qmail Digest 20 Nov 2000 11:00:01 -0000 Issue 1189
Topics (messages 52467 through 52516):
URGENT !!!!! custom footer with qmail
52467 by: reach_prashant.mail.zeenext.com
52468 by: Olivier M.
[newbie question] IP logging?
52469 by: Stefan Laudat
52481 by: Steve Kapinos
defaulthost is ignored
52470 by: Sebastian Steinlechner
Re: secrets and lies
52471 by: Pavel Kankovsky
52472 by: Pavel Kankovsky
52476 by: Raul Miller
52477 by: Andy Bradford
52499 by: Paul Jarc
52501 by: Adam McKenna
Re: qmail and /var/spool/mail
52473 by: Jose AP Celestino
Re: qmail build problem under SuSE 7.0
52474 by: Jose AP Celestino
52475 by: Erwin Hoffmann
52478 by: David Benfell
52479 by: David Benfell
52480 by: Adam McKenna
52487 by: David Benfell
52488 by: Jose AP Celestino
52489 by: Adam McKenna
52493 by: David Benfell
52494 by: David Benfell
52495 by: Adam McKenna
52498 by: David Benfell
52500 by: Adam McKenna
52502 by: David Benfell
52508 by: Adam McKenna
SMTP on a port other than 25
52482 by: Phil Barnett
52483 by: Vince Vielhaber
52484 by: Phil Barnett
52485 by: Jose AP Celestino
52486 by: Jose AP Celestino
52490 by: Phil Barnett
52491 by: Piotr Kasztelowicz
52504 by: Amitai Schlair
52505 by: -dsr-
52506 by: -dsr-
52507 by: Amitai Schlair
ORBS helps hackers to break into srevers
52492 by: Piotr Kasztelowicz
52496 by: Alex Pennace
52497 by: Piotr Kasztelowicz
52503 by: Alex Pennace
52513 by: Piotr Kasztelowicz
52514 by: Adam McKenna
deferral: unable_to_chdir_to_maildir. (#4.2.1)
52509 by: Dennis
52510 by: Adam McKenna
52511 by: Amitai Schlair
Re: run file suddenly disappear!!
52512 by: Eric Yu
Hop count problem in qmail-send
52515 by: Richard van den Berg
52516 by: markd.bushwire.net
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
hello friends
is it possible to insert custom footer at the end of every mail sent
through my MTA which obviously is qmail-1.03 ,its possible with sendmail
which we were running previously so , now my boss wants this feature , but
i dont know how to implement , i am ready to recompile it if any source
modifications are need then please suggest me which file to modify and on
which line i will have to add my custom footer , i am using qmail-1.03 with
qmail-ldap-2000602.patch patch which is modifying my qmail-smtpd so
please guide me what should i do ?
thanks & regards,
Prashant Desai
On Sun, Nov 19, 2000 at 07:00:02AM +0300, [EMAIL PROTECTED] wrote:
>
> is it possible to insert custom footer at the end of every mail sent
> through my MTA which obviously is qmail-1.03 ,its possible with sendmail
> which we were running previously so , now my boss wants this feature , but
> i dont know how to implement , i am ready to recompile it if any source
> modifications are need then please suggest me which file to modify and on
> which line i will have to add my custom footer , i am using qmail-1.03 with
> qmail-ldap-2000602.patch patch which is modifying my qmail-smtpd so
> please guide me what should i do ?
you could filter all mails using qmail-scanner, and use it to add
a footer (it now add an X-header: it's probably easy to make
it add a footer).
Olivier
--
_________________________________________________________________
Olivier Mueller - [EMAIL PROTECTED] - PGPkeyID: 0E84D2EA - Switzerland
qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch
How can I see the incoming IPs of my pop3 clients?
Thanks!
--
Stefan Laudat
http://www.pepsicola.ro/~stefan
-------------------------------
Love is the triumph of imagination over intelligence.
-- H. L. Mencken
If you setup qmail with tcpserver, accustamp, and cyclelog, as per the
HOWTOs, you should be getting logging of qmail-pop3d connections in
/var/log/qmail/qmail-pop3d
-Steve
-----Original Message-----
From: Stefan Laudat [mailto:[EMAIL PROTECTED]]
Sent: Sunday, November 19, 2000 7:36 AM
To: [EMAIL PROTECTED]
Subject: [newbie question] IP logging?
How can I see the incoming IPs of my pop3 clients?
Thanks!
--
Stefan Laudat
http://www.pepsicola.ro/~stefan
-------------------------------
Love is the triumph of imagination over intelligence.
-- H. L. Mencken
Hi all,
As my machine running qmail is named senfpott.gysar (a bogus name, used only
in our local network), it should masquerade any outgoing mail to
[EMAIL PROTECTED] Now - as explained in the faq - I put
gymnasium-sarstedt.de into control/defaulthost. It worked - until I
configured serialmail. Now qmail seems to just ignore defaulthost, no matter
whether the mail is to a local or a remote address - it always shows <from:
[EMAIL PROTECTED]>.
I already tried to change all the senfpott.gysars into gymnasium-sarstedt.de
(in me, defaultdomain etc.) which 1st isn't a good practice at all and 2nd
doesn't help either.
Of course I already checked if there's an environment variable set that
overrides defaulthost, but there is none.
Any help?
Sebastian Steinlechner
On 15 Nov 2000, Chris K. Young wrote:
> I say that dist.html should be considered authoritative. There are
> references in the qmail and djbdns documentation that contain the
> URL to their respective pages.
But there are ABSOLUTELY no references to dist.html or softwarelaw.html in
the source tarballs. I have examined qmail 1.03 (including the bundled
sort-of documentation) and dnscache 1.00 (I do not think the most djbdns
is so different to justify the costs of downloading it right now, via a
slow modem link).
Moreover, softwarelaw.html is about using the software ``once you've
legally downloaded [it]'', dist.html is about (re)distribution of qmail
(again, once you've...). The mere fact something is published on the
Internet does not make downloading it legal (DJB's theories in
http://cr.yp.to/rights.html notwithstanding), esp. when the thing in
question does not carry any ``you can copy me'' label (for the same
reasons the mere fact I neglected to close and lock the door of my house
does not give you the right to enter and take my stuff).
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
On Fri, 17 Nov 2000, Felix von Leitner wrote:
> Software security _is_ easy.
> The correct paradigms have been published for decades.
And ignored by most people for decades. :)
> Had you actually read the Schneier, you would know that no testing in
> the world can prove the security of a system. Testing can only prove
> that a system is not secure.
Unless a finite set of tests can exhaust all the desired behaviour of the
system. Most systems are not finite in this sense but a few are. (Anyway,
I guess that he meant testing in a wider sense.)
> And source code is a formal representation of an algorithm, not a proof.
There is a thing called Howard-Someone correspondence (I can't recall the
second name now, sorry) translating logical formulas to lambda terms and
vice versa. This can be used to show that proofs of theorems of a certain
form correspond to programs (i.e. lambda terms) and programs correspond to
proofs.
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
Thus said "Michael T. Babcock" on Sat, 18 Nov 2000 13:41:20 EST:
> > OSI == "Open Source Initiative" I believe ...
On Sat, Nov 18, 2000 at 11:52:03AM -0700, Andy Bradford wrote:
> That's funny, I always thought that OSI was the _Open Systems
> Interconnection_ internet model proposed by the ISO. I guess this
> goes to show that context really does matter. :-)
Yep.
Or do you have similar problems deciding whether ATM means automated
teller machine or asychronous transfer mode? Or deciding whether
ASP means active server pages or application service provider? Or ...
--
Raul
Thus said Raul Miller on Sun, 19 Nov 2000 12:33:30 EST:
> Or do you have similar problems deciding whether ATM means automated
> teller machine or asychronous transfer mode? Or deciding whether
> ASP means active server pages or application service provider? Or ...
Not generally, however, I must admit that when...
[EMAIL PROTECTED] said:
> Don't care. What I care about is what the words mean in an actual
> language. In this case English. I do not recognize OSI as a standards
> body and do not care what definition of Open Source can be found at
> opensource.org or the
I was thrown off for a bit---I have never seen Open Source Initiative
turned into an acronym, so the first time I say OSI I immediately
thought he had qualms with the OSI model, because that was the only
instance of OSI that I had ever seen (and I have been using "open
source" software for a while now).
Andy
--
[-----------[system uptime]--------------------------------------------]
12:19pm up 17 days, 14:39, 4 users, load average: 1.20, 1.35, 1.31
"Pavel Kankovsky" <[EMAIL PROTECTED]> writes:
> But there are ABSOLUTELY no references to dist.html or softwarelaw.html in
> the source tarballs.
So what?
> Moreover, softwarelaw.html is about using the software ``once you've
> legally downloaded [it]'', dist.html is about (re)distribution of qmail
> (again, once you've...). The mere fact something is published on the
> Internet does not make downloading it legal (DJB's theories in
> http://cr.yp.to/rights.html notwithstanding),
I see no theories of his there. The only part there he attributes to
himself is:
: I don't know which of these theories will succeed in court. I also
: don't think you should have to care. So I promise I won't sue you
: for copyright violation for downloading documents from my server.
which makes it clear to me that downloading, e.g., qmail-1.03.tar.gz
won't get me in trouble.
paul
On Sun, Nov 19, 2000 at 09:05:04PM -0500, Paul Jarc wrote:
> : I don't know which of these theories will succeed in court. I also
> : don't think you should have to care. So I promise I won't sue you
> : for copyright violation for downloading documents from my server.
>
> which makes it clear to me that downloading, e.g., qmail-1.03.tar.gz
> won't get me in trouble.
Unless Dan decides at a later date to remove that page from his website. At
that point, how will you prove that you obtained the software legitimately?
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
9:22pm up 162 days, 19:38, 12 users, load average: 0.00, 0.01, 0.00
jon wrote:
> Hi,
>
> Sorry to sound like a total newbie, but, I guess I am at qmail! If I have
> an email address [EMAIL PROTECTED] and I want to collect mail from this. I
> need a .qmail called jon.qmail with /var/spool/mail/jon in it.
Nope, you need a .qmail file with /var/spool/mail/jon in it. It is not
jon.qmail it is simply ".qmail".
> But where
> does this file need to go?
>
At jon's home dir (for instance /home/home/jon/.qmail)
>
> And what should be in my /var/qmail/rc file? Once again, sorry for being a
> newbie :-)
>
Why should you have to mess with this file? Check the attached init script.
>
> All the best and thank so far,
>
> Jon
>
> > Do
> >
> > chmod 777 /var/spool/mail
> > chmod +s /var/spool/mail
> >
> > Edit the users .qmail to be
> >
> > /var/spool/mail/$USER
> >
> > (*change* $USER to be the user login)
> >
> > no / at the end or you will have a Maildir not a mailbox.
> >
> > Done.
> >
> > Any permission issues?
> >
> > japc.
> >
> >
> > Jon wrote:
> >
> > >Hi,
> > >
> > >Is there any guides to setting up qmail using /var/spool/mail, as all
> > of the
> > >ones I have read just show you how to use ./Mailbox which I don't want
> > to
> > >do.
> > >
> > >Any help? Thanks,
> > >
> > >Jon
> >
--
José AP Celestino - [EMAIL PROTECTED]
Administração de Sistemas - PT Multimedia
SAPO - www.sapo.pt
------------------------------------------
#!/bin/sh
#
# qmail /etc/init.d script for qmail (http://www.qmail.org/)
#
# Version: @(#) /etc/init.d/qmail 1.00 03-Sep-1997
#
# Author: Larry Doolittle <[EMAIL PROTECTED]>
# derived from skeleton by Miquel van Smoorenburg,
# <[EMAIL PROTECTED]>
#
# Source function library.
# See how we were called.
case "$1" in
start)
touch /var/lock/qmail
env - PATH="/var/qmail/bin:$PATH" \
csh -cf 'qmail-start ./Maildir/ multilog t /var/log/qmail &'
/usr/local/bin/tcpserver -P -H -R -u 64011 -g 101 0 smtp
/usr/local/bin/tcpcontrol /etc/tcp.smtp.cdb /var/qmail/bin/qmail-smtpd &
echo $! >/var/run/qmail-smtpd
/usr/local/bin/tcpserver -P -H -R -x /etc/tcp.pop-3.cdb 0 pop-3
/var/qmail/bin/qmail-popup mail.sl.pt \
/var/qmail/bin/auth_pop /var/qmail/bin/qmail-pop3d Maildir &
echo $! >/var/run/qmail-popup
;;
stop)
killall qmail-send
kill `cat /var/run/qmail-smtpd`
kill `cat /var/run/qmail-popup`
rm -f /var/lock/qmail-smtpd
rm -f /var/lock/qmail-popup
rm -f /var/lock/qmail
;;
*)
echo "Usage: qmail {start|stop}"
exit 1
esac
exit 0
And the problem persists? Isn't /usr/lib/libresolv.so a broken symlink? Check it
out please.
David Benfell wrote:
> Thanks Jose, but...
>
> On Sat, Nov 18, 2000 at 09:40:42PM +0000, Jose AP Celestino wrote:
> >
> > The make process fails to find the named (literally) functions. The functions
> > raising the errors are located at the
> >
> > libresolv
> >
> > libs. At my system: /usr/lib/libresolv.so -> /lib/libresolv.so.2 ->
> > /lib/libresolv-2.1.92.so.
> >
> I upgraded glibc on my system, so I've now got (full directory
> attached) libresolv files in /lib, /usr/lib, and /usr/local/lib.
>
> > Hmmm, have you installed the glibc? Of course you have. So where are the
> > libresolv* ?
> >
> Oh yeah. At least twice.
>
> > Find them hand cp ou ln them to their right locations (/lib and /usr/lib).
> >
> Versions are already there...
>
> > Do that and qmail will compile ok (or at least will not fail in this same
> > place).
> >
>
> --
> David Benfell
> [EMAIL PROTECTED]
> ---
> The grand leap of the whale up the Fall of Niagara is esteemed, by all
> who have seen it, as one of the finest spectacles in nature.
> -- Benjamin Franklin.
>
> [from fortune]
>
>
>
> ------------------------------------------------------------------------
>
> libresolv-dir.logName: libresolv-dir.log
> Type: Plain Text (text/plain)
>
> Part 1.2Type: application/pgp-signature
--
José AP Celestino - [EMAIL PROTECTED]
Administração de Sistemas - PT Multimedia
SAPO - www.sapo.pt
------------------------------------------
Hi,
problems regarding with SUSE 7.0 are not known to me.
What may be the case is whether you have IPv6 support enabled or not.
Disable it.
cheers.
eh.
At 15:46 19.11.2000 +0000, Jose AP Celestino wrote:
>And the problem persists? Isn't /usr/lib/libresolv.so a broken symlink?
Check it
>out please.
>
>David Benfell wrote:
>
>> Thanks Jose, but...
>>
>> On Sat, Nov 18, 2000 at 09:40:42PM +0000, Jose AP Celestino wrote:
>> >
>> > The make process fails to find the named (literally) functions. The
functions
>> > raising the errors are located at the
>> >
>> > libresolv
>> >
>> > libs. At my system: /usr/lib/libresolv.so -> /lib/libresolv.so.2 ->
>> > /lib/libresolv-2.1.92.so.
>> >
>> I upgraded glibc on my system, so I've now got (full directory
>> attached) libresolv files in /lib, /usr/lib, and /usr/local/lib.
>>
>> > Hmmm, have you installed the glibc? Of course you have. So where are the
>> > libresolv* ?
>> >
>> Oh yeah. At least twice.
>>
>> > Find them hand cp ou ln them to their right locations (/lib and
/usr/lib).
>> >
>> Versions are already there...
>>
>> > Do that and qmail will compile ok (or at least will not fail in this same
>> > place).
>> >
>>
>> --
>> David Benfell
>> [EMAIL PROTECTED]
>> ---
>> The grand leap of the whale up the Fall of Niagara is esteemed, by all
>> who have seen it, as one of the finest spectacles in nature.
>> -- Benjamin Franklin.
>>
>> [from fortune]
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> libresolv-dir.logName: libresolv-dir.log
>> Type: Plain Text (text/plain)
>>
>> Part 1.2Type: application/pgp-signature
>
>--
>José AP Celestino - [EMAIL PROTECTED]
>Administração de Sistemas - PT Multimedia
>SAPO - www.sapo.pt
>------------------------------------------
>
>
>
>
+-----------------------------------------------------------------------+
| fff hh http://www.fehcom.de Dr. Erwin Hoffmann |
| ff hh |
| ff eee hhhh ccc ooo mm mm mm Wiener Weg 8 |
| fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln |
| ff ee eee hh hh cc oo oo mm mm mm |
| ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 |
| ff eeee hh hh ccc ooo mm mm mm Fax 0221 484 4924 |
+-----------------------------------------------------------------------+
On Sun, Nov 19, 2000 at 03:46:59PM +0000, Jose AP Celestino wrote:
>
> And the problem persists? Isn't /usr/lib/libresolv.so a broken symlink? Check it
> out please.
>
Assuming I'm following the links correctly:
benfell:/usr/local/src # ls -al /usr/lib/libresolv.so /lib/libresolv.so.2
-rwxr-xr-x 1 root root 162474 Jul 30 12:42 /lib/libresolv.so.2
lrwxrwxrwx 1 root root 24 Nov 14 10:45 /usr/lib/libresolv.so ->
../../lib/libresolv.so.2
benfell:/usr/local/src # file /usr/lib/libresolv.so
/usr/lib/libresolv.so: symbolic link to ../../lib/libresolv.so.2
benfell:/usr/local/src # file /lib/libresolv.so.2
/lib/libresolv.so.2: ELF 32-bit LSB shared object, Intel 80386, version 1, not stripped
I think something's there, even if it's broken. Though I haven't had
trouble building anything else.
> David Benfell wrote:
>
> > Thanks Jose, but...
> >
> > On Sat, Nov 18, 2000 at 09:40:42PM +0000, Jose AP Celestino wrote:
> > >
> > > The make process fails to find the named (literally) functions. The functions
> > > raising the errors are located at the
> > >
> > > libresolv
> > >
> > > libs. At my system: /usr/lib/libresolv.so -> /lib/libresolv.so.2 ->
> > > /lib/libresolv-2.1.92.so.
> > >
> > I upgraded glibc on my system, so I've now got (full directory
> > attached) libresolv files in /lib, /usr/lib, and /usr/local/lib.
> >
> > > Hmmm, have you installed the glibc? Of course you have. So where are the
> > > libresolv* ?
> > >
> > Oh yeah. At least twice.
> >
> > > Find them hand cp ou ln them to their right locations (/lib and /usr/lib).
> > >
> > Versions are already there...
> >
> > > Do that and qmail will compile ok (or at least will not fail in this same
> > > place).
--
David Benfell
[EMAIL PROTECTED]
---
The grand leap of the whale up the Fall of Niagara is esteemed, by all
who have seen it, as one of the finest spectacles in nature.
-- Benjamin Franklin.
[from fortune]
PGP signature
On Sun, Nov 19, 2000 at 05:20:35PM +0100, Erwin Hoffmann wrote:
>
> problems regarding with SUSE 7.0 are not known to me.
> What may be the case is whether you have IPv6 support enabled or not.
>
> Disable it.
>
You might be on to something. I grabbed a .config file from somebody
else. Sure enough, IPv6 support is enabled as a module. I will run
off and rebuild now...
Thanks!
>
>
> At 15:46 19.11.2000 +0000, Jose AP Celestino wrote:
> >And the problem persists? Isn't /usr/lib/libresolv.so a broken symlink?
> Check it
> >out please.
> >
> >David Benfell wrote:
> >
> >> Thanks Jose, but...
> >>
> >> On Sat, Nov 18, 2000 at 09:40:42PM +0000, Jose AP Celestino wrote:
> >> >
> >> > The make process fails to find the named (literally) functions. The
> functions
> >> > raising the errors are located at the
> >> >
> >> > libresolv
> >> >
> >> > libs. At my system: /usr/lib/libresolv.so -> /lib/libresolv.so.2 ->
> >> > /lib/libresolv-2.1.92.so.
> >> >
> >> I upgraded glibc on my system, so I've now got (full directory
> >> attached) libresolv files in /lib, /usr/lib, and /usr/local/lib.
> >>
> >> > Hmmm, have you installed the glibc? Of course you have. So where are the
> >> > libresolv* ?
> >> >
> >> Oh yeah. At least twice.
> >>
> >> > Find them hand cp ou ln them to their right locations (/lib and
> /usr/lib).
> >> >
> >> Versions are already there...
> >>
> >> > Do that and qmail will compile ok (or at least will not fail in this same
> >> > place).
> >> >
--
David Benfell
[EMAIL PROTECTED]
---
The grand leap of the whale up the Fall of Niagara is esteemed, by all
who have seen it, as one of the finest spectacles in nature.
-- Benjamin Franklin.
[from fortune]
PGP signature
On Sun, Nov 19, 2000 at 12:35:07PM -0800, David Benfell wrote:
> On Sun, Nov 19, 2000 at 05:20:35PM +0100, Erwin Hoffmann wrote:
> >
> > problems regarding with SUSE 7.0 are not known to me.
> > What may be the case is whether you have IPv6 support enabled or not.
> >
> > Disable it.
> >
> You might be on to something. I grabbed a .config file from somebody
> else. Sure enough, IPv6 support is enabled as a module. I will run
> off and rebuild now...
I seriously doubt that this has anything to do with anything -- Enabling an
option as a module does not affect the running kernel unless that module
is actualy loaded. (Via insmod/modprobe/etc).
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
4:11pm up 162 days, 14:27, 11 users, load average: 0.00, 0.00, 0.00
On Sun, Nov 19, 2000 at 04:15:49PM -0500, Adam McKenna wrote:
>
> On Sun, Nov 19, 2000 at 12:35:07PM -0800, David Benfell wrote:
> > On Sun, Nov 19, 2000 at 05:20:35PM +0100, Erwin Hoffmann wrote:
> > >
> > > problems regarding with SUSE 7.0 are not known to me.
> > > What may be the case is whether you have IPv6 support enabled or not.
> > >
> > > Disable it.
> > >
> > You might be on to something. I grabbed a .config file from somebody
> > else. Sure enough, IPv6 support is enabled as a module. I will run
> > off and rebuild now...
>
> I seriously doubt that this has anything to do with anything -- Enabling an
> option as a module does not affect the running kernel unless that module
> is actualy loaded. (Via insmod/modprobe/etc).
>
Indeed. [Sigh...] Still no joy. Any other ideas?
The symptoms at "make setup check" remain:
./load qmail-remote control.o constmap.o timeoutread.o \
timeoutwrite.o timeoutconn.o tcpto.o now.o dns.o ip.o \
ipalloc.o ipme.o quote.o ndelay.a case.a sig.a open.a \
lock.a seek.a getln.a stralloc.a alloc.a substdio.a error.a \
str.a fs.a auto_qmail.o `cat dns.lib` `cat socket.lib`
dns.o: In function `resolve':
dns.o(.text+0x11f): undefined reference to `__dn_expand'
dns.o: In function `findname':
dns.o(.text+0x1ce): undefined reference to `__dn_expand'
dns.o(.text+0x247): undefined reference to `__dn_expand'
dns.o: In function `findip':
dns.o(.text+0x2ca): undefined reference to `__dn_expand'
dns.o: In function `findmx':
dns.o(.text+0x3ce): undefined reference to `__dn_expand'
dns.o(.text+0x469): more undefined references to `__dn_expand' follow
dns.o: In function `dns_init':
dns.o(.text+0x4bb): undefined reference to `__res_init'
dns.o(.text+0x4c9): undefined reference to `__res_search'
dns.o(.data+0xc): undefined reference to `__res_query'
collect2: ld returned 1 exit status
make: *** [qmail-remote] Error 1
Thanks!
--
David Benfell
[EMAIL PROTECTED]
---
The grand leap of the whale up the Fall of Niagara is esteemed, by all
who have seen it, as one of the finest spectacles in nature.
-- Benjamin Franklin.
[from fortune]
PGP signature
man, the problems is doubtless from the forementioned lib.
doubt someone has been messing with your ld path but try
[root@morgoth /root]# ldconfig -v | grep libresolv
ldconfig: Path `/usr/lib' given more than once
libresolv.so.2 -> libresolv-2.1.92.so
[root@morgoth /root]# ldconfig -v | grep libnss_dns
ldconfig: Path `/usr/lib' given more than once
libnss_dns.so.2 -> libnss_dns-2.1.92.so
libnss_dns.so.1 -> libnss1_dns-2.1.92.so
moreover do
# cat dns.lib
at the qmail source tree. if empty do
# echo "-lresolv" > dns.lib
and then do
# make setup check
again (with no make clean).
Done it?
David Benfell wrote:
> On Sun, Nov 19, 2000 at 04:15:49PM -0500, Adam McKenna wrote:
> >
> > On Sun, Nov 19, 2000 at 12:35:07PM -0800, David Benfell wrote:
> > > On Sun, Nov 19, 2000 at 05:20:35PM +0100, Erwin Hoffmann wrote:
> > > >
> > > > problems regarding with SUSE 7.0 are not known to me.
> > > > What may be the case is whether you have IPv6 support enabled or
not.
> > > >
> > > > Disable it.
> > > >
> > > You might be on to something. I grabbed a .config file from
somebody
> > > else. Sure enough, IPv6 support is enabled as a module. I will
run
> > > off and rebuild now...
> >
> > I seriously doubt that this has anything to do with anything --
Enabling an
> > option as a module does not affect the running kernel unless that
module
> > is actualy loaded. (Via insmod/modprobe/etc).
> >
> Indeed. [Sigh...] Still no joy. Any other ideas?
>
> The symptoms at "make setup check" remain:
>
> ./load qmail-remote control.o constmap.o timeoutread.o \
> timeoutwrite.o timeoutconn.o tcpto.o now.o dns.o ip.o \
> ipalloc.o ipme.o quote.o ndelay.a case.a sig.a open.a \
> lock.a seek.a getln.a stralloc.a alloc.a substdio.a error.a \
> str.a fs.a auto_qmail.o `cat dns.lib` `cat socket.lib`
> dns.o: In function `resolve':
> dns.o(.text+0x11f): undefined reference to `__dn_expand'
> dns.o: In function `findname':
> dns.o(.text+0x1ce): undefined reference to `__dn_expand'
> dns.o(.text+0x247): undefined reference to `__dn_expand'
> dns.o: In function `findip':
> dns.o(.text+0x2ca): undefined reference to `__dn_expand'
> dns.o: In function `findmx':
> dns.o(.text+0x3ce): undefined reference to `__dn_expand'
> dns.o(.text+0x469): more undefined references to `__dn_expand' follow
> dns.o: In function `dns_init':
> dns.o(.text+0x4bb): undefined reference to `__res_init'
> dns.o(.text+0x4c9): undefined reference to `__res_search'
> dns.o(.data+0xc): undefined reference to `__res_query'
> collect2: ld returned 1 exit status
> make: *** [qmail-remote] Error 1
>
> Thanks!
>
> --
> David Benfell
> [EMAIL PROTECTED]
> ---
> The grand leap of the whale up the Fall of Niagara is esteemed, by all
> who have seen it, as one of the finest spectacles in nature.
> -- Benjamin Franklin.
>
> [from fortune]
>
>
>
>
------------------------------------------------------------------------
> Part 1.2Type: application/pgp-signature
--
José AP Celestino - [EMAIL PROTECTED]
Administração de Sistemas - PT Multimedia
SAPO - www.sapo.pt
------------------------------------------
On Sun, Nov 19, 2000 at 01:56:10PM -0800, David Benfell wrote:
> Indeed. [Sigh...] Still no joy. Any other ideas?
>
> The symptoms at "make setup check" remain:
>
> ./load qmail-remote control.o constmap.o timeoutread.o \
> timeoutwrite.o timeoutconn.o tcpto.o now.o dns.o ip.o \
> ipalloc.o ipme.o quote.o ndelay.a case.a sig.a open.a \
> lock.a seek.a getln.a stralloc.a alloc.a substdio.a error.a \
> str.a fs.a auto_qmail.o `cat dns.lib` `cat socket.lib`
> dns.o: In function `resolve':
> dns.o(.text+0x11f): undefined reference to `__dn_expand'
> dns.o: In function `findname':
> dns.o(.text+0x1ce): undefined reference to `__dn_expand'
> dns.o(.text+0x247): undefined reference to `__dn_expand'
> dns.o: In function `findip':
> dns.o(.text+0x2ca): undefined reference to `__dn_expand'
> dns.o: In function `findmx':
> dns.o(.text+0x3ce): undefined reference to `__dn_expand'
> dns.o(.text+0x469): more undefined references to `__dn_expand' follow
> dns.o: In function `dns_init':
> dns.o(.text+0x4bb): undefined reference to `__res_init'
> dns.o(.text+0x4c9): undefined reference to `__res_search'
> dns.o(.data+0xc): undefined reference to `__res_query'
> collect2: ld returned 1 exit status
> make: *** [qmail-remote] Error 1
Is it possible that you have the current libc installed but an old libc-dev
installed? If that was the case then resolv.h might contain the incorrect
function calls.
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
5:49pm up 162 days, 16:06, 12 users, load average: 0.27, 0.07, 0.02
On Sun, Nov 19, 2000 at 05:53:51PM -0500, Adam McKenna wrote:
>
> On Sun, Nov 19, 2000 at 01:56:10PM -0800, David Benfell wrote:
> > Indeed. [Sigh...] Still no joy. Any other ideas?
> >
> > The symptoms at "make setup check" remain:
> >
> > ./load qmail-remote control.o constmap.o timeoutread.o \
> > timeoutwrite.o timeoutconn.o tcpto.o now.o dns.o ip.o \
> > ipalloc.o ipme.o quote.o ndelay.a case.a sig.a open.a \
> > lock.a seek.a getln.a stralloc.a alloc.a substdio.a error.a \
> > str.a fs.a auto_qmail.o `cat dns.lib` `cat socket.lib`
> > dns.o: In function `resolve':
> > dns.o(.text+0x11f): undefined reference to `__dn_expand'
> > dns.o: In function `findname':
> > dns.o(.text+0x1ce): undefined reference to `__dn_expand'
> > dns.o(.text+0x247): undefined reference to `__dn_expand'
> > dns.o: In function `findip':
> > dns.o(.text+0x2ca): undefined reference to `__dn_expand'
> > dns.o: In function `findmx':
> > dns.o(.text+0x3ce): undefined reference to `__dn_expand'
> > dns.o(.text+0x469): more undefined references to `__dn_expand' follow
> > dns.o: In function `dns_init':
> > dns.o(.text+0x4bb): undefined reference to `__res_init'
> > dns.o(.text+0x4c9): undefined reference to `__res_search'
> > dns.o(.data+0xc): undefined reference to `__res_query'
> > collect2: ld returned 1 exit status
> > make: *** [qmail-remote] Error 1
>
> Is it possible that you have the current libc installed but an old libc-dev
> installed? If that was the case then resolv.h might contain the incorrect
> function calls.
>
Ooo... I can't rule this out at all, mainly because I don't know
enough.
I built glibc 2.2 from source. It looks like SuSE 7.0 comes with
2.1.3 (judging from rpm -qa | grep libc).
glibc 2.1.3 would be installed in /lib, where SuSE put it. 2.2 would
be in /usr/local/lib, where the build process defaults to putting it.
I have resolv.h in /usr/include/resolv.h and in
/usr/local/include/resolv.h The differences appear significant and
are attached.
So I've screwed up glibc? Is there a quick fix?
Thanks!
--
David Benfell
[EMAIL PROTECTED]
---
The grand leap of the whale up the Fall of Niagara is esteemed, by all
who have seen it, as one of the finest spectacles in nature.
-- Benjamin Franklin.
[from fortune]
PGP signature
With the attachment this time...
Thanks!
On Sun, Nov 19, 2000 at 04:40:01PM -0800, David Benfell wrote:
>
> On Sun, Nov 19, 2000 at 05:53:51PM -0500, Adam McKenna wrote:
> >
> > On Sun, Nov 19, 2000 at 01:56:10PM -0800, David Benfell wrote:
> > > Indeed. [Sigh...] Still no joy. Any other ideas?
> > >
> > > The symptoms at "make setup check" remain:
> > >
> > > ./load qmail-remote control.o constmap.o timeoutread.o \
> > > timeoutwrite.o timeoutconn.o tcpto.o now.o dns.o ip.o \
> > > ipalloc.o ipme.o quote.o ndelay.a case.a sig.a open.a \
> > > lock.a seek.a getln.a stralloc.a alloc.a substdio.a error.a \
> > > str.a fs.a auto_qmail.o `cat dns.lib` `cat socket.lib`
> > > dns.o: In function `resolve':
> > > dns.o(.text+0x11f): undefined reference to `__dn_expand'
> > > dns.o: In function `findname':
> > > dns.o(.text+0x1ce): undefined reference to `__dn_expand'
> > > dns.o(.text+0x247): undefined reference to `__dn_expand'
> > > dns.o: In function `findip':
> > > dns.o(.text+0x2ca): undefined reference to `__dn_expand'
> > > dns.o: In function `findmx':
> > > dns.o(.text+0x3ce): undefined reference to `__dn_expand'
> > > dns.o(.text+0x469): more undefined references to `__dn_expand' follow
> > > dns.o: In function `dns_init':
> > > dns.o(.text+0x4bb): undefined reference to `__res_init'
> > > dns.o(.text+0x4c9): undefined reference to `__res_search'
> > > dns.o(.data+0xc): undefined reference to `__res_query'
> > > collect2: ld returned 1 exit status
> > > make: *** [qmail-remote] Error 1
> >
> > Is it possible that you have the current libc installed but an old libc-dev
> > installed? If that was the case then resolv.h might contain the incorrect
> > function calls.
> >
> Ooo... I can't rule this out at all, mainly because I don't know
> enough.
>
> I built glibc 2.2 from source. It looks like SuSE 7.0 comes with
> 2.1.3 (judging from rpm -qa | grep libc).
>
> glibc 2.1.3 would be installed in /lib, where SuSE put it. 2.2 would
> be in /usr/local/lib, where the build process defaults to putting it.
>
> I have resolv.h in /usr/include/resolv.h and in
> /usr/local/include/resolv.h The differences appear significant and
> are attached.
>
> So I've screwed up glibc? Is there a quick fix?
>
> Thanks!
>
> --
> David Benfell
> [EMAIL PROTECTED]
> ---
> The grand leap of the whale up the Fall of Niagara is esteemed, by all
> who have seen it, as one of the finest spectacles in nature.
> -- Benjamin Franklin.
>
> [from fortune]
>
>
--
David Benfell
[EMAIL PROTECTED]
---
The grand leap of the whale up the Fall of Niagara is esteemed, by all
who have seen it, as one of the finest spectacles in nature.
-- Benjamin Franklin.
[from fortune]
--- /usr/include/resolv.h Sun Jul 30 12:42:32 2000
+++ /usr/local/include/resolv.h Tue Nov 14 23:59:51 2000
@@ -1,7 +1,5 @@
/*
- * ++Copyright++ 1983, 1987, 1989, 1993
- * -
- * Copyright (c) 1983, 1987, 1989, 1993
+ * Copyright (c) 1983, 1987, 1989
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -12,10 +10,6 @@
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * This product includes software developed by the University of
- * California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
@@ -31,37 +25,32 @@
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
- * -
- * Portions Copyright (c) 1993 by Digital Equipment Corporation.
+ */
+
+/*
+ * Portions Copyright (c) 1996-1999 by Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies, and that
- * the name of Digital Equipment Corporation not be used in advertising or
- * publicity pertaining to distribution of the document or software without
- * specific, written prior permission.
+ * copyright notice and this permission notice appear in all copies.
*
- * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
- * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT
- * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
- * -
- * --Copyright--
*/
/*
* @(#)resolv.h 8.1 (Berkeley) 6/2/93
- * $Id: resolv.h,v 1.19 1998/06/29 12:41:27 drepper Exp $
+ * $BINDId: resolv.h,v 8.31 2000/03/30 20:16:50 vixie Exp $
*/
-#ifndef _RESOLV_H
-#define _RESOLV_H 1
-
-#include <features.h>
+#ifndef _RESOLV_H_
+#define _RESOLV_H_
#include <sys/param.h>
#if (!defined(BSD)) || (BSD < 199306)
@@ -69,8 +58,11 @@
#else
# include <sys/types.h>
#endif
+#include <sys/cdefs.h>
#include <stdio.h>
+
#include <netinet/in.h>
+#include <arpa/nameser.h>
/*
* Revision information. This is the release date in YYYYMMDD format.
@@ -80,18 +72,41 @@
* is new enough to contain a certain feature.
*/
-#define __RES 19960801
+#define __RES 19991006
/*
* Resolver configuration file.
* Normally not present, but may contain the address of the
- * initial name server(s) to query and the domain search list.
+ * inital name server(s) to query and the domain search list.
*/
#ifndef _PATH_RESCONF
#define _PATH_RESCONF "/etc/resolv.conf"
#endif
+typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error }
+ res_sendhookact;
+
+typedef res_sendhookact (*res_send_qhook) (struct sockaddr_in * const *ns,
+ const u_char **query,
+ int *querylen,
+ u_char *ans,
+ int anssiz,
+ int *resplen);
+
+typedef res_sendhookact (*res_send_rhook) (const struct sockaddr_in *ns,
+ const u_char *query,
+ int querylen,
+ u_char *ans,
+ int anssiz,
+ int *resplen);
+
+struct res_sym {
+ int number; /* Identifying number, like T_MX */
+ char * name; /* Its symbolic name, like "MX" */
+ char * humanname; /* Its fun name, like "mail exchanger" */
+};
+
/*
* Global defines and variables for resolver stub.
*/
@@ -103,9 +118,13 @@
#define RES_TIMEOUT 5 /* min. seconds between retries */
#define MAXRESOLVSORT 10 /* number of net to sort on */
#define RES_MAXNDOTS 15 /* should reflect bit field size */
+#define RES_MAXRETRANS 30 /* only for resolv.conf/RES_OPTIONS */
+#define RES_MAXRETRY 5 /* only for resolv.conf/RES_OPTIONS */
+#define RES_DFLRETRY 2 /* Default #/tries. */
+#define RES_MAXTIME 65535 /* Infinity, in milliseconds. */
struct __res_state {
- int retrans; /* retransmission time interval */
+ int retrans; /* retransmition time interval */
int retry; /* number of times to retransmit */
u_long options; /* option flags - see below. */
int nscount; /* number of name servers */
@@ -123,9 +142,34 @@
struct in_addr addr;
u_int32_t mask;
} sort_list[MAXRESOLVSORT];
- char pad[72]; /* on an i386 this means 512b total */
+ res_send_qhook qhook; /* query hook */
+ res_send_rhook rhook; /* response hook */
+ int res_h_errno; /* last one set for this context */
+ int _vcsock; /* PRIVATE: for res_send VC i/o */
+ u_int _flags; /* PRIVATE: see below */
+ union {
+ char pad[52]; /* On an i386 this means 512b total. */
+ struct {
+ u_int16_t nscount;
+ u_int16_t nstimes[MAXNS]; /* ms. */
+ int nssocks[MAXNS];
+ u_int16_t nscount6;
+ struct sockaddr_in6 *nsaddrs[MAXNS];
+ } _ext;
+ } _u;
};
+typedef struct __res_state *res_state;
+
+/*
+ * Resolver flags (used to be discrete per-module statics ints).
+ */
+#define RES_F_VC 0x00000001 /* socket is TCP */
+#define RES_F_CONN 0x00000002 /* socket is connected */
+
+/* res_findzonecut() options */
+#define RES_EXHAUSTIVE 0x00000001 /* always do all queries */
+
/*
* Resolver options (keep these in synch with res_debug.c, please)
*/
@@ -143,6 +187,10 @@
#define RES_INSECURE2 0x00000800 /* type 2 security disabled */
#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */
#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */
+#define RES_ROTATE 0x00004000 /* rotate ns list after each query */
+#define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity. */
+#define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */
+#define RES_BLAST 0x00020000 /* blast all recursive servers */
#define RES_DEFAULT (RES_RECURSE | RES_DEFNAMES | RES_DNSRCH)
@@ -150,7 +198,7 @@
* Resolver "pfcode" values. Used by dig.
*/
#define RES_PRF_STATS 0x00000001
-/* 0x00000002 */
+#define RES_PRF_UPDATE 0x00000002
#define RES_PRF_CLASS 0x00000004
#define RES_PRF_CMD 0x00000008
#define RES_PRF_QUES 0x00000010
@@ -163,136 +211,167 @@
#define RES_PRF_HEADX 0x00000800
#define RES_PRF_QUERY 0x00001000
#define RES_PRF_REPLY 0x00002000
-#define RES_PRF_INIT 0x00004000
+#define RES_PRF_INIT 0x00004000
/* 0x00008000 */
-/* hooks are still experimental as of 4.9.2 */
-typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error }
- res_sendhookact;
+/* Things involving an internal (static) resolver context. */
+#if !defined _LIBC || defined _LIBC_REENTRANT
+__BEGIN_DECLS
+extern struct __res_state *__res_state(void) __attribute__ ((__const__));
+__END_DECLS
+#define _res (*__res_state())
+#else
+#ifndef __BIND_NOSTATIC
+extern struct __res_state _res;
+#endif
+#endif
-typedef res_sendhookact (*res_send_qhook)__PMT((struct sockaddr_in * const *ns,
- const u_char **query,
- int *querylen,
- u_char *ans,
- int anssiz,
- int *resplen));
-
-typedef res_sendhookact (*res_send_rhook)__PMT((const struct sockaddr_in *ns,
- const u_char *query,
- int querylen,
- u_char *ans,
- int anssiz,
- int *resplen));
+#ifndef __BIND_NOSTATIC
+#define fp_nquery __fp_nquery
+#define fp_query __fp_query
+#define hostalias __hostalias
+#define p_query __p_query
+#define res_close __res_close
+#define res_init __res_init
+#define res_isourserver __res_isourserver
+#define res_mkquery __res_mkquery
+#define res_query __res_query
+#define res_querydomain __res_querydomain
+#define res_search __res_search
+#define res_send __res_send
-struct res_sym {
- int number; /* Identifying number, like T_MX */
- char * name; /* Its symbolic name, like "MX" */
- char * humanname; /* Its fun name, like "mail exchanger" */
-};
+__BEGIN_DECLS
+void fp_nquery __P((const u_char *, int, FILE *));
+void fp_query __P((const u_char *, FILE *));
+const char * hostalias __P((const char *));
+void p_query __P((const u_char *));
+void res_close __P((void));
+int res_init __P((void));
+int res_isourserver __P((const struct sockaddr_in *));
+int res_mkquery __P((int, const char *, int, int, const u_char *,
+ int, const u_char *, u_char *, int));
+int res_query __P((const char *, int, int, u_char *, int));
+int res_querydomain __P((const char *, const char *, int, int,
+ u_char *, int));
+int res_search __P((const char *, int, int, u_char *, int));
+int res_send __P((const u_char *, int, u_char *, int));
+__END_DECLS
+#endif
-extern struct __res_state _res;
+#if !defined(SHARED_LIBBIND) || defined(LIB)
+/*
+ * If libbind is a shared object (well, DLL anyway)
+ * these externs break the linker when resolv.h is
+ * included by a lib client (like named)
+ * Make them go away if a client is including this
+ *
+ */
+extern const struct res_sym __p_key_syms[];
+extern const struct res_sym __p_cert_syms[];
extern const struct res_sym __p_class_syms[];
extern const struct res_sym __p_type_syms[];
+extern const struct res_sym __p_rcode_syms[];
+#endif /* SHARED_LIBBIND */
-/* Private routines shared between libc/net, named, nslookup and others. */
-#define res_hnok __res_hnok
-#define res_ownok __res_ownok
-#define res_mailok __res_mailok
-#define res_dnok __res_dnok
-#define sym_ston __sym_ston
-#define sym_ntos __sym_ntos
-#define sym_ntop __sym_ntop
-#define b64_ntop __b64_ntop
-#define b64_pton __b64_pton
-#define loc_ntoa __loc_ntoa
-#define loc_aton __loc_aton
-#define dn_skipname __dn_skipname
-#define fp_resstat __fp_resstat
-#define fp_query __fp_query
-#define fp_nquery __fp_nquery
-#define hostalias __hostalias
-#define putlong __putlong
-#define putshort __putshort
-#define p_class __p_class
-#define p_time __p_time
-#define p_type __p_type
-#define p_query __p_query
-#define p_cdnname __p_cdnname
-#define p_cdname __p_cdname
-#define p_fqnname __p_fqnname
-#define p_fqname __p_fqname
-#define p_rr __p_rr
-#define p_option __p_option
-#define p_secstodate __p_secstodate
-#define dn_count_labels __dn_count_labels
-#define dn_comp __dn_comp
-#define res_randomid __res_randomid
-#define res_send __res_send
-#define res_isourserver __res_isourserver
-#define res_nameinquery __res_nameinquery
-#define res_queriesmatch __res_queriesmatch
-#define res_close __res_close
-
-#ifdef BIND_RES_POSIX3
-#define dn_expand __dn_expand
-#define res_init __res_init
-#define res_query __res_query
-#define res_search __res_search
-#define res_querydomain __res_querydomain
-#define res_mkquery __res_mkquery
-#endif
-
+#define b64_ntop __b64_ntop
+#define b64_pton __b64_pton
+#define dn_comp __dn_comp
+#define dn_count_labels __dn_count_labels
+#define dn_expand __dn_expand
+#define dn_skipname __dn_skipname
+#define fp_resstat __fp_resstat
+#define loc_aton __loc_aton
+#define loc_ntoa __loc_ntoa
+#define p_cdname __p_cdname
+#define p_cdnname __p_cdnname
+#define p_class __p_class
+#define p_fqname __p_fqname
+#define p_fqnname __p_fqnname
+#define p_option __p_option
+#define p_secstodate __p_secstodate
+#define p_section __p_section
+#define p_time __p_time
+#define p_type __p_type
+#define p_rcode __p_rcode
+#define putlong __putlong
+#define putshort __putshort
+#define res_dnok __res_dnok
+#define res_hnok __res_hnok
+#define res_hostalias __res_hostalias
+#define res_mailok __res_mailok
+#define res_nameinquery __res_nameinquery
+#define res_nclose __res_nclose
+#define res_ninit __res_ninit
+#define res_nmkquery __res_nmkquery
+#define res_npquery __res_npquery
+#define res_nquery __res_nquery
+#define res_nquerydomain __res_nquerydomain
+#define res_nsearch __res_nsearch
+#define res_nsend __res_nsend
+#define res_nisourserver __res_nisourserver
+#define res_ownok __res_ownok
+#define res_queriesmatch __res_queriesmatch
+#define res_randomid __res_randomid
+#define sym_ntop __sym_ntop
+#define sym_ntos __sym_ntos
+#define sym_ston __sym_ston
__BEGIN_DECLS
int res_hnok __P((const char *));
int res_ownok __P((const char *));
int res_mailok __P((const char *));
int res_dnok __P((const char *));
-int sym_ston __P((const struct res_sym *, char *, int *));
+int sym_ston __P((const struct res_sym *, const char *, int *));
const char * sym_ntos __P((const struct res_sym *, int, int *));
const char * sym_ntop __P((const struct res_sym *, int, int *));
int b64_ntop __P((u_char const *, size_t, char *, size_t));
int b64_pton __P((char const *, u_char *, size_t));
-int loc_aton __P((const char *, u_char *));
-const char * loc_ntoa __P((const u_char *, char *));
+int loc_aton __P((const char *ascii, u_char *binary));
+const char * loc_ntoa __P((const u_char *binary, char *ascii));
int dn_skipname __P((const u_char *, const u_char *));
-void fp_resstat __P((struct __res_state *, FILE *));
-void fp_query __P((const u_char *, FILE *));
-void fp_nquery __P((const u_char *, int, FILE *));
-const char * hostalias __P((const char *));
void putlong __P((u_int32_t, u_char *));
void putshort __P((u_int16_t, u_char *));
const char * p_class __P((int));
const char * p_time __P((u_int32_t));
const char * p_type __P((int));
-void p_query __P((const u_char *));
+const char * p_rcode __P((int));
const u_char * p_cdnname __P((const u_char *, const u_char *, int, FILE *));
const u_char * p_cdname __P((const u_char *, const u_char *, FILE *));
const u_char * p_fqnname __P((const u_char *cp, const u_char *msg,
int, char *, int));
const u_char * p_fqname __P((const u_char *, const u_char *, FILE *));
-const u_char * p_rr __P((const u_char *, const u_char *, FILE *));
const char * p_option __P((u_long option));
char * p_secstodate __P((u_long));
-int dn_count_labels __P((char *));
+int dn_count_labels __P((const char *));
int dn_comp __P((const char *, u_char *, int,
u_char **, u_char **));
int dn_expand __P((const u_char *, const u_char *, const u_char *,
char *, int));
-int res_init __P((void));
u_int res_randomid __P((void));
-int res_query __P((const char *, int, int, u_char *, int));
-int res_search __P((const char *, int, int, u_char *, int));
-int res_querydomain __P((const char *, const char *, int, int,
- u_char *, int));
-int res_mkquery __P((int, const char *, int, int, const u_char *, int,
- const u_char *, u_char *, int));
-int res_send __P((const u_char *, int, u_char *, int));
-int res_isourserver __P((const struct sockaddr_in *));
int res_nameinquery __P((const char *, int, int,
const u_char *, const u_char *));
int res_queriesmatch __P((const u_char *, const u_char *,
const u_char *, const u_char *));
-void res_close __P((void));
+const char * p_section __P((int section, int opcode));
+/* Things involving a resolver context. */
+int res_ninit __P((res_state));
+int res_nisourserver __P((const res_state,
+ const struct sockaddr_in *));
+void fp_resstat __P((const res_state, FILE *));
+void res_npquery __P((const res_state, const u_char *, int, FILE *));
+const char * res_hostalias __P((const res_state, const char *,
+ char *, size_t));
+int res_nquery __P((res_state,
+ const char *, int, int, u_char *, int));
+int res_nsearch __P((res_state, const char *, int,
+ int, u_char *, int));
+int res_nquerydomain __P((res_state,
+ const char *, const char *, int, int,
+ u_char *, int));
+int res_nmkquery __P((res_state,
+ int, const char *, int, int, const u_char *,
+ int, const u_char *, u_char *, int));
+int res_nsend __P((res_state, const u_char *, int, u_char *, int));
+void res_nclose __P((res_state));
__END_DECLS
-#endif /* resolv.h */
+#endif /* !_RESOLV_H_ */
PGP signature
On Sun, Nov 19, 2000 at 04:40:01PM -0800, David Benfell wrote:
> Ooo... I can't rule this out at all, mainly because I don't know
> enough.
>
> I built glibc 2.2 from source.
Uh, bad idea. Is there any reason you can't get a 2.2 SuSE RPM? Is there
any reason you particularly need 2.2?
> It looks like SuSE 7.0 comes with
> 2.1.3 (judging from rpm -qa | grep libc).
The libresolv's you listed before were 2.1.92 if I remember correctly. That
means you have libc6 2.1.92 installed somewhere as well. Until you get this
mess straightened out, you're probably not going to be able to compile much
of anything.
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
7:50pm up 162 days, 18:06, 12 users, load average: 0.01, 0.02, 0.00
On Sun, Nov 19, 2000 at 07:53:31PM -0500, Adam McKenna wrote:
> X-Operating-System: Linux
>
> On Sun, Nov 19, 2000 at 04:40:01PM -0800, David Benfell wrote:
> > Ooo... I can't rule this out at all, mainly because I don't know
> > enough.
> >
> > I built glibc 2.2 from source.
>
> Uh, bad idea.
Eek!
> Is there any reason you can't get a 2.2 SuSE RPM?
Hmmm... They have an update to shlibs, which I think includes glibc.
They also have a few other updates that look relevant. In particular,
they have nssv1.
So I installed all these, but glibc is still 2.1.3.
>Is there
> any reason you particularly need 2.2?
>
I tend to go with latest versions. In stark contrast to the Debian
approach, I find latest versions less troublesome.
> > It looks like SuSE 7.0 comes with
> > 2.1.3 (judging from rpm -qa | grep libc).
>
> The libresolv's you listed before were 2.1.92 if I remember correctly. That
> means you have libc6 2.1.92 installed somewhere as well. Until you get this
> mess straightened out, you're probably not going to be able to compile much
> of anything.
>
That was Jose's machine. But as a test, I tried building sh-utils.
As you predicted, this blew up. So I blew away the contents of
/usr/local/lib/ and re-ran ldconfig. Now sh-utils builds, but not
qmail.
Next I grabbed mutt and built it with the option to use a Maildir in
the user's home directory as the mail spool. This built successfully,
but I will wait to install it until qmail is running.
So I think I have a build environment. Is there any way I should test
this further?
Thanks!
--
David Benfell
[EMAIL PROTECTED]
---
The grand leap of the whale up the Fall of Niagara is esteemed, by all
who have seen it, as one of the finest spectacles in nature.
-- Benjamin Franklin.
[from fortune]
PGP signature
On Sun, Nov 19, 2000 at 05:47:39PM -0800, David Benfell wrote:
> > Is there any reason you can't get a 2.2 SuSE RPM?
>
> Hmmm... They have an update to shlibs, which I think includes glibc.
> They also have a few other updates that look relevant. In particular,
> they have nssv1.
>
> So I installed all these, but glibc is still 2.1.3.
>
> >Is there
> > any reason you particularly need 2.2?
> >
> I tend to go with latest versions. In stark contrast to the Debian
> approach, I find latest versions less troublesome.
I serioulsy suggest that you downgrade to your OS's latest supported glibc,
unless there is a specific reason you need a later one. Building glibc from
source is not for amateurs.
Also, I'm not sure what you mean by "the Debian approach". If you want to
stay on the cutting edge, you can run the "unstable" version of debian, which
is about as up to date as you can possibly be.
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
9:18pm up 162 days, 19:34, 12 users, load average: 0.06, 0.03, 0.00
On Sun, Nov 19, 2000 at 09:20:42PM -0500, Adam McKenna wrote:
>
> On Sun, Nov 19, 2000 at 05:47:39PM -0800, David Benfell wrote:
> > > Is there any reason you can't get a 2.2 SuSE RPM?
> >
> > Hmmm... They have an update to shlibs, which I think includes glibc.
> > They also have a few other updates that look relevant. In particular,
> > they have nssv1.
> >
> > So I installed all these, but glibc is still 2.1.3.
> >
> > >Is there
> > > any reason you particularly need 2.2?
> > >
> > I tend to go with latest versions. In stark contrast to the Debian
> > approach, I find latest versions less troublesome.
>
> I serioulsy suggest that you downgrade to your OS's latest supported glibc,
> unless there is a specific reason you need a later one. Building glibc from
> source is not for amateurs.
>
I think I've done just that:
benfell:~ # ls -al /lib/libc*
-rwxr-xr-x 1 root root 4070534 Sep 20 09:07 /lib/libc.so.6
lrwxrwxrwx 1 root root 17 Nov 14 10:39 /lib/libcom_err.so.2 ->
libcom_err.so.2.0
-rwxr-xr-x 1 root root 8133 Jul 29 07:33 /lib/libcom_err.so.2.0
-rwxr-xr-x 1 root root 61180 Sep 20 09:07 /lib/libcrypt.so.1
benfell:~ # rpm -qf /lib/libc.so.6
shlibs-2.1.3-163
This is the latest version of glibc that SuSE offers. "rpm -vf
/lib/libc.so.6 --verify" returns no output, so I presume all is well,
but just to be sure, I did "rpm -a --verify | less" and saw output
consistent with what I believe I've done to the system.
Next, I went looking for libresolv (note the before and after shots
separated by an updatedb):
benfell:/usr/local/src/qmail-1.03 # locate libresolv
/lib/libresolv.so.2
/usr/lib/libresolv.a
/usr/lib/libresolv.so
/usr/lib/libresolv_p.a
/usr/local/lib/libresolv-2.2.so
/usr/local/lib/libresolv.a
/usr/local/lib/libresolv.so
/usr/local/lib/libresolv.so.2
/usr/local/lib/libresolv_p.a
/usr/local/src/modutils-2.3.20/libresolv-dir.log
benfell:/usr/local/src/qmail-1.03 # updatedb ; locate libresolv
/lib/libresolv.so.2
/usr/lib/libresolv.a
/usr/lib/libresolv.so
/usr/lib/libresolv_p.a
/usr/local/src/libresolv.txt
/usr/local/src/modutils-2.3.20/libresolv-dir.log
/usr/local/src/qmail-1.03/libresolv.cc-log
/usr/local/src/qmail-1.03/locate-libresolv
The last few entries under /usr/local/src are text files containing
various output I've accumulated along the way through this thing.
> Also, I'm not sure what you mean by "the Debian approach". If you want to
> stay on the cutting edge, you can run the "unstable" version of debian, which
> is about as up to date as you can possibly be.
>
I think this is the wrong place for a religious war on Debian, but I
guess I did start it. I'll only say that from what I've seen, they
have lots of problems with their unstable branch. And they do warn
you about this. My approach has, so far, generated less difficulty,
mainly because I focus on packages for which there have been security
alerts. The solution for a security alert on "su" turns out to be
building against glibc 2.1.3 or higher. So I upgraded glibc (I think
this is a lot easier than it used to be) on my other systems and
rebuilt sh-utils successfully. Admittedly, in this case, it was
unnecessary to upgrade to glibc 2.2.
--
David Benfell
[EMAIL PROTECTED]
---
The grand leap of the whale up the Fall of Niagara is esteemed, by all
who have seen it, as one of the finest spectacles in nature.
-- Benjamin Franklin.
[from fortune]
PGP signature
On Sun, Nov 19, 2000 at 07:16:07PM -0800, David Benfell wrote:
> > I serioulsy suggest that you downgrade to your OS's latest supported glibc,
> > unless there is a specific reason you need a later one. Building glibc from
> > source is not for amateurs.
> >
> I think I've done just that:
>
> benfell:~ # ls -al /lib/libc*
> -rwxr-xr-x 1 root root 4070534 Sep 20 09:07 /lib/libc.so.6
Er, why is libc.so.6 not a symlink? Doesn't ldconfig give a warning?
> lrwxrwxrwx 1 root root 17 Nov 14 10:39 /lib/libcom_err.so.2 ->
>libcom_err.so.2.0
> -rwxr-xr-x 1 root root 8133 Jul 29 07:33 /lib/libcom_err.so.2.0
> -rwxr-xr-x 1 root root 61180 Sep 20 09:07 /lib/libcrypt.so.1
> benfell:~ # rpm -qf /lib/libc.so.6
> shlibs-2.1.3-163
>
> This is the latest version of glibc that SuSE offers. "rpm -vf
> /lib/libc.so.6 --verify" returns no output, so I presume all is well,
> but just to be sure, I did "rpm -a --verify | less" and saw output
> consistent with what I believe I've done to the system.
>
> Next, I went looking for libresolv (note the before and after shots
> separated by an updatedb):
How about resolv.h? I'd remove everything glibc-related in /usr/local/lib
and /usr/local/include if I were you.
> I think this is the wrong place for a religious war on Debian, but I
> guess I did start it. I'll only say that from what I've seen, they
> have lots of problems with their unstable branch. And they do warn
> you about this. My approach has, so far, generated less difficulty,
> mainly because I focus on packages for which there have been security
> alerts. The solution for a security alert on "su" turns out to be
> building against glibc 2.1.3 or higher. So I upgraded glibc (I think
> this is a lot easier than it used to be) on my other systems and
> rebuilt sh-utils successfully. Admittedly, in this case, it was
> unnecessary to upgrade to glibc 2.2.
I'm not sure you understand what Debian unstable is. It's the most recent
version of every package, rather than a set of packages that has been deemed
"stable". So, of course there will be problems. The question is, how bad
will those problems be? You can stop updating your unstable dist whenever
you want, or update selected packages.
Personally, I'm running unstable on several machines and I have never had a
major problem. But I tend to keep on top of the debian mailing lists, so I
generally find out ahead of time if there's a problem and avoid updating
until it's resolved.
Whatever you wind up doing, I would caution against upgrading glibc unless
there is a specific need. glibc is *supposed* to be backward-compatible, but
there are always problems that could occur with binaries that were built with
older versions.
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
12:12am up 162 days, 22:28, 12 users, load average: 0.06, 0.03, 0.00
Is there a simple way to have SMTP listen on another port _as well
as_ port 25?
Several of my pop before smtp users have found that their providers
are blocking outbound traffic destined for port 25.
--
Phil Barnett mailto:[EMAIL PROTECTED]
WWW http://www.the-oasis.net/
FTP Site ftp://ftp.the-oasis.net
On Sun, 19 Nov 2000, Phil Barnett wrote:
>
> Is there a simple way to have SMTP listen on another port _as well
> as_ port 25?
>
> Several of my pop before smtp users have found that their providers
> are blocking outbound traffic destined for port 25.
Sure. Just tell tcpserver to listen on another port. You can safely
run a second, third, etc. instance of tcpserver for mail.
Vince.
--
==========================================================================
Vince Vielhaber -- KA8CSH email: [EMAIL PROTECTED] http://www.pop4.net
128K ISDN from $22.00/mo - 56K Dialup from $16.00/mo at Pop4 Networking
Online Campground Directory http://www.camping-usa.com
Online Giftshop Superstore http://www.cloudninegifts.com
==========================================================================
On 19 Nov 2000, at 16:32, Vince Vielhaber wrote:
> On Sun, 19 Nov 2000, Phil Barnett wrote:
>
> >
> > Is there a simple way to have SMTP listen on another port _as well
> > as_ port 25?
> >
> > Several of my pop before smtp users have found that their providers
> > are blocking outbound traffic destined for port 25.
>
> Sure. Just tell tcpserver to listen on another port. You can safely
> run a second, third, etc. instance of tcpserver for mail.
Which configuration file controls this?
--
Phil Barnett mailto:[EMAIL PROTECTED]
WWW http://www.the-oasis.net/
FTP Site ftp://ftp.the-oasis.net
Phil Barnett wrote:
> Is there a simple way to have SMTP listen on another port _as well
> as_ port 25?
>
> Several of my pop before smtp users have found that their providers
> are blocking outbound traffic destined for port 25.
>
As easy as to stick tcpserver on a port (ports) other than the usual 25,
say 666.
--
José AP Celestino - [EMAIL PROTECTED]
Administração de Sistemas - PT Multimedia
SAPO - www.sapo.pt
------------------------------------------
Phil Barnett wrote:
> On 19 Nov 2000, at 16:32, Vince Vielhaber wrote:
>
> > On Sun, 19 Nov 2000, Phil Barnett wrote:
> >
> > >
> > > Is there a simple way to have SMTP listen on another port _as well
> > > as_ port 25?
> > >
> > > Several of my pop before smtp users have found that their providers
> > > are blocking outbound traffic destined for port 25.
> >
> > Sure. Just tell tcpserver to listen on another port. You can safely
> > run a second, third, etc. instance of tcpserver for mail.
>
> Which configuration file controls this?
>
the qmail init script, for instance, /etc/init.d/qmail, copy the tcpserver
line and alter the port:
(listens on port 25)
/usr/local/bin/tcpserver -P -H -R -u 64011 -g 101 0 smtp
/usr/local/bin/tcpcontrol /etc/tcp.smtp.cdb /var/qmail/bin/qmail-smtpd &
(listens on port 666)
/usr/local/bin/tcpserver -P -H -R -u 64011 -g 101 0 666
/usr/local/bin/tcpcontrol /etc/tcp.smtp.cdb /var/qmail/bin/qmail-smtpd &
>
> --
> Phil Barnett mailto:[EMAIL PROTECTED]
> WWW http://www.the-oasis.net/
> FTP Site ftp://ftp.the-oasis.net
--
José AP Celestino - [EMAIL PROTECTED]
Administração de Sistemas - PT Multimedia
SAPO - www.sapo.pt
------------------------------------------
On 19 Nov 2000, at 21:51, Jose AP Celestino wrote:
> Phil Barnett wrote:
>
> > On 19 Nov 2000, at 16:32, Vince Vielhaber wrote:
> >
> > > On Sun, 19 Nov 2000, Phil Barnett wrote:
> > >
> > > >
> > > > Is there a simple way to have SMTP listen on another port _as
> > > > well as_ port 25?
> > > >
> > > > Several of my pop before smtp users have found that their
> > > > providers are blocking outbound traffic destined for port 25.
> > >
> > > Sure. Just tell tcpserver to listen on another port. You can
> > > safely run a second, third, etc. instance of tcpserver for mail.
> >
> > Which configuration file controls this?
> >
>
> the qmail init script, for instance, /etc/init.d/qmail, copy the
> tcpserver line and alter the port:
>
> (listens on port 25)
> /usr/local/bin/tcpserver -P -H -R -u 64011 -g 101 0 smtp
> /usr/local/bin/tcpcontrol /etc/tcp.smtp.cdb /var/qmail/bin/qmail-smtpd
> &
>
> (listens on port 666)
> /usr/local/bin/tcpserver -P -H -R -u 64011 -g 101 0 666
> /usr/local/bin/tcpcontrol /etc/tcp.smtp.cdb /var/qmail/bin/qmail-smtpd
> &
Thanks.
I found some time to figure this out and found that smtp is running
via inetd.conf, not tcpserver. Once I found that, it was easy to add
another port to services and inetd.conf.
--
Phil Barnett mailto:[EMAIL PROTECTED]
WWW http://www.the-oasis.net/
FTP Site ftp://ftp.the-oasis.net
On Sun, 19 Nov 2000, Jose AP Celestino wrote:
> /usr/local/bin/tcpserver -P -H -R -u 64011 -g 101 0 smtp
^^
> /usr/local/bin/tcpcontrol /etc/tcp.smtp.cdb /var/qmail/bin/qmail-smtpd &
a propos tcpserver with smtp - on Solaris, where zero '0' before
smtp word has been written the program not works. So we uses it
without to write in command this '0' writting only nummber of port
and 'smtp'
Piotr
---
Piotr Kasztelowicz <[EMAIL PROTECTED]>
[http://www.am.torun.pl/~pekasz]
on 11/19/00 4:23 PM, Phil Barnett at [EMAIL PROTECTED] wrote:
> Several of my pop before smtp users have found that their providers
> are blocking outbound traffic destined for port 25.
I'm having the same problem, so far with EarthLink. Have you encountered any
other ISPs that do this? If there isn't already a list somewhere, please
send your villains to me, and I'll compile and post the results.
- Amitai
On Sun, Nov 19, 2000 at 10:36:50PM -0500, Amitai Schlair wrote:
> on 11/19/00 4:23 PM, Phil Barnett at [EMAIL PROTECTED] wrote:
>
> > Several of my pop before smtp users have found that their providers
> > are blocking outbound traffic destined for port 25.
>
> I'm having the same problem, so far with EarthLink. Have you encountered any
> other ISPs that do this? If there isn't already a list somewhere, please
> send your villains to me, and I'll compile and post the results.
They aren't really villains, per se.
Imagine that you are an ISP. You've grown large enough to want to expand
outside your original area of operations; you aren't rich enough to place
physical dialup POPs all over the country/continent/world. What do you do?
You contract with one of the big players to provide modem service for
your customers. AT&T, UUnet, Genuity all sell dialup service in bulk to
smaller ISPs - who then provide the customer service, the servers, the
tech support and marketing and so on.
In fact, this is reasonably cost-effective for large ISPs too: AOL does
it, NetZero does it. And what do we know about where spam comes from? Spam
comes from sources where there is no trust between the ISP and the customer,
so that the miscreant can create a thousand throw-away accounts and lose
them at will. abuse@whereever takes a beating. Pretty soon, ISPs close
down relaying for anyone who is not a customer. Shortly thereafter, spammers
start sending SMTP directly from dial-up smarthosts.
Now the ISP is off the hook: the spam no longer contains any particular
links to them. (Well, it doesn't have to, anyway.) But the giant dialup
provider has supplied the IP address for the spammer, and pretty soon the
calls start rolling in to abuse@dialup.
To prevent this, the dialup providers now put in a new element to their
contracts with the local ISPs: port 25 will be restricted on each connection
to only talk to the local ISP's mailserver and backup MX.
...and that's where we are in the cycle now. The onus for removing spammers
is back in the hands of the ISPs who sign them up as customers, but as a
result, honest folk get restrictions on what they can do with their mail.
-dsr-
On Sun, Nov 19, 2000 at 11:00:42PM -0500, -dsr- wrote:
> On Sun, Nov 19, 2000 at 10:36:50PM -0500, Amitai Schlair wrote:
> > on 11/19/00 4:23 PM, Phil Barnett at [EMAIL PROTECTED] wrote:
> >
> > > Several of my pop before smtp users have found that their providers
> > > are blocking outbound traffic destined for port 25.
> >
> > I'm having the same problem, so far with EarthLink. Have you encountered any
> > other ISPs that do this? If there isn't already a list somewhere, please
> > send your villains to me, and I'll compile and post the results.
>
> They aren't really villains, per se.
Oh, and a follow-up note. I used to work for one of the big dialup
providers, but now I work for Akamai, which has no interest in mail
systems as such. Unless I specifically state that I am talking on
behalf of Akamai, I am not.
-dsr-
on 11/19/00 11:00 PM, -dsr- at [EMAIL PROTECTED] wrote:
> On Sun, Nov 19, 2000 at 10:36:50PM -0500, Amitai Schlair wrote:
>> on 11/19/00 4:23 PM, Phil Barnett at [EMAIL PROTECTED] wrote:
>>
>>> Several of my pop before smtp users have found that their providers
>>> are blocking outbound traffic destined for port 25.
>>
>> I'm having the same problem, so far with EarthLink. Have you encountered any
>> other ISPs that do this? If there isn't already a list somewhere, please
>> send your villains to me, and I'll compile and post the results.
>
> They aren't really villains, per se.
Yes, they have valid reasons. "Villains" carries more judgment than I
intended. Still, I'd find a list of ISPs with this policy useful, and
suspect others would too.
- Amitai
Hello
I will say about my experience with ORBS (as network administrator)
because the peoples associated with qmail have given good recommendation
to
use and base on ORBS as good anti-spam method.
I let to be another opinion!
After crush of one of Polish Cardiac Society's Server placed in Lodz (I
administrate others servers) I have been asked to help with
administrating
and making secure of this host. Till September it was really insecure
and indicated
(as I think and see) by ORBS as insecure. Exactly - not excluded - that
already
this time helped it hackers "to find it as easy to break".
Since October, after crush I have installed - nota bene recommended by
ORBS
and this mailing list software - so, qmail as mail system and tcpserver
provided to secure qmail as well as telnetd, ftpfd and others insecure
Internet's daemons.
November 5, I have observed the proof of port scanning thus relay-test
by
ORBS. There are accepted by secured against open relay smtp, because
ORBS
applied to allocate addresses with domain of tested host (also
@lodz.ptkardio.pl).
The test was continued till November 9, This time I was taken away from
my Hospital - I was participating at Polish Medical Internet Conference,
where
I have said about qmail and tcpserver as good security system to
Internet servers too.
"Nov 5 10:49:13 sun smtp: tcpserver: ok 16751 :212.51.193.152:25
relaytest.orbs.
vuurwerk.nl:194.178.232.55::4445"
This time was the proof to attack this server, prior "tested by orbs"
The hackers have not broken the tcpserver, but system are not responding
and this time we can't give our reaction. Now when the friends from Lodz
had rebooted the server, it has been worked correctly. I was beginning
to analyze of logs
The logs have indicated the Romania as hackers place:
"Nov 9 12:13:05 sun telnet: tcpserver: deny 18305 :212.51.193.152:23
falconsrl.r
dsnet.ro:193.231.236.12::3802"
All has been after this attack in short time restored. But in some time
ORBS was beginning
again the test. And in this same time I have observed again more proofs
of hacking -
good luck - without damaging.
I have send to ORBS the requests to cancel me from their data base and
stop with
testing, because I'm of opinion, that this data base use first of all
hackers.
If during test has been by me observed increased activity of attack I
can suppose,
that hackers this time have information which host is tested and which
one host is
established as insecure. Where!
I have blocked smtp machines to bounce all mail's from ORBS: Effect is
good, but
ORBS apply be still active:
"Nov 20 00:22:39 sun smtp: tcpserver: deny 7226 :212.51.193.152:25
mail2.manawatu
.net.nz:202.36.148.21:postmaster:1932"
WHY!
PLEASE DON'T RECOMMEND ATE ORBS. There are criminal activity. My host
can by
during its appreciation damaged!
Please say my please, what do to ORBS shall finish with " standing
before doors
of my house and proofing which one keys may be useful to open it"
The letter are very long, but a problem for me very much
Please help to stop criminal activity
Piotr Kasztelowicz, MD
--
Piotr Kasztelowicz <[EMAIL PROTECTED]>
[http://www.am.torun.pl/~pekasz]
On Mon, Nov 20, 2000 at 01:35:20AM +0100, Piotr Kasztelowicz wrote:
> I will say about my experience with ORBS (as network administrator)
> because the peoples associated with qmail have given good recommendation
> to
> use and base on ORBS as good anti-spam method.
>
> I let to be another opinion!
>
> After crush of one of Polish Cardiac Society's Server placed in Lodz (I
> administrate others servers) I have been asked to help with
> administrating
> and making secure of this host. Till September it was really insecure
> and indicated
> (as I think and see) by ORBS as insecure.
Okay, so ORBS thought the previous incarnation of the mail host was an
open relay.
> Exactly - not excluded - that
> already
> this time helped it hackers "to find it as easy to break".
You mean by relaying through the server? I believe ORBS only divulges
open relay IPs when the hosts in question persist in being open
relays. Presuming your server didn't reach that point, the only way
spammers could have found it was by looking up your IP at random
through the ORBS DNS or by scanning the net.
> Since October, after crush I have installed - nota bene recommended by
> ORBS
> and this mailing list software - so, qmail as mail system and tcpserver
> provided to secure qmail as well as telnetd, ftpfd and others insecure
> Internet's daemons.
Gotcha.
> November 5, I have observed the proof of port scanning thus relay-test
> by
> ORBS. There are accepted by secured against open relay smtp, because
> ORBS
> applied to allocate addresses with domain of tested host (also
> @lodz.ptkardio.pl).
Ok.
> The test was continued till November 9, This time I was taken away from
> my Hospital - I was participating at Polish Medical Internet Conference,
> where
> I have said about qmail and tcpserver as good security system to
> Internet servers too.
>
> "Nov 5 10:49:13 sun smtp: tcpserver: ok 16751 :212.51.193.152:25
> relaytest.orbs.
> vuurwerk.nl:194.178.232.55::4445"
>
>
> This time was the proof to attack this server, prior "tested by orbs"
That log snippet only shows that ORBS connected to your SMTP
service. That is hardly an attack.
> The hackers have not broken the tcpserver, but system are not responding
> and this time we can't give our reaction. Now when the friends from Lodz
> had rebooted the server, it has been worked correctly. I was beginning
> to analyze of logs
>
> The logs have indicated the Romania as hackers place:
>
> "Nov 9 12:13:05 sun telnet: tcpserver: deny 18305 :212.51.193.152:23
> falconsrl.r
> dsnet.ro:193.231.236.12::3802"
>
> All has been after this attack in short time restored. But in some time
> ORBS was beginning
> again the test. And in this same time I have observed again more proofs
> of hacking -
> good luck - without damaging.
That's ridiculous. How could a failed connection attempt from a host
in Romania be considered a crack attempt? What does it have to do with
ORBS?
> I have send to ORBS the requests to cancel me from their data base and
> stop with
> testing, because I'm of opinion, that this data base use first of all
> hackers.
You can certainly ask them to stop testing, but the ORBS database
doesn't keep top secret information, it is just a list of IPs. There
are many interesting hosts out there, most of which aren't listed in
ORBS.
> If during test has been by me observed increased activity of attack I
> can suppose,
> that hackers this time have information which host is tested and which
> one host is
> established as insecure. Where!
ORBS only lists hosts that are open mail relays. ORBS doesn't check
for any other vulnerabilities.
> I have blocked smtp machines to bounce all mail's from ORBS: Effect is
> good, but
> ORBS apply be still active:
>
> "Nov 20 00:22:39 sun smtp: tcpserver: deny 7226 :212.51.193.152:25
> mail2.manawatu
> .net.nz:202.36.148.21:postmaster:1932"
>
> WHY!
Is that even an ORBS tester, or are you now blocking legitimate mail?
> PLEASE DON'T RECOMMEND ATE ORBS. There are criminal activity. My host
> can by
> during its appreciation damaged!
129.63.206.57. That's an IP, I just listed an IP. Am I a criminal?
The story I got so far is ORBS tested your machine and found it to be
an open relay. You fixed it and ORBS tested you again. Meanwhile there
were isolated connection attempts from Romania and a system crash you
haven't firmly correlated to anything else.
Given those facts, solar flares seems a more plausible culprit than ORBS.
PGP signature
On Sun, 19 Nov 2000, Alex Pennace wrote:
> The story I got so far is ORBS tested your machine and found it to be
> an open relay. You fixed it and ORBS tested you again. Meanwhile there
> were isolated connection attempts from Romania and a system crash you
> haven't firmly correlated to anything else.
>
The hackers read ORBS data base called by its "insecure hosts"
and apply to break hosts direclty from list!
The ORBS insecure hosts' data base is possible to read for all,
but I think logic, that should be first of all for administator
of indicated host, and when they made nothing to improve security,
then could be disscused to inform about such host widely.
Also answer the question why, the hackers finished with proofs,
when I have blocked complete access to my host for ORBS?
And why I'm existing still in data base of insecure hosts,
when my host is already secure and works on recommended software
(qmail, tcpserver)? I'm existing, because I let me to request
to finish scanning smtp my host and I'm established by ORBS
as "bad"?
I think, that Internet's societies should be sensitive for
all organization on Net, wich gives itself the privileges
to say where is correct and where is incorect.
Best Wishes
Piotr
---
Piotr Kasztelowicz <[EMAIL PROTECTED]>
[http://www.am.torun.pl/~pekasz]
On Mon, Nov 20, 2000 at 02:14:57AM +0100, Piotr Kasztelowicz wrote:
> The hackers read ORBS data base called by its "insecure hosts"
> and apply to break hosts direclty from list!
ORBS only lists hosts that are open mail relays. ORBS doesn't list
hosts that are not open relays but have other vulnerabilities.
ORBS is not a list of hosts with insecure telnet daemons.
ORBS is not a list of hosts with insecure ftp daemons.
> The ORBS insecure hosts' data base is possible to read for all,
> but I think logic, that should be first of all for administator
> of indicated host, and when they made nothing to improve security,
> then could be disscused to inform about such host widely.
ORBS is meant to blacklist problem hosts immediately, to curtail
damage to other systems.
> Also answer the question why, the hackers finished with proofs,
> when I have blocked complete access to my host for ORBS?
Maybe the "hackers" have nothing to do with ORBS. Your only shred
of proof is a connection attempt to telnet from Romania.
> And why I'm existing still in data base of insecure hosts,
> when my host is already secure and works on recommended software
> (qmail, tcpserver)? I'm existing, because I let me to request
> to finish scanning smtp my host and I'm established by ORBS
> as "bad"?
Send mail to ORBS and try to resolve this with them.
PGP signature
Hello
> ORBS only lists hosts that are open mail relays. ORBS doesn't list
> hosts that are not open relays but have other vulnerabilities.
>
> ORBS is not a list of hosts with insecure telnet daemons.
>
> ORBS is not a list of hosts with insecure ftp daemons.
It not difficult to spuppose, that if MTA were old and
insecure=possible for open relay the rest of sotwares
are insecure too. There is problem with them, tha
the list of "relay host's" is widely published on net,
instead to send it interested admin.
> Send mail to ORBS and try to resolve this with them.
ORBS has ignored all letters and will not stop scanning
of my host
Best Wishes
Piotr
---
Piotr Kasztelowicz <[EMAIL PROTECTED]>
[http://www.am.torun.pl/~pekasz]
On Mon, Nov 20, 2000 at 07:08:55AM +0100, Piotr Kasztelowicz wrote:
> > Send mail to ORBS and try to resolve this with them.
>
> ORBS has ignored all letters and will not stop scanning
> of my host
Hello, this list is for discussion of qmail, if you wish to discuss orbs
please take this to SPAM-L or elsewhere.
Thanks,
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
1:28am up 162 days, 23:44, 12 users, load average: 0.07, 0.10, 0.37
|
Hi all...
Anyone know why I'm getting this error
?
Dennis
|
On Mon, Nov 20, 2000 at 04:39:04PM +1100, Dennis wrote:
> Hi all...
>
> Anyone know why I'm getting this error ?
My guess would be, that qmail-local is unable to chdir to your Maildir.
That's just a guess though.
--Adam
--
Adam McKenna <[EMAIL PROTECTED]> | "No matter how much it changes,
http://flounder.net/publickey.html | technology's just a bunch of wires
GPG: 17A4 11F7 5E7E C2E7 08AA | connected to a bunch of other wires."
38B0 05D0 8BF7 2C6D 110A | Joe Rogan, _NewsRadio_
12:34am up 162 days, 22:50, 12 users, load average: 0.08, 0.04, 0.01
on 11/20/00 12:39 AM, Dennis at [EMAIL PROTECTED] wrote:
> Anyone know why I'm getting this error ?
Does the user have a maildir? (In the right place?) Is it owned and writable
by him? Can he traverse parent directories? What do the logs say?
- Amitai
Mate Wierdl wrote:
> On Fri, Nov 17, 2000 at 06:03:31PM +0800, eric yu wrote:
> > /service/qmail-send/log/run
> >
> > #!/bin/sh
> > SETUIDGID=/usr/local/bin/setuidgid # directory for setuidgid
> > MULTILOG=/usr/local/bin/multilog # directory for multilog
> > PROG=smtpd
> > LOGDIR=/var/log/qmail # directory for qmail-send log
> > LOGUSER=qmaill # user to own logs
> > LOGNUM=10 # number of log files.
> > LOGSIZE=5000000 # maximum file size for log files.
> >
> > exec $SETUIDGID $LOGUSER $MULTILOG t n$LOGNUM s$LOGSIZE $LOGDIR
>
> So your $LOGDIR is /var/log/qmail, but then
>
> > /service/qmail-smtpd/log/run
> >
> > #!/bin/sh
> > # This is the run file for supervise to execute the qmail-smtpd's log.
> >
> > SETUIDGID=/usr/local/bin/setuidgid # directory for setuidgid
> > MULTILOG=/usr/local/bin/multilog # directory for multilog
> > PROG=smtpd
> > LOGDIR=/var/log/qmail/$PROG # directory for qmail-smtpd log
> > LOGUSER=qmaill # user to own logs
> > LOGNUM=10 # number of log files
> > LOGSIZE=5000000 # maximum file size for log files
> >
> > exec $SETUIDGID $LOGUSER $MULTILOG t n$LOGNUM s$LOGSIZE $LOGDIR
>
> so the $LOGDIR is a subdir of qmail-send's logdir which is again
> /var/log/qmail.
the log directory for qmail-smtpd is /var/log/qmail/smtpd
>
>
> Also, is /service/qmail-smtpd/run a symlink?
no, only /service/qmail-send and /service/qmail-smtpd are symlink to
/var/qmail/supervise/qmail-send and /var/qmail/supervise/qmail-smtpd.
regards,
Eric
Hi there,
I just started using qmail 1.03 a week ago, and made some interesting
discovery. I had the following .qmail file:
| preline formail -I "Bcc: `some/script`" | qmail-inject
Obviously, this causes a loop since qmail-inject will try to deliver to
the Bcc: addresses as well as to the original To: line. The interesting
bit is that this filled up the /var/mail file system rather quickly.
What happend is that:
1) qmail-inject queues a mail for the original To: address
2) qmail-send delivers this mail using qmail-lspawn to this same .qmail
file
3) goto 1
This goes on indefinately! I soon started getting many bounces from the
people on the Bcc: list, saying things like "Too many hops 233 (max
30)". Yes 233 hops! It seems that nor qmail-inject, qmail-queue,
qmail-send or qmail-lspawn checks for hop counts. I believe this is a
bug.
Granted, I made the loop, but I expect the mail system to prevent it
from going on for ever.
In case anyone cares; I removed the .qmail file, waited a few hours,
received over 100Megs of mail, cleaned it up, and replaced the .qmail
file with:
| qmail-inject -a `some/script`
Sincerely,
Richard
On Mon, Nov 20, 2000 at 08:54:24AM +0100, Richard van den Berg wrote:
> Hi there,
>
> I just started using qmail 1.03 a week ago, and made some interesting
> discovery. I had the following .qmail file:
>
> | preline formail -I "Bcc: `some/script`" | qmail-inject
>
> Obviously, this causes a loop since qmail-inject will try to deliver to
Hmm. When I try the same pipeline I get a bounce alerting me to a loop due
to a potentially duplicate Delivered-To: header. Specifically:
This message is looping: it already has my Delivered-To line. (#5.4.6)
And this is precisely what I'd expect as qmail has very good loop detection.
> the Bcc: addresses as well as to the original To: line. The interesting
> bit is that this filled up the /var/mail file system rather quickly.
> What happend is that:
>
> 1) qmail-inject queues a mail for the original To: address
> 2) qmail-send delivers this mail using qmail-lspawn to this same .qmail
> file
> 3) goto 1
There's an important point you've missed. Step 2a where qmail-lspawn uses
qmail-local to deliver the mail to .qmail. qmail-local will not deliver
a mail that already has the same Delivered-To: header that it wants to
generate.
In effect. If the same mail ever attempts delivery thru the same .qmail
file more than once it will be detected.
> This goes on indefinately! I soon started getting many bounces from the
> people on the Bcc: list, saying things like "Too many hops 233 (max
> 30)". Yes 233 hops! It seems that nor qmail-inject, qmail-queue,
> qmail-send or qmail-lspawn checks for hop counts. I believe this is a
> bug.
Let me hazard a guess that the mail is actually going out to a remote
recipient in the bcc: list and the delivery at that end is somehow
removing the Delivered-To: headers. Alternatively the formail invocation
is somehow removing the Delivered-To: heades.
Have you the full headers of one of those bounces?
Regards.
