Re: Jesus Help Me !
While flaming off topic posts is appropriate, flaming religion is not. By posting ur own rant u are now guilty of the same off topic violation as the original poster. It is clear from the tone of your post that you've been chomping at the bit for a while to write such a religion based rant. You gladly followed the afore mentioned troll and in doing so betrayed ur own prejudices. Open foot, insert mouth. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- "...ne cede males" 0100
Re: Jesus Help Me !
While flaming off topic posts is appropriate, flaming religion is not. By posting ur own rant u are now guilty of the same off topic violation as the original poster. It is clear from the tone of your post that you've been chomping at the bit for a while to write such a religion based rant. You gladly followed the afore mentioned troll and in doing so betrayed ur own prejudices. Open foot, insert mouth. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- "...ne cede males" 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Jesus Help Me !
please keep your moronic and paranoid religious delusions off of our mailing list. this mailing list is for the discussion of the Debian GNU/Linux operating system in Internet Service Provider environments. that's why it's called "debian-isp". note that it is *not* called "Divine Assistance" or anything similar. it is not for discussion of mythological beings. for those who believe and those who are otherwise interested, there are many other lists and discussion forums where such topics are appropriate and even welcome. please go find one of them. craig
Re: Jesus Help Me !
please keep your moronic and paranoid religious delusions off of our mailing list. this mailing list is for the discussion of the Debian GNU/Linux operating system in Internet Service Provider environments. that's why it's called "debian-isp". note that it is *not* called "Divine Assistance" or anything similar. it is not for discussion of mythological beings. for those who believe and those who are otherwise interested, there are many other lists and discussion forums where such topics are appropriate and even welcome. please go find one of them. craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: replacing sanitizer w/ amavisd-new
On Sat, Jan 10, 2004 at 08:39:39PM -0700, Michael Loftis wrote: > ># mailscanner system, works with Postfix and other MTAs. This uses > >unsupported methods to manipulate Postfix queue files, and there are > >multiple reports of message duplication and/or delivery of truncated > >messages. > > It isn't exactly supported nor unsupported anything that manipulates postfix queue files directly is definitely unsupported. Wietse Venema (postfix's author) strongly recommends against using any such tools as the exact format and structure of the postfix queues is considered internal to postfix and is subject to change at any time without notice. > Basically it relies on the fact that postfix can be told to use deferred > transports on inbound, automatically forcing everything to go into the > deferred queue. You run one copy of postfix in that mode. it also relies on the queue file format and queue directory structure not changing, which is explicitly denied by the postfix author. > > MailScanner catches about 30% more 'dangerous content' and virii than > amavisd-new given the same virus scanner because MS seems to unpack more > thoroughly/properly. the fact is, if you want to block viruses your best bet is to use body and mime-header checks to block all executable attachments. very few users really need to email an executable, and those that do can be taught to zip it up first. trojans inside zip files etc may still get through, so you still need a scannerbut by blocking executables you are greatly reducing the amount of work that the AV scanner has to do, and this greatly reducing the load on the server. also, trojans aren't anywhere near as much of a problem as viruses as they require active user stupidity (to run them) rather than just passive user stupidity (running outlook). craig
Re: replacing sanitizer w/ amavisd-new
On Sat, Jan 10, 2004 at 08:39:39PM -0700, Michael Loftis wrote: > ># mailscanner system, works with Postfix and other MTAs. This uses > >unsupported methods to manipulate Postfix queue files, and there are > >multiple reports of message duplication and/or delivery of truncated > >messages. > > It isn't exactly supported nor unsupported anything that manipulates postfix queue files directly is definitely unsupported. Wietse Venema (postfix's author) strongly recommends against using any such tools as the exact format and structure of the postfix queues is considered internal to postfix and is subject to change at any time without notice. > Basically it relies on the fact that postfix can be told to use deferred > transports on inbound, automatically forcing everything to go into the > deferred queue. You run one copy of postfix in that mode. it also relies on the queue file format and queue directory structure not changing, which is explicitly denied by the postfix author. > > MailScanner catches about 30% more 'dangerous content' and virii than > amavisd-new given the same virus scanner because MS seems to unpack more > thoroughly/properly. the fact is, if you want to block viruses your best bet is to use body and mime-header checks to block all executable attachments. very few users really need to email an executable, and those that do can be taught to zip it up first. trojans inside zip files etc may still get through, so you still need a scannerbut by blocking executables you are greatly reducing the amount of work that the AV scanner has to do, and this greatly reducing the load on the server. also, trojans aren't anywhere near as much of a problem as viruses as they require active user stupidity (to run them) rather than just passive user stupidity (running outlook). craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix-mysql-procmail
Fraser Campbell wrote:
On January 10, 2004 09:17 am, Robert Hensel wrote:
I currently have a properly working postfix-mysql setup. This all works
fine, but I would like to implement an autoresponder/other stuff. The
problem is, that for example procmail doesn't seem to work with virtual
users. I have added "mailbox_command = /usr/bin/procmail ". But this
line is completely ignored :(
Maybe someone here can help me avoid writing ugly bash scripts to do the
job ;)
The virtual delivery agent doesn't support procmail, .forward files, etc. I
believe you have no choice but to do some scripting (it can be ugly if you
insist ;-)
I'll assume that your talking about an email setup similar to the one
described at http://kirb.insanegenius.net/postfix.html ?
The only way that I can think of to do things like mail filtering, out of
office, etc. is by having a virtual map entry that forwards the email to an
alias as well as to the original user:
[EMAIL PROTECTED] [EMAIL PROTECTED],fraser-filters
In the aliases file (which could be managed in mysql still) you would have the
alias fraser-filters pipe to a command that does whatever magic you need.
This might already be what you were thinking of?
I haven't tried this but it's the easiest way that I can think of supporting
mail filtering, out of office and such. You can also write postfix filters
which might have advantages.
If you find anything please followup here as it's something I think a lot of
people might be interested in.
Being through this, I'd like to add my 0.02 EUR.
I have a handful of servers set up with postfix, mysql, amavisd-new,
spamassassin, and a home-brew administration interface in PHP.
I'm in the process of adding per-user support for:
- auto-replies (out of office, "your mail has been received" etc)
- auto-copy to antoher user
- auto-forward to another user (both for users on vacation)
I did the first version in PHP (as I already had a function that got me
the final recipient mailbox), triggered by postfix's always_bcc
parameter. This basically does the job, but at the cost of loosing the
"for: xxx" component in the Received: header, which I also need for
antoher component (the maillog scanner).
To make a long story short, the technically correct way is to do this
via content-filtering. I'm not through with this, so this is the
untested picture I have in my head for this issue. I'll post an
announcement here when I'm through this.
A configuration example (not tested; and note I also use amavisd-new):
main.cf:
# Filter mail through amavisd-new first
content_filter = smtp:[localhost]:10024
master.cf:
localhost:10025 \
inet n - - - - \
smtpd -o content_filter=vacation
localhost:10026 \
inet n - - - - \
smtpd -o content_filter=
vacation unix n - - - - pipe user=nobody \
argv=/usr/local/bin/my-vacation ${sender} ${recipient}
/usr/local/bin/my-vacation should handle all that vacation/forwarding
stuff (_and_ should honor "Precedence: bulk" and "Precedence: list"
headers properly!!!). If the mail should get to the original receiver,
it is handed over to postfix via SMTP on port 10026. For best
throughput, my-vacation should be a smtp-based client/server (like
amavisd-new is).
So the mail flow will be:
internet
|
Postfix (smtp on port 25)
|
amavisd-new (smtp port 10024)
|
Postfix (smtp port 10025)
|
my-vacation (pipe) ---+
| | |
Postfix (smtp port 10026)Postfix (smtp port 25) Postfix (smtp 25)
(to original receiver) (cc or forward) (response)
Thomas
Re: Postfix-mysql-procmail
Fraser Campbell wrote:
On January 10, 2004 09:17 am, Robert Hensel wrote:
I currently have a properly working postfix-mysql setup. This all works
fine, but I would like to implement an autoresponder/other stuff. The
problem is, that for example procmail doesn't seem to work with virtual
users. I have added "mailbox_command = /usr/bin/procmail ". But this
line is completely ignored :(
Maybe someone here can help me avoid writing ugly bash scripts to do the
job ;)
The virtual delivery agent doesn't support procmail, .forward files, etc. I
believe you have no choice but to do some scripting (it can be ugly if you
insist ;-)
I'll assume that your talking about an email setup similar to the one
described at http://kirb.insanegenius.net/postfix.html ?
The only way that I can think of to do things like mail filtering, out of
office, etc. is by having a virtual map entry that forwards the email to an
alias as well as to the original user:
[EMAIL PROTECTED] [EMAIL PROTECTED],fraser-filters
In the aliases file (which could be managed in mysql still) you would have the
alias fraser-filters pipe to a command that does whatever magic you need.
This might already be what you were thinking of?
I haven't tried this but it's the easiest way that I can think of supporting
mail filtering, out of office and such. You can also write postfix filters
which might have advantages.
If you find anything please followup here as it's something I think a lot of
people might be interested in.
Being through this, I'd like to add my 0.02 EUR.
I have a handful of servers set up with postfix, mysql, amavisd-new,
spamassassin, and a home-brew administration interface in PHP.
I'm in the process of adding per-user support for:
- auto-replies (out of office, "your mail has been received" etc)
- auto-copy to antoher user
- auto-forward to another user (both for users on vacation)
I did the first version in PHP (as I already had a function that got me
the final recipient mailbox), triggered by postfix's always_bcc
parameter. This basically does the job, but at the cost of loosing the
"for: xxx" component in the Received: header, which I also need for
antoher component (the maillog scanner).
To make a long story short, the technically correct way is to do this
via content-filtering. I'm not through with this, so this is the
untested picture I have in my head for this issue. I'll post an
announcement here when I'm through this.
A configuration example (not tested; and note I also use amavisd-new):
main.cf:
# Filter mail through amavisd-new first
content_filter = smtp:[localhost]:10024
master.cf:
localhost:10025 \
inet n - - - - \
smtpd -o content_filter=vacation
localhost:10026 \
inet n - - - - \
smtpd -o content_filter=
vacation unix n - - - - pipe user=nobody \
argv=/usr/local/bin/my-vacation ${sender} ${recipient}
/usr/local/bin/my-vacation should handle all that vacation/forwarding
stuff (_and_ should honor "Precedence: bulk" and "Precedence: list"
headers properly!!!). If the mail should get to the original receiver,
it is handed over to postfix via SMTP on port 10026. For best
throughput, my-vacation should be a smtp-based client/server (like
amavisd-new is).
So the mail flow will be:
internet
|
Postfix (smtp on port 25)
|
amavisd-new (smtp port 10024)
|
Postfix (smtp port 10025)
|
my-vacation (pipe) ---+
| | |
Postfix (smtp port 10026)Postfix (smtp port 25) Postfix (smtp 25)
(to original receiver) (cc or forward) (response)
Thomas
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Postfix-mysql-procmail
This one time, at band camp, Russell Coker said: > Neither /etc/aliases nor procmail allows a custom 55x code to be sent. > > A bounce (as used in your example) is undesirable in the case of spam and > viruses. It makes your machine the cause of problems, which then results > in other people causing problems for you. Hmm, it seems you're right. It doesn't generate a bounce, but it does 550 - just too early (at the rcpt rather than data stage). Apparently it generated a bounce because I was using mail, which I guess calls exim as sendmail, rather than with smtp, so it behaves slightly differently. Here is a telnet session with the same configuration, coming from another machine: steve:~$ telnet mercury 25 Trying 216.158.52.98... Connected to mail.lobefin.net. Escape character is '^]'. 220 mail.lobefin.net ESMTP Exim 4.30 Sun, 11 Jan 2004 11:56:48 -0500 ehlo busybox 250-mail.lobefin.net Hello www.lobefin.net [216.158.52.108] 250-SIZE 52428800 250-PIPELINING 250-AUTH LOGIN PLAIN 250-STARTTLS 250 HELP mail from: [EMAIL PROTECTED] 250 OK rcpt to: [EMAIL PROTECTED] 550 unknown user And the corresponding log line: 2004-01-11 11:57:08 H=www.lobefin.net (busybox) [216.158.52.108] F=<[EMAIL PROTECTED]> rejected RCPT [EMAIL PROTECTED]: on vacation It does _not_ work as well as I had hoped, but it at least does generate a 550, rahter than a bounce. Back to the drawing board. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgptMZ4XZXKGY.pgp Description: PGP signature
Re: Postfix-mysql-procmail
This one time, at band camp, Russell Coker said: > Neither /etc/aliases nor procmail allows a custom 55x code to be sent. > > A bounce (as used in your example) is undesirable in the case of spam and > viruses. It makes your machine the cause of problems, which then results > in other people causing problems for you. Hmm, it seems you're right. It doesn't generate a bounce, but it does 550 - just too early (at the rcpt rather than data stage). Apparently it generated a bounce because I was using mail, which I guess calls exim as sendmail, rather than with smtp, so it behaves slightly differently. Here is a telnet session with the same configuration, coming from another machine: steve:~$ telnet mercury 25 Trying 216.158.52.98... Connected to mail.lobefin.net. Escape character is '^]'. 220 mail.lobefin.net ESMTP Exim 4.30 Sun, 11 Jan 2004 11:56:48 -0500 ehlo busybox 250-mail.lobefin.net Hello www.lobefin.net [216.158.52.108] 250-SIZE 52428800 250-PIPELINING 250-AUTH LOGIN PLAIN 250-STARTTLS 250 HELP mail from: [EMAIL PROTECTED] 250 OK rcpt to: [EMAIL PROTECTED] 550 unknown user And the corresponding log line: 2004-01-11 11:57:08 H=www.lobefin.net (busybox) [216.158.52.108] F=<[EMAIL PROTECTED]> rejected RCPT [EMAIL PROTECTED]: on vacation It does _not_ work as well as I had hoped, but it at least does generate a 550, rahter than a bounce. Back to the drawing board. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgp0.pgp Description: PGP signature
Re: Postfix-mysql-procmail
On Sun, 11 Jan 2004 14:50, Stephen Gran <[EMAIL PROTECTED]> wrote: > This one time, at band camp, Russell Coker said: > > Another option is to receive the entire message, accept it for delivery > > but instead of a 25x give a 55x code with a message saying "this message > > was delivered, but please note that the account holder is on vacation". > > > > These methods should allow the vacation message to reliably go only to > > the originator of the message (or to no-one if it's a spam). However > > they do require that a new proxy program be written to receive the mail > > as no existing software (AFAIK) is capable of doing it. > > I think you can do something like this with /etc/aliases, although I am > no expert. exim uses a real-$local_part in the standard configuration > to bypass aliasing, so an entry could be added like: Neither /etc/aliases nor procmail allows a custom 55x code to be sent. A bounce (as used in your example) is undesirable in the case of spam and viruses. It makes your machine the cause of problems, which then results in other people causing problems for you. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Postfix-mysql-procmail
On Sun, 11 Jan 2004 14:50, Stephen Gran <[EMAIL PROTECTED]> wrote: > This one time, at band camp, Russell Coker said: > > Another option is to receive the entire message, accept it for delivery > > but instead of a 25x give a 55x code with a message saying "this message > > was delivered, but please note that the account holder is on vacation". > > > > These methods should allow the vacation message to reliably go only to > > the originator of the message (or to no-one if it's a spam). However > > they do require that a new proxy program be written to receive the mail > > as no existing software (AFAIK) is capable of doing it. > > I think you can do something like this with /etc/aliases, although I am > no expert. exim uses a real-$local_part in the standard configuration > to bypass aliasing, so an entry could be added like: Neither /etc/aliases nor procmail allows a custom 55x code to be sent. A bounce (as used in your example) is undesirable in the case of spam and viruses. It makes your machine the cause of problems, which then results in other people causing problems for you. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
