[courier-users] Email Backups
Hi, A few days ago I decided to rebuild my main server and to my dismay while I was doing that my main data drive became corrupted - I know, I should probably have unplugged it but I didn't think it would matter as I wasn't going to touch that drive. If you are interested, I traced the problem to a stick of ram that must have come loose when I took the top of the machine (unlucky is my middle name). Any way on with the question. My old server was using courier imap + qmail + procmail delivering into maildirs. I have backups of the maildirs and I was wondering how I can put the backup mail back into the system. I notice that there are control files such as courierimapsubscribed and courierimapuiddb which contain lists of messages and folders. The folders on looks quite obvious but the db file is a little confusing. My main concern is that the format of the message name is a little different between what I get now eg 1074616521.M124960P4905V0303I0003036D_9.compost,S=2603:2,RS and what I used to get 1039268525.4279_2604.compost.home.crazysquirrel.com,S=16015 although they are superficially similar. A worse problem is that the drive that became corrupted still contains most of the data so I am (by hand) recovering the mail I lost between the last back up and now. These files have no recoverable name so I was wondering what I should call them? I am a software developer and willing to write a bit of code to mangle / generate file names if necessary. I'll stop rambling now though :o) Thanks, Graham --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: Email Backups
Graham Smith writes: delivering into maildirs. I have backups of the maildirs and I was wondering how I can put the backup mail back into the system. Restore them. I notice that there are control files such as courierimapsubscribed and courierimapuiddb which contain lists of messages and folders. The folders on looks quite obvious but the db file is a little confusing. My main concern is that the format of the message name is a little different between what I get now eg 1074616521.M124960P4905V0303I0003036D_9.compost,S=2603:2,RS and what I used to get 1039268525.4279_2604.compost.home.crazysquirrel.com,S=16015 although they are superficially similar. Ignore that. Just restore the backups. pgp0.pgp Description: PGP signature
[courier-users] RFC 1035 error V.S. First two MX entries BAD for domain
First off: Courier-mta is the BEST! Question: Does courier iterate through all available MX records even if the first few are broken and possibly violate RFC1035? I have been getting a complaint from someone trying to send an email to me. She gets an error from her mailserver thus: -- Mail Delivery Subsystem [EMAIL PROTECTED] 1/6/2004 3:43:24 PM The original message was received at Tue, 6 Jan 2004 15:43:14 -0600 (CST) from 12-23-34-45.otherguysisp.com [12.23.34.45] (may be forged) - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 517-MX records for brokendomain.com violate section 3.3.9 of RFC 1035.) - Transcript of session follows - ... while talking to mail.! mydomain.net.: MAIL From: [EMAIL PROTECTED] SIZE=1911517-MX records for brokendomain.com violate section 3.3.9 of RFC 1035. 517 Invalid domain, see URL: ftp://ftp.isi.edu/in-notes/rfc1035.txt 554 5.0.0 Service unavailable --- It was explained to me that the other guy's ISP (otherguysisp.com) has the broken domain's entries purposely broken for the first few MX records (brokendomain.com). He says that his ISP wants to keep the first few MX records broken, and that the problem is with MY mailserver. I am running Courier-mta 0.43.2 and it was compiled on my redhat 8.0 box with the ldap auth module loaded and running. - Kirk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain
On Tue, Jan 20, 2004 at 11:20:51PM -0600, Kirk A Wolff wrote: First off: Courier-mta is the BEST! Question: Does courier iterate through all available MX records even if the first few are broken and possibly violate RFC1035? No. All the MX records have to be correct; even if one is wrong, courier will refuse to accept mail from that domain. I have been getting a complaint from someone trying to send an email to me. She gets an error from her mailserver thus: -- Mail Delivery Subsystem [EMAIL PROTECTED] 1/6/2004 3:43:24 PM The original message was received at Tue, 6 Jan 2004 15:43:14 -0600 (CST) from 12-23-34-45.otherguysisp.com [12.23.34.45] (may be forged) - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: 517-MX records for brokendomain.com violate section 3.3.9 of RFC 1035.) - Transcript of session follows - ... while talking to mail.! mydomain.net.: MAIL From: [EMAIL PROTECTED] SIZE=1911517-MX records for brokendomain.com violate section 3.3.9 of RFC 1035. 517 Invalid domain, see URL: ftp://ftp.isi.edu/in-notes/rfc1035.txt 554 5.0.0 Service unavailable --- It was explained to me that the other guy's ISP (otherguysisp.com) has the broken domain's entries purposely broken for the first few MX records (brokendomain.com). He says that his ISP wants to keep the first few MX records broken, and that the problem is with MY mailserver. I am running Courier-mta 0.43.2 and it was compiled on my redhat 8.0 box with the ldap auth module loaded and running. -- Anand Buddhdev --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain
Thank you Gerardo for your reply. I have some additional information regarding WHY the MX RRs are broken. The mailserver admin does not intend to keep these broken. I also have a comment about how RFC1035 is implemented in Courier. Regarding RFC1035 in Courier; I looked through the most recent source code for Courier-mta and have discovered that my revision contains the same code that exists today. I have lightly reviewed the code in the file courier/courier/rfc1035/rfc1035mxlist.c. It seems to me that what is happening is only the first three MX entries are used. Please correct me on this! In my case, the first two MX entries were intentionally broken, but the THIRD was an rfc1035 violation! The third entry contained an IP address. There were three additional lower priority entries also for the domain, all adding up to a total of six MX entries. Is it possible that courier is ignoring the fourth, fifth, and sixth entries? It was explained to me that the other guy's ISP (otherguysisp.com) has the broken domain's entries purposely broken for the first few MX records (brokendomain.com). He says that his ISP wants to keep the first few MX records broken, and that the problem is with MY mailserver. If he broke the mx entries on purpose then ask him where in the RFC it states that type of methadology, or what best business practice is he following here. He does not seem to be concerned about following the full intent of the RFCs, but is still concerned about being 'standards-based'. Please read the following fromt he guy: The intention of this was to hide the domain's real SMTP servers from the internet (we have been seeing spammers pick MX records at random, rather than just the highest preference, for the past year and a half). brokendomain.com did not choose to make use of this feature, so their real SMTP server is listed, after the anti-spam boxes. We also preferred using the MX's for choosing final delivery because it was standards-based, and wouldn't require us to do any sort of nasty munging in Sendmail. Keep the first few MX records broken? If they want to break these then tell him to keep them internal, and tell them to run a sandbox DNS solution. If he wants to play the game of interconnectivity then he needs to play along with everyone else, and the standards (and suggestions) provided in the RFC's. You are right about the sandbox approach. It seems that he's trying to a sandbox approach, but is still exposing the first few MXs. Read his explanation: They need to have their mail routed through an anti-spam system before it gets to their SMTP servers. By having the 1st 2 records unresolvable, mail from the internet is delivered to MX 30, the anti-spam boxes. The anti-spam boxes *are* able to resolve the *.mx.otherguysisp.com records (MX 10 and 20), and MX 10 just points to brokendomain.com's primary SMTP server. I'll recommend that he read the 'sandbox' section of the RFC I have ran into admins in the past who have done the same thing. Blame the software I am running because they dont follow the RFC. One big example is IP addresses in the MX record, and then they defend their stance by stating to me Well I can get mail from everyone else. As it happens everyone else is Hotmail or Yahoo Mail, it is a sad thing that some admins use such services as the measuring stick for interconnections. You are right about this, however it is possible that Courier isn't checking more than three MX RRs, which isn't a violation of RFC, but isn't complete compliance either. His nameserver entries may be messed up, but courier should be able to look at the fourth, fifth, etc. MX entries. It is hard sometimes to make idiots that think like this to even see reason. Where I work I am not even the Systems Administrator, it just happens that I have taken some system responsabilities (email being one) because of the staffing issues presented in my department. He's actually being very cooperative. He made some changes to the domain until we get these issues further resolved: This is probably left over from the last time they renumbered. Put in place temporarily and meant to be fixed when things had stabilized. You know how that goes :) I can get this fixed, but I'd like to see if the change I made yesterday fixes it first. That will tell us which issue it was. Esperience has taught me to take these issues to the individuals supervisor's, or superiors and reference the RFC to them, explaining where they are not being net frinedly and also what solutions they can do in turn [sadly enough you have to think for them also]. I still see no reasoning as to what they are gaining by breaking an MX record. Escept that the guy misconfigured something and now wants to act that it was done like that for some meaningless purpose as to not admit that he had no idea what he was doing. Although he seems fairly familiar with Good Luck getting those MX
Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain
Gerardo Gregory wrote: If he broke the mx entries on purpose then ask him where in the RFC it states that type of methadology, or what best business practice is he following here. Too bad some RFCs don't always make sense. DSN is a good example. What a waste of bandwidth and disk space. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain
Il 06:20, mercoledì 21 gennaio 2004, Kirk A Wolff ha scritto: First off: Courier-mta is the BEST! Question: Does courier iterate through all available MX records even if the first few are broken and possibly violate RFC1035? I agree with Gerardo Gregory and i also have had some issues regarding this topic nevertheless i needed to send/receive mail from the misconfigured domain. Here is the solution: 1) to send mail you have to add all MX records in your esmtproutes file Eg. area.ra.it: [213.209.214.65] area.ra.it: mail.area.ra.it 2) to receive mail you have to add all MX recorda in your smtpaccess file Eg. 213.209.214.65 allow,BOFHCHECKDNS=0,BOFHCHECKHELO=0 130.186.250.195 allow,BOFHCHECKDNS=0,BOFHCHECKHELO=0 and then run makesmtpaccess. I hope this help .. Federico. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain
First off: Courier-mta is the BEST! Question: Does courier iterate through all available MX records even if the first few are broken and possibly violate RFC1035? I agree with Gerardo Gregory and i also have had some issues regarding this topic nevertheless i needed to send/receive mail from the misconfigured domain. Here is the solution: 1) to send mail you have to add all MX records in your esmtproutes file Eg. area.ra.it: [213.209.214.65] area.ra.it: mail.area.ra.it 2) to receive mail you have to add all MX recorda in your smtpaccess file Eg. 213.209.214.65 allow,BOFHCHECKDNS=0,BOFHCHECKHELO=0 130.186.250.195 allow,BOFHCHECKDNS=0,BOFHCHECKHELO=0 and then run makesmtpaccess. I hope this help .. Federico. Thank you for the suggestion. I was already aware of this from the courier-faq. What I am asking is if courier is checking more than three MX records during the verification process. Do you know if it does? Kirk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain
Anand wrote: On Tue, Jan 20, 2004 at 11:20:51PM -0600, Kirk A Wolff wrote: First off: Courier-mta is the BEST! Question: Does courier iterate through all available MX records even if the first few are broken and possibly violate RFC1035? No. All the MX records have to be correct; even if one is wrong, courier will refuse to accept mail from that domain. So if one record does not resolve, courier will reject the domain? Is this the case if the MX entry is a 'real' entry, but doesn't resolve to an IP address? Kirk --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain
Dan, Read - RFC 1796 first; Just cause it is mentioned as/or referenced to an RFC does not make it a standard. If it is a standard and you still have a better way to accomplish what the standard is implying then RFC 2926 is for you. The standards is what I am very critical about [I find it humorous that they are reffered to as STD's]. DNS [commonly refered to as RFC 1035 (previous 1034)] is actualy STD 0013 Mail Routing and the Domain System [commonly refered to as RFC 974] is expressed in STD 0014 This is not a Facist state, if anyone feels the need to propose any different then the floor is open once again RFC 2926 comes to mind. Gerardo Gregory Dan Melomedman wrote: Gerardo Gregory wrote: If he broke the mx entries on purpose then ask him where in the RFC it states that type of methadology, or what best business practice is he following here. Too bad some RFCs don't always make sense. DSN is a good example. What a waste of bandwidth and disk space. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain
Kirk worte; Is this the case if the MX entry is a 'real' entry, but doesn't resolve to an IP address? --- If you are saying that the MX record has a domain name that has no valid A record associated then it is not a legitimate entry - it violates the RFC. If you are saying that the MX record has a domain name with an associated A record, but that system is unreachable then the host is ureachable, next MX Too bad he doesnt post on the MERIT NANOG list Perry Metzger, or Paul Vixie will certainly set him straight, ofcourse he might have no idea who they are. Gerardo A. Gregory Manager Network Administration and Security - Affinitas - Latin for Relationship Helping Businesses Acquire, Retain, and Cultivate Customers Visit us at http://www.affinitas.net --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain
Gerardo Gregory wrote: Dan, Read - RFC 1796 first; Just cause it is mentioned as/or referenced to an RFC does not make it a standard. Precisely, or vice versa, but what people should be worrying about isn't RFC compliance, but interoperability and better design. Whether it means RFC compliance, standards compliance, or neither. Furthermore, some things in RFCs are just plain wrong or bad by design, DSN (ugly design, plus you can't control it, and you can't do anything about it, so why bother in the first place?) and MIME included (Email should have been designed to be 8-bit clean from the start). The the job of email servers should have been to copy messages around, not parse them. Welcome to the Internet: it sort-of works. -- The crowd neither wants nor seeks knowledge, and the leaders of the crowd, in their own interests, try to strengthen its fear and dislike of everything new and unknown. The slavery in which mankind lives is based upon this fear. --George Gurdjieff --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain
Precisely, or vice versa, but what people should be worrying about isn't RFC compliance, but interoperability and better design. Exactly...this is what the proposed RFC's and the IETF is attempting to do. But these is no ESP, so there has to be a consortium to make standards to ease interoperability. I agree with you, but I have to accept what's what unless I am willing to draft a different approcah, submit it, etc. Gerardo Dan Melomedman wrote: Gerardo Gregory wrote: Dan, Read - RFC 1796 first; Just cause it is mentioned as/or referenced to an RFC does not make it a standard. Precisely, or vice versa, but what people should be worrying about isn't RFC compliance, but interoperability and better design. Whether it means RFC compliance, standards compliance, or neither. Furthermore, some things in RFCs are just plain wrong or bad by design, DSN (ugly design, plus you can't control it, and you can't do anything about it, so why bother in the first place?) and MIME included (Email should have been designed to be 8-bit clean from the start). The the job of email servers should have been to copy messages around, not parse them. Welcome to the Internet: it sort-of works. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain
Kirk A Wolff writes: (brokendomain.com). He says that his ISP wants to keep the first few MX records broken, and that the problem is with MY mailserver. How exactly does his ISP's decision to keep broken DNS become your problem? pgp0.pgp Description: PGP signature
[courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain
Kirk A Wolff writes: that exists today. I have lightly reviewed the code in the file courier/courier/rfc1035/rfc1035mxlist.c. It seems to me that what is happening is only the first three MX entries are used. Please correct me on this! There's nothing in rfc1035mxlist.c that discards fourth, and subsequent, MX records. pgp0.pgp Description: PGP signature
[courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain
Roger B.A. Klorese writes: How exactly does his ISP's decision to keep broken DNS become your problem? Simple -- he'd make the case that you should only refuse to deliver mail if there are no correct MX records, not if there are any broken ones. And I'll make a case that broken DNS records are a sign of an incompetently-administered ISP, and that it's been historically shown that incompetently-administered ISPs typically have other problems, such as open relays and hacked proxies, and zombies. pgp0.pgp Description: PGP signature
RE: [courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain
And I'll make a case that broken DNS records are a sign of an incompetently-administered ISP, and that it's been historically shown that incompetently-administered ISPs typically have other problems, such as open relays and hacked proxies, and zombies. Great -- now we have *software* that wages preemptive war. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain
Simple -- he'd make the case that you should only refuse to deliver mail if there are no correct MX records, not if there are any broken ones. So explain to me the difference between a broken MX record and an incorrect one? Their is none...is there? Explain me your ideology here...it is either a CORRECT one or NOT. It either points to a domain name, which has an associated A record (Correct) or it does not (incorrect) Now if you want the acceptance of broken MX records are being legitimate DNS entries by the internet community then I refer this again RFC 2926 So your statement makes as much sense as the ISP's in question MX records /dev/null Gerardo Roger B.A. Klorese writes: And I'll make a case that broken DNS records are a sign of an incompetently-administered ISP, and that it's been historically shown that incompetently-administered ISPs typically have other problems, such as open relays and hacked proxies, and zombies. Great -- now we have *software* that wages preemptive war. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users Gerardo A. Gregory Manager Network Administration and Security Affinitas - Latin for Relationship Helping Businesses Acquire, Retain, and Cultivate Customers Visit us at http://www.affinitas.net --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] RE: RFC 1035 error V.S. First two MX entries BAD for domain
Explain me your ideology here...it is either a CORRECT one or NOT. It doesn't matter if any of them are incorrect/broken. It only matters if *all* of them are. Just as you shouldn't refuse to access foo.bar.com because an A record for zap.bar.com is malformed, you shouldn't refuse to try the 7th MX for bar.com because the 3rd one is malformed. Now if you want the acceptance of broken MX records are being legitimate DNS entries by the internet community then I refer this again RFC 2926 What does 2926 have at all to do with MX records? --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
RE: [courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Roger B.A. Klorese Sent: January 21, 2004 4:21 PM To: 'Sam Varshavchik'; [EMAIL PROTECTED] Subject: RE: [courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain And I'll make a case that broken DNS records are a sign of an incompetently-administered ISP, and that it's been historically shown that incompetently-administered ISPs typically have other problems, such as open relays and hacked proxies, and zombies. Great -- now we have *software* that wages preemptive war. It took me a while Roger, but I've come to agree (with the occasional client inspired nagging doubt). A solid product that works and follows the rules vs. one that accepts anything remotely appropriate thrown at it and muddles through. The problem here, is not courier, but that people got used to sendmail and others that were too permissive and allowed people to get sloppy in their structure. How much work should one do to allow others to be sloppy? General statement - not meant to directly slam anyone. m/ --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Backup MX configuration
Patrick O'Reilly wrote: From: Pierre Ossman [EMAIL PROTECTED] Ok, I've tried this now and either I'm missing something or the semantics aren't quite as you explained. I'll try to explain my total configuration to give you a better view of what I'm trying to acheive. The machine is called mail.craffe.se. It is a MX for the domain craffe.se. Sending mail to the domain works fine (it is later forwarded to an internal server using esmptroutes). It is also a backup MX for the domain mathias.nu. Being a backup MX I have the machine's name in locals in order for the backup MX semantics to function properly. Sending mail to the domain mathias.nu also works perfectly fine. Now for the problem. Sending mail to, for example, [EMAIL PROTECTED] results in the machine trying to deliver the mail to the local user account 'luser'. I added mail.craffe.se to esmtproutes in an attempt to redirect the mail, but the locals file seems to have priority. What I'd like is that mail would have been redirected to [EMAIL PROTECTED] (i.e. to the domain, not the machine) or have it rejected (with '550 User unknown' or similar). From what I can gather the only system that has priority over locals is the aliases. And I doesn't seem to be a syntax that gives me what I want (except one aliases for each and every user on the machine). So, what are my options? I don't like the current situation where the local users can receive mail but I can't figure out how to stop it. Regards Pierre Aha. I think the whole secondary MX thing is a red herring... Do you actually have local accounts which match the email addresses? - 'luser' in your above example. If these are local shell accounts, perhaps you should remove 'authvchkpw' from the authmodulelist in 'authdaemonrc'?!? The fact that the account exists locally might interfere with any attempt to use esmptroutes - but I'm guessing here. I don't have any box configured the way you are describing, so here's my best guess: esmptroutes: craffe.se:internalrelay.craffe.se .craffe.se:internalrelay.craffe.se locals: craffe.se .craffe.se mathias.nu esmtpacceptmailfor: craffe.se .craffe.se mathias.nu That's all I can think of. Yes! It finally works! =) Thanks for the help. Removing everything from authmodulelist effectively blocks all user. Should have thought of that one... I also noticed another weird behaviour. If I send a mail to [EMAIL PROTECTED], the machine realises it's a local account and strips it down to just 'root'. I have also specified 'craffe.se' as the default domain (/etc/courier/defaultdomain) so when it aplies the standard alias 'root: postmaster' it becomes '[EMAIL PROTECTED]' and goes away to the internal server. Just the way I wanted, and I didn't have to touch a thing =) So a question to you and/or anyone else who knows (probably only *Sam Varshavchik): *Is this the intended behaviour (default domain being added when resolving aliases) or should I expect to have to change this alias to 'root: [EMAIL PROTECTED]' at some point? Regards Pierre --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Re: [courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain
Mitch (WebCob) wrote: It took me a while Roger, but I've come to agree (with the occasional client inspired nagging doubt). A solid product that works and follows the rules vs. one that accepts anything remotely appropriate thrown at it and muddles through. The problem here, is not courier, but that people got used to sendmail and others that were too permissive and allowed people to get sloppy in their structure. How much work should one do to allow others to be sloppy? Accept liberally should still be the watchword for anything not constituting an attack pathway. What you propose would be like making an auto bumper 1/4 high and saying that if everyone followed the spec there would be no non-bumper collisions. The purpose of an MTA is not to be a literal implementation of RFCs but to receive and deliver mail successfully. --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain
Well if he would post the domain in question then I would consider your point. But all I have read today is using brokendomain.com as an example. How do you know what MX record is working or not? Whats the domain name? Let me do some queries using nslookup, then I might be more open to discussion. Because all I have read is sounding more and more like a crock of (ADLIB) Especially when it was stated that these where broken for security sakes. Yeah right! The KRAFT security architecture [RFC 10101010101] - swiss cheese style!!! Maybe that admin can give a presentation at a SANS conference and explain his ideology of securing your SMTP server by breaking [whatever breaking means] MX records...'us' in the security field are anxious to deploy this method as quickly as possible since then we wont have to fidget with sendmail as was stated in his earlier post [laziness if you ask me]. Furthermore read the subject...it says first TWO mx entries are bad, then read the threads posted all day, where the story becomes only one bad MX entry and two legit for spam boxes... The information provided changes over and over... I referred the RFC in case you feel the need to change the definition of a legit MX record in RFC 1035 (or STD 0013). RFC [2926] tells you how to submit your request, so they can revise the standard and define a broken MX for all of us who only know one type of MX record...Now where is a broken MX stated in the definition below? THERE IS ONLY ONE TYPE OF MX RECORD, ANYTHING ELSE IF PLACED INSIDE THE RECORD FIELD IS INCORRECT. NOW WHAT IS SO HARD TO UNDERSTAND ABOUT THAT!! 3.3.9. MX RDATA format +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ | PREFERENCE | +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ / EXCHANGE/ / / +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ where: PREFERENCE A 16 bit integer which specifies the preference given to this RR among others at the same owner. Lower values are preferred. EXCHANGEA domain-name which specifies a host willing to act as a mail exchange for the owner name. MX records cause type A additional section processing for the host specified by EXCHANGE. The use of MX RRs is explained in detail in [RFC-974]. Anyway...do whatever you feel..break all of them for all I care...see how far that gets you in the real world. Gerardo Roger B.A. Klorese writes: Explain me your ideology here...it is either a CORRECT one or NOT. It doesn't matter if any of them are incorrect/broken. It only matters if *all* of them are. Just as you shouldn't refuse to access foo.bar.com because an A record for zap.bar.com is malformed, you shouldn't refuse to try the 7th MX for bar.com because the 3rd one is malformed. Now if you want the acceptance of broken MX records are being legitimate DNS entries by the internet community then I refer this again RFC 2926 What does 2926 have at all to do with MX records? --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users Gerardo A. Gregory Manager Network Administration and Security Affinitas - Latin for Relationship Helping Businesses Acquire, Retain, and Cultivate Customers Visit us at http://www.affinitas.net --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
[courier-users] Problem (and patch for) 534 Message header size, or ... error
Hi, I'm still having problems with the hard-coded 5000 byte limit in the message header lines. Some companies insist on sending mass-emails to their relations, with all the recipients in the To header. I've fixed the problem on the servers I maintain and where the owners complains for the last two years - but it would be nice if the limit was configurable in Courier. The patch below should handle this, without breaking anything (I hope ;) - --- ../../orig/courier-0.44.2/courier/submit.C Sun Oct 5 06:47:50 2003 +++ submit.CThu Jan 22 05:31:14 2004 @@ -1072,6 +1072,15 @@ size_t headercnt=500; intheaderlimit=10; const char *p; +int header_line_limit=5000; + +p = getenv(ESMTP_HEADER_LINE_LIMIT); // Max bytes (octets) on a single line + if (p (atoi(p) = 1024)) + header_line_limit = atoi(p); + + p = getenv(ESMTP_HEADERLIMIT); // Max bytes (octets) for the entire header + if (p (atoi(p) = 2)) + headerlimit = atoi(p); my_rcptinfo.submitfile.MessageStart(); line=Received: from ; @@ -1126,7 +1135,7 @@ unsigned received_cnt=0; - while (line.readline(cin, 5000) 0) + while (line.readline(cin, header_line_limit ) 0) { struct rfc822t *rfcp; struct rfc822a *rfca; @@ -1150,7 +1159,7 @@ while ( ((i=cin.get()) != EOF ? (cin.putback(i), i):i) == ' ' || i == '\t') { - line.readline(cin, 5000); + line.readline(cin, header_line_limit); if ((i=cin.get()) != EOF i != '\n') { headercnt=0; @@ -1160,8 +1169,9 @@ if (l line[l-1] == '\r') line.Chop();// Strip trailing CR l=line.GetLength() + header.GetLength(); - if (l headerlimit || l 5000) + if (l headerlimit || l header_line_limit) headercnt=0; + if (headercnt == 0) continue; header += '\n'; header += line; - Jarle -- Jarle Aase email: [EMAIL PROTECTED] Author of freeware. http://www.jgaa.com news:alt.comp.jgaa War FTP Daemon: http://www.warftp.org War FTP Daemon FAQ: http://www.warftp.org/faq/warfaq.htm Jgaa's PGP key: http://war.jgaa.com/pgp NB: If you reply to this message, please include all relevant information from the conversation in your reply. Thanks. no need to argue - just kill'em all! --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users