Re: Auth SMTP with sendmail
Thanks for that Matt Couldn't be simpler, it worked a treat. Is it possible to have a list of user that are allowed to send through the server with the default being no. Thanks for your help Pete King Matt Collier [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Tuesday 21 December 2004 13:50, Peter King wrote: Is it possible to set-up auth smtp using sendmail in debian? I have a mail server with sendmail installed (and openprotect). I would like to set-up authenticated smtp so that users can send email through this server by authenticating first. All the users have pop3 accounts on the server. How do I go about this. The server is Debian stable. Yes. Assuming that the pop3 accounts are system accounts, it's very easy. Install sasl-bin and some sasl modules: apt-get install sasl-bin libsasl-modules-plain and run sendmailconfig, which should detect the presense of sasl-bin and enable smtp auth. After sendmail reconfigures and reloads, connect to port 25 (presumably) and issue a 'ehlo' and you should see what auth mechs are supported. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Auth SMTP with sendmail
Is it possible to set-up auth smtp using sendmail in debian? I have a mail server with sendmail installed (and openprotect). I would like to set-up authenticated smtp so that users can send email through this server by authenticating first. All the users have pop3 accounts on the server. How do I go about this. The server is Debian stable. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Auth SMTP with sendmail
On Tuesday 21 December 2004 13:50, Peter King wrote: Is it possible to set-up auth smtp using sendmail in debian? I have a mail server with sendmail installed (and openprotect). I would like to set-up authenticated smtp so that users can send email through this server by authenticating first. All the users have pop3 accounts on the server. How do I go about this. The server is Debian stable. Yes. Assuming that the pop3 accounts are system accounts, it's very easy. Install sasl-bin and some sasl modules: apt-get install sasl-bin libsasl-modules-plain and run sendmailconfig, which should detect the presense of sasl-bin and enable smtp auth. After sendmail reconfigures and reloads, connect to port 25 (presumably) and issue a 'ehlo' and you should see what auth mechs are supported. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Auth SMTP with sendmail
On Di, 21.12.2004, 14:50, Peter King sagte: Is it possible to set-up auth smtp using sendmail in debian? I have a mail server with sendmail installed (and openprotect). I would like to set-up authenticated smtp so that users can send email through this server by authenticating first. All the users have pop3 accounts on the server. How do I go about this. The server is Debian stable. If you want to use PAM than have a look at http://lists.debian.org/debian-isp/2004/debian-isp-200402/msg00267.html Christian -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: MailScanner with Sendmail
Penbrock wrote: Thanks alot I now have MailScanner scanning all my messages :). How ever I have one minor(?) problem, sendmail movers messages to the mqueue.in , MailScanner scans them and moves them to the /mqueue like it should,... but the messages just sit there. Do I now need to change procmail? You need to start a queuerunner on that particular queuedirectory. Something like: sendmail -oQ/var/spool/mqueue -q (assuming that mqueue is in /var/spool). Try running this manually first and add the -v flag to see what's happening. After that you can either do queueruns from cron using the same command line or start another sendmail daemon (-bd -q15m) process. Regards, Henk -Original Message- From: Matt Collier [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 07, 2004 5:22 AM To: [EMAIL PROTECTED] Subject: Re: MailScanner with Sendmail On Tuesday 07 December 2004 00:23, Penbrock wrote: I am a newbie trying to learn our office servers so I have put a system up at home just like the ones our office uses for the ISP servers. I am trying to play around to find better ways to work things and I have come across MailScanner. I think I have it all installed on my testing system how ever I can not find any Doc's on how to tell Sendmail to start calling MailScanner. Can anyone help me out here or direct me to some doc's on using it on a Debian server with Sendmail? Thanks for any direction you can give this old MS user trying to learn Linux Ken You'll need to tell sendmail to just queue the mail for delivery, not actually deliver it. in /etc/mail/sendmail.conf, you'll something like: DAEMON_PARMS=-bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in; then get Mailscanner to pick up the mail from the queue, scan it, and put it back into sendmail's delivery queue. in /etc/MailScanner/MailScanner.conf: Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue sendmail doesn't directly call mailscanner, both run as separate processes and just put the necessary files where the other can find them, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Henk Roose - [EMAIL PROTECTED] CWI - Centrum voor Wiskunde en Informatica Centre for Mathematics and Computer Science Amsterdam (NL) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: MailScanner with Sendmail
Thanks alot I now have MailScanner scanning all my messages :). How ever I have one minor(?) problem, sendmail movers messages to the mqueue.in , MailScanner scans them and moves them to the /mqueue like it should,... but the messages just sit there. Do I now need to change procmail? -Original Message- From: Matt Collier [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 07, 2004 5:22 AM To: [EMAIL PROTECTED] Subject: Re: MailScanner with Sendmail On Tuesday 07 December 2004 00:23, Penbrock wrote: I am a newbie trying to learn our office servers so I have put a system up at home just like the ones our office uses for the ISP servers. I am trying to play around to find better ways to work things and I have come across MailScanner. I think I have it all installed on my testing system how ever I can not find any Doc's on how to tell Sendmail to start calling MailScanner. Can anyone help me out here or direct me to some doc's on using it on a Debian server with Sendmail? Thanks for any direction you can give this old MS user trying to learn Linux Ken You'll need to tell sendmail to just queue the mail for delivery, not actually deliver it. in /etc/mail/sendmail.conf, you'll something like: DAEMON_PARMS=-bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in; then get Mailscanner to pick up the mail from the queue, scan it, and put it back into sendmail's delivery queue. in /etc/MailScanner/MailScanner.conf: Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue sendmail doesn't directly call mailscanner, both run as separate processes and just put the necessary files where the other can find them, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature
Re: MailScanner with Sendmail
On Tuesday 07 December 2004 00:23, Penbrock wrote: I am a newbie trying to learn our office servers so I have put a system up at home just like the ones our office uses for the ISP servers. I am trying to play around to find better ways to work things and I have come across MailScanner. I think I have it all installed on my testing system how ever I can not find any Doc's on how to tell Sendmail to start calling MailScanner. Can anyone help me out here or direct me to some doc's on using it on a Debian server with Sendmail? Thanks for any direction you can give this old MS user trying to learn Linux Ken You'll need to tell sendmail to just queue the mail for delivery, not actually deliver it. in /etc/mail/sendmail.conf, you'll something like: DAEMON_PARMS=-bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in; then get Mailscanner to pick up the mail from the queue, scan it, and put it back into sendmail's delivery queue. in /etc/MailScanner/MailScanner.conf: Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue sendmail doesn't directly call mailscanner, both run as separate processes and just put the necessary files where the other can find them, -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
MailScanner with Sendmail
I am a newbie trying to learn our office servers so I have put a system up at home just like the ones our office uses for the ISP servers. I am trying to play around to find better ways to work things and I have come across MailScanner. I think I have it all installed on my testing system how ever I can not find any Doc's on how to tell Sendmail to start calling MailScanner. Can anyone help me out here or direct me to some doc's on using it on a Debian server with Sendmail? Thanks for any direction you can give this old MS user trying to learn Linux Ken smime.p7s Description: S/MIME cryptographic signature
sendmail error message not collected
I am trying to resolve an error message I am seeing on some mail passing through my external mail server, running mimedefang 2.39 and sendmail 8.12.3 to our internal mail server. Users are seeing the following message in their mailbox: no Message Collected It appears via the changelog from sendmail 8.11.0/8.11.0 as of 2000/07/19 http://www.sendmail.org/ftp/RELEASE_NOTES this particular problem was fixed: If a message data file can't be opened at delivery time, panic and abort the attempt instead of delivering a message that states No Message Collected . My questions: Any idea how this could be occuring on 8.12.3? This is the first I have seen of it, but I've seen it on 3 or more messages in the last day. The logfiles don't show any strange delivery error messages, so I am not sure how to resolve it. If you have ANY ideas, contact me on or off the list...thanks. This particular machine has processed upwards of 1.2M messages without problems, so I am at a loss to determine why this error has started occuring. -- --Luke CS Sysadmin, Montana State University-Bozeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fighting spam with sendmail aliases in postfix (spampots?)
Am 2004-05-25 13:17:25, schrieb Tomàs Núñez: Well... as this is an option, I think it may not be correct to accept all mail... This way, If someone mispells some address, he will think the mail arrived correctly as no error message come back... I think, you aren not responsable for misselled E-Mail addresses. I think customers will kill me if people tells them Yes! I sent you the e-mail and they say No, you didn't... I didn't get no email, so you didn't Where is the problem ? The To: ask the From: at which Address he had send the Message... and then From: knows he mad a mistake. sent it Ok, I'll send it again, and then the email is sent mispelled again, and don't reach its destination, and so and so, and razors come to cut my throat :D This is NOT YOUR PROBLEM... Thanks anyway for your point :) Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: Fighting spam with sendmail aliases in postfix (spampots?)
Am 2004-05-25 13:17:25, schrieb Tomàs Núñez: Well... as this is an option, I think it may not be correct to accept all mail... This way, If someone mispells some address, he will think the mail arrived correctly as no error message come back... I think, you aren not responsable for misselled E-Mail addresses. I think customers will kill me if people tells them Yes! I sent you the e-mail and they say No, you didn't... I didn't get no email, so you didn't Where is the problem ? The To: ask the From: at which Address he had send the Message... and then From: knows he mad a mistake. sent it Ok, I'll send it again, and then the email is sent mispelled again, and don't reach its destination, and so and so, and razors come to cut my throat :D This is NOT YOUR PROBLEM... Thanks anyway for your point :) Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/8845235667100 Strasbourg/France IRC #Debian (irc.icq.com) signature.pgp Description: Digital signature
Re: Fighting spam with sendmail aliases in postfix (spampots?)
El Jueves, 27 de Mayo de 2004 06:48, Corey Ralph escribió: Tomàs Núñez wrote: On the sendmail server I have some aliases, I mean, some accounts from what I receive mail no matter which domain is sent to (being a domain of this machine). One utility of this was that I received all [EMAIL PROTECTED] without having to configure anything. One way to acheive this in postfix is to create another virtual map of type 'pcre', this lets you use a perl regex. You can create another map file with something like: /[EMAIL PROTECTED]/ postmaster and add 'pcre:mapfilename' to the end of your virtual_maps directive. This works pretty well... but it seems that pcre aliases have higher priority than ldap aliases... Every time I send something to an email that is aliased in the pcre file, it is sent to the pcre alias. It doesn't matter if I put pcre at the beginning or at the end of the line, it seems that it always have higher priority... Is this true? Thank you very much
Re: Fighting spam with sendmail aliases in postfix (spampots?)
On 27/05/2004, at 11:42 PM, Tomàs Núñez wrote: This works pretty well... but it seems that pcre aliases have higher priority than ldap aliases... Every time I send something to an email that is aliased in the pcre file, it is sent to the pcre alias. It doesn't matter if I put pcre at the beginning or at the end of the line, it seems that it always have higher priority... Is this true? Postfix should process them in the order they are in the config. You did add it after the ldap one in the config? Cheers Corey
Re: Fighting spam with sendmail aliases in postfix (spampots?)
Tomàs Núñez wrote: On the sendmail server I have some aliases, I mean, some accounts from what I receive mail no matter which domain is sent to (being a domain of this machine). One utility of this was that I received all [EMAIL PROTECTED] without having to configure anything. One way to acheive this in postfix is to create another virtual map of type 'pcre', this lets you use a perl regex. You can create another map file with something like: /[EMAIL PROTECTED]/ postmaster and add 'pcre:mapfilename' to the end of your virtual_maps directive. Cheers Corey
Re: Fighting spam with sendmail aliases in postfix (spampots?)
El Jueves, 27 de Mayo de 2004 06:48, Corey Ralph escribió: Tomàs Núñez wrote: On the sendmail server I have some aliases, I mean, some accounts from what I receive mail no matter which domain is sent to (being a domain of this machine). One utility of this was that I received all [EMAIL PROTECTED] without having to configure anything. One way to acheive this in postfix is to create another virtual map of type 'pcre', this lets you use a perl regex. You can create another map file with something like: /[EMAIL PROTECTED]/ postmaster and add 'pcre:mapfilename' to the end of your virtual_maps directive. This works pretty well... but it seems that pcre aliases have higher priority than ldap aliases... Every time I send something to an email that is aliased in the pcre file, it is sent to the pcre alias. It doesn't matter if I put pcre at the beginning or at the end of the line, it seems that it always have higher priority... Is this true? Thank you very much
Re: Fighting spam with sendmail aliases in postfix (spampots?)
On 27/05/2004, at 11:42 PM, Tomàs Núñez wrote: This works pretty well... but it seems that pcre aliases have higher priority than ldap aliases... Every time I send something to an email that is aliased in the pcre file, it is sent to the pcre alias. It doesn't matter if I put pcre at the beginning or at the end of the line, it seems that it always have higher priority... Is this true? Postfix should process them in the order they are in the config. You did add it after the ldap one in the config? Cheers Corey
Re: Fighting spam with sendmail aliases in postfix (spampots?)
Tomàs Núñez wrote: On the sendmail server I have some aliases, I mean, some accounts from what I receive mail no matter which domain is sent to (being a domain of this machine). One utility of this was that I received all [EMAIL PROTECTED] without having to configure anything. One way to acheive this in postfix is to create another virtual map of type 'pcre', this lets you use a perl regex. You can create another map file with something like: /[EMAIL PROTECTED]/ postmaster and add 'pcre:mapfilename' to the end of your virtual_maps directive. Cheers Corey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Fighting spam with sendmail aliases in postfix (spampots?)
Hi I have a mail server with some domains (about 200). I'm taking them from a sendmail and putting them on a postfix-ldap + courier-ldap + amavisd + spamassassin + clamav (thanks to perdition, the pop/imap proxy, I am doing this and nobody notices). Everything goes well, but I have a doubt. On the sendmail server I have some aliases, I mean, some accounts from what I receive mail no matter which domain is sent to (being a domain of this machine). One utility of this was that I received all [EMAIL PROTECTED] without having to configure anything. But another utility was the spam honeypots, or spampots, or whatever you call it, (that is, some addresses I'm sure are going to receive spam), and this served to prove the anti-spam filter. For example, [EMAIL PROTECTED]: no one of my customers have this account, so every mail on this mail account is spam. If the mail passed the anti-spam filter, I can feedback spamassassin with it (using sa-learn). I have some others like this: comercial, info, webmaster, etc, etc. What was very good in Sendmail is that this aliases were only active if they were not in the virtual user table, that is, I receive mail to [EMAIL PROTECTED] only if domain.com don't have this account. This was pretty useful to keep trained bayesian filters in spamasssassin, and I increased efficiency killing spam. But now with postfix, to get this working I have 2 possibilities: create accounts and redirect them to me if customer doesn't want it, or put all domains in $mydestinations, and deliver them as local and not as virtual... I think creating all accounts is very uncomfortable, but maybe I miss some points on security about $mydestinations... I'd like to hear your opinion about two methods, or if you know a better way, or if you think spam-pots are the wrong way to fight spam, etc. I'd be grateful with any hint, opinion, link or whatever respecting this. Thanks in advance :) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fighting spam with sendmail aliases in postfix (spampots?)
On Tue, May 25, 2004 at 11:57:36AM +0200, Tom?s N??ez wrote: Hi I have a mail server with some domains (about 200). I'm taking them from a sendmail and putting them on a postfix-ldap + courier-ldap + amavisd + spamassassin + clamav (thanks to perdition, the pop/imap proxy, I am doing this and nobody notices). Everything goes well, but I have a doubt. On the sendmail server I have some aliases, I mean, some accounts from what I receive mail no matter which domain is sent to (being a domain of this machine). One utility of this was that I received all [EMAIL PROTECTED] without having to configure anything. But another utility was the spam honeypots, or spampots, or whatever you call it, (that is, some addresses I'm sure are going to receive spam), and this served to prove the anti-spam filter. For example, [EMAIL PROTECTED]: no one of my customers have this account, so every mail on this mail account is spam. If the mail passed the anti-spam filter, I can feedback spamassassin with it (using sa-learn). I have some others like this: comercial, info, webmaster, etc, etc. What was very good in Sendmail is that this aliases were only active if they were not in the virtual user table, that is, I receive mail to [EMAIL PROTECTED] only if domain.com don't have this account. This was pretty useful to keep trained bayesian filters in spamasssassin, and I increased efficiency killing spam. But now with postfix, to get this working I have 2 possibilities: create accounts and redirect them to me if customer doesn't want it, or put all domains in $mydestinations, and deliver them as local and not as virtual... I think creating all accounts is very uncomfortable, but maybe I miss some points on security about $mydestinations... How about option 3... Add a wildcard to the bottom of the domain name to catch all the other rubbish... @domain.name[EMAIL PROTECTED] This will catch anything that's not already caught by the addresses before it. Hope that Helps, -- Brett Parker -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Fighting spam with sendmail aliases in postfix (spampots?)
El Martes, 25 de Mayo de 2004 12:06, Brett Parker escribió: How about option 3... Add a wildcard to the bottom of the domain name to catch all the other rubbish... @domain.name[EMAIL PROTECTED] This will catch anything that's not already caught by the addresses before it. Well... as this is an option, I think it may not be correct to accept all mail... This way, If someone mispells some address, he will think the mail arrived correctly as no error message come back... I think customers will kill me if people tells them Yes! I sent you the e-mail and they say No, you didn't... I didn't get no email, so you didn't sent it Ok, I'll send it again, and then the email is sent mispelled again, and don't reach its destination, and so and so, and razors come to cut my throat :D Thanks anyway for your point :) Hope that Helps, -- Brett Parker
Fighting spam with sendmail aliases in postfix (spampots?)
Hi I have a mail server with some domains (about 200). I'm taking them from a sendmail and putting them on a postfix-ldap + courier-ldap + amavisd + spamassassin + clamav (thanks to perdition, the pop/imap proxy, I am doing this and nobody notices). Everything goes well, but I have a doubt. On the sendmail server I have some aliases, I mean, some accounts from what I receive mail no matter which domain is sent to (being a domain of this machine). One utility of this was that I received all [EMAIL PROTECTED] without having to configure anything. But another utility was the spam honeypots, or spampots, or whatever you call it, (that is, some addresses I'm sure are going to receive spam), and this served to prove the anti-spam filter. For example, [EMAIL PROTECTED]: no one of my customers have this account, so every mail on this mail account is spam. If the mail passed the anti-spam filter, I can feedback spamassassin with it (using sa-learn). I have some others like this: comercial, info, webmaster, etc, etc. What was very good in Sendmail is that this aliases were only active if they were not in the virtual user table, that is, I receive mail to [EMAIL PROTECTED] only if domain.com don't have this account. This was pretty useful to keep trained bayesian filters in spamasssassin, and I increased efficiency killing spam. But now with postfix, to get this working I have 2 possibilities: create accounts and redirect them to me if customer doesn't want it, or put all domains in $mydestinations, and deliver them as local and not as virtual... I think creating all accounts is very uncomfortable, but maybe I miss some points on security about $mydestinations... I'd like to hear your opinion about two methods, or if you know a better way, or if you think spam-pots are the wrong way to fight spam, etc. I'd be grateful with any hint, opinion, link or whatever respecting this. Thanks in advance :)
Re: Fighting spam with sendmail aliases in postfix (spampots?)
On Tue, May 25, 2004 at 11:57:36AM +0200, Tom?s N??ez wrote: Hi I have a mail server with some domains (about 200). I'm taking them from a sendmail and putting them on a postfix-ldap + courier-ldap + amavisd + spamassassin + clamav (thanks to perdition, the pop/imap proxy, I am doing this and nobody notices). Everything goes well, but I have a doubt. On the sendmail server I have some aliases, I mean, some accounts from what I receive mail no matter which domain is sent to (being a domain of this machine). One utility of this was that I received all [EMAIL PROTECTED] without having to configure anything. But another utility was the spam honeypots, or spampots, or whatever you call it, (that is, some addresses I'm sure are going to receive spam), and this served to prove the anti-spam filter. For example, [EMAIL PROTECTED]: no one of my customers have this account, so every mail on this mail account is spam. If the mail passed the anti-spam filter, I can feedback spamassassin with it (using sa-learn). I have some others like this: comercial, info, webmaster, etc, etc. What was very good in Sendmail is that this aliases were only active if they were not in the virtual user table, that is, I receive mail to [EMAIL PROTECTED] only if domain.com don't have this account. This was pretty useful to keep trained bayesian filters in spamasssassin, and I increased efficiency killing spam. But now with postfix, to get this working I have 2 possibilities: create accounts and redirect them to me if customer doesn't want it, or put all domains in $mydestinations, and deliver them as local and not as virtual... I think creating all accounts is very uncomfortable, but maybe I miss some points on security about $mydestinations... How about option 3... Add a wildcard to the bottom of the domain name to catch all the other rubbish... @domain.name[EMAIL PROTECTED] This will catch anything that's not already caught by the addresses before it. Hope that Helps, -- Brett Parker
Re: Fighting spam with sendmail aliases in postfix (spampots?)
El Martes, 25 de Mayo de 2004 12:06, Brett Parker escribió: How about option 3... Add a wildcard to the bottom of the domain name to catch all the other rubbish... @domain.name[EMAIL PROTECTED] This will catch anything that's not already caught by the addresses before it. Well... as this is an option, I think it may not be correct to accept all mail... This way, If someone mispells some address, he will think the mail arrived correctly as no error message come back... I think customers will kill me if people tells them Yes! I sent you the e-mail and they say No, you didn't... I didn't get no email, so you didn't sent it Ok, I'll send it again, and then the email is sent mispelled again, and don't reach its destination, and so and so, and razors come to cut my throat :D Thanks anyway for your point :) Hope that Helps, -- Brett Parker
Re: SOLVED Sendmail::Milter
Dirk Tamme said: The solution was to install mod_perl: cd /usr/local/src wget http://perl.apache.org/dist/mod.perl-1.0-current.tar.gz tar -xzf mod.perl-1.0-current.tar.gz cd /usr/local/src/mod_perl-1.29 perl Makefile.PL NO_HTTPD=1 make make install Just install it from apt, via: apt-cache search packagename to find the package name. or: dh-make-perl --cpan --build CPAN_PACKAGENAME Then do an install from apt based on the generated package name. Or just install the generated deb file. I install everything from deb now. -- --Luke CS Sysadmin, Montana State University-Bozeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail::Milter
Dirk Tamme [EMAIL PROTECTED] writes: I'm using sendmail 8.12.11 ( including the Milter interface), and I want to use the Perl interface Sendmail::Milter. To install Sendmail::Milter, I had done the following: Are you aware of libsendmail-milter-perl's existence? -Hilko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail::Milter
Dirk Tamme [EMAIL PROTECTED] writes: I'm using sendmail 8.12.11 ( including the Milter interface), and I want to use the Perl interface Sendmail::Milter. To install Sendmail::Milter, I had done the following: Are you aware of libsendmail-milter-perl's existence? -Hilko
SOLVED Sendmail::Milter
Hello, my problem was that my Perl-Script with Sendmail::Milter gave the error message /usr/bin/perl: relocation error: /usr/lib/perl5/site_perl/5.8.0/i586-linux-thread-multi/auto/Sendmail/Milter/Milter.so: undefined symbol: smfi_setconn The solution was to install mod_perl: cd /usr/local/src wget http://perl.apache.org/dist/mod.perl-1.0-current.tar.gz tar -xzf mod.perl-1.0-current.tar.gz cd /usr/local/src/mod_perl-1.29 perl Makefile.PL NO_HTTPD=1 make make install Yours Dirk Tamme
Sendmail::Milter
Hello, I'm using sendmail 8.12.11 ( including the Milter interface), and I want to use the Perl interface Sendmail::Milter. To install Sendmail::Milter, I had done the following: cd /usr/local/src/Sendmail-Milter-0.18 perl Makefile.PL /usr/local/src/sendmail-8.12.11\ /usr/local/src/sendmail-8.12.11/obj.Linux.2.4.19-4GB.i686 make make install I used a script given by Derek Balling: www.tpj.com/documents/s=7178/sam0206l/ http://www.tpj.com/documents/s=7178/sam0206l/ The critical line is: if (not Sendmail::Milter::auto_setconn($ARGV[0], $ARGV[1])) I get the error message: /usr/bin/perl: relocation error: /usr/lib/perl5/site_perl/5.8.0/i586-linux-thread-multi/auto/Sendmail/Milter/Milter.so: undefined symbol: smfi_setconn It seems that there is missing something. But, I have installed Sendmail::Milter, and I have no idea what should I do. If anybody has an idea, please help. Yours, Dirk Tamme -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail::Milter
I've also had a lot of success using mimefang on our external mail server. It's easy to configure for any of your mail filtering needs. Bojens, Kai said: I don't have a solution for your particular problem but i am using the milter interface via MIMEdefang which provides a nice way to use it via perl. -- --Luke CS Sysadmin, Montana State University-Bozeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Sendmail::Milter
Hello, I'm using sendmail 8.12.11 ( including the Milter interface), and I want to use the Perl interface Sendmail::Milter. To install Sendmail::Milter, I had done the following: cd /usr/local/src/Sendmail-Milter-0.18 perl Makefile.PL /usr/local/src/sendmail-8.12.11\ /usr/local/src/sendmail-8.12.11/obj.Linux.2.4.19-4GB.i686 make make install I used a script given by Derek Balling: www.tpj.com/documents/s=7178/sam0206l/ http://www.tpj.com/documents/s=7178/sam0206l/ The critical line is: if (not Sendmail::Milter::auto_setconn($ARGV[0], $ARGV[1])) I get the error message: /usr/bin/perl: relocation error: /usr/lib/perl5/site_perl/5.8.0/i586-linux-thread-multi/auto/Sendmail/Milter/Milter.so: undefined symbol: smfi_setconn It seems that there is missing something. But, I have installed Sendmail::Milter, and I have no idea what should I do. If anybody has an idea, please help. Yours, Dirk Tamme
Re: Sendmail::Milter
Hi. I'm using sendmail 8.12.11 ( including the Milter interface), and I want to use the Perl interface Sendmail::Milter. I don't have a solution for your particular problem but i am using the milter interface via MIMEdefang which provides a nice way to use it via perl. With kind regards -Kai Bojens
Re: Sendmail::Milter
I've also had a lot of success using mimefang on our external mail server
Re: Sendmail, LDAP, and authinfo
I would suggest to use 'pam_ldap.so' from 'libpam-ldap' via sasl. How to do it with sendmail: http://lists.debian.org/debian-isp/2004/debian-isp-200402/msg00267.html Christian - Original Message - From: Stephen Gran [EMAIL PROTECTED] To: debian-isp debian-isp@lists.debian.org Sent: Monday, April 12, 2004 7:08 PM Subject: Sendmail, LDAP, and authinfo Hello all, Does anyone know if sendmail can do authentication against an LDAP server? We are getting ready to change which box is being used for outgoing mail, and since outgoing mail is only allowed either from the client's subnet or via auth, it would be nice if we could authenticate against an already setup LDAP server. I have seen plenty of stuff about mailertable, access, aliases, etc, but nothing about authinfo. ATM, we're using sasl on the box it's on, and my feeling was that migrating the setup to LDAP would be easier and more maintainable in the long run, especially since LDAP is already in place. It's easier to maintain one database than two. TIA, -- - | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | |`- http://www.debian.org | -
RE: Sendmail access restrictions
Here some straightforward methods for sendmail: You want to restrict to some IP's? local-host-names: 10.0.0 192.168 127.1.2.3 ... (You don't need sendmailconfig here!) Or to authenticated users? http://lists.debian.org/debian-isp/2004/debian-isp-200402/msg00267.html Christian -Original Message- From: Stephen Gran [mailto:[EMAIL PROTECTED] Behalf Of Stephen Gran Sent: Thursday, March 25, 2004 2:23 AM To: [EMAIL PROTECTED] Subject: Re: Sendmail access restrictions ... Ah, I see the problem - it's not _relaying_ alone I want to reject (we've got the auth part straightened out already, and we're not an open relay). What I want to do is not accept mail unless it comes from one of a few IP's, or is authenticated. Say the domain is foo.com, and this servers hostname is mail.foo.com. It is not listed as an MX record, so no legitimate emails should ever arrive there, only spams and viruses and whatnot. However, any mail that arrives for [EMAIL PROTECTED] is accepted, since sendmail knows that it _is_ mail.foo.com. I want to reject these, and only accept mail that is authed, or coming in through one of the frontend machines. I can't just do it with iptables, because of the roaming users. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail access restrictions
This one time, at band camp, Christian Storch said: Here some straightforward methods for sendmail: You want to restrict to some IP's? local-host-names: 10.0.0 192.168 127.1.2.3 Sure, but this doesn't stop incoming mail addressed to this hostname, but coming from some random place, from being accepted. Or to authenticated users? http://lists.debian.org/debian-isp/2004/debian-isp-200402/msg00267.html Already taken care of. Maybe this will make it more clear: /-frontend1\ internet---mail.foo.com \-frontend2/ [...] This is the normal flow of mail. The only other mail that should ever be accepted by mail.foo.com is mail coming from roaming users, who use auth+ssl on their connections. The mail is already flowing from frontend 12, and the auth part is set up for the users. The problem we are having is that mail is still arriving at mail.foo.com from other sites (presumably all spam), and we would like it to be rejected by sendmail. We can't close the port, due to roaming users. Local users also use webmail, so sent mail should reflect the real host name of the machine. I can't think this would be that unusual of a set up, but it doesn't seem to be as easy to do as I would think. If it's possible to force sendmail to only accept smtp auth as a hack, I would be willing to do that, although it seems that it should be possible without. I have tried the bat book, sendmail.org, etc. but I don't see what I am looking for anywhere. Thanks all, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgp0.pgp Description: PGP signature
Re: Sendmail access restrictions
This one time, at band camp, Jon Hoffman said: I don't have a spare machine to test right now but I have seen a similar setup before, so I'll take a stab from memory. If this works post it to the list, I don't like posting un-tested configs. You might want to start by making sure you don't have anything in relay-domains, and start with a fresh access map. In access, add back your: 127.0.0.1 OK frontend1 OK frontend2 OK To:@foo.mail.com REJECT Now *that* looks about right. I am getting a spare box next week or so - I will post back with the test results. Thanks a lot. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgp0.pgp Description: PGP signature
RE: Sendmail access restrictions
Here some straightforward methods for sendmail: You want to restrict to some IP's? local-host-names: 10.0.0 192.168 127.1.2.3 ... (You don't need sendmailconfig here!) Or to authenticated users? http://lists.debian.org/debian-isp/2004/debian-isp-200402/msg00267.html Christian -Original Message- From: Stephen Gran [mailto:[EMAIL PROTECTED] Behalf Of Stephen Gran Sent: Thursday, March 25, 2004 2:23 AM To: debian-isp@lists.debian.org Subject: Re: Sendmail access restrictions ... Ah, I see the problem - it's not _relaying_ alone I want to reject (we've got the auth part straightened out already, and we're not an open relay). What I want to do is not accept mail unless it comes from one of a few IP's, or is authenticated. Say the domain is foo.com, and this servers hostname is mail.foo.com. It is not listed as an MX record, so no legitimate emails should ever arrive there, only spams and viruses and whatnot. However, any mail that arrives for [EMAIL PROTECTED] is accepted, since sendmail knows that it _is_ mail.foo.com. I want to reject these, and only accept mail that is authed, or coming in through one of the frontend machines. I can't just do it with iptables, because of the roaming users. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | -
Re: Sendmail access restrictions
This one time, at band camp, Christian Storch said: Here some straightforward methods for sendmail: You want to restrict to some IP's? local-host-names: 10.0.0 192.168 127.1.2.3 Sure, but this doesn't stop incoming mail addressed to this hostname, but coming from some random place, from being accepted. Or to authenticated users? http://lists.debian.org/debian-isp/2004/debian-isp-200402/msg00267.html Already taken care of. Maybe this will make it more clear: /-frontend1\ internet---mail.foo.com \-frontend2/ [...] This is the normal flow of mail. The only other mail that should ever be accepted by mail.foo.com is mail coming from roaming users, who use auth+ssl on their connections. The mail is already flowing from frontend 12, and the auth part is set up for the users. The problem we are having is that mail is still arriving at mail.foo.com from other sites (presumably all spam), and we would like it to be rejected by sendmail. We can't close the port, due to roaming users. Local users also use webmail, so sent mail should reflect the real host name of the machine. I can't think this would be that unusual of a set up, but it doesn't seem to be as easy to do as I would think. If it's possible to force sendmail to only accept smtp auth as a hack, I would be willing to do that, although it seems that it should be possible without. I have tried the bat book, sendmail.org, etc. but I don't see what I am looking for anywhere. Thanks all, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgpeWH67QZDJt.pgp Description: PGP signature
Re: Sendmail access restrictions
This one time, at band camp, Jon Hoffman said: I don't have a spare machine to test right now but I have seen a similar setup before, so I'll take a stab from memory. If this works post it to the list, I don't like posting un-tested configs. You might want to start by making sure you don't have anything in relay-domains, and start with a fresh access map. In access, add back your: 127.0.0.1 OK frontend1 OK frontend2 OK To:@foo.mail.com REJECT Now *that* looks about right. I am getting a spare box next week or so - I will post back with the test results. Thanks a lot. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgpuR4bQ3ympj.pgp Description: PGP signature
Re: Sendmail access restrictions
Stephen Gran wrote: I think I'm being dense, but I can't figure out how to do something like the following in /etc/mail/access: xxx.xxx.xxx.xxx: OK # front-end machine 1 xxx.xxx.xxx.xxy: OK # front-end machine 2 OK. You'll want to add localhost and 127.0.0.1: localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY otherwise locally-generated mail will fail. Unless you've got a good reason NOT to trust localhost, any sendmail access map should include these or similar lines- the last one is probably all that's required. AUTH: OK *: REJECT But these aren't really valid. By default (at least with recent versions of sendmail), relaying is denied UNLESS you have told sendmail otherwise. To allow SMTP-AUTH users to relay mail, add the following to your sendmail.mc: TRUST_AUTH_MECH(`LOGIN PLAIN')dnl You may want to trust additional mechanisms (CRAM-MD5, DIGEST-MD5, there may be others). You'll *probably* also want TLS support, so that roaming users relaying through your server don't send password-ish information in the clear. If you go this route, you can also issue certificates to individual users and include that information in the access map. I set this up on my personal server, but not the ISP servers I admin. User information is too scattered to practically implement SMTP AUTH right now. :/ The complete set of changes for allowing SMTP AUTH to relay is in the sendmail.mc file. Mine includes the following: dnl --- STARTTLS/SMTP-AUTH options --- TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl define(`confAUTH_OPTIONS', `A,p')dnl define(`confCACERT_PATH', `/etc/mail/certs')dnl define(`confCACERT', `/etc/mail/certs/ca-deepnet.crt')dnl define(`confSERVER_CERT', `/etc/mail/certs/smtp.deepnet.crt')dnl define(`confSERVER_KEY', `/etc/mail/certs/rock.key.insecure')dnl This specifies, in respecitve order: - Trust LOGIN or PLAIN SMTP AUTH mechanisms for relay - Allow LOGIN and PLAIN authentication - Only allow easily-sniffed/bypassed/cracked AUTH mechanisms after successful STARTTLS or similar security layer - Where to find server/client certs - What to use as the CA cert - What to use as the TLS cert for this host - Which key to use for the TLS cert Unfortunately I seem to have lost the original reference I used to put this together, and that system is still running RedHat 7.3. :( Checking for Debian shows there are useful sections in /usr/share/doc/cf.README (from sendmail-doc). http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml should be useful in getting TLS going. If you're going to be doing much sendmail adinistration, you should probably pick up a copy of the current (3rd) edition of the Bat Book. Many references assume that you're installing sendmail from source; you should just be able to skip the first few steps relating to compile options as most packaged sendmail installs include at least *potential* support for all of its options. -kgd -- Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken. - Unknown -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail access restrictions
This one time, at band camp, Kris Deugau said: Stephen Gran wrote: I think I'm being dense, but I can't figure out how to do something like the following in /etc/mail/access: xxx.xxx.xxx.xxx: OK # front-end machine 1 xxx.xxx.xxx.xxy: OK # front-end machine 2 OK. You'll want to add localhost and 127.0.0.1: localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY That is quite helpful, thanks. otherwise locally-generated mail will fail. Unless you've got a good reason NOT to trust localhost, any sendmail access map should include these or similar lines- the last one is probably all that's required. AUTH: OK *: REJECT But these aren't really valid. I understand - they were rough logic for what I want, not actual lines - I said I couldn't figure it out :) By default (at least with recent versions of sendmail), relaying is denied UNLESS you have told sendmail otherwise. Ah, I see the problem - it's not _relaying_ alone I want to reject (we've got the auth part straightened out already, and we're not an open relay). What I want to do is not accept mail unless it comes from one of a few IP's, or is authenticated. Say the domain is foo.com, and this servers hostname is mail.foo.com. It is not listed as an MX record, so no legitimate emails should ever arrive there, only spams and viruses and whatnot. However, any mail that arrives for [EMAIL PROTECTED] is accepted, since sendmail knows that it _is_ mail.foo.com. I want to reject these, and only accept mail that is authed, or coming in through one of the frontend machines. I can't just do it with iptables, because of the roaming users. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgp0.pgp Description: PGP signature
Re: Sendmail access restrictions
Stephen Gran said: relay). What I want to do is not accept mail unless it comes from one of a few IP's, or is authenticated. Say the domain is foo.com, and this servers hostname is mail.foo.com. It is not listed as an MX record, so no legitimate emails should ever arrive there, only spams and viruses and whatnot. However, any mail that arrives for [EMAIL PROTECTED] is accepted, since sendmail knows that it _is_ mail.foo.com. I want to reject these, and only accept mail that is authed, or coming in through one of the frontend machines. I can't just do it with iptables, because of the roaming users. This is trivial to do with mimedefang-sendmail. I do it already. You can also verify that all mail sent from your domain actually is from a user that exists in your domain. and mimedefang can use clam too! -- --Luke CS Sysadmin, Montana State University-Bozeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail access restrictions
Stephen Gran wrote: I think I'm being dense, but I can't figure out how to do something like the following in /etc/mail/access: xxx.xxx.xxx.xxx: OK # front-end machine 1 xxx.xxx.xxx.xxy: OK # front-end machine 2 OK. You'll want to add localhost and 127.0.0.1: localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY otherwise locally-generated mail will fail. Unless you've got a good reason NOT to trust localhost, any sendmail access map should include these or similar lines- the last one is probably all that's required. AUTH: OK *: REJECT But these aren't really valid. By default (at least with recent versions of sendmail), relaying is denied UNLESS you have told sendmail otherwise. To allow SMTP-AUTH users to relay mail, add the following to your sendmail.mc: TRUST_AUTH_MECH(`LOGIN PLAIN')dnl You may want to trust additional mechanisms (CRAM-MD5, DIGEST-MD5, there may be others). You'll *probably* also want TLS support, so that roaming users relaying through your server don't send password-ish information in the clear. If you go this route, you can also issue certificates to individual users and include that information in the access map. I set this up on my personal server, but not the ISP servers I admin. User information is too scattered to practically implement SMTP AUTH right now. :/ The complete set of changes for allowing SMTP AUTH to relay is in the sendmail.mc file. Mine includes the following: dnl --- STARTTLS/SMTP-AUTH options --- TRUST_AUTH_MECH(`LOGIN PLAIN')dnl define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl define(`confAUTH_OPTIONS', `A,p')dnl define(`confCACERT_PATH', `/etc/mail/certs')dnl define(`confCACERT', `/etc/mail/certs/ca-deepnet.crt')dnl define(`confSERVER_CERT', `/etc/mail/certs/smtp.deepnet.crt')dnl define(`confSERVER_KEY', `/etc/mail/certs/rock.key.insecure')dnl This specifies, in respecitve order: - Trust LOGIN or PLAIN SMTP AUTH mechanisms for relay - Allow LOGIN and PLAIN authentication - Only allow easily-sniffed/bypassed/cracked AUTH mechanisms after successful STARTTLS or similar security layer - Where to find server/client certs - What to use as the CA cert - What to use as the TLS cert for this host - Which key to use for the TLS cert Unfortunately I seem to have lost the original reference I used to put this together, and that system is still running RedHat 7.3. :( Checking for Debian shows there are useful sections in /usr/share/doc/cf.README (from sendmail-doc). http://www.ofb.net/~jheiss/sendmail/tlsandrelay.shtml should be useful in getting TLS going. If you're going to be doing much sendmail adinistration, you should probably pick up a copy of the current (3rd) edition of the Bat Book. Many references assume that you're installing sendmail from source; you should just be able to skip the first few steps relating to compile options as most packaged sendmail installs include at least *potential* support for all of its options. -kgd -- Sendmail administration is not black magic. There are legitimate technical reasons why it requires the sacrificing of a live chicken. - Unknown
Re: Sendmail access restrictions
This one time, at band camp, Kris Deugau said: Stephen Gran wrote: I think I'm being dense, but I can't figure out how to do something like the following in /etc/mail/access: xxx.xxx.xxx.xxx: OK # front-end machine 1 xxx.xxx.xxx.xxy: OK # front-end machine 2 OK. You'll want to add localhost and 127.0.0.1: localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY That is quite helpful, thanks. otherwise locally-generated mail will fail. Unless you've got a good reason NOT to trust localhost, any sendmail access map should include these or similar lines- the last one is probably all that's required. AUTH: OK *: REJECT But these aren't really valid. I understand - they were rough logic for what I want, not actual lines - I said I couldn't figure it out :) By default (at least with recent versions of sendmail), relaying is denied UNLESS you have told sendmail otherwise. Ah, I see the problem - it's not _relaying_ alone I want to reject (we've got the auth part straightened out already, and we're not an open relay). What I want to do is not accept mail unless it comes from one of a few IP's, or is authenticated. Say the domain is foo.com, and this servers hostname is mail.foo.com. It is not listed as an MX record, so no legitimate emails should ever arrive there, only spams and viruses and whatnot. However, any mail that arrives for [EMAIL PROTECTED] is accepted, since sendmail knows that it _is_ mail.foo.com. I want to reject these, and only accept mail that is authed, or coming in through one of the frontend machines. I can't just do it with iptables, because of the roaming users. -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgpFWaU2XcquE.pgp Description: PGP signature
Re: Sendmail access restrictions
Stephen Gran said: relay). What I want to do is not accept mail unless it comes from one of a few IP's, or is authenticated. Say the domain is foo.com, and this servers hostname is mail.foo.com. It is not listed as an MX record, so no legitimate emails should ever arrive there, only spams and viruses and whatnot. However, any mail that arrives for [EMAIL PROTECTED] is accepted, since sendmail knows that it _is_ mail.foo.com. I want to reject these, and only accept mail that is authed, or coming in through one of the frontend machines. I can't just do it with iptables, because of the roaming users. This is trivial to do with mimedefang-sendmail. I do it already. You can also verify that all mail sent from your domain actually is from a user that exists in your domain. and mimedefang can use clam too! -- --Luke CS Sysadmin, Montana State University-Bozeman
Sendmail access restrictions
Hello all, We're in the process of locking down access to various services on a network, and one of the things we want to do is lock down sendmail a little. We are migrating a box from being the front-end mail machine, with the SASL database and all of the other user info on it, to being a backend machine that only does two things: receive mail from front-end machines for the local domain, and relay mail that has used SMTP-AUTH. I think I'm being dense, but I can't figure out how to do something like the following in /etc/mail/access: xxx.xxx.xxx.xxx: OK # front-end machine 1 xxx.xxx.xxx.xxy: OK # front-end machine 2 [ . . . ] AUTH: OK *: REJECT I would like the above logic, but still have local mail (cron jobs, etc) work somehow. Anybody set this kind of thing up before? I know how to do it in exim4 (or at least have rough ideas), but I can't figure out how to do the logic for sendmail. TIA, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgp0.pgp Description: PGP signature
Sendmail access restrictions
Hello all, We're in the process of locking down access to various services on a network, and one of the things we want to do is lock down sendmail a little. We are migrating a box from being the front-end mail machine, with the SASL database and all of the other user info on it, to being a backend machine that only does two things: receive mail from front-end machines for the local domain, and relay mail that has used SMTP-AUTH. I think I'm being dense, but I can't figure out how to do something like the following in /etc/mail/access: xxx.xxx.xxx.xxx: OK # front-end machine 1 xxx.xxx.xxx.xxy: OK # front-end machine 2 [ . . . ] AUTH: OK *: REJECT I would like the above logic, but still have local mail (cron jobs, etc) work somehow. Anybody set this kind of thing up before? I know how to do it in exim4 (or at least have rough ideas), but I can't figure out how to do the logic for sendmail. TIA, -- - | ,''`.Stephen Gran | | : :' :[EMAIL PROTECTED] | | `. `'Debian user, admin, and developer | |`- http://www.debian.org | - pgpDK144TPpHq.pgp Description: PGP signature
Re: Re: Sendmail or Qmail ? ..
Title: Message I saw your post on setting up qmail over drbd. I would love to see how you did it. I'd like to create a how-to on setting up a hybrid cluster (open-mosix and drbd) for qmail. I'd love to know how you setup your cluster. What do your drbd.conf, ha.cf, haresources files look like? Which services do you have heartbeat control? (qmail, spamassassin, ?) I know your probably very busy, but any help would be greatly appreciated. Lucius
Re: Re: Sendmail or Qmail ? ..
El vie, 05-03-2004 a las 12:56, Lucius Junevicus escribió: I saw your post on setting up qmail over drbd. I would love to see how you did it. I'd like to create a how-to on setting up a hybrid cluster (open-mosix and drbd) for qmail. Open Mosix? Isnt that like, autobalanced cluster? Interesting, how does it help a smtp farm as opposed to simple load balancing? I'd love to know how you setup your cluster. What do your drbd.conf, ha.cf, haresources files look like? Which services do you have heartbeat control? (qmail, spamassassin, ?) I know your probably very busy, but any help would be greatly appreciated. This is pretty straighforward. A most mta's Qmail has configurable queue directories and can deliver to maildirs anywhare as well (i use vpopmail as delivery). All you need is to set up your drbd partition as announced in drbd's documentation (engeneer your disks, etc.). Our nodes look like this: Primary DELL 6250 PIV XEON 2.4gh DUal Processor 1GB ram 210GB RAID V SCSI storage Secondary DELL 6250 PIV XEON2.4gh Single processor 1GB ram 210GB RAID V SCSI storage Make a big partition, set up some symlinks to make important directories reside in this partition (i named it data and its mounted on /data): /var/qmail - /data/var/qmail /home/vpopmail - /data/home/vpopmail /webhostingpeople - /data/webhostingpeople /var/lib/mysql - /data/var/lib/mysql /etc/passwd - /data/etc/passwd /etc/group - /data/etc/group etc. HEre is the trick: In the primary server: Install (or mod) everything so that important services boot up without a problem from files in this partition (already using the symlinks and all). Make SHURE you profile every possible path of use that may be related to file access creation, directory creation...etc. In the secondary server: Make a data partition Make shure that data partition is absolutely exactly the same size of the primary. In the primary: In init=1 (make shure all services are OFF) do: tar cf --exclude-from exludedfiles / | ssh -lroot secondary tar xf / In the file excludedfiles you should put /dev/ /var/log /var ...etc...anything that doesnt make sense putting in the failback node (/proc, /sys). This will snapshot the primary onto the secondary. Reboot the secondary, all services should be on and working just as in the primary. If that is the case, youre ready to roll. Make the drbd magic you have to on the /data partition and youre home free. Lucius -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: Sendmail or Qmail ? ..
Title: Message I saw your post on setting up qmail over drbd. I would love to see how you did it. I'd like to create a how-to on setting up a hybrid cluster (open-mosix and drbd) for qmail. I'd love to know how you setup your cluster. What do your drbd.conf, ha.cf, haresources files look like? Which services do you have heartbeat control? (qmail, spamassassin, ?) I know your probably very busy, but any help would be greatly appreciated. Lucius
Re: Re: Sendmail or Qmail ? ..
El vie, 05-03-2004 a las 12:56, Lucius Junevicus escribió: I saw your post on setting up qmail over drbd. I would love to see how you did it. I'd like to create a how-to on setting up a hybrid cluster (open-mosix and drbd) for qmail. Open Mosix? Isnt that like, autobalanced cluster? Interesting, how does it help a smtp farm as opposed to simple load balancing? I'd love to know how you setup your cluster. What do your drbd.conf, ha.cf, haresources files look like? Which services do you have heartbeat control? (qmail, spamassassin, ?) I know your probably very busy, but any help would be greatly appreciated. This is pretty straighforward. A most mta's Qmail has configurable queue directories and can deliver to maildirs anywhare as well (i use vpopmail as delivery). All you need is to set up your drbd partition as announced in drbd's documentation (engeneer your disks, etc.). Our nodes look like this: Primary DELL 6250 PIV XEON 2.4gh DUal Processor 1GB ram 210GB RAID V SCSI storage Secondary DELL 6250 PIV XEON2.4gh Single processor 1GB ram 210GB RAID V SCSI storage Make a big partition, set up some symlinks to make important directories reside in this partition (i named it data and its mounted on /data): /var/qmail - /data/var/qmail /home/vpopmail - /data/home/vpopmail /webhostingpeople - /data/webhostingpeople /var/lib/mysql - /data/var/lib/mysql /etc/passwd - /data/etc/passwd /etc/group - /data/etc/group etc. HEre is the trick: In the primary server: Install (or mod) everything so that important services boot up without a problem from files in this partition (already using the symlinks and all). Make SHURE you profile every possible path of use that may be related to file access creation, directory creation...etc. In the secondary server: Make a data partition Make shure that data partition is absolutely exactly the same size of the primary. In the primary: In init=1 (make shure all services are OFF) do: tar cf --exclude-from exludedfiles / | ssh -lroot secondary tar xf / In the file excludedfiles you should put /dev/ /var/log /var ...etc...anything that doesnt make sense putting in the failback node (/proc, /sys). This will snapshot the primary onto the secondary. Reboot the secondary, all services should be on and working just as in the primary. If that is the case, youre ready to roll. Make the drbd magic you have to on the /data partition and youre home free. Lucius
RE: sendmail authentication
Hi all I need to let sendmail authenticate from a different passwd file, let me explain. Sendmail currently authenticates from /etc/passwd I would like it to use /etc/mailpass as step one and then to authenticate from berkleydb later on when I have verified that evereything works. Qpopper also needs to be moved to alternative authentication. Tnx Mozzi It looks like the c library calls themselves used in the sendmail source look in the system password file (getpwuid, getpwnam, etc.) So you'd probably have to rewrite the source to do this. Just a guess. A good tip on what you are able to do (and not do) with the sendmail.cf is in the $SENDMAIL/cf/README file. Ben Yau -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: sendmail authentication
Hi all I need to let sendmail authenticate from a different passwd file, let me explain. Sendmail currently authenticates from /etc/passwd I would like it to use /etc/mailpass as step one and then to authenticate from berkleydb later on when I have verified that evereything works. Qpopper also needs to be moved to alternative authentication. Tnx Mozzi It looks like the c library calls themselves used in the sendmail source look in the system password file (getpwuid, getpwnam, etc.) So you'd probably have to rewrite the source to do this. Just a guess. A good tip on what you are able to do (and not do) with the sendmail.cf is in the $SENDMAIL/cf/README file. Ben Yau
sendmail authentication
Hi all I need to let sendmail authenticate from a different passwd file, let me explain. Sendmail currently authenticates from /etc/passwd I would like it to use /etc/mailpass as step one and then to authenticate from berkleydb later on when I have verified that evereything works. Qpopper also needs to be moved to alternative authentication. Tnx Mozzi Scanned by @lantic IS Virus Control Service This message was scanned for viruses and dangerous content. @lantic Internet Services (Pty) Ltd. - http://www.lantic.net eScan for Windows-based PCs - http://www.escan.co.za If you have received a message marked in the subject line as [SPAM] please note that according to our MailScanner, this message has all the attributes of Unsolicited Commercial Email (UCE). If the message has however been marked incorrectly, please send a query to [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: sendmail authentication
The follwowing was tested in stable and unstable with sendmail: For plain text (in an internal sense not - what you would see over the network!) you'll need the package libsasl-modules-plain Then append ESASL_PATH=/usr/lib/sasl to 'sendmail.mc'. Create '/usr/lib/sasl/Sendmail.conf' and put in the line pwcheck_method: PAM Then you could decide by '/etc/pam.d/smtp' how to authenticate. E.g. with 'pam_userdb.so'. There you could use Berkeley DB Version 3. I hope this helps! Christian -Original Message- From: Mozzi [mailto:[EMAIL PROTECTED] Sent: Friday, February 27, 2004 9:28 AM To: Debian ISP Subject: sendmail authentication Hi all I need to let sendmail authenticate from a different passwd file, let me explain. Sendmail currently authenticates from /etc/passwd I would like it to use /etc/mailpass as step one and then to authenticate from berkleydb later on when I have verified that evereything works. Qpopper also needs to be moved to alternative authentication. Tnx Mozzi Scanned by @lantic IS Virus Control Service This message was scanned for viruses and dangerous content. @lantic Internet Services (Pty) Ltd. - http://www.lantic.net eScan for Windows-based PCs - http://www.escan.co.za If you have received a message marked in the subject line as [SPAM] please note that according to our MailScanner, this message has all the attributes of Unsolicited Commercial Email (UCE). If the message has however been marked incorrectly, please send a query to [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
sendmail configure for backup mx record.
I am working on setting up a backup mx mailer for domain. It will be our first debian system we will be using for a main production system. I have read through the documentation, and it appears I have everything configured correctly. I am planning to set it up as a relay for an exchange server and a sendmail server. My original plan is to have it as a very high mx number like 99 and just verify it appears to be working on the few MTA's that attempt to relay through it. Am I missing any additional items I need to configure to keep addresses carrying over correctly to their destination machines? I really appreciate any feedback you can give on items I might be overlooking. If you can think of ANYTHING I am overlooking, let me know. As you well know when the mailserver for 800 people stop working, people get ugly. I have read existing documentation on setting up a mail hub. If you know of any documentation you think I might find useful, then let me know. Ignore additional security items such as: dnsvalid/ipvalid,connection_throttle,bad_recip_throttle as I am aware of them. mailterable and sendmail.mc listed below: /etc/mail/sendmail.mc generated using sendmailconfig in sendmail stable. divert(0)dnl # # Copyright (c) 1998-2002 Richard Nelson. All Rights Reserved. # # This file is used to configure Sendmail for use with Debian systems. define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl VERSIONID(`$Id: sendmail.mc, v 8.12.3-6.6 2003-09-17 18:35:09 cowboy Exp $') OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl LOCAL_CONFIG FEATURE(`nocanonify')dnl LOCAL_CONFIG Cwtraffic.cs.montana.edu FEATURE(`use_cw_file')dnl FEATURE(`use_ct_file')dnl FEATURE(`nouucp', `reject')dnl FEATURE(`mailertable')dnl FEATURE(`smrsh')dnl FEATURE(`mailertable')dnl INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m') include(`/etc/mail/dialup.m4')dnl include(`/etc/mail/provider.m4')dnl MAILER_DEFINITIONS MAILER(local)dnl MAILER(smtp)dnl LOCAL_CONFIG ## Custom configurations below (will be preserved) include(`/etc/mail/tls/starttls.m4')dnl define(`confLOG_LEVEL',`13')dnl define(`relay_hosts_only')dnl I have configured mailertable entries: FEATURE(`mailertable')dnl define(`relay_hosts_only')dnl /etc/mail/mailertable xxx.montana.edu esmtp:[xxx.montana.edu] xxx.montana.edu esmtp:[xxx.coe.montana.edu] /etc/mail/relay-domains xxx.montana.edu xxx.montana.edu -- --Luke CS Sysadmin, Montana State University-Bozeman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
sendmail configure for backup mx record.
I am working on setting up a backup mx mailer for domain. It will be our first debian system we will be using for a main production system. I have read through the documentation, and it appears I have everything configured correctly. I am planning to set it up as a relay for an exchange server and a sendmail server. My original plan is to have it as a very high mx number like 99 and just verify it appears to be working on the few MTA's that attempt to relay through it. Am I missing any additional items I need to configure to keep addresses carrying over correctly to their destination machines? I really appreciate any feedback you can give on items I might be overlooking. If you can think of ANYTHING I am overlooking, let me know. As you well know when the mailserver for 800 people stop working, people get ugly. I have read existing documentation on setting up a mail hub. If you know of any documentation you think I might find useful, then let me know. Ignore additional security items such as: dnsvalid/ipvalid,connection_throttle,bad_recip_throttle as I am aware of them. mailterable and sendmail.mc listed below: /etc/mail/sendmail.mc generated using sendmailconfig in sendmail stable. divert(0)dnl # # Copyright (c) 1998-2002 Richard Nelson. All Rights Reserved. # # This file is used to configure Sendmail for use with Debian systems. define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl VERSIONID(`$Id: sendmail.mc, v 8.12.3-6.6 2003-09-17 18:35:09 cowboy Exp $') OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl LOCAL_CONFIG FEATURE(`nocanonify')dnl LOCAL_CONFIG Cwtraffic.cs.montana.edu FEATURE(`use_cw_file')dnl FEATURE(`use_ct_file')dnl FEATURE(`nouucp', `reject')dnl FEATURE(`mailertable')dnl FEATURE(`smrsh')dnl FEATURE(`mailertable')dnl INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m') include(`/etc/mail/dialup.m4')dnl include(`/etc/mail/provider.m4')dnl MAILER_DEFINITIONS MAILER(local)dnl MAILER(smtp)dnl LOCAL_CONFIG ## Custom configurations below (will be preserved) include(`/etc/mail/tls/starttls.m4')dnl define(`confLOG_LEVEL',`13')dnl define(`relay_hosts_only')dnl I have configured mailertable entries: FEATURE(`mailertable')dnl define(`relay_hosts_only')dnl /etc/mail/mailertable xxx.montana.edu esmtp:[xxx.montana.edu] xxx.montana.edu esmtp:[xxx.coe.montana.edu] /etc/mail/relay-domains xxx.montana.edu xxx.montana.edu -- --Luke CS Sysadmin, Montana State University-Bozeman
Sendmail Queuing?
Anyone seen any odd queuing by Sendmail (or the ability to change how it queues)? Say the primary MX for a host is down and we attempt to send mail to a domain that it handles mail for. For example: ;; ANSWER SECTION: necinc.com. 19h32m42s IN MX 100 mail.wam.net. necinc.com. 19h32m42s IN MX 200 mail2.wam.net. necinc.com. 19h32m42s IN MX 10 mailgate.necinc.com. Now, if i force sendmail to run a queue for this host: sendmail -v -qRnecinc.com I receive this: Running /var/spool/mqueue/h7KKJwrA001233 (sequence 1 of 1) [EMAIL PROTECTED]... Connecting to mailgate.necinc.com. via esmtp... [EMAIL PROTECTED]... Deferred: Operation timed out with mailgate.necinc.com. It dumps that back message back into the queue. It'll keep that up for 6-8 hours THEN attempt to deliver to the higher weighted MX hosts which are up and accept. Shouldn't sendmail realize that the one host is down on the initial delivery attempt and try the next highest? I could see if we couldn't reach all three hosts, but if just one is down, there is no reason sendmail should queue the message for 8 hours before attempting another host. -Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Sendmail Queuing?
Anyone seen any odd queuing by Sendmail (or the ability to change how it queues)? Say the primary MX for a host is down and we attempt to send mail to a domain that it handles mail for. For example: ;; ANSWER SECTION: necinc.com. 19h32m42s IN MX 100 mail.wam.net. necinc.com. 19h32m42s IN MX 200 mail2.wam.net. necinc.com. 19h32m42s IN MX 10 mailgate.necinc.com. Now, if i force sendmail to run a queue for this host: sendmail -v -qRnecinc.com I receive this: Running /var/spool/mqueue/h7KKJwrA001233 (sequence 1 of 1) [EMAIL PROTECTED]... Connecting to mailgate.necinc.com. via esmtp... [EMAIL PROTECTED]... Deferred: Operation timed out with mailgate.necinc.com. It dumps that back message back into the queue. It'll keep that up for 6-8 hours THEN attempt to deliver to the higher weighted MX hosts which are up and accept. Shouldn't sendmail realize that the one host is down on the initial delivery attempt and try the next highest? I could see if we couldn't reach all three hosts, but if just one is down, there is no reason sendmail should queue the message for 8 hours before attempting another host. -Jason
Re: Sendmail Queuing
Jason, On Tue, Dec 02, 2003 at 10:19:07AM -0500, Jason McMullen wrote: I'm running into an odd issue. We have 2 servers that act as front-end MX hosts running Sendmail. These servers then smarthost all mail back to a main server. This works well at keeping the main server unloaded due to dictionary attacks and whatnot. The problem we're seeing is the MX hosts bogging down when trying to deliver mail to the main host. Does anyone have any tried and true methods for getting Sendmail to be a little nicer about its queuing strategy? Or is the best option qmail or another MTA? Make sure that SingleThreadDelivery is turned off on the MX. On the smarthost however make sure it's not dropping connections too early. Look at the the REFUSE_LA and QUEUE_LA (sendmail must have the correct LA_TYPE compiled in). Also look at the CONNECTION_RATE_THROTTLE and MAX_DAEMON_CHILDREN parameters. It may also help to pay attention to which host is resolving what. Hope this helps. -- Henk Roose - [EMAIL PROTECTED] CWI - Centrum voor Wiskunde en Informatica Centre for Mathematics and Computer Science Amsterdam (NL) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail Queuing
Jason McMullen wrote:
Good Day All,
I'm running into an odd issue. We have 2 servers that act as
front-end MX hosts running Sendmail. These servers then smarthost all
mail back to a main server. This works well at keeping the main server
unloaded due to dictionary attacks and whatnot. The problem we're
seeing is the MX hosts bogging down when trying to deliver mail to the
main host.
Does anyone have any tried and true methods for getting Sendmail to be a
little nicer about its queuing strategy? Or is the best option qmail
or another MTA?
TIA!
-Jason
You might want to experiment with connection caching, so that the MX
servers don't open a new connection to the mail_hub. Something like:
define(`confMCI_CACHE_SIZE',`2')dnl
define(`confMCI_CACHE_TIMEOUT',`120s')dnl
Also may want to sort your queue by host, so that all internal mail gets
delivered in order.
How many messages do you have in the queue on your MX hosts? If you're
pushing over 1000, I'd suggest splitting into multiple queue directories.
Do you have host status enabled? If so, your state directory may be the
problem (.com and .net directories may have thousands of entries, which
was not good on my ext2 filesystem). I have had good luck with making a
small ReiserFS parition for /var/local/state/sendmail.
How are you handling dictionary attacks? just letting the MX'es handle
trying to DNS notifies, or do your MX hosts know about valid usernames?
If you have lots of bounces sitting in your queue on your MX hosts due
to spammer dictionary attacks, you can move the DSN messages into a
slow running queue. Debian's sendmail installation has a method to do
this, or you can do something like:
a) Create a new queue directory (/var/spool/mqueue-slow-retry in my case).
b) Create the following /etc/cron.d/sendmail_slowqueue entry (may need
to correct line breaks):
#!/bin/sh
#
# sendmail_slowqueue -- move hanging messages into a slower queue...
#
# 11/12/2003 by [EMAIL PROTECTED]
#
# Every 8 min, move to slower queue...
# (every 8, so that we stagger away from regular queue run... trying
# to prevent getting blocked by queue run.
*/8 * * * * root /usr/share/sendmail/qtool.pl -e
'$msg{num_delivery_attempts} = 3 ($msg{sender} =~ \\ or
$msg{sender} =~ MAILER-DAEMON)' /var/spool/mqueue-slow-retry
/var/spool/mqueue/Q*
#Process the slow queue every 3 hours, instead of default 20 minutes.
# 11/17/03: Changed to run as root (permission problem as smmsp),
# also added QueueSortOrder=host, since most will be undeliverable
# bounce messages anyway. --RAP
5 */3 * * * root /usr/sbin/sendmail -q -L sendmail-slowqueue -O
QueueDirectory=/var/spool/mqueue-slow-retry -O QueueSortOrder=host
--Rich
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail Queuing
Jason, On Tue, Dec 02, 2003 at 10:19:07AM -0500, Jason McMullen wrote: I'm running into an odd issue. We have 2 servers that act as front-end MX hosts running Sendmail. These servers then smarthost all mail back to a main server. This works well at keeping the main server unloaded due to dictionary attacks and whatnot. The problem we're seeing is the MX hosts bogging down when trying to deliver mail to the main host. Does anyone have any tried and true methods for getting Sendmail to be a little nicer about its queuing strategy? Or is the best option qmail or another MTA? Make sure that SingleThreadDelivery is turned off on the MX. On the smarthost however make sure it's not dropping connections too early. Look at the the REFUSE_LA and QUEUE_LA (sendmail must have the correct LA_TYPE compiled in). Also look at the CONNECTION_RATE_THROTTLE and MAX_DAEMON_CHILDREN parameters. It may also help to pay attention to which host is resolving what. Hope this helps. -- Henk Roose - [EMAIL PROTECTED] CWI - Centrum voor Wiskunde en Informatica Centre for Mathematics and Computer Science Amsterdam (NL)
Re: Sendmail Queuing
Jason McMullen wrote:
Good Day All,
I'm running into an odd issue. We have 2 servers that act as
front-end MX hosts running Sendmail. These servers then smarthost all
mail back to a main server. This works well at keeping the main server
unloaded due to dictionary attacks and whatnot. The problem we're
seeing is the MX hosts bogging down when trying to deliver mail to the
main host.
Does anyone have any tried and true methods for getting Sendmail to be a
little nicer about its queuing strategy? Or is the best option qmail
or another MTA?
TIA!
-Jason
You might want to experiment with connection caching, so that the MX
servers don't open a new connection to the mail_hub. Something like:
define(`confMCI_CACHE_SIZE',`2')dnl
define(`confMCI_CACHE_TIMEOUT',`120s')dnl
Also may want to sort your queue by host, so that all internal mail gets
delivered in order.
How many messages do you have in the queue on your MX hosts? If you're
pushing over 1000, I'd suggest splitting into multiple queue directories.
Do you have host status enabled? If so, your state directory may be the
problem (.com and .net directories may have thousands of entries, which
was not good on my ext2 filesystem). I have had good luck with making a
small ReiserFS parition for /var/local/state/sendmail.
How are you handling dictionary attacks? just letting the MX'es handle
trying to DNS notifies, or do your MX hosts know about valid usernames?
If you have lots of bounces sitting in your queue on your MX hosts due
to spammer dictionary attacks, you can move the DSN messages into a
slow running queue. Debian's sendmail installation has a method to do
this, or you can do something like:
a) Create a new queue directory (/var/spool/mqueue-slow-retry in my case).
b) Create the following /etc/cron.d/sendmail_slowqueue entry (may need
to correct line breaks):
#!/bin/sh
#
# sendmail_slowqueue -- move hanging messages into a slower queue...
#
# 11/12/2003 by [EMAIL PROTECTED]
#
# Every 8 min, move to slower queue...
# (every 8, so that we stagger away from regular queue run... trying
# to prevent getting blocked by queue run.
*/8 * * * * root /usr/share/sendmail/qtool.pl -e
'$msg{num_delivery_attempts} = 3 ($msg{sender} =~ \\ or
$msg{sender} =~ MAILER-DAEMON)' /var/spool/mqueue-slow-retry
/var/spool/mqueue/Q*
#Process the slow queue every 3 hours, instead of default 20 minutes.
# 11/17/03: Changed to run as root (permission problem as smmsp),
# also added QueueSortOrder=host, since most will be undeliverable
# bounce messages anyway. --RAP
5 */3 * * * root /usr/sbin/sendmail -q -L sendmail-slowqueue -O
QueueDirectory=/var/spool/mqueue-slow-retry -O QueueSortOrder=host
--Rich
Sendmail Queuing
Good Day All, I'm running into an odd issue. We have 2 servers that act as front-end MX hosts running Sendmail. These servers then smarthost all mail back to a main server. This works well at keeping the main server unloaded due to dictionary attacks and whatnot. The problem we're seeing is the MX hosts bogging down when trying to deliver mail to the main host. Does anyone have any tried and true methods for getting Sendmail to be a little nicer about its queuing strategy? Or is the best option qmail or another MTA? TIA! -Jason -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spoon feeding Exchange with Sendmail
doesn't exchange come with some pop-connector tool to download mail from a pop-server? i know it's not the coolest solution, though i believe it works ;-) regards, -rodi On Fri, 2003-10-10 at 20:52, Jody Grafals wrote: Spoon feeding Exchange with Sendmail Is it possible to somehow use my Debian Linux server as a tool to download pop mail from a remote server then forward it to my local mail server (Exchange), I was thinking Sendmail might be able to do something like this but I could not find any documentation. Thanks jody -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spoon feeding Exchange with Sendmail
Quoting R.M. Evers [EMAIL PROTECTED]: doesn't exchange come with some pop-connector tool to download mail from a pop-server? i know it's not the coolest solution, though i believe it works ;-) There definately is, since we're using it here on a Windows based network... I'm not sure if it comes with anything other than the Small Business Server version of 2k server though. Jon regards, -rodi On Fri, 2003-10-10 at 20:52, Jody Grafals wrote: Spoon feeding Exchange with Sendmail Is it possible to somehow use my Debian Linux server as a tool to download pop mail from a remote server then forward it to my local mail server (Exchange), I was thinking Sendmail might be able to do something like this but I could not find any documentation. Thanks jody -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spoon feeding Exchange with Sendmail
Jon Wood wrote: Quoting R.M. Evers [EMAIL PROTECTED]: doesn't exchange come with some pop-connector tool to download mail from a pop-server? i know it's not the coolest solution, though i believe it works ;-) There are many commercially available exchange pop down-loaders but Exchange dose not come with any in the standard addition. In my case the Win2k server is sitting in a LAN with no route to the internet but can get data from our DMZ and the linux server is sitting in the DMZ and is online all the time. I don't trust the Win2k Exchange server on the internet ;-)I'm working on getting a suitable solution working with fetchmail to pass remote mail to the local mail server (Exchange), in the future I would like to be able to filter all the mail for spam and viruses on the Linux server, but I figured this is a good first step. Cheers jody regards, -rodi On Fri, 2003-10-10 at 20:52, Jody Grafals wrote: Spoon feeding Exchange with Sendmail Is it possible to somehow use my Debian Linux server as a tool to download pop mail from a remote server then forward it to my local mail server (Exchange), I was thinking Sendmail might be able to do something like this but I could not find any documentation. Thanks jody -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Spoon feeding Exchange with Sendmail
Spoon feeding Exchange with Sendmail Is it possible to somehow use my Debian Linux server as a tool to download pop mail from a remote server then forward it to my local mail server (Exchange), I was thinking Sendmail might be able to do something like this but I could not find any documentation. Thanks jody -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spoon feeding Exchange with Sendmail
- Original Message - From: Jody Grafals [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 10, 2003 8:52 PM Subject: Spoon feeding Exchange with Sendmail Spoon feeding Exchange with Sendmail Is it possible to somehow use my Debian Linux server as a tool to download pop mail from a remote server then forward it to my local mail server (Exchange), I was thinking Sendmail might be able to do something like this but I could not find any documentation. Never used it, but fetchmail should be able to do this, I think. Regards, Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spoon feeding Exchange with Sendmail
Yreka - So I could use fetchmail to get the mail form the pop account then use sendmail to the exchange server - Can this be automated out of the box or will it invlove scripting and is it a piratical solution for auto relaying 50 mailboxes Or am I making this to complicated. Is there some sort of mail relaying tool for just moving lot of mail around? thank Jody Teun Vink wrote: - Original Message - From: Jody Grafals [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 10, 2003 8:52 PM Subject: Spoon feeding Exchange with Sendmail Spoon feeding Exchange with Sendmail Is it possible to somehow use my Debian Linux server as a tool to download pop mail from a remote server then forward it to my local mail server (Exchange), I was thinking Sendmail might be able to do something like this but I could not find any documentation. Never used it, but fetchmail should be able to do this, I think. Regards, Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spoon feeding Exchange with Sendmail
On Fri, 10 Oct 2003 16:49:21 -0400, Jody Grafals [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]: Yreka - So I could use fetchmail to get the mail form the pop account then use sendmail to the exchange server - Can this be automated out of the box or will it invlove scripting and is it a piratical solution for auto relaying 50 mailboxes Or am I making this to complicated. Is there some sort of mail relaying tool for just moving lot of mail around? ..yep, yep, yep, procmail. ;-) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Spoon feeding Exchange with Sendmail
Fetchmail will do pretty much everything you're saying out of the box, although you'll need to make a .fetchmailrc for it which in a config file that looks alot like a script language sometimes. The docs/examples are pretty straightforward. I just used it for a customer transitioning from webmail/pop configured on their webspace to their own debian server. 30 mailboxes, which although we only ran it for a week (to double check DNS transition) should have ran forever mostly fine. Piece of cake. You can even set it to retrieve muliple recipients from a single pop box, which I've also done, and much as the docs say, really don't like too much. Fetchmail can either run sendmail (ie, the sendmail command that is used for most on the server mtas) or forward direct via smtp to wherever you want (including straight into an exchange smtp service). Pulu Afe.to ANTS POB 1478 Nuku'alofa, Tonga Ph: Country code 676 - 27946 or 878-1332 http://www.afe.to http://svcs.affero.net/rm.php?r=pulu Quoting Jody Grafals [EMAIL PROTECTED]: Yreka - So I could use fetchmail to get the mail form the pop account then use sendmail to the exchange server - Can this be automated out of the box or will it invlove scripting and is it a piratical solution for auto relaying 50 mailboxes Or am I making this to complicated. Is there some sort of mail relaying tool for just moving lot of mail around? thank Jody Teun Vink wrote: - Original Message - From: Jody Grafals [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 10, 2003 8:52 PM Subject: Spoon feeding Exchange with Sendmail Spoon feeding Exchange with Sendmail Is it possible to somehow use my Debian Linux server as a tool to download pop mail from a remote server then forward it to my local mail server (Exchange), I was thinking Sendmail might be able to do something like this but I could not find any documentation. Never used it, but fetchmail should be able to do this, I think. Regards, Teun -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - This mail sent from Tonga's Premiere Internet Cafe Visit us online at http://www.cafe.afe.to discussions @ http://www.nomoa.com/index.php generic info @ http://www.tongatapu.net.to -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
does the new sendmail bug affect 8.11.x?
Hi, Does anyone know if the new Sendmail bug: http://www.sendmail.org/8.12.10.html affects 8.11.x? I have a few non-Debian boxes still running 8.11.7 (the 3/31 patch didn't bump the version number), and I haven't been able to find any specific info. Thanks, Eric -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
Arnt Karlsen wrote: ..and after a journal death, and fsck, the raid set will be able to re-establish itself, no? Or does the journal do both/all disks in a raid set? The FS doesn't know or care about RAID-anything, as far as I know. Doesn't the FS just tell /dev/hda1, /dev/sda1, or /dev/md1 to write this data to this block. Very oversimplified, I know, but it doesn't seem like RAID should be part of the discussion here (aside from the fact that a RAID1 or RAID5 config *may* reduce the occurance of problems that would bring journaling into play). ..how does the journalling system choose which blocks to work from? What I've been able to see, the journal dies when their super blocks go bad? The filesystem needs the superblock in order to find the journal. If you have a single gigantic filesystem mounted on /, then if the primary superblock is corrupted, the kernel will not be able to mount /, and you're hosed. E2fsck will automatically try the primary superblock, and if that is corrupt, it will try the first backup superblock. Failing that, a human will need to manually try one of the other backup superblocks, if it is corrupted as well. ..this can be tuned to try more blocks before whining for manpower? Ted will know a lot more about this than I do, but I'd think that if the first two superblocks are corrupt, the likelihood of superblock number 3 or whatever being good is pretty low compared to the odds that the drive/parition is shot. Perhaps that's why e2fsck just gives up on the extra superblocks? Of course, then why bother including them? I've had a bunch of Debian systems running on various (sometimes crappy) hardware for years. I've seen very few cases where a superblock was corrupt and e2fsck puked. In each case, it was on a drive that was old enough that it wasn't worth fussing over any more, so I just replaced the drive. Some of the drives are happy running on wintel boxes, others are just paperweights. If your primary superblock is getting corrupted often, then first of all, you should try to figure out why this is happening, and take affirmative actions to prevent them. (The fact that you're reporting marginal power is supremely suspicious; marginal power can cause disk corruptions very easily. Getting higher quality power supplies will help, but a UPS is the first thing I would get.) ..yeah, I'm working on the power bit. ;-) Secondly, you're better off using a small root filesystem that generally isn't modified often. What I normally do is use a 128 meg root filesystem, with a separate /var partition (or /var symlinked to /usr/var), and /tmp as a ram disk. With the root filesystem rarely changing, it's much less likely that it will be corrupted due to hardware problems. Then the root filesystem can come up, and e2fsck can repair the other filesystems. ..yeah, except for /tmp on ramdisk, that's how I do my boxes, and my isp business client is learning his lesson good. ;-) But I repeat, your filesystems shouldn't be getting corrupted in the first place. Using a separate root filesystem is a good idea, and will help you recover from hardware problems, but your primary priority should be to avoid the hardware problems in the first place. - Ted -- _ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: [EMAIL PROTECTED] _ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
On Sat, 13 Sep 2003 02:01, Rich Puhek wrote: Ted will know a lot more about this than I do, but I'd think that if the first two superblocks are corrupt, the likelihood of superblock number 3 or whatever being good is pretty low compared to the odds that the drive/parition is shot. Perhaps that's why e2fsck just gives up on the extra superblocks? Of course, then why bother including them? In principle it seems to be always a good idea to have more copies of your data than the software knows how to deal with automatically. Then if the software screws up and mangles everything it touches you may still have a chance to manually do whatever is necessary to save it. I recall a story about a tape drive that became damaged in a way that made it destroy every tape put in it. When some data needed to be restored the first tape didn't work, they tried it in a second drive and it was proven to be dead. They got a second backup and repeated the same proceedure... It was only when they were down to their last backup that someone got wise and used a different tape drive for the first attempt, which resulted in the data being read without any errors. In that situation if a tape robot had control then it would certainly have trashed all copies of the data. I can imagine similar things happening to a file system with a dieing hard disk. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
On Sat, 13 Sep 2003 03:54:07 +1000, Russell Coker [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]: On Sat, 13 Sep 2003 02:01, Rich Puhek wrote: Ted will know a lot more about this than I do, but I'd think that if the first two superblocks are corrupt, the likelihood of superblock number 3 or whatever being good is pretty low compared to the odds that the drive/parition is shot. Perhaps that's why e2fsck just gives up on the extra superblocks? Of course, then why bother including them? In principle it seems to be always a good idea to have more copies of your data than the software knows how to deal with automatically. Then if the software screws up and mangles everything it touches you may still have a chance to manually do whatever is necessary to save it. I recall a story about a tape drive that became damaged in a way that made it destroy every tape put in it. When some data needed to be restored the first tape didn't work, they tried it in a second drive and it was proven to be dead. They got a second backup and repeated the same proceedure... It was only when they were down to their last backup that someone got wise and used a different tape drive for the first attempt, which resulted in the data being read without any errors. In that situation if a tape robot had control then it would certainly have trashed all copies of the data. I can imagine similar things happening to a file system with a dieing hard disk. ..agreed, but there are vast differences between the first 2, every other and all. ;-) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: FS performace with lots of files, was: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
Cameron Moore wrote: * [EMAIL PROTECTED] (Russell Coker) [2003.09.10 20:16]: Also you can't have a ReiserFS file system mounted read-only while fsck'ing it. Which makes recovering errors on the root FS very interesting to say the least. What I hate about ext3 is that it doesn't poorly handles dirs with 1000+ files. Haven't seen if they've fixed that yet. There exists a patch (hhttp://people.nl.linux.org/~phillips/htree/ - i think there are other resources out there somewhere ;)) for 2.4.x, but the code should be in the kernel since 2.4.20 for ext2 and for ext3 it seems that it was available before (but there are some 2.4.19-patches out there: http://lwn.net/Articles/11330/) - hopefully somebody can bring some light into this... regards Markus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
On Thu, Sep 11, 2003 at 02:04:19AM +0200, Arnt Karlsen wrote: ..I still believe in raid-1, but, ext3fs??? ..how does xfs, jfs and Reiserfs compare? If you have random disk corruptions happening as often as you are, no filesystem is going to be able to help you. The only question is how quickly the filesystem notices *before* user data starts getting irrecovably lost. Ext3 generally tends to be one of the more paranoid filesystems about checking assertions and should never happen cases, although I don't know how it compares to reiserfs, jfs, et. al. There are have certainly been cases in the past where people were convinced that there was a bug in ext2, since other filesystems (minix in this particular case) weren't reporting the problem. But, it turned out to be a buffer cache bug, and it was simply that other filesystems were not doing the appropriate assertion checks, and user data was getting lost; the system administrator was just left in blissful ignorance. Unless you're talking about *software* RAID-1 under Linux, and the ..bingo, I should have said so. fact that you have to rebuild mirror after an unclean shutdown, but that's arguably a defect in the software RAID 1 implementation. On other systems, such as AIX's software RAID-1, the RAID-1 is implemented with a journal, ..but software RAID-1 under Linux is not or did I miss something here? No, software RAID-1 does not do journalling at the RAID level. That means that in the case of a unclean shutdown, the RAID system will need to restablish the mirror. As I said, this is a performance issue, since half the disk bandwidth of the RAID array will be diverted to restablishing the mirror during the unclean shutdown. Note also this is true *regardless* of what filesystem you use, journaling and non-journaling. ..ok, for my throttle boxes, here is where I should honk the horn and divert logging to a log server and schedule a fsck? (And ofcourse just reboot my mailservers on the same error.) For your throttle boxes, do you need to have any writes to your filesystems at all? If what you care about is zero downtime, why not just run syslog over the network, and keep all of your filesystems mounted read/only? Some extreme configurations I've seen (especially where ISP's don't have direct/easy access to their systems at remote POP's), use a read-only flash filesystem, and a ramdisk for /tmp, and no spinning disks at all. This significantly increases reliability caused by disk failures, since the hard drive is often the most vulnerable part of the system, especially in the face of heat vibrations, etc. ..IMHO the debian bootstrap should first read the rpm database and generate a deb database, and then do 'apt-get update \ apt-get dist-upgrade'. _Is_ there such a bootstrap beast? While this would be interesting for those people who are converting from Red Hat to Debian, it's a lot more complicated than that, since you also have to convert over the configuration files; Red Hat and Debian don't necessarily store files in the same location. I generally find that for production systems, it's much safer and simpler to install Debian on a new disk (and on a new system), and then copy over the new configuration files over. That way, you can test the system and make sure everything is A-OK before cutting over something on a production system. (By the way, it seems like 50% of your problems is that you're doing things on the cheap, and yet you still want 100% reliability. If you want carrier-grade reliability, you need to pay a little bit extra, and do things like have hot spares, and installation scripts that allow you to create and configure new servers automatically, without needing manual handwork.) ..256MB, but the disks may be marginal, on the known bad disks I get write errors. I have seen this same error on power blinks, failures lasting for about a 1/3 of a second without losing monitor sync etc on my desktops, once frying a power supply, but usually these blinks cause no harm. Sounds like you have marginal power. Do you have a UPS (preferably a continuous UPS) to protect your systems? If not, why not? (Again, it's a bad idea to expect carrier-grade relaibility when you're not willing pay for the basic high-quality equipment, backup equipment, and devices such as UPS's to protect your equipment.) ..ah. So with a 30GB /var ext3fs raid-1 I would have 25% or 13% consumed by backup copies of the superblock and block group descriptors? It's an order n**2 problem; so it's not a linear relationship. And most people get annoyed by that kind of overhead, long before it gets to 10% or above. ..how does the journalling system choose which blocks to work from? What I've been able to see, the journal dies when their super blocks go bad? The filesystem needs the superblock in order to find the journal. If you have a single gigantic filesystem mounted on /, then if the primary
Re: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
On Thu, 11 Sep 2003 14:03:17 -0400, Theodore Ts'o [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]: On Thu, Sep 11, 2003 at 02:04:19AM +0200, Arnt Karlsen wrote: ..I still believe in raid-1, but, ext3fs??? ..how does xfs, jfs and Reiserfs compare? If you have random disk corruptions happening as often as you are, no filesystem is going to be able to help you. The only question is how quickly the filesystem notices *before* user data starts getting irrecovably lost. Ext3 generally tends to be one of the more paranoid filesystems about checking assertions and should never happen cases, although I don't know how it compares to reiserfs, jfs, et. al. ..ok, how about ext3 versus ext2 on raid-1? Unless you're talking about *software* RAID-1 under Linux, and the ..bingo, I should have said so. fact that you have to rebuild mirror after an unclean shutdown, but that's arguably a defect in the software RAID 1 implementation. On other systems, such as AIX's software RAID-1, the RAID-1 is implemented with a journal, ..but software RAID-1 under Linux is not or did I miss something here? No, software RAID-1 does not do journalling at the RAID level. That means that in the case of a unclean shutdown, the RAID system will need to restablish the mirror. ..and after a journal death, and fsck, the raid set will be able to re-establish itself, no? Or does the journal do both/all disks in a raid set? As I said, this is a performance issue, since half the disk bandwidth of the RAID array will be diverted to restablishing the mirror during the unclean shutdown. Note also this is true *regardless* of what filesystem you use, journaling and non-journaling. ..noted, non-issue in my case. ..ok, for my throttle boxes, here is where I should honk the horn and divert logging to a log server and schedule a fsck? (And ofcourse just reboot my mailservers on the same error.) For your throttle boxes, do you need to have any writes to your filesystems at all? If what you care about is zero downtime, why not just run syslog over the network, and keep all of your filesystems mounted read/only? Some extreme configurations I've seen (especially where ISP's don't have direct/easy access to their systems at remote POP's), use a read-only flash filesystem, and a ramdisk for /tmp, and no spinning disks at all. This significantly increases reliability caused by disk failures, since the hard drive is often the most vulnerable part of the system, especially in the face of heat vibrations, etc. ..sounds like an idea. The major point against is geography, I like to arrive at stand-alone one-box solutions, but networked logging is a good way to verify the network status. What is used, ssh tunnels? ..IMHO the debian bootstrap should first read the rpm database and generate a deb database, and then do 'apt-get update \ apt-get dist-upgrade'. _Is_ there such a bootstrap beast? While this would be interesting for those people who are converting from Red Hat to Debian, it's a lot more complicated than that, since you also have to convert over the configuration files; Red Hat and Debian don't necessarily store files in the same location. ..I know. ;-) I generally find that for production systems, it's much safer and simpler to install Debian on a new disk (and on a new system), and then copy over the new configuration files over. That way, you can test the system and make sure everything is A-OK before cutting over something on a production system. ..yeah, my pipe dream. ;-) (By the way, it seems like 50% of your problems is that you're doing things on the cheap, and yet you still want 100% reliability. If you want carrier-grade reliability, you need to pay a little bit extra, and do things like have hot spares, and installation scripts that allow you to create and configure new servers automatically, without needing manual handwork.) ..hey, the isp shop is not mine, and it _is_ a small operation, so I need to grow it so I can charge'em. ;-) These guys are Wintendo convertites, and I do the hard stuff for 'em. ;-) ..256MB, but the disks may be marginal, on the known bad disks I get write errors. I have seen this same error on power blinks, failures lasting for about a 1/3 of a second without losing monitor sync etc on my desktops, once frying a power supply, but usually these blinks cause no harm. Sounds like you have marginal power. Do you have a UPS (preferably a continuous UPS) to protect your systems? If not, why not? (Again, it's a bad idea to expect carrier-grade relaibility when you're not willing pay for the basic high-quality equipment, backup equipment, and devices such as UPS's to protect your equipment.) ..2 different sites, I have marginal power in my lab, but the isp gear is on ups, and that again is on a priority grid feed. ..will be producing my own power on this;
Re: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
On Wed, Sep 10, 2003 at 01:36:32AM +0200, Arnt Karlsen wrote: But for an unattended server, most of the time it's probably better to force the system to reboot so you can restore service ASAP. ..even for raid-1 disks??? _Is_ there a combination of raid-1 and journalling fs'es for linux that's ready for carrier grade service? I'm not sure what you're referring to here. As far as I'm concerned, if the filesystem is inconsistent, panic'ing and letting the system get back to a known state is always the right answer. RAID-1 shouldn't be an issue here. Unless you're talking about *software* RAID-1 under Linux, and the fact that you have to rebuild mirror after an unclean shutdown, but that's arguably a defect in the software RAID 1 implementation. On other systems, such as AIX's software RAID-1, the RAID-1 is implemented with a journal, so that there is no need to rebuild the mirror after an unclean shutdown. Alternatively, you could use a hardware RAID-1 solution, which also wouldn't have a problem with an unclean shutdowns. In any case, the speed hit for doing an panic with the current Linux MD implementation is a performance issue, and in my book reliability takes precedence over performance. So yes, even for RAID-1, and it doesn't matter what filesystem, if there's a problem, you should reboot. If you don't like the resulting performance hit after the panic, get a hardware RAID controller. I'm not sure what you mean by this. When there is a filesystem error ..add an healthy dose of irony to repair in repair. ;-) detected, all writes to the filesystem are immediately aborted, which ...precludes reporting the error? No, if you are using a networked syslog daemon, it certainly does preclode reporting the error. If you mean the case where there is a filesystem error on the partition where /var/log resides, yes, we consider it better to abort writes to the filesystem than to attempt to write out the log message to a compromised filesystem. .._exactly_, but it is not reported to any of the system users. A system reboot _is_ reported usefully to the system users, all tty users get the news. The message that a filesystem has been remounted read-only is logged as a KERN_CRIT message. If you wish, you can configure your syslog.conf so that all tty users are notified of kern.crit level errors. That's probably a good thing, although it's not clear that a typical user will understand what to do when they are a told that a filesystem has been remounted read-only. Certainly it is trivial to configure sysklogd to grab that message and do whatever you would like with it, if you were to so choose. If you want to honk the big horn, that is certainly within your power to make the system do that. If you believe that Red Hat should configure their syslog.conf files to do this by default, feel free to submit a bug report / suggestion with Red Hat. of uncommitted data which has not been written out to disk.) So in general, not running the journal will leave you in a worse state after rebooting, compared to running the journal. ..it appears my experience disagrees with your expertize here. With more data, I would have been able to advice intelligently on when to and when not to run the journal, I believe we agree not running the journal is adviceable if the system has been left limping like this for a few hours. How long the system has been left limping doesn't really matter. The real issue is that there may be critical data that has been written to the journal that was not written to the filesystem before the journal was aborted and the filesystem left in a read-only state. This might, for example, include a user's thesis or several year's of research. (Why such work might not be backed up is a question I will leave for another day, and falls into the criminally negligent system administrator category) In general, you're better off running the journal after a journal abort. You have may think you have experiences to the contrary, but are you sure? Unless you snapshot the entire filesystem, and try it both ways, you can't really know for sure. There are classes of errors where the filesystem has been completely trashed, and whether or not you run the journal won't make a bit of difference. The much more important question is to figure out why the filesystem got trashed in the first place. Do you have marginal memory? hard drives? Are you running a beta-test kernel that might be buggy? Fixing the proximate cause is always the most important thing to do; since in the end, no matter how clever a filesystem, if you have buggy hardware or buggy device drivers, in the end you *will* be screwed. A filesystem can't compensate for those sorts of shortcomings. ..and, on a raid-1 disk set, a failure oughtta cut off the one bad fs and not shoot down the entire raid set because that one fs fails. I agree. When is that not happening? ..sparse_super
Re: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
* [EMAIL PROTECTED] (Russell Coker) [2003.09.10 20:16]: On Thu, 11 Sep 2003 10:04, Arnt Karlsen wrote: ..I still believe in raid-1, but, ext3fs??? ..how does xfs, jfs and Reiserfs compare? ReiserFS has many situations where file system corruption can make operations such as find / trigger a kernel Oops. Having a file system decide to panic the kernel because your mount options instructed it to (ext3) is one thing. Having the file system driver corrupt random kernel memory and cause an Oops (Reiser) is another. The ReiserFS team's response to such issues has not made me happy so I am removing it from all my machines and converting to Ext3. Can you provide links to your discussions with the ReiserFS team? I'm considering using ReiserFS on some mail servers. Please share your experiences. Also you can't have a ReiserFS file system mounted read-only while fsck'ing it. Which makes recovering errors on the root FS very interesting to say the least. What I hate about ext3 is that it doesn't poorly handles dirs with 1000+ files. Haven't seen if they've fixed that yet. -- Cameron Moore [ Smoking cures weight problems... eventually. ] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
On Thu, 11 Sep 2003 13:22, Cameron Moore wrote: Having a file system decide to panic the kernel because your mount options instructed it to (ext3) is one thing. Having the file system driver corrupt random kernel memory and cause an Oops (Reiser) is another. The ReiserFS team's response to such issues has not made me happy so I am removing it from all my machines and converting to Ext3. Can you provide links to your discussions with the ReiserFS team? I'm considering using ReiserFS on some mail servers. Please share your experiences. It was on the reiserfs list a couple of months ago. They told me that it would be impossible to check all data for consistency when reading it from disk without having a huge performance hit. Ext3 appears to manage this (or at least corrupt ext2/3 file systems tend not to cause kernel memory corruption). -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
On Mon, 8 Sep 2003 12:05:24 -0400, Theodore Ts'o [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]: On Sun, Sep 07, 2003 at 07:24:27PM +0200, Arnt Karlsen wrote: What happens on error conditions can be set through tune2fs or as a mount option. Having it remount read-only is probably better than panicing the kernel. ..yeah, except in /var/log, /var/spool et al, I also lean towards panic in /home. I tend to use remount read-only feature on desktops, where it's useful for me to be able to save my work on some other filesystem before I reboot my system. ..remount read-only is ok, as long as the bugle blows. IME, it doesn't. But for an unattended server, most of the time it's probably better to force the system to reboot so you can restore service ASAP. ..even for raid-1 disks??? _Is_ there a combination of raid-1 and journalling fs'es for linux that's ready for carrier grade service? When it happens a reboot may be a good idea, in which case a fsck to fix the problem should occur automatically. ..should, agrrrRRRrrreed. IME (RH73 - RH9 and woody) it does not. ..what happens is the journaling dies, leaving a good fs intact, on rebooting, the dead journal will repair the fs wiping good data off the fs. I'm not sure what you mean by this. When there is a filesystem error ..add an healthy dose of irony to repair in repair. ;-) detected, all writes to the filesystem are immediately aborted, which ...precludes reporting the error? means the filesystem on disk is left in an unstable state. (It my look consistent while the system is still running, but there is a lot .._exactly_, but it is not reported to any of the system users. A system reboot _is_ reported usefully to the system users, all tty users get the news. of uncommitted data which has not been written out to disk.) So in general, not running the journal will leave you in a worse state after rebooting, compared to running the journal. ..it appears my experience disagrees with your expertize here. With more data, I would have been able to advice intelligently on when to and when not to run the journal, I believe we agree not running the journal is adviceable if the system has been left limping like this for a few hours. An alternative course of action, which we don't currently support would be to attempt to write everything to disk and quiesce the filesystem before remounting it read-only. The problem is that trying to flush everything out to disk might leave things in a worse state than just freezing all writes. ..could a ramdisk help? As in; store in ramdisk between journal commits and honk the big horn on non-recoverable errors? ..and, on a raid-1 disk set, a failure oughtta cut off the one bad fs and not shoot down the entire raid set because that one fs fails. The real problem is that in the face of filesystem corruption, by the time the filesystem notices that something is wrong, there may be significant damage that has already taken place. Some of it may already have been written to journal, in which case not replaying the journal might leave you with more data to recover; on the other hand, not replaying the journal could also risk leaving your filesystem very badly corrupted with data which the mail server had promised it had accepted, not actually getting saved by the filesystem. A human could make a read/write snapshot of the filesystem and try it both ways, but if you want automatic recovery, it's probably better to run the journal than not to run it. ..agreed, and with ext3 on a raid-1 set, this _oughtta_ be easy. ..the errors=remount,ro fstab option remounts the fs ro but fails to tell the system, so the system merrily logs data and accepts mail etc 'till Dooms Day, and especially on raid-1 disks I sort of expected redundancy, like in autofeather the bad prop and trim out the yaw and autopatch that holed fuel tank, and auto-sync the props, I mean, this was done _60_years_ ago in aviation to help win WWII, and ext3 on raid-1 floats around USS Yorktown-style??? If the system merrily logs data and accepts it, even after the filesystem is remounted read-only, that implies that the MTA is horribly buggy, not doing the most basic of error return code checks. ..agreed, pointer hints to such basic hints to such basics? If the filesystem is remounted read-only, then writes to the filesystem *will* return an error. If the application doesn't notice, then it's the application which is at fault, not ext3. ..on Woody, ext3 actually report the remount to /dev/console. ;-) _Nothing_ elsewhere. Dunno about Red Hat, never had one hooked to a monitor upon a journal failure. ..all I know is RH-7.3-8-9 and Woody does _not_ report ext3 journal failures in any way I am aware of and can make use of, other than these wee sad hints in dumpe2fs: Filesystem revision #:1 (dynamic) Filesystem features:
Re: Sendmail or Qmail ? ..
I have just played around with dovecot imap server. I can use your existing mail spool files. Also it allows for craetion of IMAP folders in users' home dirs which worries me a bit. I'd rather have the mailbox in MySQL or something like that. But that's a differnet discussion I guess. Michael Eric Sproul wrote: On Fri, 2003-09-05 at 11:19, Tinus Nijmeijers wrote: cyrus huh? in that case: is cyrus-popd a drop-in replacement for UW-pop (ipopd) on debian? I seem to remember it is not. You are correct. Cyrus uses a completely different method for storing mail, so you cannot just install its POP daemon. You would have to convert your existing mail spool to Cyrus's format. Eric
Dovecot (was: Re: Sendmail or Qmail ? ..)
On Monday 08 September 2003 14:41, mimo wrote: I have just played around with dovecot imap server. I can use your existing mail spool files. Also it allows for craetion of IMAP folders in users' home dirs which worries me a bit. I'd rather have the mailbox in MySQL or something like that. But that's a differnet discussion I guess. Can you share your experiences? How does dovecot perform? Does it support SSL (I guess so since it depends on gnutls)? What configuration options does it have? I guess since it supports standard mailboxen, standard mail delivery via procmail can be used by default. Yes, I'll do my own homework - but if people can give a recommendation pro or contra, I might have an idea where to set my hopes. (Ok, it should be an improvement over uw-imapd in any case ;-) cheers -- vbi -- Perl: The Swiss Army Chainsaw pgp0.pgp Description: signature
Re: Sendmail or Qmail ? ..
* [EMAIL PROTECTED] (Craig Sanders) [2003.09.07 20:55]: qmail is so different to sendmail, exim, postfix, and just about every other unix MTA that migrating to it is a major PITA. migrating away from it is at least as bad. qmail has some very nice features, and is much faster and far more secure than sendmail but it's a technology trap as bad as any proprietary MTA. Just wanted to give anyone considering using qmail a chance to read what he said again because Craig nailed it. I'm in the process of migrating a large mail system from qmail to postfix. I can't tell you how much I hate qmail. Like Craig said, it's like working with a proprietary/commercial product -- it controls what you do, not the other way around. -- Cameron Moore [ Is it wrong that only one company makes a game called 'Monopoly'? ] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
On Sat, 2003-09-06 at 22:34, Russell Coker wrote: On Sat, 6 Sep 2003 00:08, Eric Sproul wrote: until the entire message has been received and processed, the receiving MTA is not responsible for the message. In fact, I think this is RFC-specified. Why then, if the receiver isn't responsible, would it want to spend disk I/O queuing a message that may end up being rejected or may fail to come completely in? The incidence of messages that fail part way through is quite low. Expecially in communications between big servers (which corresponds to a large portion of the non-spam traffic). Optimising for the common case makes sense to me. I should think, though, that using a milter that will reject a message based on the DATA content as it is streaming in would increase the likelihood of such occurrences. For instance, a virus-scanning milter will reject the message as soon as it sees a signature, causing the conversation to be aborted. During a large outbreak, a non-trivial percentage of SMTP traffic may be viruses, so there is still a benefit to buffering in RAM vs. queueing to disk. However, I do agree that asynchronous writes and ext3 unlink-before-commit would mitigate the I/O hit. As many other ISP admins know, a large percentage of customers are the psychotic kind, prone to POPing their multi-MB mailboxes every $%^[EMAIL PROTECTED] minute, and leaving all the messages on the server. This puts a non-trivial strain on even a fairly hefty dual-x86 box with H/W RAID5 and 2GB of RAM. I have not noticed that. I have only noticed a very small portion of users doing that. With 1,000,000 users the number of psychotic POP users is small enough that you can deal with them individually. Maybe customers of Dutch ISPs are smarter than those of whichever country you are in. I'm in the US, but let's not start a flame thread over the collective intelligence of our respective populations... ;^P Why not change your POP server to instead of rejecting the connections to put gratuitous delays. So if the time since the last connection is 5 minutes then make every operation take an extra 18 seconds (some pop servers have 20 second time outs). That would delay a minimal POP session by 72 seconds which better than halve the load. I agree, but the political problem remains. Whether I outright reject or impose delays (which will probably generate timeout errors on the client), it generates calls from confused people. But, rather than spend the time explaining the situation, the company would rather the calls not come in at all. Ah, the joy of engineering. I did some more figuring on our mail volume and found that even though each of our 4 mail routers processes 11-12 messages/second (each message requires up to 20 LDAP lookups and a milter for spam filtering), I see A caching LDAP proxy would be good for this situation. Converting 20 LDAP lookups over the network to a single LDAP lookup and 19 accesses to a local cache daemon should provide some significant benefits. Yes, we run local slapd daemons on all the mailrouters, updated from a central master. We see very good performance from this setup, as noted above. Eric -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
also sprach Nathan Eric Norman [EMAIL PROTECTED] [2003.09.05.2025 +0200]: News flash: the FHS specifies how distributions should (or should not) lay out filesystems. The FHS does not prohibit end users from creating new root-level directories. executables alongside configuration files in /var is just wrong. the user does not have a choice. that's the last thing i'll say about this. -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! pgp0.pgp Description: PGP signature
Re: Sendmail or Qmail ? ..
also sprach Thomas Lamy [EMAIL PROTECTED] [2003.09.05.1414 +0200]: Complete ACK. I'm also willing to give support, as I use postfix+mysql+sasl at a couple of clients. did you ever get sasl to work with mozilla clients in any but the non-plaintext forms? i'd really appreciate help here! -- Please do not CC me when replying to lists; I read them! .''`. martin f. krafft [EMAIL PROTECTED] : :' :proud Debian developer, admin, and user `. `'` `- Debian - when you have better things to do than fixing a system Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver! pgp0.pgp Description: PGP signature
Re: Postfix! [WAS: Re: Sendmail or Qmail ? ..]
Hans, Glad to hear the situation is getting better in .nl. Having been hit by several 10s of spam from some dutch provider the other day just didn't imply this :-) What is the connection between the nationality of Wietse Venema and people who sent spam? This is a very strange argument and more fitted for a discussion between kids. You *did* see my original mail on that subject? You *did* look at the list of other more or less silly reasons that were posted already alongside some of the more serious ones? My-mailer-is-better-than-yours discussions are equal with my-OS-is-better-than-yours discussions or my-editor-is-better-than-yours flamefests. Those discussions will always (i) be very long and (ii) turn silly. I was hoping to avoid (i) by accelerating (ii). Well. It didn't work. Surprise. -- vbi -- All power corrupts, but we need electricity. pgp0.pgp Description: signature
Re: Postfix! [WAS: Re: Sendmail or Qmail ? ..]
On Sunday 07 September 2003 15:48, Adrian 'Dagurashibanipal' von Bidder wrote: Apologies - missing attribution. This was Brian: What is the connection between the nationality of Wietse Venema and people who sent spam? This is a very strange argument and more fitted for a discussion between kids. You *did* see my original mail on that subject? You *did* look at the list of other more or less silly reasons that were posted already alongside some of the more serious ones? My-mailer-is-better-than-yours discussions are equal with my-OS-is-better-than-yours discussions or my-editor-is-better-than-yours flamefests. Those discussions will always (i) be very long and (ii) turn silly. I was hoping to avoid (i) by accelerating (ii). Well. It didn't work. Surprise. -- vbi -- I generally avoid temptation unless I can't resist it. -- Mae West pgp0.pgp Description: signature
..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
On Sun, 7 Sep 2003 12:34:45 +1000, Russell Coker [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]: Also I believe that in Ext3 if you write data to a file and then unlink the file before the data is committed to disk then the data will never be written. So there seems no loss as long as the file isn't opened with O_SYNC and you don't call fsync() (and no-one calls sync()). ..I have had a few cases of ext3fs'es, even on raid-1, going read-only on errors, what do you guys use to bring them back into service? -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
On Mon, 8 Sep 2003 00:17, Arnt Karlsen wrote: ..I have had a few cases of ext3fs'es, even on raid-1, going read-only on errors, what do you guys use to bring them back into service? What happens on error conditions can be set through tune2fs or as a mount option. Having it remount read-only is probably better than panicing the kernel. When it happens a reboot may be a good idea, in which case a fsck to fix the problem should occur automatically. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Postfix! [WAS: Re: Sendmail or Qmail ? ..]
On Sun, Sep 07, 2003 at 03:48:42PM +0200, Adrian 'Dagurashibanipal' von Bidder wrote: Content-Description: signed data Hans, Glad to hear the situation is getting better in .nl. Having been hit by several 10s of spam from some dutch provider the other day just didn't imply this :-) I have one advice when sending abuse doesn't help, post[1] the spam in nl.internet.misbruik.spam-signalering with a follow-up to nl.internet.misbruik. Most ISP's in the Netherlands are lurking there and/or posting there like Easynet and Chello. Don't expect results directly, but they will come. What is the connection between the nationality of Wietse Venema and people who sent spam? This is a very strange argument and more fitted for a discussion between kids. You *did* see my original mail on that subject? You *did* look at the list of other more or less silly reasons that were posted already alongside some of the more serious ones? My-mailer-is-better-than-yours discussions are equal with my-OS-is-better-than-yours discussions or my-editor-is-better-than-yours flamefests. Those discussions will always (i) be very long and (ii) turn silly. I was hoping to avoid (i) by accelerating (ii). Those my-wheel-is-rounder-then-your-wheel-discussions are always silly ;-) [1] Limit you post to onder 10KB max. -- Hans -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Postfix! [WAS: Re: Sendmail or Qmail ? ..]
On Sun, Sep 07, 2003 at 11:54:28AM +0800, Jason Lim wrote: Hear hear! Nationality doesn't matter. We're talking about technical merit of things here. Let's keep race, creed, religion, colour out of this. If we gave that impression, that was not the idea. If someone has that feeling, my apologies. Don't mention SPEWS. SPEWS is famous for blocking large non-USA ISPs at the drop of a hat, while large USA spam-support ISPs get away with murder. Why? Because Spews is either run by someone in the USA or knows that if they started applying the same principals to everyone, more and more large USA ISPs will be blocked completely, and less and less people will use SPEWS. Thus SPEWS has double-standards in this regard. Not only SPEWS has that problem :( I prefer ones that have the same standard, regardless of what country you are in. Many many block lists are available... www.spamcop.net... or just check out one of the best Block List comparisons yourself at: http://www.declude.com/JunkMail/Support/ip4r.htm We currently only use rbl's based on spamtraps and I must say it stops a great number of spammessages. That mostly its automated and no one has to submit anything except spammers that use open-proxies, agents, faulty mailservers, etc. Don't tell SPEWS and NANAE that... from the way they talk and act, every spammer must be in China, Korea, Taiwan, and everywhere else EXCEPT the USA. I know and its a shame :( In the above block list comparison webpage, I believe it is listed there? No, they're not and they shouldn't be listed there. Spamikaze is just software so everyone can make there own personal rbl and Spamvrij.nl is just a foundation that tries to make emailmarketing acceptable by education of companies and marketiers. It also lists companies on there website that send `spam', but also lists companies that have changed there policy about emailmarketing.. -- Hans -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ..fixing ext3 fs going read-only, was : Sendmail or Qmail ? ..
On Mon, 8 Sep 2003 00:20:12 +1000, Russell Coker [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]: On Mon, 8 Sep 2003 00:17, Arnt Karlsen wrote: ..I have had a few cases of ext3fs'es, even on raid-1, going read-only on errors, what do you guys use to bring them back into service? What happens on error conditions can be set through tune2fs or as a mount option. Having it remount read-only is probably better than panicing the kernel. ..yeah, except in /var/log, /var/spool et al, I also lean towards panic in /home. When it happens a reboot may be a good idea, in which case a fsck to fix the problem should occur automatically. ..should, agrrrRRRrrreed. IME (RH73 - RH9 and woody) it does not. ..what happens is the journaling dies, leaving a good fs intact, on rebooting, the dead journal will repair the fs wiping good data off the fs. ..compare 'df -h' and 'cat /proc/mounts' on such a system. ..the errors=remount,ro fstab option remounts the fs ro but fails to tell the system, so the system merrily logs data and accepts mail etc 'till Dooms Day, and especially on raid-1 disks I sort of expected redundancy, like in autofeather the bad prop and trim out the yaw and autopatch that holed fuel tank, and auto-sync the props, I mean, this was done _60_years_ ago in aviation to help win WWII, and ext3 on raid-1 floats around USS Yorktown-style??? -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
On Thu, Sep 04, 2003 at 03:43:33PM +1000, Rudi Starcevic wrote: Sendmail or Qmail ? That is my question. neither. postfix is the answer. postfix is backwards compatible with sendmail (meaning minimal disruption during the migration) with better security, speed, and features than qmail (and sendmail too, but that goes without sayiing). Currently we use Sendmail. It's worked fine, well actually problem free so better than fine - I've got the Sendmail book and all. However we will be setting up some new email servers soon and I'm considering Qmail. if you're used to sendmail, you will find postfix to be much easier to understand and configure. At this stage I'm leaning towards sticking with Sendmail but something inside wants to know more about Qmail. try setting up two experimental boxes, just to play with. install qmail on one and postfix on the other.you'll need to do this anyway, you really shouldn't migrate mail servers based ONLY on advice from a mailing list - you need to have hands on experience yourself. qmail is certainly worth learning, if only because it has some interesting ideas - but those ideas are implemented far better in postfix. If you *had* to pick one of these two which would it be ? if i really had no other choice, i'd very reluctantly pick sendmail. not because it's better than qmail (it certainly isn't) but because it isn't a dead-end trap like qmail. qmail is so different to sendmail, exim, postfix, and just about every other unix MTA that migrating to it is a major PITA. migrating away from it is at least as bad. qmail has some very nice features, and is much faster and far more secure than sendmail but it's a technology trap as bad as any proprietary MTA. craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
On Fri, Sep 05, 2003 at 12:54:55AM +0200, martin f krafft wrote: - qmail has a good integration with one of the fastest mailing list servers, ezmlm. ezmlm is probably the best thing about qmail. however, it's also an example of the technology trap that i referred to in a previous message in this thread. fortunately, courier-mlm has all of the features of ezmlm and works with any standard unix MTA including courier-mta, sendmail, exim, and postfix. ezmlm only works with qmail. btw, mailing list speed has a lot more to do with MTA speed than the list software itself. take any mailing list and try running it with different list managers and different MTAs - several things will become apparent: 1. sendmail is slow with any list manager, even if you pre-sort the recipient list. 2. sendmail's performance varies greatly depending on how you tweak it, and depending on which list manager you use (and how it sends the mail). no matter how well you tweak it, though, it will not even begin to come close to postfix's performance. 3. postfix is extremely fast with any list manager, regardless of whether you pre-sort the recipient list or not and regardless of whether you use VERP[1] features or not. 4. qmail comes close to postfix's speed ONLY if there aren't many recipients at the same domain *OR* if you are using VERP. if there are many recipients at the same domain (e.g. a few hundred at hotmail.com, a few hundred more at yahoo.com etc) and you don't need VERP then delivery by qmail will be much slower. [1] another good idea from djb that was implemented better by others. IMO IME, he's good at ideas, bad at implementation and absolutely lousy at systems administration. craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
On Fri, Sep 05, 2003 at 03:14:09PM +1000, Russell Coker wrote: On Thu, 4 Sep 2003 22:58, Eric Sproul wrote: First, scale is a consideration. Once we began to grow our customer base, our email volume began to increase dramatically. Qmail queues everything to disk, so the more mail you do, the more pressure you put on your disk I/O. The server running Qmail was always blocking while it I was under the impression that Sendmail also queues everything to disk. by default, it doesn't. How does it's queue operate then? although it can be configured otherwise (either in the config file or in command line options when calling /usr/sbin/sendmail), sendmail will first attempt to deliver a message submitted to it, and will only fall back to queuing it if the initial delivery fails. this is a performance disaster because it makes resource limiting/rationing impossible, and is probably the primary reason why a sendmail server will fall over and crash under a heavy load that other MTAs (that implement a queue everything first, deliver out of the queue approach) handle without breaking a sweat. BTW, this is also one of the reasons why sendmail is slow with most list managers - most of them do not call /usr/sbin/sendmail with '-O DeliveryMode=q' craig -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Sendmail or Qmail ? ..
On Thu, Sep 04, 2003 at 03:43:33PM +1000, Rudi Starcevic wrote: Sendmail or Qmail ? That is my question. Well Rudi, You have heard from most camps of users who prefer MTA's for various reasons. Interesting enough, Debian ships exim default, and uses Mailman for it's Debian hosted lists, SuSE ships Postfix, oh yea but they use qmail for the MTA of choice and ezmlm for all the SuSE hosted lists, and the so on and so on. Opinions abound on which is better but I have found after running them all, that I personally like one over the other. Personal convictions because of personal experience. In other words, only the experienced walk with a limp. I trust that regardless of what your MTA of choice is, you have fun and learn, which is more important than which MTA. Warm Regards, Dee -- W.D.McKinney (Dee) - CEO President Alaska Wireless Systems Direct (907)349-4308 -=- Mobile (907)230-5048 http://www.akwireless.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
