration of the other SMTP servers?
You are correct about the mx. When I do wildcard lookups with nslookup
(type=any) I only get the NS records for hidratel.com. When I specifically
ask for MX records I get one.
Domain names in envelope sender addresses don't have to exist. But some
places check this to reduce spam and double bounces.
> Pablo Martínez Schroder:
> When qmail tries to send mail to [EMAIL PROTECTED] from our mail server
> (212.49.139.237) and the sender is [EMAIL PROTECTED], bt.es mail
> server says "Sender domain must resolve".
how about this: you either find the lines in the sources where this error
is raised and from there backwards or from the appropriate mx record
forward.
--
clemens
Hi ALL,
I have the qmail-mysql (Iain Pattersen patch) running and I get the
following errors:
960186398.488070 delivery 40431:
deferral:Temporary_failure_in_qmail-lspawn./
I get them every minute or so - the local queue has grown considerably
since - ...
Can anyone please shed some light as to why qmail-lspawn would fail??
If there is any information I have left out - please ask..
ALSO is there anyone else out there that is running qmail-mysql on
solaris???????
Many thanks
Tonino
Dear List,
I sent Chris and now I am sending to this list this addition I made for
Chris Johnson's tarpit patch
<http://www.palomine.net/qmail/tarpit.html>.
I just made a patch to qmail-smtpd man's page to list the 2 new control
files and environment variables Chris's patch creates.
Rodrigo Severo
-----------------------------------------------------------------
*** qmail-smtpd.8.orig Mon Jun 15 07:53:16 1998
--- qmail-smtpd.8 Sat Jun 3 13:50:36 2000
***************
*** 162,171 ****
--- 162,195 ----
will refuse to run.
The first word of
.I smtpgreeting
should be the current host's name.
.TP 5
+ .I tarpitcount
+ Number of RCPT TOs
+ .B qmail-smtpd
+ will accept before start tarpitting or 0 for no tarpit.
+
+ If the variable
+ .B TARPITCOUNT
+ is set, it overrides
+ .IR tarpitcount .
+ .TP 5
+ .I tarpitdelay
+ Number of seconds of delay
+ .B qmail-smtpd
+ will insert after
+ .IR tarpitcount
+ RCPT TOs. See
+ .IR tarpitcount
+ above.
+
+ If the variable
+ .B TARPITDELAY
+ is set, it overrides
+ .IR tarpitdelay .
+ .TP 5
.I timeoutsmtpd
Number of seconds
.B qmail-smtpd
will wait for each new buffer of data from the remote SMTP client.
Default: 1200.
-----------------------------------------------------------------
--
-------------------------------------------
Rodrigo Severo
[EMAIL PROTECTED]
Fabrica de Ideias
sbs - ed. empire center - bl. s - sala 109
cep 70070-904 - brasilia-df - brazil
tel: (61) 321 1357
fax: (61) 321 6096
-------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
this guy has set up qmail with $HOME/Mailbox delivery. Now he
wants to use ipop3d (part of uw-imap, he uses the RedHat 6.2
package) with $HOME/Mailbox. Do you have any idea how? Does
it run that way "out-of-the-box"?
I suggested him to use maildirs but he seems reluctant (not
sendmailish enough, pehaps).
THanks
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOTuN6FMwP8g7qbw/EQJtewCdGaUe9RWBTLLIfeHFIK6Vn3Y882oAoMc7
GnBtNZhuh3Z/sDHlfFDpvp1r
=M3ZD
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
On 14:24 5.06.2000, Petr Novotny could be heard musing
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Hi,
>
>this guy has set up qmail with $HOME/Mailbox delivery. Now he
>wants to use ipop3d (part of uw-imap, he uses the RedHat 6.2
>package) with $HOME/Mailbox. Do you have any idea how? Does
>it run that way "out-of-the-box"?
>
>I suggested him to use maildirs but he seems reluctant (not
>sendmailish enough, pehaps).
The latest versions will use $HOME/mbox if it is there, and
/var/mail/<username> otherwise. The file really is called "mbox", so I
assume if you use "mbox" instead of "Mailbox" in the .qmail file, it should
work right away (or make a sym link).
regards,
Will
__________________________________________________________________________
"I was going to be a Neo-Deconstructivist, but Mom wouldn't let me..."
multimedia laboratorium [EMAIL PROTECTED]
institut fuer informatik (pgp id) F703D035
der universitaet zuerich (office) +41 1 635 4346
winterthurerstr. 190 (fax) +41 1 635 6809
ch-8057 zuerich (mobile) +41 76 372 0913
switzerland www.ifi.unizh.ch/~harris
__________________________________________________________________________
Hi!
How can I get qmail to use QMTP between two boxes that there is a lot of
traffic between? I tried putting the respective IP adresses in
/var/qmail/control/qmqpservers, but that didn't do it.
-Johan
--
Johan Almqvist
> How can I get qmail to use QMTP between two boxes that there is a lot of
> traffic between? I tried putting the respective IP adresses in
> /var/qmail/control/qmqpservers, but that didn't do it.
qmqpservers is for QMQP, not for QMTP.
At the moment QMTP is supported by qmail-qmtpd and a program in the
serialmail package.
Regards, Frank
> Johan Almqvist:
> How can I get qmail to use QMTP between two boxes that there is a lot of
> traffic between? I tried putting the respective IP adresses in
> /var/qmail/control/qmqpservers, but that didn't do it.
how about this: you setup qmail-qmtpd on both machines to serve on a tcp-
port reserved for this purpose, while keeping qmail-smtpd on 25.
--
clemens
> > - ORBS blocks "unfriendly" sites criticising ORBS
>
> Is there a site with documentation on this? I'd like to
> check it out for myself.
There is a bit more to it then that. Some people who disagree with how the
ORBS is run block their relay tests. The ORBS considers this grounds for
being listed as a potential relay since they can't test the site if their
test messages are blocked. The theory is, that they are worried about sites
blocking them, and not being able to list open relays for those sites.
I don't think this is really a good policy. The downside of the extra
coverage isn't worth the trouble. What they might lose, is the ability to
list some two-stage relays like demon. And blocking of two stage relays
is one of the problems people have with them. They do give the output
of two stage relays a few days to fix or block the input site, so it isn't
as big of a deal as it was.
> More evidence that the person running ORBS is incompetent.
I now understand why I get these messages from ORBS dropped into my
postmaster box.
In what sense does ORBS think the described behavior of qmail is
insecure?
What problem do they refer to, anyways?
It certainly is annoying to get these messages from ORBS whenever
someone wants to check my box out via ORBS.
Mate
On Mon, Jun 05, 2000 at 10:48:24AM -0500, Mate Wierdl wrote:
>
> > More evidence that the person running ORBS is incompetent.
He's not. I've spoken to him on several occasions and he is quite clueful.
> I now understand why I get these messages from ORBS dropped into my
> postmaster box.
You will get mail from ORBS in two situations:
- ORBS wants to warn you that they successfully relayed through your
server.
- an ORBS testmail ends up in your mailbox. This is quite common and
actually a good thing - it did not get relayed.
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
Peter van Dijk <[EMAIL PROTECTED]> wrote:
> On Mon, Jun 05, 2000 at 10:48:24AM -0500, Mate Wierdl wrote:
> > > More evidence that the person running ORBS is incompetent.
>
> He's not. I've spoken to him on several occasions and he is quite
> clueful.
Not to restart another perennial flame-war, but why then does he
blacklist people who block his probes? Is it really his intention to
provide the service of blacklisting both a) open relays and b) people
who disagree with him?
If he is clueful, then his ethics come into question. He's better off
being thought clueless, in my book.
Len.
--
Frugal Tip #16:
Dry clean your wax paper for reuse.
On Mon, 5 Jun 2000, Len Budney wrote:
> Not to restart another perennial flame-war, but why then does he
> blacklist people who block his probes? Is it really his intention to
> provide the service of blacklisting both a) open relays and b) people
> who disagree with him?
As the mail admin for a sire that is in ORBS because my address provider
blocks them, I can speak to this a little bit.
It makes perfect sense, from a certain point of view. The ORBS guys want
to list relays. The run across an address block that has a number of open
relays, and the adminitrators of that block aren't responsive to requests
to arrange to have them closed. ORBS then lists those particular
addresses (their purpose in life.) In response the provider blocks the
ORBS machines. The ORBS guys can no longer test for relays, and
especially given what they had found before and the provider's lack of
response, they can only assume there are any number of open relays in the
address block.
Were they to do otherwise, they'd be fail-open instead of fail-closed.
Ryan
> Forget about ORBS. Anyone using/caring about ORBS should reconsider his decision:
Before giving "judgement" over ORBS, please understand what they are doing
and the possible effects (both good and bad) for "you" as a mail admin.
> - ORBS blocks "unfriendly" sites criticising ORBS
You should read the ORBS site more carefully,
when it comes their listing policies.
You should also take care when stating that "ORBS blocks" this and that,
since ORBS only lists servers which come under their criteria.
The reason most discussed are their policy to list servers where admins
ask or demand ORBS to not test anymore, this causes ORBS to list
these IP addresse as something like "admin refused to be tested by ORBS".
What a mail admin chooses to do with is ORBS information is up to him,
and he may ignore some or all listings ORBS give out for "admin refused".
> - ORBS does not notify blocked sites about the blockage
This is not my personal experience nor their written rule,
as they send E-Mail to either postmaster @ RDNS or IP.
Where you have this information from is beyond me,
but if you know of any ORBS listed server(s) that hasn't
received any notification please tell us.
> - ORBS has IMHO too much false positives
I've yet to see a single false positive,
not that this means they don't exist.
I have however seen some of their nameservers being "outdated",
causing recently secured server to show up as Open Relays.
The ongoing "discussion" about ORBS attitude or Alan's personality,
doesn't seem to come from people who know what ORBS is or does.
Still they rant about ORBS and it's errors and lack of Internet ethics,
while failing to give any facts or prove any of their statements.
My personal opinion is that Open Relay server is the number one mail-problem
on the Internet today, some might say SPAM is but SPAMMERS aren't causing
a fraction of the possible havoc Open Relay servers COULD create.
If you don't believe me it's quite simple math to solve the possibility riddle,
just imagine someone wanting to "knock out" AOL's mailsevers for a few weeks...
There is about 100'000 Open Relay outputs, getting mail from 150'000 Open Relay inputs:
---------------------------------------------------------------------------------------
If anyone sent 1 E-Mail containing 1'000'000 random addresses in the "To:" field
and repeating this with all of the 150'000 inputs as their SMTP relay server,
it would generate 150'000'000'000 E-Mails sized 9MB - 16MB with sender "?@aol.com"
that would BOUNCE to and from the AOL servers and various Open Relay outputs.
Total havoc of upto 3'000'000'000'000'000'000 bytes sent to/from AOL servers and
network,
but "only" took you 1'500'000'000'000 bytes to send (or 135 days at 1Mbps :-)
Regards André Paulsberg
On Mon, Jun 05, 2000 at 12:06:55PM -0400, Len Budney wrote:
> Peter van Dijk <[EMAIL PROTECTED]> wrote:
> > On Mon, Jun 05, 2000 at 10:48:24AM -0500, Mate Wierdl wrote:
> > > > More evidence that the person running ORBS is incompetent.
> >
> > He's not. I've spoken to him on several occasions and he is quite
> > clueful.
>
> Not to restart another perennial flame-war, but why then does he
> blacklist people who block his probes? Is it really his intention to
> provide the service of blacklisting both a) open relays and b) people
> who disagree with him?
ORBS is not enforcing any policy on anyone.
And to answer your second question: yes, those are 2 of the services he
provide. However, any admin is free to use none, either or both of these
services. If you want documented open relays blocked but don't care about
sites that block ORBS themselves, you are free to do so.
Check http://www.orbs.org/usingindex.html for slightly more info.
> If he is clueful, then his ethics come into question. He's better off
> being thought clueless, in my book.
I see no problems with his ethics. What he does (and _all_ he does) is test
machines for relaying, and if they do, list them _as_such_. If a machine
blocks his probes, it is listed as one that blocks his probes, NOT as an
open relay. It is up to systems administrators to decide for themselves
what to block and what not.
I question the ethics of any admin blocking ORBS.
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 5 Jun 00, at 18:13, IDG New Media Support - André Paulsberg wrote:
> What a mail admin chooses to do with is ORBS information is up to him,
> and he may ignore some or all listings ORBS give out for "admin
> refused".
How can I set up my filters to just use "really open relay" info from
ORBS and throw away "admin refused" unknows?
> > - ORBS does not notify blocked sites about the blockage
>
> This is not my personal experience nor their written rule,
> as they send E-Mail to either postmaster @ RDNS or IP.
Ah. Since when is a mailserver requires to accept e-mails at its
reverse DNS name or IP? That's the problem; I have spoken to
people who never saw to e-mail; why? They don't accept at their
RDNS or IP.
<rant>
Hell, you have guilty machine's IP. What's so mysterious about
connecting to the machine directly and leave a RCPT
TO:<postmaster> there?
</rant>
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOTvFZ1MwP8g7qbw/EQJKFwCgtGLHeI4A469Mk1iSKYrp+aIVNRMAnipc
xOdfB3nkkW+cnaGy/iTjH3Og
=KG5N
-----END PGP SIGNATURE-----
On Mon, Jun 05, 2000 at 06:13:57PM +0200, IDG New Media Support - André Paulsberg
wrote:
> > Forget about ORBS. Anyone using/caring about ORBS should reconsider his decision:
>
> Before giving "judgement" over ORBS, please understand what they are doing
> and the possible effects (both good and bad) for "you" as a mail admin.
>
[snip]
>
> > - ORBS does not notify blocked sites about the blockage
>
> This is not my personal experience nor their written rule,
> as they send E-Mail to either postmaster @ RDNS or IP.
Both, if I recall correctly.
[snip]
> > - ORBS has IMHO too much false positives
That is impossible. ORBS does not list a machine until it has received a
relayed test message. If you know of any false positives, let me know too
and I'd be happy to investigate. I have had several people run to me and
say 'ORBS listed me but I'm not an open relay', and everytime I have been
able to relay through their servers.
> I've yet to see a single false positive,
> not that this means they don't exist.
I don't think they do. The one case mentioned that I see as a possibility
is somebody _responding_ to an open-relay notification by blocking ORBS.
ORBS has no choice other than to keep reporting these machines as open
relays, since it is unable to gather newer info.
> The ongoing "discussion" about ORBS attitude or Alan's personality,
> doesn't seem to come from people who know what ORBS is or does.
> Still they rant about ORBS and it's errors and lack of Internet ethics,
> while failing to give any facts or prove any of their statements.
Yup.
> My personal opinion is that Open Relay server is the number one mail-problem
> on the Internet today, some might say SPAM is but SPAMMERS aren't causing
> a fraction of the possible havoc Open Relay servers COULD create.
> If you don't believe me it's quite simple math to solve the possibility riddle,
> just imagine someone wanting to "knock out" AOL's mailsevers for a few weeks...
Note that I do not use ORBS for blocking on my mailservers. It is my opinion
(which I will not enforce on any of you) that I as an admin should not
enforce ORBS-blocking onto my users. I will eventually allow users to do
ORBS-blocking (and RBL etc.) on a per-account basis, if they want to.
I do encourage the ORBS-project, because it gives people yet another choice
(and nothing more than that). We (Vuurwerk Internet) currently host the ORBS
relay tester, not because of any opinion on relay-blocking but because ORBS
gives people a choice.
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
On Mon, 5 Jun 2000, Peter van Dijk wrote:
> That is impossible. ORBS does not list a machine until it has received a
> relayed test message. If you know of any false positives, let me know too
> and I'd be happy to investigate. I have had several people run to me and
> say 'ORBS listed me but I'm not an open relay', and everytime I have been
> able to relay through their servers.
We don't have open relays, never did. AFAIK, we're still on the
list. We're there because our address provider does have (or did have) an
bunch of open relays within their space. Then they blocked ORBS from
being able to check, and ORBS felt forced to list the whole address block,
which includes us.
Our block may be listed in a different category, that I haven't checked.
Ryan
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 5 Jun 00, at 18:28, Peter van Dijk wrote:
> > > - ORBS has IMHO too much false positives
>
> That is impossible. ORBS does not list a machine until it has received
> a relayed test message.
Second (or higher) level relay _is_ a false positive. My ISP has
been listed recently because they're doing a smarthost for clueless
companies with dial-up connectivity (and no relay checks). What
should the poor ISP do?
1. Tell the customers to go f*ck themselves and cut their service.
2. Automagically detect that the customer is being relay-abused.
3. Block ORBS tester.
4. Let the remaining customers suffer because the smarthost is
blacklisted.
I've been using ORBS for some time, and I ditched it; having multi-
level relays listed was as much "collateral damage" as bombing of
Chinese Embassy.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOTvI5FMwP8g7qbw/EQI/KACdElQESFgt423r2AWGF8tVTQMu9oIAn2Km
g/whhuHCPcWJ/NlgT21tKqO8
=No5Z
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
My 2 rappen/centimes:
>Second (or higher) level relay _is_ a false positive.
No it's not - positive is positive. You provide relaying or you
don't. Are you or are you not responsible for maintaining some standard of
net ethics?
>My ISP has
>been listed recently because they're doing a smarthost for clueless
>companies with dial-up connectivity (and no relay checks). What
>should the poor ISP do?
>
>1. Tell the customers to go f*ck themselves and cut their service.
No - advise them of their problem, and suspend mail service until they have
fixed their faulty servers.
Most ISPs have contracts with their network customers explicity forbidding
spamming of any kind. Are you going to ignore your customer's violation of
the contract? By allowing customers to run insecure relays and blindly
forwarding spam, the ISP is probably violating his own contract with his
upstream service provider...
regards,
Will
__________________________________________________________________________
"I was going to be a Neo-Deconstructivist, but Mom wouldn't let me..."
multimedia laboratorium [EMAIL PROTECTED]
institut fuer informatik (pgp id) F703D035
der universitaet zuerich (office) +41 1 635 4346
winterthurerstr. 190 (fax) +41 1 635 6809
ch-8057 zuerich (mobile) +41 76 372 0913
switzerland www.ifi.unizh.ch/~harris
__________________________________________________________________________
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 5 Jun 00, at 19:01, Will Harris wrote:
> No - advise them of their problem, and suspend mail service until they have
> fixed their faulty servers.
>
> Most ISPs have contracts with their network customers explicity forbidding
> spamming of any kind.
I am not sure I understand what you're talking about. Relaying is
not spamming - and you'd have a hard time proving otherwise in
court.
I have yet to see a contract saying "Thou shalt not run an open
relay."
> Are you going to ignore your customer's violation of
> the contract? By allowing customers to run insecure relays and blindly
> forwarding spam, the ISP is probably violating his own contract with his
> upstream service provider...
What? Do you think that companies like EBONE and Sprint
provide you with the connectivity only if you agree not to run open
relays?
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOTvQIlMwP8g7qbw/EQItAACfX1szqtJck+8SsPxt2A34twUkg1cAniz4
Dejan+IFsKmh9yrWSrQ0wgqI
=iP7n
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
On Mon, Jun 05, 2000 at 06:21:10PM +0200, Petr Novotny wrote:
[snip]
> On 5 Jun 00, at 18:13, IDG New Media Support - André Paulsberg wrote:
>
> > What a mail admin chooses to do with is ORBS information is up to him,
> > and he may ignore some or all listings ORBS give out for "admin
> > refused".
>
> How can I set up my filters to just use "really open relay" info from
> ORBS and throw away "admin refused" unknows?
That depends on your filtering software. It seems djb's rblsmtpd does not
have an option to change this. That sucks. Your choice is hereby reduced
(by DJB, not by any people at ORBS) to 'block everything ORBS list for
whatever reason, or not.'
[snip]
>
> <rant>
> Hell, you have guilty machine's IP. What's so mysterious about
> connecting to the machine directly and leave a RCPT
> TO:<postmaster> there?
> </rant>
Hmm I'll suggest this one to Alan (the ORBS guy). I wonder why he never
came up with this. Or didn't he?
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
On Mon, Jun 05, 2000 at 06:36:04PM +0200, Petr Novotny wrote:
[snip]
>
> On 5 Jun 00, at 18:28, Peter van Dijk wrote:
>
> > > > - ORBS has IMHO too much false positives
> >
> > That is impossible. ORBS does not list a machine until it has received
> > a relayed test message.
>
> Second (or higher) level relay _is_ a false positive. My ISP has
> been listed recently because they're doing a smarthost for clueless
> companies with dial-up connectivity (and no relay checks). What
> should the poor ISP do?
>
> 1. Tell the customers to go f*ck themselves and cut their service.
> 2. Automagically detect that the customer is being relay-abused.
> 3. Block ORBS tester.
> 4. Let the remaining customers suffer because the smarthost is
> blacklisted.
The only correct choice is 1. If your customer has an open relay, block
them on your own smarthost until they fix their problem.
ORBS has no choice other than list you as an output point, because that is
the only way it will block relayed mail. Blocking the input point is
useless, unless you honor ORBS even for internal hosts.
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
On Mon, Jun 05, 2000 at 07:06:58PM +0200, Petr Novotny wrote:
[snip]
>
> I have yet to see a contract saying "Thou shalt not run an open
> relay."
Our contracts with CoLo's do, implicitly or explicitly. We are allowed to
block port 25 towards colo's (and we do) if we hear about an open relay.
> > Are you going to ignore your customer's violation of
> > the contract? By allowing customers to run insecure relays and blindly
> > forwarding spam, the ISP is probably violating his own contract with his
> > upstream service provider...
>
> What? Do you think that companies like EBONE and Sprint
> provide you with the connectivity only if you agree not to run open
> relays?
I don't know. I do think they should.
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 5 Jun 00, at 19:12, Peter van Dijk wrote:
> The only correct choice is 1. If your customer has an open relay, block
> them on your own smarthost until they fix their problem.
Oh thanks. In other words, you're giving me the following
possibilities:
1. Get used to being listed in ORBS.
2. Losing customers by denying them service (something that
noone else does, at least around here).
Again it seems that #1 is the only correct choice, unless there's a
business model involving no customers...
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOTvTNVMwP8g7qbw/EQIgCQCfVFnYbSblPWjfu+OfvHTdPYDSTsQAoP7H
WY9LKZ9Cy8p4tnDgrWeBbg4U
=+uko
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
On Mon, Jun 05, 2000 at 07:20:05PM +0200, Petr Novotny wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 5 Jun 00, at 19:12, Peter van Dijk wrote:
>
> > The only correct choice is 1. If your customer has an open relay, block
> > them on your own smarthost until they fix their problem.
>
> Oh thanks. In other words, you're giving me the following
> possibilities:
> 1. Get used to being listed in ORBS.
No. Make sure you don't get listed in ORBS. If you get listed in ORBS, that
is for a good reason - blocking your machine blocks illegally relayed
email.
> 2. Losing customers by denying them service (something that
> noone else does, at least around here).
If one of your customers runs an open relay, you should force your customer
into fixing it, or make sure yourself that they can't cause any damage.
Open relays found by spammers tend to cause great network-loads too.
You should not get used to being listed in ORBS. You should make sure ORBS
has no reason to list you. ORBS is not there to cause you trouble, ORBS is
there to help people avoid problems. If they want to.
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 5 Jun 00, at 19:27, Peter van Dijk wrote:
> If one of your customers runs an open relay, you should force your customer
> into fixing it, or make sure yourself that they can't cause any damage.
> Open relays found by spammers tend to cause great network-loads too.
Hell, ORBS doesn't make sure about that either. Imagine a
customer behind a normal 28.8 dial-up. How much spam can he
send through his "open relay"? ORBS tester also only tests if a
single message gets through; but for a real spammer, less then ten
thousand messages per hour is too slow.
ORBS also lists tarpitting people, although as spam relays they
are unsusable, too.
ORBS also lists people who allow only limited relay (only 40
e-mails per sender address daily).
Should I go on?
Open relays per se aren't bad; unguarded open relays behind a
thick cable are bad. ORBS doesn't mind a difference. Sorry, not for
me; in fact, enough for me to preach against.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOTvXG1MwP8g7qbw/EQIqxgCgvxm8wFI8z2C4Ha6yPa9X38HCPRUAoOHh
nay5yK7sAmsZONgVMWf9FdHo
=iWH2
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
[Tom Waits]
On Mon, Jun 05, 2000 at 07:36:43PM +0200, Petr Novotny wrote:
[snip]
> On 5 Jun 00, at 19:27, Peter van Dijk wrote:
>
> > If one of your customers runs an open relay, you should force your customer
> > into fixing it, or make sure yourself that they can't cause any damage.
> > Open relays found by spammers tend to cause great network-loads too.
>
> Hell, ORBS doesn't make sure about that either. Imagine a
> customer behind a normal 28.8 dial-up. How much spam can he
> send through his "open relay"? ORBS tester also only tests if a
> single message gets through; but for a real spammer, less then ten
> thousand messages per hour is too slow.
Ok, so you found an example where the open relay won't cause network loads.
Big furry deal. There's more to it. An open relay prevents providers from
monitoring abuse by their own users.
> ORBS also lists tarpitting people, although as spam relays they
> are unsusable, too.
Anybody clueful enough to do tarpitting should block relaying.
> ORBS also lists people who allow only limited relay (only 40
> e-mails per sender address daily).
>
> Should I go on?
No. You obviously do not see my point. ORBS's job is to list open relays.
It does that, and it's good at it too. It also does not enforce this policy
on anybody.
You show the ORBS guy a way to distinguish relays like the ones you mention
above from relays with thick pipes and perhaps he'll consider doing several
kinds of listings. But I don't think so. Open relays are a bad thing
_always_.
> Open relays per se aren't bad; unguarded open relays behind a
> thick cable are bad. ORBS doesn't mind a difference. Sorry, not for
> me; in fact, enough for me to preach against.
I will not stop you in your preaching. I will disagree tho, and loudly too
:)
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
On Mon, Jun 05, 2000 at 09:13:24AM -0700,
Ryan Russell <[EMAIL PROTECTED]> wrote:
>
> It makes perfect sense, from a certain point of view. The ORBS guys want
> to list relays. The run across an address block that has a number of open
> relays, and the adminitrators of that block aren't responsive to requests
> to arrange to have them closed. ORBS then lists those particular
> addresses (their purpose in life.) In response the provider blocks the
> ORBS machines. The ORBS guys can no longer test for relays, and
> especially given what they had found before and the provider's lack of
> response, they can only assume there are any number of open relays in the
> address block.
>
> Were they to do otherwise, they'd be fail-open instead of fail-closed.
>
Except that sites that block probes rather than fix open relays really
belong in a different kind of list. I think the ORBS would be better
off just listing confirmed open relays. If they would do this, a lot
more people would use them. I think that in general groups that maintain
lists for others to use as block lists should remain very focused and let
the mail admins pick and choose which lists make sense to use for their
sites. When different functions are lumped together, admins may have to
not use a list, even if it lists sites that have some problem they are
willing to block on, but also lists some sites that have a different
problem that they don't want to block on.
> Except that sites that block probes rather than fix open relays really
> belong in a different kind of list. I think the ORBS would be better
> off just listing confirmed open relays. If they would do this, a lot
Peter van Dijk confirmed that we are listed in a different category from
regular open relays, so consumers of the ORBS list who wish to
differentiate can do so.
Ryan
On Mon, Jun 05, 2000 at 07:09:57PM +0200,
Peter van Dijk <[EMAIL PROTECTED]> wrote:
>
> That depends on your filtering software. It seems djb's rblsmtpd does not
> have an option to change this. That sucks. Your choice is hereby reduced
> (by DJB, not by any people at ORBS) to 'block everything ORBS list for
> whatever reason, or not.'
While that used to be true, it doesn't seem to be any longer. They have
some experimental zones for looking up different classes of hosts.
There is inputs.orbs.org for inputs to relays and outputs.orbs.org for
inputs plus outputs. There are also some other zones for other categories
including people blocking them.
I think I will be able to use them again as I only want to block inputs
and outputs, since the ORBS seems to catch sites faster than the RSS.
>> ORBS also lists tarpitting people, although as spam relays they are
>> unsusable, too.
> Anybody clueful enough to do tarpitting should block relaying.
There exists sites which do not have a nice block of IP addresses
which describe all of their valid mail relay users. For such sites,
tarpitting is a much better solution than relay blocking. MIT is one
of them (many of its mail relay users are customers of random outside
ISPs), and has had numerous problems with ORBS as a result.
> No. You obviously do not see my point. ORBS's job is to list open
> relays. It does that, and it's good at it too. It also does not
> enforce this policy on anybody.
That's fine, but you personally have been making normative statements
like "No, don't get used to being listed on ORBS" and the one I quoted
above.
Bruno Wolff <[EMAIL PROTECTED]> writes:
> I think I will be able to use them again as I only want to block inputs
> and outputs, since the ORBS seems to catch sites faster than the RSS.
That's because RSS requires evidence that the relay is actually being
abused, whereas ORBS will list any machine that's open regardless of
whether it's being abused or not (by design). I disagree with ORBS on a
lot of things, but it's good that this particular choice is available to
people.
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
On Mon, Jun 05, 2000 at 03:17:06PM -0500, Bruno Wolff III wrote:
> On Mon, Jun 05, 2000 at 07:09:57PM +0200,
> Peter van Dijk <[EMAIL PROTECTED]> wrote:
> >
> > That depends on your filtering software. It seems djb's rblsmtpd does not
> > have an option to change this. That sucks. Your choice is hereby reduced
> > (by DJB, not by any people at ORBS) to 'block everything ORBS list for
> > whatever reason, or not.'
>
> While that used to be true, it doesn't seem to be any longer. They have
> some experimental zones for looking up different classes of hosts.
> There is inputs.orbs.org for inputs to relays and outputs.orbs.org for
> inputs plus outputs. There are also some other zones for other categories
> including people blocking them.
You do have a point there, I hadn't thought of actually using it.
> I think I will be able to use them again as I only want to block inputs
> and outputs, since the ORBS seems to catch sites faster than the RSS.
A short test shows that both inputs.orbs.org and outputs.orbs.org list a
certain open relay I know about, but do not list mail.securityfocus.com at
all, which is a good thing. Even with rblsmtpd people have a choice then,
it seems :)
I think this should be enough to close all rants on ORBS. *ducks and takes
cover*
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
On Mon, Jun 05, 2000 at 05:19:49PM -0400, Greg Hudson wrote:
> >> ORBS also lists tarpitting people, although as spam relays they are
> >> unsusable, too.
>
> > Anybody clueful enough to do tarpitting should block relaying.
>
> There exists sites which do not have a nice block of IP addresses
> which describe all of their valid mail relay users. For such sites,
> tarpitting is a much better solution than relay blocking. MIT is one
> of them (many of its mail relay users are customers of random outside
> ISPs), and has had numerous problems with ORBS as a result.
I strongly disagree that tarpitting is a solution to relay abuse. A spammer
will just open more connections, or make sure he stays just under the
threshold.
> > No. You obviously do not see my point. ORBS's job is to list open
> > relays. It does that, and it's good at it too. It also does not
> > enforce this policy on anybody.
>
> That's fine, but you personally have been making normative statements
> like "No, don't get used to being listed on ORBS" and the one I quoted
> above.
Yes, and I am fully behind those statements.
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
>There exists sites which do not have a nice block of IP addresses
>which describe all of their valid mail relay users. For such sites,
>tarpitting is a much better solution than relay blocking. MIT is one
>of them (many of its mail relay users are customers of random outside
>ISPs),
The amount of spam I get from MIT tells me that whatever tarpitting
they think they're doing doesn't work. Pop-before-SMTP and SMTP AUTH
both work and are widely implemented, as do various IP-in-IP tunnels.
It's sheer pigheadedness that makes MIT refuse to run mail systems the
way that responsible admins do.
Regards,
John Levine, [EMAIL PROTECTED], http://www.abuse.net, Trumansburg NY
abuse.net postmaster
> Bruno Wolff III:
> Except that sites that block probes rather than fix open relays really
> belong in a different kind of list. I think the ORBS would be better
> off just listing confirmed open relays. If they would do this, a lot
yes, this makes sense.
--
clemens
>> What a mail admin chooses to do with is ORBS information is up to him,
>> and he may ignore some or all listings ORBS give out for "admin refused".
>
> How can I set up my filters to just use "really open relay" info from
> ORBS and throw away "admin refused" unknows?
You have seen the other zone that ORBS has made,
but you can get the more information from the main ORBS zone.
When ORBS lists a server it makes an A and a TXT record in the zonefile
relays.orbs.org.
This is made using the reversed IP address (didn't find a better word) so checking
the IP a.b.c.d you must check the d.c.b.a.relays.orbs.org. A and TXT record.
above.net who is blocking ORBS, will give you a 127.0.0.4 as its A record:
mail:~ # host -t a 1.1.200.216.relays.orbs.org.
1.1.200.216.relays.orbs.org has address 127.0.0.4
mail:~ # host -t txt 1.1.200.216.relays.orbs.org.
1.1.200.216.relays.orbs.org descriptive text
"above.net has multiple open relays and has blocked the ORBS tester."
A manually entered / selective relay, will give you a 127.0.0.3 as its A record:
mail:~ # host -t a 175.64.71.212.relays.orbs.org.
175.64.71.212.relays.orbs.org has address 127.0.0.3
mail:~ # host -t txt 175.64.71.212.relays.orbs.org.
175.64.71.212.relays.orbs.org descriptive text
"Selectively open relay - see http://www.orbs.org/verify.php3?address=212.71.64.175"
A "normal" Open Relay input/output, will give you a 127.0.0.2 as its A record:
mail:~ # host -t a 174.53.239.209.relays.orbs.org.
174.53.239.209.relays.orbs.org has address 127.0.0.2
mail:~ # host -t txt 174.53.239.209.relays.orbs.org.
174.53.239.209.relays.orbs.org descriptive text
"Open relay - see http://www.orbs.org/verify.php3?address=209.239.53.174"
Making a short script utilizing these different values should be no problem,
and those who don't bother or can't should use rblsmtpd with outputs.orbs.org.
We have just started "tag & delay" of all ORBS servers using a couple of short script,
as for now it give the same two messages back to the sender and recipient.
(all records where randomly choosen, except 212.71.64.175 which is our ORBS test IP.)
>>> - ORBS does not notify blocked sites about the blockage
>>
>> This is not my personal experience nor their written rule,
>> as they send E-Mail to either postmaster @ RDNS or IP.
>
> Ah. Since when is a mailserver requires to accept e-mails at its
> reverse DNS name or IP? That's the problem; I have spoken to
> people who never saw to e-mail; why? They don't accept at their
> RDNS or IP.
AFAIK all mailserver are required to have an A record,
they are also required to have an RDNS matching "this" A record.
This A record then becomes one of the possible domains to reach the mailserver,
which RFC 822 requires to have a postmaster@domain (domain being RDNS).
RFC 822
-------
6.3. RESERVED ADDRESS
It often is necessary to send mail to a site, without know-
ing any of its valid addresses. For example, there may be mail
system dysfunctions, or a user may wish to find out a person's
correct address, at that site.
This standard specifies a single, reserved mailbox address
(local-part) which is to be valid at each site. Mail sent to
that address is to be routed to a person responsible for the
site's mail system or to a person with responsibility for general
site operation. The name of the reserved local-part address is:
Postmaster
so that "Postmaster@domain" is required to be valid.
Note: This reserved local-part must be matched without sensi-
tivity to alphabetic case, so that "POSTMASTER", "postmas-
ter", and even "poStmASteR" is to be accepted.
-----
There are surely more ways to get mail to these admins / postmasters,
but telnet to port 25 and manually dropping a "rcpt to: <postmaster>"
is far to much to ask from a normal person trying to contact a postmaster.
Regards André Paulsberg
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6 Jun 00, at 10:00, OK 2 NET - André Paulsberg wrote:
> > Ah. Since when is a mailserver requires to accept e-mails at its
> > reverse DNS name or IP? That's the problem; I have spoken to people
> > who never saw to e-mail; why? They don't accept at their RDNS or IP.
>
> AFAIK all mailserver are required to have an A record,
> they are also required to have an RDNS matching "this" A record.
> This A record then becomes one of the possible domains to reach the
> mailserver, which RFC 822 requires to have a postmaster@domain (domain
> being RDNS).
Where do you see this "domain being RDNS" part in the text
below?
AFAIK, there's no requirement in the RFC that a mailserver
accepts mail for anyone or from anyone.
[822 snip]
> This standard specifies a single, reserved mailbox address
> (local-part) which is to be valid at each site. Mail sent to
> that address is to be routed to a person responsible for the
> site's mail system or to a person with responsibility for general
> site operation. The name of the reserved local-part address is:
>
> Postmaster
Yes, local part. It's valid on my site, too, if you get the "domain"
right.
You know, my machine has several interfaces; DNS of some of
them is controlled by my ISP (because the IP is in their netblock).
There's no way for me to set up my mailserver to have a name of
each interface in its control/locals, and check daily whether the
ISP didn't change the reverse zone.
> so that "Postmaster@domain" is required to be valid.
I still fail to see "domain must be any RDNS for your computer you
can think of".
> There are surely more ways to get mail to these admins / postmasters,
> but telnet to port 25 and manually dropping a "rcpt to: <postmaster>"
> is far to much to ask from a normal person trying to contact a
> postmaster.
ORBS tester (notifier) is far from being "normal person". After all, a
normal person wouldn't know how to set up and run such a service.
Or doesn't ORBS know either?
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2 -- QDPGP 2.60
Comment: http://community.wow.net/grt/qdpgp.html
iQA/AwUBOTylcVMwP8g7qbw/EQKdsgCdEguE228WZGvBuqNSUCku8zjWm2IAn0sP
HgGxkf+WY3zkjv4HwuEVLsPl
=C9At
-----END PGP SIGNATURE-----
>> AFAIK all mailserver are required to have an A record,
>> they are also required to have an RDNS matching "this" A record.
>> This A record then becomes one of the possible domains to reach the mailserver,
>> which RFC 822 requires to have a postmaster@domain (domain being RDNS).
>
> Where do you see this "domain being RDNS" part in the text below?
ANY hostname is in its strictes interpretation is a domain!
The assumption that a mailserver with hostname frog.domain.com
has only one domain for a postmaster -> [EMAIL PROTECTED] ,
will not work if [EMAIL PROTECTED] goes to mail.domain.com
and frog.domain.com only serves mail for frog.net and frog.com
> AFAIK, there's no requirement in the RFC that a mailserver
> accepts mail for anyone or from anyone.
Saying that the localpart postmaster should allways be acceptet,
CAN be interpreted as a mailserver should accept postmaster@*.
This however is not how I have interpreted this RFC!
>> [822 snip]
>> This standard specifies a single, reserved mailbox address
>> (local-part) which is to be valid at each site. Mail sent to
>> that address is to be routed to a person responsible for the
>> site's mail system or to a person with responsibility for general
>> site operation. The name of the reserved local-part address is:
>>
>> Postmaster
> Yes, local part. It's valid on my site, too, if you get the "domain" right.
How can people GUESS your domain ???
As written above with frog.net and frog.com, how do you guess that
frog.domain.com only has [EMAIL PROTECTED] or [EMAIL PROTECTED] ?
> You know, my machine has several interfaces;
> DNS of some of them is controlled by my ISP (because the IP is in their netblock).
> There's no way for me to set up my mailserver to have a name of each interface in
>its control/locals,
> and check daily whether the ISP didn't change the reverse zone.
This seems like a weak excuse, all your interfaces should have matching RDNS
to their main A records and it's sufficient to set this up once!
Instance like this with several customers with different interfaces
where the customers have their own domain and want their "own" mailserver address,
to make it look like it's their private server or any other reason,
should have RDNS that leads to a postmaster@RDNS .
mail.cust1.net has IP 127.1.0.1, then RDNS should be mail.cust1.net.
the control/locals and control/rcpthosts should contain mail.cust1.net
and rcpthosts should contain any other domain they have set up MX for.
same for mail.cust2.net IP 127.1.0.2 and mail.cust3.net IP 127.1.0.3,
should both have RDNS that matches their main A record.
The third party recipient will not SEE any other domain when 127.1.0.X
connect to his server to send E-Mail, than sender address and this is
not enough to identify a postmaster address.
For argument sake the users can CHOOSE their own sender address and relay
throug their "own" server since relay control is usually IP based.
If any @cust1.net also had an another account he was using it when
sitting at work, or whereever he could relay trought mail.cust1.net,
the recipient would see this address as [EMAIL PROTECTED] .
If this was ABUSE, SPAM or technical problems with this relay,
there is noway [EMAIL PROTECTED] would lead me to
[EMAIL PROTECTED] and the ONLY LOGICAL option would be
[EMAIL PROTECTED] since I only know the IP of the relay!
>> so that "Postmaster@domain" is required to be valid.
>
> I still fail to see "domain must be any RDNS for your computer you can think of".
If your mailservers hostname is mail.antek.cz then mail.antek.cz is also an domain,
then [EMAIL PROTECTED] is an required RFC 822 postmaster address.
>> There are surely more ways to get mail to these admins / postmasters,
>> but telnet to port 25 and manually dropping a "rcpt to: <postmaster>"
>> is far to much to ask from a normal person trying to contact a
>> postmaster.
>
> ORBS tester (notifier) is far from being "normal person". After all, a
> normal person wouldn't know how to set up and run such a service.
> Or doesn't ORBS know either?
They postmaster described in RFC822 is for all user, not ORBS only.
ORBS only have the IP address of the mailserver,
as per RFC822 postmaster@RDNS/IP should be enough.
MVH André Paulsberg IDG New Media Support
Hello!
I'm evaluating qmail performance (qmail with vpopmail, one domain, 10000
users) and I've found that under 20 clients queue grows VERY fast.
Each client retreives all mail from given account, and than send some mails
to it. In 3 minutes qmail running on fairly powerful box gives:
messages in queue: 392
messages in queue but not yet preprocessed: 282
while exim doesn't seems to have this problem.
I didn't do anything special with setup. Maybe I should reconfigure
something?
Alex.
PGP signature
Hi everyone!
Where can I get more information about vpopmail api functions? I want to
make an html page where anyone could pop into and add as a users of
sqwebmail (a kind of Hotmail). I'm using qmail 1.03 and vpopmail.
Thanks in advance!!
Esteban Javier Próspero
also sprach Esteban.Prospero:
> Hi everyone!
> Where can I get more information about vpopmail api functions?
<http://www.inter7.com/vpopmail/vpopmail.html>
> I want to
> make an html page where anyone could pop into and add as a users of
> sqwebmail (a kind of Hotmail). I'm using qmail 1.03 and vpopmail.
Wouldn't it just be easier to throw something together in Perl and execute
VPOPMAILDIR/bin/vadduser, rather than trying to tie into the API?
/pg
--
Peter Green : Gospel Communications Network, SysAdmin : [EMAIL PROTECTED]
---
... faster BogoMIPS calculations (yes, it now boots 2 seconds faster than
it used to: we're considering changing the name from "Linux" to "InstaBOOT".
(Linus, in the announcement for 1.3.26)
Why don't you use de qmailadmin program.
It does what you are trying to do. You can get it at the inter7's site.
-----Mensagem Original-----
De: Próspero, Esteban <[EMAIL PROTECTED]>
Para: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Enviada em: Segunda-feira, 5 de Junho de 2000 12:21
Assunto: programming with vpopmail - add account from web
Hi everyone!
Where can I get more information about vpopmail api functions? I want to
make an html page where anyone could pop into and add as a users of
sqwebmail (a kind of Hotmail). I'm using qmail 1.03 and vpopmail.
Thanks in advance!!
Esteban Javier Próspero
Bruno Negrăo wrote:
>
> Why don't you use de qmailadmin program.
> It does what you are trying to do. You can get it at the inter7's site.
Negative... Qmailadmin from INTER7.COM is great to admin tasks not for
people who wants to POP and create their own accounts. In qmailadmin
only postmaster can create new accounts. Normal users can only change
their passwords.
--
Best Regards from Poland
Krzysztof Ingram - secondary root where the power of Linux / is the
first
FF Computers Sp. z o.o.
Bielsko-Biala
mailto: [EMAIL PROTECTED]
http://www.ffcomp.com.pl
On Sun, Jun 04, 2000 at 11:53:29AM -0400, Raul Miller wrote:
> On Sun, Jun 04, 2000 at 10:51:36AM -0400, Bennett Todd wrote:
> > It's worse than that. The original version _did_ explicitly mention
> > qmail (and Postfix) as replacements for sendmail that would settle
> > the security problems. A subsequent revision removed them.
>
> It would be interesting to know the rationale for the change [was there
> a security problem with postfix? was compatability with the "sendmail
> standard" seen as the issue? did they buy into "all sendmail's security
> bugs have been fixed" line? etc..].
Two remarks (none are dnscache related; sorry):
I just saw a book from Peter Norton on computer security, and it
recommends qmail as a secure replacement for sendmail (it mentions,
but does not recommend postfix).
How would you define "big site" for an MTA? Ohio State (the
university with the most students in the US) runs qmail on its mail
servers. This means 64,000 students.
Mate
> Goran Blazic:
> After installing qmail on my system, suddenly there was no logging activity
> anymore... Nothing new gets written into /var/log/messages anymore?!!?
you might post /etc/syslog.conf and /etc/newsyslog.conf for us to check.
--
clemens
Hi,
> > second, i have set up control/virtualdomains without any problems
> > using the good faq. but, i haven't found anything about forwarding
> > emails. let's assume i have set up test-domain.com:testuser in
> > the virtual domain control file. now, any incoming mail is delivered
> > to the local user "testuser". ok, but how to forward i.e. any incoming
> > emails to "[EMAIL PROTECTED]" to i.e. borther-of-
> > [EMAIL PROTECTED] ??
>
> That depends on what package you use to administer virtual domains
> (vpopmail or Bruce Günther's).
>
Are there examples, HowTos or FAQs for both of these anywhere? It seems that
this question has been asked several different ways over the past few days,
and no answers.
Thanks.
--John
>
>
> -Johan
> --
> Johan Almqvist
It is possible to use a .qmail file with vpopmail...
I have tried a .qmail file in ~vpopmail/domains/mydomain.tld/user with
the lines
./Maildir/
&[EMAIL PROTECTED]
but qmail tries to send it to [EMAIL PROTECTED] and tries to
execute with sh "&[EMAIL PROTECTED]"
I've also tried to use .qmail-user in ~vpopmail/domains/mydomain.tld,
but this file isn't read, the mail is send directly to the user's
Maildir
--
Pablo Martínez Schroder
Departamento de Administracion de Sistemas
Hidra Telecomunicaciones y Multimedia, S.A.
C/. Casas de Campos, 3
29001 Málaga
Tlf Nal.: 902 20 21 02
Tlf Int.: +34 95 222 92 14
http://www.hipernet.es/
mailto:[EMAIL PROTECTED]
!Hola Pablo!
I think you should put a .qmail-usuario under
~vpopmail/domains/mydomain.tld/.qmail-usuario. Look at vpopmail man page or
http://www.inter7.com/vpopmail/vpopmail.html the dot-qmail section.
Suerte!
Esteban Javier Próspero
> From: Pablo Martínez Schroder [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, June 05, 2000 1:39 PM
> To: lista, qmail
> Subject: dot-qmail in vpopmail
>
> It is possible to use a .qmail file with vpopmail...
>
> I have tried a .qmail file in ~vpopmail/domains/mydomain.tld/user with
> the lines
>
> ./Maildir/
> &[EMAIL PROTECTED]
>
> but qmail tries to send it to [EMAIL PROTECTED] and tries to
> execute with sh "&[EMAIL PROTECTED]"
>
> I've also tried to use .qmail-user in ~vpopmail/domains/mydomain.tld,
> but this file isn't read, the mail is send directly to the user's
> Maildir
> --
> Pablo Martínez Schroder
> Departamento de Administracion de Sistemas
>
> Hidra Telecomunicaciones y Multimedia, S.A.
> C/. Casas de Campos, 3
> 29001 Málaga
> Tlf Nal.: 902 20 21 02
> Tlf Int.: +34 95 222 92 14
> http://www.hipernet.es/
> mailto:[EMAIL PROTECTED]
> Goran Blazic:
> address [EMAIL PROTECTED] (the same address on different
>
> There was no way to do this, so I somehow tracked it to the fact, that I had
how is somehow? could you please describe this in more detail?
--
clemens
hello,
I've come across HOWO recently added to the linux HOWTO's, written
by Dan Kuykendall, titled "Qmail VMailMgr and Courier-ImapHOWTO". This
HOWTO guided me though the prep/compile/install for
- ucspi-tcp
- daemontools
- supervise-scripts
- qmail
- vmailmgr
- courier-imap
and a few config changes, like add a user and add a virtualhosts
file to add users to a test domain virtualhost. Ah, of course, I did
remove sendmail and friends before starting.
And then restarted.
[ a little background on the machine: it's an old RH5.1 upgraded to
RH.6.1, running named (from CD rpms), Samba (built from src) and MySQL
(from SRPMs) and Apache+mod_perl (built from src). I do have lots of
Perl modules, but don't think it matters. ]
Well, now nothing's running as it should. It's an internal test
server, so I don't really mind that syslog is taking 50% of cpu time.
:) But I guess that signals that something's running wrong, don't you?
Now, the symptoms I could gather:
- syslogd taking 50% processor time
- command line utilities like mail / sendmail are there and seem
to work, but `mail root` or `sendmail root` and then typing `mail` to
see my own msg did not work. Maybe I'm expecting something to work that
won't ever work when virtualizing email accounts?
- tried to connect to the imap server from the very same box,
with NN4.x under GNOME and got an eternal wait.
- tried to connect to the pop server from the very same box,
with NN4.x under GNOME and got an eternal wait.
As you can read, I'm quite new to this software, and I'm looking for
clues to follow. Could someone point me in the right direction? The aim
of all this is to get qmail to work, and then virtual domain accounts to
work also over imap. Then. with the aid of an opensource imap webmail
interface, I'll be out with Pinky and The Brain to conquer the world :)
Thanks!
martin
-- --
To understand recursion, one must first understand recursion.
-- --
- Martin Langhoff @ S C I M Multimedia Technology -
- http://www.scim.net | God is real until -
- mailto:[EMAIL PROTECTED] | declared integer -
On Mon, Jun 05, 2000 at 03:04:54PM -0300, Martin A. Langhoff wrote:
[snip]
> Now, the symptoms I could gather:
> - syslogd taking 50% processor time
syslog sucks. daemontools (which you installed) come with multilog which
does a far better job.
> - command line utilities like mail / sendmail are there and seem
> to work, but `mail root` or `sendmail root` and then typing `mail` to
> see my own msg did not work. Maybe I'm expecting something to work that
> won't ever work when virtualizing email accounts?
qmail does not and will not ever deliver to root. Check ~alias for where
this mail went, or check the logfiles.
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
Our sun OS 2.7 mail server had a system panic on Friday and it rebooted. I
hadn't configured the boot scripts yet and our other sysadmin didn't call me
(I was on vacation).
This morning I saw that qmail hadn't started and sendmail (which had never
been configured to work) had queued all the messages since friday.
I fixed qmail and rebooted to make sure that my boot scripts now worked.
Now qmail is working fine but I have over 1000 messages in my sendmail
queue.
I tried sendmail.bak -q and it ran and tried to send messages but they all
show up queued.
Any ideas?
We are running behind a firewall and not using DNS behind the firewall I am
using a hardcoded IP address smtproute to forward everything to our mail
server in the DMZ.
First question, can I run sendmail.bak (that was copied from the original
/usr/lib/sendmail that was then linked as follows:
#ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
?
Are my messages queuing because sendmail has never worked properly?
sendmail.cf is a copy of subsidiary.cf and mailhost in /etc/hosts points to
the system that is my snmproute for all traffic for qmail. I have hosts
then dns in my nsswitch.conf file (I know that qmail doesn't read this but
sendmail should).
Next question, is there another way I can send this mail without getting
sendmail to work?
Thanks for any help
Susan Short
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
Susan Short wrote:
> Next question, is there another way I can send this mail without getting
> sendmail to work?
One way to proceed is to divide up the queue into messages, and then
feed each message into qmail-inject.
You will need to "crack" your sendmail's method of storing its queue,
but it shouldn't be difficult.
Once you have figured it out, feed each message into qmail-inject.
--
David Nicol 816.235.1187 [EMAIL PROTECTED]
Visualize creamed corn
clemensF wrote:
>
> > David Dyer-Bennet:
>
> > > identical program invocations get to run their own copy of the program
> > > text.
> >
> > I don't believe this last bit is the case. It's clearly not the case
> > on Linux, anyway, as displayed by the various size numbers in 'top'.
>
> but linux processes don't share one copy of, say, top, when it is called
> twice by different users, do they?
I'm pretty sure they do. Since programs can't modify their own
code space on a Linux system, there's really no reason to have
multiple images of any given program code in memory. Multiple
stacks, heaps, and sets of file descriptors, etc, but not program
code.
Your system is probably just thrashing with higher concurrencies
because it's swapping out chunks of the dynamic data of all those
processes...
Eric
On Mon, Jun 05, 2000 at 04:57:30PM -0700, Eric Cox wrote:
> clemensF wrote:
> >
> > > David Dyer-Bennet:
> >
> > > > identical program invocations get to run their own copy of the program
> > > > text.
> > >
> > > I don't believe this last bit is the case. It's clearly not the case
> > > on Linux, anyway, as displayed by the various size numbers in 'top'.
> >
> > but linux processes don't share one copy of, say, top, when it is called
> > twice by different users, do they?
Yes they do.
> I'm pretty sure they do. Since programs can't modify their own
> code space on a Linux system, there's really no reason to have
> multiple images of any given program code in memory. Multiple
> stacks, heaps, and sets of file descriptors, etc, but not program
> code.
Correct. Same for library code.
> Your system is probably just thrashing with higher concurrencies
> because it's swapping out chunks of the dynamic data of all those
> processes...
Yes, dynamic data ofcourse still needs room in memory.
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
> Eric Cox:
> > but linux processes don't share one copy of, say, top, when it is called
> > twice by different users, do they?
>
> I'm pretty sure they do. Since programs can't modify their own
this has been discussed, and i rest my case.
--
clemens
Hi all,
Is there any control file for qmail that will set a maximum recipient count
for any mail coming into qmail-smtpd?
Regards,
Marc-Adrian Napoli
Network Administrator
Connect Infobahn Australia
+61 2 9281 1750
Hi,
I would like to backup the users I created
with QMailAdmin (vpopmail users, not
UNIX users). Is it only backup passwd
file from vpopmail ?
If I lost my server, the only thing I need to
do is to override the vpopmail passwd ...
begin:vcard
n:Alves;Edilmar
tel;fax:+55(67)741-4530
tel;work:+55(67)741-8811
x-mozilla-html:FALSE
url:http://www.fes.br/
org:Faculdade Estácio de Sá;Coordenação de TPD
version:2.1
email;internet:[EMAIL PROTECTED]
title:FES-CGR
adr;quoted-printable:;;Rua Ven=E2ncio Borges do Nascimento, 377=0D=0AJardim TV Morena;Campo Grande;MS;79052-140;Brasil
end:vcard
Hi to all!
I'm using vpopmail to manage my virtualdomains.
Recently, I encountered one problem with one of my domain.
The e-mails for the domain do not get to their respective mailboxes, the
log for one particular session is attached below. It seem to complain
about not finding a certain file/directory. This is correct as there
really is no such file/directory. I'll need to change the path - but how
do I do that - Which file should I edit? Since this is usually done
automatically by vpopmail - what possibly could have gone wrong?
2000-06-06 10:23:13.147251500 status: local 1/10 remote 0/20
2000-06-06 10:23:13.164625500 delivery 56721: deferral:
/bin/sh:_/home/vpopmail/bin/postmaster:_No_such_file_or_directory/
I'll need to rectify this fast and I hope you all can give me a hand on
this.
thanks a million.
Hi to all,
I have manage to find the problem. It seem that the .qmail-default
contain incorrect info.
It was pointing to
| /home/vpopmail/bin/postmaster
But what puzzles me is :
How did that line get into the .qmail-default file in the first place?
The file is automatically managed by vpopmail and qmailadmin. Is this a
bug with vpopmail and qmailadmin?
shaoming wrote:
>
> Hi to all!
>
> I'm using vpopmail to manage my virtualdomains.
> Recently, I encountered one problem with one of my domain.
> The e-mails for the domain do not get to their respective mailboxes, the
> log for one particular session is attached below. It seem to complain
> about not finding a certain file/directory. This is correct as there
> really is no such file/directory. I'll need to change the path - but how
> do I do that - Which file should I edit? Since this is usually done
> automatically by vpopmail - what possibly could have gone wrong?
>
> 2000-06-06 10:23:13.147251500 status: local 1/10 remote 0/20
> 2000-06-06 10:23:13.164625500 delivery 56721: deferral:
> /bin/sh:_/home/vpopmail/bin/postmaster:_No_such_file_or_directory/
>
> I'll need to rectify this fast and I hope you all can give me a hand on
> this.
>
> thanks a million.
im trying to get qmail to deliever its mail using /bin/mail and i get this
line in the maillog:
Jun 5 21:53:48 ns1 qmail: 960256428.605530 delivery 8: deferral:
Unable_to_open_/bin/mail:_access_denied._(#4.2.1)/
any ideas?
thanks,
Charlie Chrisman
[EMAIL PROTECTED]
(606) 269-7946 Home
(606) 619-2183 Mobile
BEGIN:VCARD
VERSION:2.1
N:Chrisman;Charlie
FN:Charlie Chrisman (E-mail 2)
EMAIL;PREF;INTERNET:[EMAIL PROTECTED]
REV:20000503T104312Z
END:VCARD
On Mon, Jun 05, 2000 at 10:37:24PM -0400, Charlie Chrisman wrote:
> im trying to get qmail to deliever its mail using /bin/mail and i get this
> line in the maillog:
>
> Jun 5 21:53:48 ns1 qmail: 960256428.605530 delivery 8: deferral:
> Unable_to_open_/bin/mail:_access_denied._(#4.2.1)/
How did you tell it to use /bin/mail?
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
here is the contents of my /var/qmail/rc file.... i realized a problem and
am trying to call /bin/mail correctly but i can't figure it out
#!/bin/sh
# Using splogger to send the log through syslog.
# Using binmail to deliver messages to /var/spool/mail/$USER by default.
# Using V7 binmail interface: /bin/mail -f
exec env - PATH="/var/qmail/bin:$PATH" \
qmail-start \
'|preline -f /bin/mail -u "$USER"' \
splogger qmail
any help would be appreciated
thanks
charlie
-----Original Message-----
From: Peter van Dijk [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 05, 2000 10:48 PM
To: Qmail Mailing List E-mail"
Subject: Re: /bin/mail
On Mon, Jun 05, 2000 at 10:37:24PM -0400, Charlie Chrisman wrote:
> im trying to get qmail to deliever its mail using /bin/mail and i get this
> line in the maillog:
>
> Jun 5 21:53:48 ns1 qmail: 960256428.605530 delivery 8: deferral:
> Unable_to_open_/bin/mail:_access_denied._(#4.2.1)/
How did you tell it to use /bin/mail?
Greetz, Peter.
--
[EMAIL PROTECTED] - Peter van Dijk [student:developer:madly in love]
Hi Folks;
I am upgrading a FreeBSD sendmail server to Qmail, did go through the FAQ
and docs extensively, qmail runs and I see all the processes running but
when I try to send mail to local user I get the following errors:
qmaili delivery 1: defferal: fastforward:_fatal:_
qq:_trouble_creating_files_in_queue(#4.3.0)/
qmaili warning: trouble opening local/2/0/70377; will try again later
and
qmaili delivery 1: defferal: sorry,_message_has_wrong_owner
I am using fastforward for sendmail /etc/aliases
~alias/.qmail-default contains:
| fastforward -d /etc/aliases.cdb
I did: tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.temp < /etc/tcp.smtp
and it was OK
also did 'make setup check' at the qmail source dir and went OK
AND I AM RUNNING OUT OF CLUES! (time to get coffee and another brain)
Thanks for any help
Dan
on 6/5/00 8:20 PM, net admin at [EMAIL PROTECTED] wrote:
> Hi Folks;
> I am upgrading a FreeBSD sendmail server to Qmail, did go through the FAQ
> and docs extensively, qmail runs and I see all the processes running but
> when I try to send mail to local user I get the following errors:
>
> qmaili delivery 1: defferal: fastforward:_fatal:_
> qq:_trouble_creating_files_in_queue(#4.3.0)/
Did you try queue-fix? I have never used it but it may give you some more
clues.
http://www.netmeridian.com/e-huss/queue-fix.tar.gz
Pat
Mail seems to be building up my mail queue (I can tell from running qmail-
qstat). I am new to qmail so I don't know quite how everything works yet.
What would cause the mail to build up in the queue and not send, and how
would I fix it?
Any help is greatly appreciated. Thanks in
advance.
---------------------------------------------
This message was sent using MI-Webmail.
No matter where you are, never lose touch.
Get your Email using MI-Webmail.
http://www.monmouth.com/
At 11:30 PM 6/5/00 -0400, [EMAIL PROTECTED] wrote:
>Mail seems to be building up my mail queue (I can tell from running qmail-
>qstat). I am new to qmail so I don't know quite how everything works yet.
>What would cause the mail to build up in the queue and not send, and how
>would I fix it?
first do
ps -waux | grep qmail
and paste the result here
after that see your log , it can be at /var/log/maillog or
/var/qmail/log/current (for the last one is if you use multilog instead of
syslog)
i Got Return mail from my Mail server Follow like
this
Hi. This is the qmail-send program at mbox.samart.co.th.
I'm afraid I wasn't able to deliver your message to the following
addresses.
This is a permanent error; I've given up. Sorry it didn't work
out.
<[EMAIL PROTECTED]>:
203.146.42.135 failed after I sent the message.
Remote host said: 554 Transaction Failed
--- Below this line is a copy of the message.
And this one is maillog on my server
Jun 7 00:28:55 yahoo qmail: 849936535.597206 delivery 18: deferral:
Connected_t o_[IPADDRESS OF
DES]_but_connection_died._Possible_duplicate!/
Any idea ?
=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
PipE
System Engineer
Samart Infonet Co.ltd
99/12 Software Park, 30th Floor Chaengwattana Rd., Klong Gluar, Pak-kred
Nonthaburi 11120
[EMAIL PROTECTED]
icq uin # 10831
office phone : (662) 502-6388 fax : (662)
502-6382
=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
It goes something like the receiving host received the message but the connection was
cut off before an acknowledgment was sent back to you. The mail was probably sent
already.
For more info, the qmail list archive can be very handy. :-)
It's at http://www-archive.ornl.gov:8000
This is what PipE said:
>
> i Got Return mail from my Mail server Follow like this
>
> Hi. This is the qmail-send program at mbox.samart.co.th.
> I'm afraid I wasn't able to deliver your message to the following addresses.
> This is a permanent error; I've given up. Sorry it didn't work out.
> <[EMAIL PROTECTED]>:
> 203.146.42.135 failed after I sent the message.
> Remote host said: 554 Transaction Failed
> --- Below this line is a copy of the message.
>
> And this one is maillog on my server
>
> Jun 7 00:28:55 yahoo qmail: 849936535.597206 delivery 18: deferral: Connected_t
>o_[IPADDRESS OF DES]_but_connection_died._Possible_duplicate!/
>
>
> Any idea ?
> =--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
> PipE
>
> System Engineer
> <http://www.samart.co.th/>Samart Infonet Co.ltd
> 99/12 Software Park, 30th Floor Chaengwattana Rd., Klong Gluar, Pak-kred Nonthaburi
>11120
>
> <mailto:[EMAIL PROTECTED]%3FSubject=Return%20From%20Sigs>[EMAIL PROTECTED]
> icq uin # 10831
> office phone : (662) 502-6388 fax : (662) 502-6382
> =--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=--=
>
On Sun, Jun 04, 2000 at 08:41:11PM -0300, Ricardo D. Albano wrote:
> I think the best choice is to write a qmail-remote wrapper.
>
My scan4virus harness (replaces/augments qmail-queue) reports this info...
http://www.geocities.com/jhaar/scan4virus/
> -----Original Message-----
> From: Jean-Baptiste Jacquemard <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: Tuesday, May 30, 2000 7:37 AM
> Subject: Scanning outgoing attachments
>
>
> >Hello,
> >I would like to scan all outgoing traffic and log the attachments file
> >names, and accessory, the size of the attached file.
> >Please help me, I don't know how to do that.
--
Cheers
Jason Haar
Unix/Network Specialist, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417
Hello everybody,
I'm running QMail 1.03 on a RedHat 6.1. I've configured it following LWQ
instructions and everything went smooth during installation... When I
launch QMail (with "supervise") and I look to /var/log/messages I find
an endless series of messages saying:
"tcpserver: fatal error: unable to bind: port already in use", or
something similar.
Of course the program does not work (I've tried the tests in
TEST.deliver and even local delivery does not work...).
My /etc/services is ok and I have already checked /etc/inetd.conf...
During RedHat installation I have not installed Sendmail. Moreover, if I
do "netstat -pa" BEFORE launching QMail, I see no service active on port
25.
Any ideas?
Thank you very much,
__________________________________________________
Luca Zancan
Logica S.r.l.
e-mail [EMAIL PROTECTED]
URL http://www.logicaonline.com
__________________________________________________
Hi all,
Could someone point me to any docs on ETRN and Mail Queueing with Qmail.
Thank You
--
Tony Wade (Postmaster)
The Internet Solution
Tel: (+27 11) 283 5000
E-mail: [EMAIL PROTECTED]
#include <std/disclaimer.h>
When qmail-inject sees a header line that does not look like a header line
at all (e.g. a continuation line without proper indenting), it makes a
conclusion the header ends here and processes the line as if it was a part
of a message body.
I am sure there is some reason why it behaves this way but I am afraid it
is a really bad idea to accept header malformations silently when
qmail-inject is supposed to get the list of recipients out of message
headers.
(In fact, this is all headerbody()'s fault because qmail-inject itself
would fail if headerbody() did not mask the problem.)
BTW: hfield_valid() should probably refuse any line whose "field
name" (sans trailing spaces before a colon) contains a space.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
