qmail Digest 3 Jun 2001 10:00:01 -0000 Issue 1384
Topics (messages 63369 through 63404):
Re: two question about qmail
63369 by: Andrea Cerrito
Re: Enquiry
63370 by: Russell Nelson
63385 by: El Chupacabra
Re: Oops,I guess Sendmail wasn't secure after all...
63371 by: Boris
63372 by: Karsten W. Rohrbach
63373 by: Boris
63374 by: Daniel Kelley
63375 by: Boris
63376 by: Johan Almqvist
63377 by: Boris
63378 by: Adrian Ho
63380 by: Patrick Atamaniuk
63382 by: Mark Delany
63386 by: Todd Finney
63395 by: Russell Nelson
Re: IsoQlog problems
63379 by: Flavio Curti
expn
63381 by: Rob Genovesi
63383 by: Mark Delany
Re: masquarading and qmail-smtpd
63384 by: Alex Pennace
451 error
63387 by: Nathaniel L. Keeling III
63392 by: Charles Cazabon
xinetd
63388 by: Eduardo Gargiulo
63389 by: Nick (Keith) Fish
63393 by: Charles Cazabon
63394 by: Kirti S. Bajwa
63396 by: David Means
Re: headers in failure notice
63390 by: Charles Cazabon
63397 by: Russell Nelson
Re: host masquerading / qmail-remote problems
63391 by: Charles Cazabon
Re: smtp on a specific IP
63398 by: Ross Davis
63403 by: Henning Brauer
whether original sender can receiver a notic mail when mail can't send ?
63399 by: George Xu
How filter a special mail address or subject when receiver all mail.
63400 by: George Xu
qmail-remote crashing w/TLS patch
63401 by: Charles Sprickman
Mirrors
63402 by: Djalil Chafai
Re: dot qmail problem <urgent>
63404 by: Henning Brauer
Administrivia:
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To bug my human owner, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
Hi.
> 1, How to setup qmail with ESMTP, each time a client wanna use
> smtp server,
> smtp server ask him pop3 user&pass to check if right. and only allow mail
> from is that user's mail can be sent.
You can patch qmail with authentication for qmail-smtp, or instead you can
allow relay just after a pop3 authentication (using vpopmail function or an
external package, called realy-ctrl).
You can found them on qmail home page.
> 2, Can I count how many mails one day the qmail processed?
> (received & send)
> Did this need another tools and where can I find them?
You can use the mrtg + qmail-mrtg. You can find more infos here
https://mail.socha.net/stats/ (and on qmail homepage, of course).
---
Cordiali saluti / Best regards
Andrea Cerrito
^^^^^^^^^^^^^^
Net.Admin @ Centro MultiMediale di Terni S.p.A.
P.zzale Bosco 3A
05100 Terni IT
Tel. +39 744 5441330
Fax. +39 744 5441372
Rohit Gupta writes:
> Hi all guruz
>
> Is there any way out without using vpopmail.. that i can analysing
> qmail queue and cleaning it manually without actually get into
> queue directory and deleting the files manually
You worry too much. Qmail doesn't need any queue management. What
problem are you trying to solve?
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Microsoft rivets everything.
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Linux has some loose screws.
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | You own a screwdriver.
Il Fri, 1 Jun 2001, Rohit Gupta senza cognizione di causa, scrisse:
> Hi all guruz
>
> Is there any way out without using vpopmail.. that i can analysing qmail queue and
>cleaning it manually without actually get into queue directory and deleting the files
>manually
> rgds
> Rohit
>
You can try to use 'qmHandle'
Bye.
--
------
El Chupacabra
Linux User No.: 187826
e-mail: <[EMAIL PROTECTED]>
------
Remember, there is always a Chupacabra
around the corner.
------
Hello Russell,
Saturday, June 02, 2001, 5:38:43 AM, you wrote:
RN> Boris writes:
RN> > I really canīt hear the "qmail is the most secure bla bla" anymore,
RN> > really.
RN> Why? It's true.
Yes it is true, and qmail is great, but it would be better to make a
better documentation for qmail, and to offer "bundles" with a single
makefile.
My english is not very good, sorry.
I mean qmail has better arguments as security only.
Why no one makes a package with "all you need" to download and
install, here is a suggestion:
- qmail
- the tcpserver
- something good for pop before smtp
- vpopmail
- good tools for blocking spam, blocking mails from open relays, and
so on
- and other additions from other people i do not know
There should be one file to download and the makefile should do nearly
everything neccessary. I should not spend days to understand the
different modules as a newbie, it takes too much time.
RN> > At the moment I am evaluating qmail, and there
RN> > are some things I am missing from sendmail.
RN> Like what?
See above, a better installation, better documentation. I have written
in my linux/unixbook a chapter about the installation and
configuratio of qmail in a production environment, covering all
neccessary topics (german language) but its too much for the stressed administrator.
Strange argument, I know. I am a user only in this case.
Putting a lot of snippets togeter for one package is not a bad idea
and would give a boost to qmail (i think).
--
Boris
Boris([EMAIL PROTECTED])@2001.06.02 05:01:57 +0000:
> When I was using sendmail on my FreeBSD Server, it has never been
> hacked, very strange ugh?
no. with your domain name, it is very unlikely to be a crack target ;-)
if your domain is called cnn.com or the like, you would not run sendmail
for the sake of security. most script kiddie attacks get fixed very
fast in sendmail, but nobody will change the base design of the software
which is potentially dangerous.
/k
--
> question = ( to ) ? be : ! be; // Wm. Shakespeare
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/
karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- [EMAIL PROTECTED]
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 BF46
PGP signature
Hello List,
Saturday, June 02, 2001, 7:24:56 AM, you wrote:
>> I like sendmail, its slow - yes, but it is powerful and this silly
>> bugs are fixed fast. Its just some C-Code, everyone knows this.
LM> Yeah, it is only a few hundred thousand lines of code, and you should have
LM> looked through it for bugs or exploits before you compiled it, right? It
Well, this is a strange argument, sorry.
There is no product without any errors, maybe a "hello world" program.
If you write it in c++, its a design problem if you use a try..catch..
within the main clause or not, for example.
There are a lot of security bugs everywhere in a lot of programs, the most of them are
non-critical to critical, and some fanatic people are screaming about some really
silly problems.
Software engineering is a living process. Bugs are normal, the are
reported and then fixed. Thats all, there are some more important
things in live as "i am the master i have found a (silly) bug".
The peoples are screaming if they found a bug, they are the masters,
but its just a bug, and after the bug is fixed, the problem is over.
If you will find 100 bugs in sendmail they are fixed then after
reporting them. The games is over, the problem is solved. The admin
updates, and thats all. The day continues.
Bugs are +just bugs+ and the are fixed after reporting them.
--
Boris
> Why no one makes a package with "all you need" to download and
> install, here is a suggestion:
>
> - qmail
> - the tcpserver
> - something good for pop before smtp
> - vpopmail
> - good tools for blocking spam, blocking mails from open relays, and
> so on
> - and other additions from other people i do not know
>
> There should be one file to download and the makefile should do nearly
> everything neccessary. I should not spend days to understand the
> different modules as a newbie, it takes too much time.
the author of qmail has specific rules for how qmail packages can be
distributed.
see http://cr.yp.to/qmail/dist.html
basically, you can distribute so called "var-qmail" packages, but anything
else seems to require the Dan Bernstein's approval.
Hello List,
Saturday, June 02, 2001, 7:24:56 AM, you wrote:
LM> If you bought (OK, got for free) a car, and it exploded, leaving you
LM> burned, then you waited a week to get a new car mailed to you, then you
The car is not exploding, someone comes and looks at your car. He is
searching and searching and searching until he finds a silly bug like
"the fuel meter showes something wrong, this could be a security risk"
but in fact the men is driving the car years without a problem. Some
month he updates the car (new version) and thats all.
--
Boris
* Boris <[EMAIL PROTECTED]> [010602 16:28]:
> LM> If you bought (OK, got for free) a car, and it exploded, leaving you
> LM> burned, then you waited a week to get a new car mailed to you, then you
> The car is not exploding, someone comes and looks at your car. He is
> searching and searching and searching until he finds a silly bug like
> "the fuel meter showes something wrong, this could be a security risk"
> but in fact the men is driving the car years without a problem. Some
> month he updates the car (new version) and thats all.
Not quite. More like "someone inspects your free car and finds a button
that can make it explode. Maybe he pushes the button, maybe not. Maybe he
pushes the button on someone else's car". Are you willing to take that
risk? I can imagine two situations where that would be the case: either
you do something that is so unimportant for the rest of the world that
noone bothers destroying your work, or you do something that is so good
for everyone that noone will want to destroy your work, not even out of
envy. Come on, not even the UN are _that_ good :-)
-Johan
--
Johan Almqvist
http://www.almqvist.net/johan/qmail/
PGP signature
Hello Johan,
JA> Not quite. More like "someone inspects your free car and finds a button
JA> that can make it explode. Maybe he pushes the button, maybe not. Maybe he
JA> pushes the button on someone else's car". Are you willing to take that
JA> risk? I can imagine two situations where that would be the case: either
Well, there is no button with a text like "press me here" -))))) for
the public.
If we are talking about the security of a product, we have several
things to take a look at. Internal security (a mailserver-only
solution, mailserver+webserver, n mailservers, persons who access the
mail queue as root). External security. Buffer overflows, chroot
problems, jail problems, password problems. Design specific topics,
what is secure, what is not secure, what can be implemented, what is
not secure.
As root i can read all the messages in clear text, sendmail or qmail -
a security risk????? An attack to privacy? Or just a design problem?
Or is it not a design problem, its just normal?
Security is relative.
--
Boris
On Sat, 2 Jun 2001, Boris wrote:
> There should be one file to download and the makefile should do nearly
> everything neccessary. I should not spend days to understand the
> different modules as a newbie, it takes too much time.
I would argue that you /should/ take the time. Qmail's power lies in its
amazing flexibility and configurability, but the downside is that it's
easy to get things not quite the way you wanted it.
As a wise man once said (or words to that effect), "If you can't find the
time to do it right, how will you find the time to do it over?" IMO, this
applies to qmail in spades (and most of DJB's software in general).
If you're in a hurry, the mail-related stuff bundled with your favorite
distro (hopefully at least postfix-quality) is probably a better choice.
That'll at least get you up and running till you can find the time to
Understand And Do The Right Thing, or until a security compromise or
broken setup forces you to make time. 8-)
--
Adrian Ho [EMAIL PROTECTED]
Aaron L. Meehan([EMAIL PROTECTED])@2001.06.01 12:14:20 +0000:
> I've been looking for a sucker.. OK I'll bet a six pack is
> doesn't. (or, if Bud, I'd demand a case)
i put another six pack on top.
Reasons per priv. mail
--
regards,
Patrick
----------------------------------------------------
Patrick Atamaniuk [EMAIL PROTECTED]
http://www.atamaniuk.de
http://www.atabersk.de
----------------------------------------------------
PGP signature
On Sat, Jun 02, 2001 at 05:20:01PM +0200, Boris allegedly wrote:
> Hello Johan,
>
>
> JA> Not quite. More like "someone inspects your free car and finds a button
> JA> that can make it explode. Maybe he pushes the button, maybe not. Maybe he
> JA> pushes the button on someone else's car". Are you willing to take that
> JA> risk? I can imagine two situations where that would be the case: either
>
> Well, there is no button with a text like "press me here" -))))) for
> the public.
Of course there is, silly.
Tell us, your mail progam seems to be "The Bat! (v1.48f) Personal" -
did you write this program from scratch yourself or did you simply
click a few buttons and install the work of someone else?
Now, what do you think most script kiddies do? They don't scour the
code for exploits as you imply with "there is no button". They simply
download the hard work of one or two people and install the pre-built
button. It's trivial. So, "press me here" is as far away as a
download. You're not seriously suggesting this is a serious secruity
barrier are you?
> If we are talking about the security of a product, we have several
> things to take a look at. Internal security (a mailserver-only
> solution, mailserver+webserver, n mailservers, persons who access the
> mail queue as root). External security. Buffer overflows, chroot
> problems, jail problems, password problems. Design specific topics,
> what is secure, what is not secure, what can be implemented, what is
> not secure.
You are obscuring definition with implementation (and jargon for that
matter).
> As root i can read all the messages in clear text, sendmail or qmail -
> a security risk????? An attack to privacy? Or just a design problem?
> Or is it not a design problem, its just normal?
>
> Security is relative.
No it's not. You're futzing and confused. This is real simple.
The security of a product is defined as a set of claims about
providing certain protection. A security problem exists when the
product does not meet a stated claim. Eg, qmail never claimed to
protect clear text messages on disk from root, so why did you bring it
up?
However, both qmail explicitly and sendmail (somewhat less explicitly)
do make claims about protecting against a user gaining elevated
priviledges. This thread started from yet another alert about being
able to corrupt the memory of sendmail. Corrupting memory is a tried
and true method of gaining elevated priviledges and time and again
this method *has* been used to gain elevated priviledges via sendmail.
In other words, sendmail has repeatedly failed to live up to it's
security claims and it looks like this current announcement may be
just another example.
So, inspite of what you say, you do not have to "have several things
to take a look at" and you don't have to understand sentences full of
buzzwords like "chroot problems" and "jail problems"...
You simply ask the question "has sendmail failed to live up to it's
security claims". The answer is a repeated "yes" bordering on
recidivism and no amount of obfuscation by you will change that fact.
Your sole defense is that sendmail doesn't make such security claims
explicitly and thus people are silly to infer such security. This is
indeed a strong argument.
Regards.
At 12:25 PM 6/2/01, Mark Delany wrote:
>On Sat, Jun 02, 2001 at 05:20:01PM +0200, Boris allegedly wrote:
> > Well, there is no button with a text like "press me here" -)))))
> for
> > the public.
>
>Of course there is, silly.
>
>Now, what do you think most script kiddies do? They don't scour the
>code for exploits as you imply with "there is no button". They simply
>download the hard work of one or two people and install the pre-built
>button. It's trivial. So, "press me here" is as far away as a
>download. You're not seriously suggesting this is a serious secruity
>barrier are you?
This is a very, very good point. We have unfortunately reached a stage
where the crackers don't need to actually _know_ anything
anymore. They download a port scanner and a root kit, and can
compromise your machine without having any real understanding of what's
going on.
You not only have to protect yourself from the skilled, determined
cracker, but also from the unskilled, casual cracker. The former is
far more difficult than the latter, but fortunately the really talented
black hats have better things to do than hit 99% of the machines out
there.
We had a machine compromised by an exploit in the wu-ftpd package a
couple of years ago. Fortunately, I happened to be on the machine when
it occurred, and was able to monitor the cracker's activities and shut
him down before he was able to cause any real damage.
Based upon the things he typed, he had no idea what he was doing:
cd /etc/init.
cd /etc/init.d
ls
cd etc
ls
ls init*
ls rc*
cd rc.local
ls
ls -al rc.*
cd init.d
And yet, in the space of 5-10 minutes, he was able to break in and
install three trojans.
Sendmail can be secure, if you really know what you're doing and stay
on top of the patches that come out (every three days or so). I don't
have that kind of time, so I'd rather have a mail server that is secure
out of the box. We've been gradually migrating our domains from
sendmail to qmail over the last ~year; I've had to patch sendmail at
least twice, qmail hasn't needed anything since install.
I can deal with (sometimes) sketchy documentation and the hassle of
installing 12 different things to get the results I want - that's
still easier than restoring a machine that's been compromised.
Todd
Boris writes:
> If you will find 100 bugs in sendmail they are fixed then after
> reporting them. The games is over, the problem is solved. The admin
> updates, and thats all.
Actually, the admin doesn't update. Or rather, some do, and some
don't.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Microsoft rivets everything.
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Linux has some loose screws.
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | You own a screwdriver.
hi
multilog rotates the logfiles after 100k per default. the isoqlogappend script only
runs when the log rotates, so isoqlog has nothing to process if you call it before the
log rotated.
HUP'ing the log process actually rotates the log, so svc -h it before you run isoqlog
and it should work.
you could change the ssize parameter for multilog aswell, but somewhere in the isoqlog
documentation it says, that this would break isoqlog...
greetz & hope it helps
Flavio
On Tue, 29 May 2001 09:39:45 -0400 Gary MacKay <[EMAIL PROTECTED]> wrote:
> Does anyone have isoqlog running consistantly? I have worked on this for
> quite awhile and think I have it narrowed down to the fact that I don't
> get enough traffic to make the ../send/current log file grow over 100k.
>
> Let me explain: I have installed isoqlog on several servers from very
> low to very high traffic. The high traffic sites seem to work fine, the
> low traffic sites don't work at all, and the medium traffic sites work
> once in awhile. (Sounds like the three bears story right?) Anyway, with
> all the testing I've done, it seems to be related to the ../send/current
> file not getting big enough. I have setup qmail using the LWQ doc and
> multilog. The author suggested I use splogger instead of multilog, but
> the LWQ doc says not to do that since it slows everything down. Since I
> only have trouble on the low traffic sites, would switching to splogger
> be a big problem? Where is this magic number of 100k for multilog? Can
> it be changed?
>
> - Gary
>
--
http://no-way.org/~fcu/
Hello List,
Is this "expn" (expand) command completely disabled in Qmail (1.03)? If
so, are there any patches out there to enable expn from certain hosts on a
Qmail server?
I'm trying to find a solution for a remote product to find the pop3 account
behind a catch-all virtual account and a limited-access expn would
certainly do the trick.
Thanks,
Rob Genovesi
[EMAIL PROTECTED]
On Sat, Jun 02, 2001 at 09:02:08AM -0700, Rob Genovesi allegedly wrote:
> Hello List,
>
> Is this "expn" (expand) command completely disabled in Qmail (1.03)? If
> so, are there any patches out there to enable expn from certain hosts on a
> Qmail server?
It's not disabled as such, it's merely not implemented in the standard
product for a variety of reasons - one of which is that the design
does not lend itself readily to expn (but there are good privacy
reasons too).
Having said that, there are patches to do this and a search of the
archives should reveal where they are.
> I'm trying to find a solution for a remote product to find the pop3 account
> behind a catch-all virtual account and a limited-access expn would
> certainly do the trick.
It sounds like you'll be adding non-standard code to both ends of this
solution so why not do something more specific that doesn't involve
patching qmail, such as a protected access web page? Or a protected
access finger port? Or a periodic rsync of the user list?
Regards.
On Sat, Jun 02, 2001 at 09:28:02AM +0200, [EMAIL PROTECTED] wrote:
> a wanna masguerade hosts that send mail using qmail-smtpd
> from my internal net.
>
> control/defaulthost doesn't work 'cos for qmail-inject
> QMAILSHOST to my environment doesn't work
>
> adding the env in my tcpserver cdb file like
>
> 172.16.3.:allow,RELAYCLIENT="",QMAILSHOST="trivial.3va.net"
>
> does not work either. Is there a way?
qmail-smtpd isn't designed to do any rewriting. You want ofmipd, see
<http://cr.yp.to/mess822.html>.
I would like to say thank you for the help so far on the
451 error that I am receiving. I am still having a problem with this message.
Here is the output from the smtp log file with recordio. The error is occurring
between the header information and the message itself. There was already
a carriage return line feed after the content type line and we tried to
add some more but it did not help. When we added more carriage return line
feed, we got more blank lines. I am thinking this error has something to
do with the blank line between the header information and the message itself.
Any help of information would be appreciated. thanks
tcpserver: ok 1214 kweku.akan.net:207.227.131.131:25 ro05-24-131-178-246.ce.mediaone.net:24.131.178.246::1254
214 > 220 kweku.akan.net ESMTP
214 < HELO ForSure_MailBot
214 > 250 kweku.akan.net
214 < MAIL FROM:<[EMAIL PROTECTED]>
214 > 250 ok
214 < RCPT TO:<[EMAIL PROTECTED]>
214 > 250 ok
214 < DATA
214 > 354 go ahead
214 < Sender: [EMAIL PROTECTED]
214 < Reply-to: [EMAIL PROTECTED]
214 < To: "Nathaniel Keeling" <[EMAIL PROTECTED]>
214 < From: "billing" <[EMAIL PROTECTED]>
1214 < Date: Thu, 31 May 2001 00:03:15
1214 < Subject: Invoice 1011 for June Services
214 < X-Mailer: ForSure_MailBot (5.5.1960.3)
1214 < MIME+
214 < -Version: 1.0
214 < Content-Type: text/html; charset=US-ASCII
214 <
214 > 451 See http://pobox.com/~djb/docs/smtplf.html.
1214 > [EOF]
tcpserver: end 1214 status 256
Nathaniel L. Keeling III <[EMAIL PROTECTED]> wrote:
> I would like to say thank you for the help so far on the 451 error that
> I am receiving. I am still having a problem with this message.
[...]
> 214 < -Version: 1.0
> 214 < Content-Type: text/html; charset=US-ASCII
> 214 <
> 214 > 451 See http://pobox.com/~djb/docs/smtplf.html.
> 1214 > [EOF]
> tcpserver: end 1214 status 256
Did you go read the page at the URL that qmail told you to look at?
The client is sending bare linefeeds, which are forbidden. Fix the client.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
Hi all.
I had installed qmail and it's running ok.
All the examples says to add a line in /etc/inetd.conf to run
qmail-smtpd, but I don't know how to configure it in xinetd.
Where can I find an xinetd example and what is tcp-env for?
--xgnu powered by vi editor
:%s/Micros~1/GNU\/Linux/g^M
:wq!^M
Eduardo Gargiulo wrote:
>
> Hi all.
>
> I had installed qmail and it's running ok.
> All the examples says to add a line in /etc/inetd.conf to run
> qmail-smtpd, but I don't know how to configure it in xinetd.
> Where can I find an xinetd example and what is tcp-env for?
>
> --xgnu powered by vi editor
> :%s/Micros~1/GNU\/Linux/g^M
> :wq!^M
Don't use xinetd. Use tcpserver instead.
--
Keith
Network Engineer
Triton Technologies, Inc.
Eduardo Gargiulo <[EMAIL PROTECTED]> wrote:
>
> I had installed qmail and it's running ok. All the examples says to add a
> line in /etc/inetd.conf to run qmail-smtpd, but I don't know how to
> configure it in xinetd. Where can I find an xinetd example and what is
> tcp-env for?
Running qmail from inetd is deprecated. Download ucspi-tcp and run it under
tcpserver.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
Eduardo:
xinetd.conf is something new. I have seen it in RH 7.1. You will notice that
it includes a statement that looks something like this:
"includedir /etc/xinetd.d"
If you open the directory "xinetd.x", you will find several files. Each file
represent an entry in the old "inetd.conf". If you open "/etc/xinetd.x/pop3"
file, you will see how "pop3" is setup. How to setup these files in
"etc/xinetd.x", please read "man xinetd.conf" pages.
Several people have suggested using tcpserver. I suggest you look into it.
It might be easier and better (or that's what everybody says). Hope it
helps.
Kirti
-----Original Message-----
From: Eduardo Gargiulo [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 02, 2001 12:59 PM
To: [EMAIL PROTECTED]
Subject: xinetd
Hi all.
I had installed qmail and it's running ok.
All the examples says to add a line in /etc/inetd.conf
to run
qmail-smtpd, but I don't know how to configure it in xinetd.
Where can I find an xinetd example and what is tcp-env for?
--xgnu powered by vi editor
:%s/Micros~1/GNU\/Linux/g^M
:wq!^M
I personally don't care to run tcpserver, although I've run it in the
past, and it worked well at that time. tcpserver is nothing but a
wrapper to enable one to 1) log connections, and 2) keep unallowed hosts
out. Xinetd does that for me. Why would any one want to run two
servers that can do the same thing?
Here's my config for xinetd. I've not yet configured it to be aware of
the RCPTHOSTS env var (or what ever it's called). Drop me a line if
you'd like.
David
service smtp
{
socket_type = stream
wait = no
user = qmaild
server = /var/qmail/bin/tcp-env
server_args = /var/qmail/bin/qmail-smtpd
log_on_success = HOST PID USERID DURATION USERID
log_on_failure = HOST RECORD ATTEMPT USERID
}
Charles Cazabon wrote:
>
> Eduardo Gargiulo <[EMAIL PROTECTED]> wrote:
> >
> > I had installed qmail and it's running ok. All the examples says to add a
> > line in /etc/inetd.conf to run qmail-smtpd, but I don't know how to
> > configure it in xinetd. Where can I find an xinetd example and what is
> > tcp-env for?
>
> Running qmail from inetd is deprecated. Download ucspi-tcp and run it under
> tcpserver.
>
> Charles
> --
> -----------------------------------------------------------------------
> Charles Cazabon <[EMAIL PROTECTED]>
> GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
> Any opinions expressed are just that -- my opinions.
> -----------------------------------------------------------------------
John Hogan <[EMAIL PROTECTED]> wrote:
> <snip>
> >I've never seen anyone else ask for this type of control, and have a
> >difficult time imagining why it would be necessary (or even desirable).
> >Probably no one else has written such a patch or add-on; you'd need to do
> >it yourself. Note that this would then require parsing the original
> >message headers -- a job tricky to do without introducing bugs.
>
> ick
Yes, ick indeed.
> >Why do you want to control this?
>
> we get quite a number of them daily (sometimes 300-400/day) - some
> customers' sites have email addresses on web pages, robots harvest them
> (you know the ending)
Yes. I see 100-300 double-bounces a day myself. I glance at them to see if I
can help someone (obvious typo, etc) but most are double-bounces of spam to
bad addresses, and get deleted with <1s of effort on my part.
> i'd like to at least get rid of the Content-Type, Content-Transfer,
> X-MSMail-Priority, etc... just keep the basics in case i need to flog someone
I personally don't see how this would help anything. As Russell Nelson has
aid a couple of times in the last 24 hours, "What problem are you trying to
solve?" Bounces go to the envelope sender; returning the complete headers of
their message to them can help them if they need to re-send it. Returning
incomplete headers looks like a lot of work with little payoff in the end.
Double-bounces are a fact of life to a mail admin.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
Charles Cazabon writes:
> I personally don't see how this would help anything. As Russell Nelson has
> aid a couple of times in the last 24 hours, "What problem are you trying to
> solve?"
It's a terribly useful question when a customer calls up and asks me
how to do something that makes no sense. Maybe I just don't
understand problem; maybe they're trying to solve a problem the wrong
way. Asking for a description of the problem keeps me from saying
something stupid.
--
-russ nelson <[EMAIL PROTECTED]> http://russnelson.com
Crynwr sells support for free software | PGPok | Microsoft rivets everything.
521 Pleasant Valley Rd. | +1 315 268 1925 voice | Linux has some loose screws.
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | You own a screwdriver.
Phil Schwartz <[EMAIL PROTECTED]> wrote:
> I've scanned through the archives and FAQ and I
> *think* I have qmail set up properly, however
> masquerading isn't working for me.
If you still want help, try reposting your question using your real domain
name and FQDN. It could be a DNS issue (in fact, sounds like it to me), but I
get a headache trying to look at "phil@domain" and "phil@FQDN" all day. We
need real DNS info to tell you if this is the problem.
Also include the unedited output of qmail-showctl.
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
I don't think that will help me yet (Maybe I am being really stupid or
missing something) How does qmail know that mail that is from domain
mail.domain1.com is to be delivered on IP xxx.xxx.xxx.xxx and that mail from
mail.domain2.com is to be delivered using IP yyy.yyy.yyy.yyy.
At the point that qmail is sending out mail via smtp it no longer knows what
domain it is send out mail for does it?
There has to be some kind of config file that tells qmail-smtpd what domains
to send for. I would expect something like this would have to be done.
A file called smtpddomain1
mail.domain1.com
Another file called smtpdotherdomains
mail.domain2.com
mail.domain3.com
...etc
(I know that the above doesn't exist - just dreaming)
Another thought would be if I could use the domain name on the program line
as below. (That would be a pain to have to add a new smtp file for every
domain that I want to be unique)
> #!/bin/sh
> QMAILDUID=`id -u qmaild`
> NOFILESGID=`id -g qmaild`
> MAXSMTPD=`/bin/cat /var/qmail/control/concurrencyincoming`
> exec /usr/local/bin/softlimit -m 2000000 /usr/local/bin/tcpserver \
> -vPHR -c "$MAXSMTPD" -x /var/qmail/cdb/smtp.cdb \
> -u "$QMAILDUID" -g "$NOFILESGID" mail.domain1.com smtp
/var/qmail/bin/qmail-smtpd 2>&1
>
^^^^^^^^^^^^^^
> run file for mail2.example.com:
>
> #!/bin/sh
> QMAILDUID=`id -u qmaild`
> NOFILESGID=`id -g qmaild`
> MAXSMTPD=`/bin/cat /var/qmail/control/concurrencyincoming`
> exec /usr/local/bin/softlimit -m 2000000 /usr/local/bin/tcpserver \
> -vPHR -c "$MAXSMTPD" -x /var/qmail/cdb/smtp.cdb \
> -u "$QMAILDUID" -g "$NOFILESGID" mail.domain2.com smtp
/var/qmail/bin/qmail-smtpd 2>&1
>
^^^^^^^^^^^^^^
On Sat, Jun 02, 2001 at 05:41:51PM -0700, Ross Davis wrote:
> There has to be some kind of config file that tells qmail-smtpd what domains
> to send for.
qmail-smtpd does not send mail. It receives mails via smtp.
qmail-send takes care of sending and starts qmail-remote for off-site
deliveries. qmail-remote does not bind to a specific IP at all.
--
* Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de *
* Roedingsmarkt 14, 20459 Hamburg, Germany *
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
|
Hello all:
I have two question.
1. I want to know how to process when qmail received a
not exist user in qmail server.
which program to process, is qmail-send ?
whether original sender can receiver
a notic mail?
2. About quota ,when user mail sizes execd max quota
size,qmail how to process, or qmail-local error .
whether original sender can receiver a notic
mail?
Thank you.
|
|
Hello :
I use qmail+mysql system in SunOS.I want to filter a
special mail address or subject or content when qmail server receiver all
mail.
How to do ?
Thank you!
|
Hi,
I'm getting tons of these log entries whenever I send mail:
May 25 18:49:19 bigpoop qmail: 990830959.449207 status: local 0/10 remote
1/20
May 25 18:49:19 bigpoop qmail: 990830959.662255 delivery 801: deferral:
qmail-remote_crashed./
I fear that this started after I rebuilt qmail on this box with the
following patches:
tls/ssl
Frederik Vermeulen <[EMAIL PROTECTED]> 20010106
http://www.esat.kuleuven.ac.be/~vermeule/qmail/tls.patch
smtp-auth
http://members.elysium.pl/brush/qmail-smtpd-auth/
tarpit
Chris Johnson
[EMAIL PROTECTED]
It was rough combining these, but the most trouble was in smtpd, not
qmail-remote, as only one patch touched it (the TLS patch).
Any hints on how to debug this? Anyone else running this combo?
Thanks,
Charles
| Charles Sprickman | Internet Channel
| INCH System Administration Team | (212)243-5200
| [EMAIL PROTECTED] | [EMAIL PROTECTED]
Hi all,
Mirrors of
http://cr.yp.to/
http://qmail.org/
http://ezmlm.org/
are available on my tiny server http://sakapuss.homeip.net/ (publicfile).
It is located in Toulouse (France).
Cheers,
Dj.
On Fri, Jun 01, 2001 at 11:31:32PM +0800, Lye On Siong Johnny wrote:
> .qmail-default
remove this one too.
--
* Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de *
* Roedingsmarkt 14, 20459 Hamburg, Germany *
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)
