Re: [expert] Xnest questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Donnerstag, 13. Februar 2003 10:21 schrieb Chuck Burns: > On Friday 14 February 2003 3:16 pm, Dave Laird wrote: > *snipped stuff about xnest gui* > > > In case your findings come to you off this list, could you please forward > > any information you may find about this? I've begun playing with Xnest, > > too, and would like to have a gui tooie. 8-) > > > > Dave > > certainly. And here's another question I would like to pose... Let's just > say I have an old box, and I want to run gdm on it, so I can xdmcp into > it.. BUT! here's the kicker.. I dont want X to run on the box locally... > IOW, I don't want X to take up a VT on the system, ONLY be a remote X > server.. anyone have any ideas here? :) I don't know about gdm, but with xdm and kdm change the file /etc/X11/xdm Xservers: Comment out the line ':0 local /bin/nice -n ...' and run telinit 3; telinit 5 and there will be no X server running localy, but accepts any xdmcp connections. Martin - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+UIomBG198cnayKQRAqvSAJ4025teY7qS2rHc1eMugCVpkHSUaACfYltJ ZVfDyrgsq9sJ3y6guDFgJWQ= =3i5q -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] postfix sasl smpt auth problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Sonntag, 16. Februar 2003 16:03 schrieb leo: > Sometime ago i had setup a mdk8.2 machine with postfix and sasl which > worked great. Now I've got another machine where i installed mdk 9.0 and > did the same configuration but when I try to telnet into the postfix server > i get "535 Error: authentication failed": > > 220 server.home ESMTP Postfix (1.1.11) (Mandrake Linux) > ehlo client.home > 250-server.home > 250-PIPELINING > 250-SIZE 1024 > 250-VRFY > 250-ETRN > 250-AUTH CRAM-MD5 LOGIN DIGEST-MD5 PLAIN > 250-AUTH=CRAM-MD5 LOGIN DIGEST-MD5 PLAIN > 250-XVERP > 250 8BITMIME > auth plain dGVzdGUAdGVzdGUAdGVzdGVwYXNz > 535 Error: authentication failed > > I've checked the password many times and it seems to be correct. > Mailclients (outlook) also cannot login. I'm using the sasldb method. > > Does anyone has any ideas abou this? > > ___ > Leonardo Sá > Recife - PE - Brazil Just a shot in the dark, did you copy the sasl passwordfile to /var/spool/postfix directory (if you use sasldb)? If you don't want to copy this file, disable chroot setting in /etc/postfix/master.cf. Martin - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+UI0ABG198cnayKQRAoxpAJ4zqJGpnI7y1Fw3MHk3ex31Mb55qACaAgLF HlniaoEY7oehElIGoXtyxaY= =1GbH -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] what could be wrong? PHP viewing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Montag, 24. Februar 2003 13:42 schrieb David McGlone: > Hi all, > > I created a "test.php" app and put it in /var/www/html but Konq will not > display it, but instead asks if I want to open it using Kwrite. > > I have all php apps installed, apache, and mysql. > > http://localhost works fine, but viewing PHP scripts isn't working. > > Any ideas? > > Thanks, You have enclosed your php script in , did you? Martin - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+WhpOBG198cnayKQRAjTeAJ4ly3xmFX8yZLJrGSa/AI2ObEaSqgCfS342 DBmC0JDq36f92/rW5JRLBag= =IO6z -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] what could be wrong? PHP viewing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Montag, 24. Februar 2003 15:22 schrieb David McGlone: > On Monday 24 February 2003 08:12 am, Martin Fahrendorf wrote: > > yup, sure did: > > > PHP Test > > > Hello World"; ?> > > Usualy there is a file php.conf in the dir /etc/httpd/conf/addon-modules. This should contain something like AddType application/x-httpd-php .php .php4 .php3 .phtml AddType application/x-httpd-php-source .phps And, of course, it should be included either from httpd.conf or from commonhttpd.conf with a line like Include conf/addon-modules/php.conf Martin - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+WjIlBG198cnayKQRAgsmAJ4gRMoRkk5+mLZ1GFx/OhqOpa5vtgCfZQ2i vb3u8xFwWgClZuoDAsLjtJ0= =EPkG -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] postfix configuration ?
Am Donnerstag, 6. März 2003 16:11 schrieb Carter Harris: > I installed postfix during the installation of my 8.2 mandrake os. The > postfix version is 20020228, I think. I am trying to setup postfix > using the "Postfix+Courier-IMAP+MySQL documentation but I'm getting the > following error message: > > Mar 6 08:56:55 linuxserver postfix/qmgr[15746]: fatal: unsupported > dictionary type: mysql > Mar 6 08:57:00 linuxserver postfix/tlsmgr[15747]: fatal: unsupported > dictionary type: mysql > Mar 6 08:57:39 linuxserver postfix/smtpd[15810]: fatal: unsupported > dictionary type: mysql > Mar 6 08:57:45 linuxserver postfix/pickup[15812]: fatal: unsupported > dictionary type: mysql > > I looked on google and found a couple of references to email archives > for another distro that indicated that postfix was not compiled with the > correct modules and thus generated this message. > > Can anyone tell me what modules are included in the standard mandrake > compile of postfix or how to see what modules were included? I know in > apache I can -l and get a list but that according to the man pages > postfix doesn't support something similar. > > Thanks for a reply. > > Carter AFAIK, mdk does not link postfix to mysql by default. So use the SRPMS and change the spec file to your needs. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Kernel and glibc updates?
Am Samstag, 22. März 2003 01:38 schrieb Vox: > This time Bryan Whitehead <[EMAIL PROTECTED]> > > becomes daring and writes: > > Are we going to be getting kernel updates for the local root > > problem? > > Vincent and the kernel dudes are working on this...some time next > week you'll get them. Meanwhile you can do, as root: > > echo "/path/to/non-existant/file" > /proc/sys/kernel/modprobe > So, what does this exactly do? > And you'll be protected. > > Vox Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
[expert] openLDAP in 9.1
Hi, I have done a upgrade from 9.0 to 9.1 yesterday and it works well so far. But the openLDAP stuff is messed up. in 9.0 the internal database ldbm uses db3 (afaik) but in 9.1 it uses gdbm. So you can not simply upgrade the package. So why is gdbm used for the 9.1 ldap server? Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] print multi-page TIFF files?
Am Dienstag, 1. April 2003 03:19 schrieb Jack Coates: > any one have a way to print a multiple-page fax sent as a TIFF? I hate > to boot VMware just to print it, but it looks like that's the only > option -- everything in Linux only shows page 1. ah, you can do it with efix (part of the efax package) simply run 'efix tifffile.tiff > psfile.ps'. But afaik kfax can do it too. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] sasl
Am Montag, 2. Juni 2003 07:31 schrieb Jack Coates: > On Sun, 2003-06-01 at 19:48, Jack Coates wrote: ... > > > I'm running out of ideas, and I need to get it working soon. Help, > > please :-) > > More info -- read enough and used testsaslauthd enough to decide sasl is > basically working... I've now found an actual live and relevant error > message! When I try to send an authenticated message, Postfix complains > that whatever pwcheck method I specified in /usr/lib/sasl/smtpd.conf is > unrecognized: > > Jun 1 22:12:57 felix postfix/smtpd[5896]: warning: SASL authentication > problem: unrecognized plaintext verifier saslauthd > Jun 1 22:17:09 felix postfix/smtpd[5958]: warning: SASL authentication > problem: unrecognized plaintext verifier pwcheck > > One exception, pwcheck_method of pam gets no error message at all -- no > mail, either, even if I... [insert filthy unprintables here] What about to use sasldb as authentication method? > > > It just started working when I switched to pwcheck_method: pam. > > By just started working, I mean > 250-AUTH LOGIN DIGEST-MD5 PLAIN CRAM-MD5 > 250-AUTH=LOGIN DIGEST-MD5 PLAIN CRAM-MD5 > > now you're probably wondering what these two things have to do with one > another... I know I am. This has nothing to do with the authentication mehtod (besides that only sasldb is able to handle *-MD5 passwords). This two lines only says thas smtpd is able to use those password encryption systems (or plain). Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] sasl
Am Montag, 2. Juni 2003 17:08 schrieb Jack Coates: > Thanks Luca and Martin, > > There's a few things to answer so I went up the thread a bit and will > try to do both. > > > Luca noted, " > But it won't do you any good if all your secrets are in sasldb. What > happens if you remove completely /usr/lib/sasl/smtpd.conf? (sasldb > should be the default then)." > > When I remove it, SASLDB keeps working. So, does this mean that the PAM > setting never worked at all, and choosing a method which was somehow > valid but not enabled caused the fallthrough to sasldb? I'm just very > puzzled by it not working when I specify sasldb. > > and Luca also noted: > > "This is wrong: the sasldb for v1 and v2 have a different layout, so > they should be two separate and distinct files. This has nothing to do > with your problem though." > > Sorry,I caught that and did the conversion, so the v2 sasldb now lives > in /var/lib/sasl2/sasl.db > > Martin asked, "What about to use sasldb as authentication method?" > One of the things I've done while looking on the web is to note that > sasl's default sasldb location is /etc/sasldb, not > /var/lib/sasl/sasl.db. So, I put in a symlink to the v1 version. This is a configuration issue at compiletime (or by *.conf file). By default mandrake uses /var/lib/sasl/sasl.db. > > > It just started working when I switched to pwcheck_method: pam. > > > > By just started working, I mean > > 250-AUTH LOGIN DIGEST-MD5 PLAIN CRAM-MD5 > > 250-AUTH=LOGIN DIGEST-MD5 PLAIN CRAM-MD5 > > And Martin notes "This has nothing to do with the authentication mehtod > (besides that only sasldb is able to handle *-MD5 passwords). This two > lines only says thas smtpd is able to use those password encryption > systems (or plain)." > > Understood now -- so the presence of the *-MD5 options means that > Postfix can now communicate with sasldb whereas it couldn't before. So, > this could be caused by either the symlink of the v1 db into /etc, or > the symlink of /var/lib/sasl2/ to /var/state/saslauthd (another change > suggested by Googling). Not entirely; there are some libs in sasl (like libsasl7-plug-digestmd5 package). These libs gives sasl the capability to use digest-md5 or something else. The auth line only says that smtpd is able to handle *-md5 passwords. It don't mean that it is able to autehnticate with it (for example if sasldb is missing). > > > now you're probably wondering what these two things have to do with one > > another... I know I am. > > I should also clarify that I turned off chrooting in > /etc/postfix/main.cf many moons ago. wise decission. > > Urgency is decreased now, but I'm certainly intrigued by the PAM > integration option and I will try to get that working. One possilbe problem is a wrong configure in the *.spec file of your changed sasl srpm. To be sure, recompile it again and watch for the configure line. there should be listed something like '--enable-pam'. > > thanks again, Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] a bit of a mailserver technical question
Am Montag, 23. Juni 2003 21:54 schrieb Adrian Golumbovici: > Hi all, > > I just installed/configured/secured my own postfix server with a dyndns > address. My dyndns entry is as MX server registered and it is working. I > normally have about maximum 5 minutes offline time. My provider disconnects > me each 24 hours, but linux PC connects again immediately and updates > dyndns entry, which normally takes about maximum 5 minutes to propagate). > In this time the dyndns still points to the old ip address, which is either > not connected (no user got it in so short time) or points to someone who > doesn't have the ports opened (no email server). I wondered what happens if > someone/some-server tries to deliver me email in this time. Will it be > bounced or will it retry and finally send it to me when connection > available again? > > Best regards, > Adrian There are three possible ways (mor or less): The mail is rejected (permanent error) by the host with your old ip address (this host is not configured to accept mails directed to you) so the sender will get a notification about the rejection. There is no further delivery attemp. The mail will be bounced by the host with your old ip address (temporary error). The sender will try to send the mail again. But, a correct configured mailserver would not bounce a mail which is directed to a not local domain, it will reject it instead (it is a relay access denied). If there is no host or the service is not available, the sending server will try it again. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Mail address masquerading
Am Dienstag, 24. Juni 2003 11:55 schrieb Guy Van Sanden: > Hi > > Does anyone know how I can rewrite addresses to the outside? > > What I want to do is this, I have an internal Email server with local > users. > My provider allows outgoing Emails only if the 'From' is an > valid/existing domain. > > Now, I would like to set up something that couples users to alternate > email addresses when sending mail outside the local network. > e.g. map user gvs to [EMAIL PROTECTED] > > Is this possible? > I'm interested in both options for Sendmail and Postfix (I'm currently > running sendmail, but comtemplating the switch to Postfix). > > Thanks With Postfix use sender_canonical_maps (see sample-canonical.cf in /usr/share/doc/postfix-xxx/samples). You can map mail-sender addresses to others. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] "Open relay" using Postfix. Need config help.
Am Mittwoch, 25. Juni 2003 16:49 schrieb Ralph Crongeyer: Hi Ralph, > Hi all, > > I have been using postfix for about a year or so and I needed to change my > configuration and now I can't seem to get it working the same way I had it. > > At the end of my /etc/postfix/main.cf file I have: > > mydestination = $myhostname, localhost.$mydomain, $mydomain > myorigin = $mydomain > smtpd_recipient_restrictions = permit_mynetworks, check_client_access, > hash:/etc/postfix/access, check_relay_domains > > and then in the /etc/postfix/access I have: > > 111.222.333.444 OK > 222.333.444.555 OK > > and so on. > > But now, with this setup, anyone can send mail through? i.e. "Open Relay". No, normaly not (if all your listed IP addresse ar static to the hosts you want to relay). > > I need it to beable to send mail for the entire domain and some clients > outside the domain. The entire domain is matched by the mynetwork stuff. the outsiders should use smtp-auth. > > Ralph Don't use access-file to allow relaying unless the IP addresses you listed are absolute static. Use smtp auth instead. This is more flexible and users from dynamic IP addresses can relay through you mailserver too. Btw: does your smtpd_recipient_restrictions relay look like the list above? There should be a warning or an error in the logfiles (in /var/log/mail) about a mistyping. Normaly smtpd_recipient_restrictions should look like this (there is no comma between check_client_access and the hash table) : smtpd_recipient_restrictions = reject_unknown_recipient_domain reject_unknown_sender_domain reject_non_fqdn_sender reject_non_fqdn_recipient permit_mynetworks check_client_access hash:/etc/postfix/access reject_unauth_destination and did you rehash the access file? Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] "Open relay" using Postfix. Need config help.
Am Donnerstag, 26. Juni 2003 13:28 schrieb Pierre Fortin: > On Thu, 26 Jun 2003 07:40:35 +0200 Martin Fahrendorf > > <[EMAIL PROTECTED]> wrote: > > Am Mittwoch, 25. Juni 2003 16:49 schrieb Ralph Crongeyer: > > > smtpd_recipient_restrictions = permit_mynetworks, check_client_access, > > > hash:/etc/postfix/access, check_relay_domains > > > > Btw: does your smtpd_recipient_restrictions relay look like the list > > above? There should be a warning or an error in the logfiles (in > > /var/log/mail) about a mistyping. Normaly smtpd_recipient_restrictions > > should look like this (there is no comma between check_client_access and > > the hash table) : > > > > smtpd_recipient_restrictions = > > reject_unknown_recipient_domain > > reject_unknown_sender_domain > > reject_non_fqdn_sender > > reject_non_fqdn_recipient > > permit_mynetworks > > check_client_access hash:/etc/postfix/access > > reject_unauth_destination > > No, both forms are OK -- though it's easier to make mistakes with the > comma separated list. The "leading space" form is better IMO, cleaner > (then again, I prefer Python). IIRC, don't put comments in the middle > though... Jep, thats right. Postfix treats commas like whitespaces. But nevertheless, the given restriction does not work (there must be a warning or a error from postfix). You can not continue one line without a leading whitspace in the continued line. But I think that is only a mailer issue (word wrap). Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] "Open relay" using Postfix. Need config help.
Am Donnerstag, 26. Juni 2003 15:23 schrieb Ralph Crongeyer: > Thanks for the tip, i'll try it. > > BTW, I can stop Postfix uninstall it and can still relay e-mail!!! > What the heck is that all about? I mean imap shouldn't relay messages, > right?? It's like there is another MTA running? > > Ralph > Check ich a server is running. 'netstat -napt' will tell you all open ports. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Setting up Cyrus-imapd/Posfix under Mdk-9.1
Am Sonntag, 29. Juni 2003 02:14 schrieb Joerg Mertin: > Hi Folks, > > I have a slight problem with the Cyrus Server n a box I have (Via EPIA > 5000 running Mandrake 9.1). I tried the cyrus-imapd version 2.1.12 from > Contrib. > > Actually - the cyrus-imapd works, and the postfix Server too - if both > ae not connected - but I get the followig mssage in the Postfix logs: > > -Queue ID- --Size-- Arrival Time -Sender/Recipient--- > 15AD9B26E 394 Sat Jun 28 18:34:04 [EMAIL PROTECTED] > (connect to /var/lib/imap/socket/lmtp[/var/lib/imap/socket/lmtp]: No > such file or directory) > [EMAIL PROTECTED] Hi, your solution solved one point. But I think you don't know the reason. In standard mdk9.1 postfix runs chroot, so does the lmtp process. That means, the file /var/lib/imap/socket/lmtp is there but postfix/lmtp needs this file in /var/spool/postfix/var/lib/imap/socket/lmtp. A hardlink should solve the prolem too. I think the new cyrus package solved this by adding the link or moving the socket into the postfix chroot jail. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Transfer mail from uw-Imap -> Cyrus Imapd ?
Am Mittwoch, 2. Juli 2003 11:52 schrieb Joerg Mertin: > Hi Folks, > > just a request. While I have a Server with loads of mails using the > default Mandrake Imap-Server (uw-imap), I was wondering what would be > the easyest way of migrating the Mails to the new Server -> Cyrus Imap. > > Anyone got a Hint on where to look for ? I think there is no easy sollution. Try to run both servers parallel and you can copy every mail from one server to the other. > > Thx & Cheers > > Joerg Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] "Open relay" using Postfix. Need config help.
Am Donnerstag, 26. Juni 2003 17:35 schrieb Ralph Crongeyer: > 'netstat -napt' doesn't reveal anything odd. > Ok so when I have > smtpd_recipient_restrictions = permit_mynetworks, check_recepient_access > hash:/etc/postfix/access, check_relay_domains > > It will relay for any host. Even if the /etc/postfix/access is empty (no IP > addresses). No, It will not relay for any host. Not by default. so what is in mynetworks and what is in relay_domains. Or simply, add the output from postconf -n > > I thought that the "/etc/postfix/access" files list of address would only > permit those machines to relay e-mail??? Is this right?? Not entirely. It allows receiving mails too. The restriction classes are somwhat difficult. > > Here is my situation. I need to have the mail server accept e-mail for the > entire domain but only allow certin clients (or routers, for networks that > masqurade ip addresses) to relay e-mail through the server. So take the default postfix configuration, change the mydestination to accept your domain mails, change the mynetworks and mynetworks_style to accept mails on any network devices you plug in your host, add permit_sasl_authenticated to your recipient restriction and add smtpd_sasl_* stuff to main.cf. Now you have to give usernames and passwords (via saslpasswd if you want to use sasldb) to your users you want to relay and up it goes. Beware, user password are mostly send unencrypted over the net, so use SSL/TLS encryption with postfix. > > Thanks Ralph Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix Relay question...
Am Donnerstag, 26. Juni 2003 20:10 schrieb Ralph Crongeyer: > OK, thanks to everyone's help it looks like I got my MTA configured right > now. > > How can I allow a single client (IP address) besids the "$mynetworks = > 111.222.333.0/24, 222.333.444.0/24" variable or can I do it with that > variable like > "$mynetworks = 111.222.333.0/24, 222.333.444.0/24, 333.444.555.10/24". > Is that possable? Should be, but 333.444.555.10/24 is not a single host but a entire network. So only add networks to mynetworks if and only if you trust the entire network. Else add only single hosts (to access for example) or use authentification methods. > > What is the best solution for this?? > > Thanks, Ralph -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Automated Mail with Mozilla
Am Mittwoch, 16. Juli 2003 23:37 schrieb Colin Close: > Hi, > > I'm on holiday from the 28th July (first time in years) and I don't > want to miss any mail from the lists. Does anyone know how to automate > Mozilla to do auto downloads. I know I could do a cron for the timimg > but I've no idea how to automate Mozilla Mail. > Any suggestions gratefully accepted. > > > Colin Close Why not use fetchmail? Btw, your clock is incredible fast. You live in the future. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Using Postfix to send mail.
Am Montag, 21. Juli 2003 22:18 schrieb JoeHill: > Hello, > > I am on a small internal LAN which does not use a Domain name or even > have a DNS server, well, except for the router in a way I suppose. > > Anyway, I want to try to use my mailserver, simply called "localhost", > to send mail out rather than my ISP's smtp server. Mainly a learning > exercise, you know, start small and all that. > > I have used sendmail in the past and run into several problems wherein > receiving domains see me as an "open relay" and bounce the mail back to > me as potential spam. They don't do it weil because they see you as an open relay but because you have a dynamic IP address and those addresses were missused for spaming. They take the easy way and block whole known dynamic IP address ranges (It is something like that: oh, there are drivers of rented cars who can not drive so to be sure none of those drivers get on our roads lets block our roads to all rented cars). > > I a looking at the postfix docs right now, and I am confused about a few > things. > > In my mail client, I choose sendmail for sending mail, but how does this > relate to Postfix? Does Postfix simply receive all commands from > sendmail and process them? postfix has a sanemail compatibility layer. the postfix/sendmail has nothing to do with the sendmail program. It is only called the same. There are some programs out there which needs a programm called sendmail with the known functionality of the famous sendmail. > > If so, how to I configure Postfix (I am assuming this is in > /etc/postfix/main.cf) to let receivers know I am not an open relay and > they have nothing to fear from me. You can not. All the big ISP which reject your mails don't care wether you can send mails from your own mailserver or not. > I read in the docs that by default > Postfix will not relay mail by default, so I rest easy that I am *not* > an open relay, correct? It is not that easy. To run a mailserver is mor than to install postfix. you are responsible for your configuration and your users who are allowed to use your mailserver. And there are so many poor installed and configured mailserver out there. It is hard to collect all this servers with static ip addresses, but with dynamic addresses it is not possible. And, your intention may be not to build a open relay, but are you shure you ar the only person, who is able to configure your server? So, you may know that your server is save, but the rest of the wold only may guess. And you are not able to give a guarantee. Your server can not get prooven while changing the IP address. > > Anyhow, thanks for any assistance! So, in the beginnig, configure your mailserver to use the mailserver of your ISP as a relay. Please see the postfix FAQ on www.postfix.org. There are some config examples for this special needs. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Using Postfix to send mail.
Am Dienstag, 22. Juli 2003 13:48 schrieb stefmit: > On Tuesday 22 July 2003 12:18 am, Martin Fahrendorf wrote: > > Am Montag, 21. Juli 2003 22:18 schrieb JoeHill: > > > Hello, > > > ... > > I have the same setup at home (postfix for localhost, and dynamically > assigned address), and what I found out from some receiving systems/ISPs > was that they were rejecting my email not because of the membership to a > specific pool of addresses, but rather because of the reverse lookup, that > would either fail, or be dynamically associated with broadband or dial-up > domains. The moment I registered my domain, and pointed back to my IP > address (which - by the way - as "dynamic" as it was advertised, I just > "fixed" it on my firewall, and never had a problem ;)), all emails started > flowing just fine, regardless of the pool of IPs I was part of ... so check > out this alternative, also. It is a little bit of both. Some dynamic IP addresses will be blocked because they are dynamic and some don't. The forward and reverse lookup is a complete different thing. every ip address and domain in e-mail traffic must be forward and reverse resolvable. sometimes it works without, but most of the time it don't. > > Stef Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Using Postfix to send mail.
Am Dienstag, 22. Juli 2003 20:56 schrieb James Sparenberg: > On Tue, 2003-07-22 at 06:28, Martin Fahrendorf wrote: > > Am Dienstag, 22. Juli 2003 13:48 schrieb stefmit: > > > On Tuesday 22 July 2003 12:18 am, Martin Fahrendorf wrote: > > > > Am Montag, 21. Juli 2003 22:18 schrieb JoeHill: > > > > > Hello, > > > > ... > > > > > I have the same setup at home (postfix for localhost, and dynamically > > > assigned address), and what I found out from some receiving > > > systems/ISPs was that they were rejecting my email not because of the > > > membership to a specific pool of addresses, but rather because of the > > > reverse lookup, that would either fail, or be dynamically associated > > > with broadband or dial-up domains. The moment I registered my domain, > > > and pointed back to my IP address (which - by the way - as "dynamic" as > > > it was advertised, I just "fixed" it on my firewall, and never had a > > > problem ;)), all emails started flowing just fine, regardless of the > > > pool of IPs I was part of ... so check out this alternative, also. > > > > It is a little bit of both. Some dynamic IP addresses will be blocked > > because they are dynamic and some don't. The forward and reverse lookup > > is a complete different thing. every ip address and domain in e-mail > > traffic must be forward and reverse resolvable. sometimes it works > > without, but most of the time it don't. > > > > > Stef > > The other thing I've run into..(Mainly with gnu list serv lists.) is > that apparently the RFC requires that [EMAIL PROTECTED] exist. > If it doesn't they will refuse all e-mail, Even if you have reverse DNS > etc. Great idea now I'm guaranteed to have an e-mail address > spammers can send to. It is not only this address. There are some more. If you dont hav all these addresses enabled you can find your server on a list of rfc-ignorant.org. There are som mail server outside which don't accept mails from servers listed in rfc-ignorant.org. But on the other hand, if you have problems with one Mailserver how can you inform the server administrator if the postmaster mailbox does not exists? BTW, in the last four years, I haven't got any spam on the postmaster mailbox. > > James Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Using Postfix to send mail.
Am Mittwoch, 23. Juli 2003 07:35 schrieb James Sparenberg: > On Tue, 2003-07-22 at 22:04, Martin Fahrendorf wrote: > > Am Dienstag, 22. Juli 2003 20:56 schrieb James Sparenberg: ... > > But on the other hand, if you have problems with one Mailserver how can > > you inform the server administrator if the postmaster mailbox does not > > exists? BTW, in the last four years, I haven't got any spam on the > > postmaster mailbox. > > Don't doubt you on this ... but if you are feeling left out ... I can > send you some of what we get *grin*. > > James No thanks. I fight spam as much as possible. And the next version of postfix will make it a little bit easier to reject spam. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Using Postfix to send mail.
Am Mittwoch, 23. Juli 2003 07:46 schrieb Frankie: > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of James ... > > Don't doubt you on this ... but if you are feeling left out > ... I can > send you some of what we get *grin*. > > James > > # > > Yeah, worst thing I did was add wildcard address's to the > virtual file.. > @mydomain.com franki > > between that and my postmaster admin accounts amount to > about 30% or more > of the 50-100 spam I get a day... If I didn't have > spamassassin running on > the server, I'd have been driven up the wall by now. The main problem with amavis and postfix is a missing feature in the current postfix version. You can not reject spam mails. So you lose ane defence line in your battle against spam. > regards > > > Franki Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Using Postfix to send mail.
Am Mittwoch, 23. Juli 2003 08:41 schrieb Martin Fahrendorf: > Am Mittwoch, 23. Juli 2003 07:46 schrieb Frankie: > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of James > > ... > > > Don't doubt you on this ... but if you are feeling left out > > ... I can > > send you some of what we get *grin*. > > > > James > > > > # > > > > Yeah, worst thing I did was add wildcard address's to the > > virtual file.. > > @mydomain.com franki > > > > between that and my postmaster admin accounts amount to > > about 30% or more > > of the 50-100 spam I get a day... If I didn't have > > spamassassin running on > > the server, I'd have been driven up the wall by now. > > The main problem with amavis and postfix is a missing feature in the > current postfix version. You can not reject spam mails. So you lose ane > defence line in your battle against spam. > Oh, the main problem is not amavis but spamassassin (but we run spamassassin by amavisd-new). Martin > > regards > > > > > > Franki > > Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Using Postfix to send mail.
Am Mittwoch, 23. Juli 2003 09:55 schrieb Joerg Mertin: > Hi Martin, > > On Wednesday 23 July 2003 08:47, Martin Fahrendorf wrote: > [...] > > > > The main problem with amavis and postfix is a missing feature in the > > > current postfix version. You can not reject spam mails. So you lose ane > > > defence line in your battle against spam. > > > > Oh, the main problem is not amavis but spamassassin (but we run > > spamassassin by amavisd-new). > > I know that I could reject spam directly through spamassassin - however - I > do use the combaination: postfix, cyrus-imapd, spamassassin, anomyser - and > have not yet found a decent script that rejects Spam when it comes in. > Would be nice - as I have about 5 Persons (Friends) getting Mails through > my server - and we're getting in about 50 Spams/Day ... Any hint on that, > LInk I could read some stuff etc. > > The example that came with anomy/spamassassin-scripts are not all that > satisfaying IMHO. > > Thx for a hint > > Joerg As Frankie said, the new postfix (the snapshot releases do it as well) kan handle the rejection via the proxy method. the first postfix instance take the mail but does not tell the sending server that it accepts it. Only if some proxy program like spamassassin accepts it, postfix accepts it too and the delivery contains. But if spamassassin says no, the mail will be rejected. There is no way to tell postfix reject spam mail with spamassassin in the current version. But afaik the snapshot versions of postfix are relative stable. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Using Postfix to send mail.
Am Mittwoch, 23. Juli 2003 10:49 schrieb Joerg Mertin: > Hi Martin, > > thx for the hint. I might give it a try. > However - what buzzes me here is that if you use the proxy method to > identify spam - you have to get the spam anyway through it - don't you ? So > - the spam will use your bandwidth to get analyzed by the "proxy" > application - and the proxy application then returns a Spam-Detected > message which will be interpreted by the postfix process and which will > make that one reject the message definitly. > > IMHO - the only difference is that the remote side will get a reject > message if I understood correctly the process. Please correct me if I'm > wrong. Jepp, that's right. > > Do you think this reject message will inhibit spammers to send you more > mail ? Hm, that is wild guessing. I think spamers dont want to waste bandwith, they want to get their mails read. If you silently delete the spam the spamer don't know if their mails get read or not. So they assume thei can send their mails again. If the spam get rejected they know that you don't accept the mail. It is up to the sending server to handle the rejection. Do they send spam again? Yes, I fear they see it as a kind of sport to get their spam trough. But doing nothing is no sollution. > > NOTE - the actual spamassassin/postfix/anomy method enables you to actually > get the Mail in, spamassassin checks it through spamc/spamd - and if it's > beeing detected a SPAM - you can tell the delivery script to delete it or > move it to a local-file for laer analysis ... > > Cheers > > Joerg > Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Using Postfix to send mail.
Am Mittwoch, 23. Juli 2003 19:10 schrieb Luca Olivetti: > Frankie wrote: > > If the spam get rejected they know that you don't accept the > > mail. It is up to > > the sending server to handle the rejection. > > OTOH, since spam detection mechanisms are not perfect (and black lists > based ones are evil), rejecting means you can lose good emails, while > with filtering you give yourself (and your users) an option to look at > the spam folder from time to time to see if a good message has been > flagged as a false positive. > > Bye Jep, thats why we don't delete spam. there was some valid mails (it is realy spam too, but the receiver has subscribed to this list) droped by spamassassin. So we tag all spam and every user can set up a filter to delete the spam by a level she/he wants. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] advice please postfix ect.
Am Sonntag, 27. Juli 2003 20:12 schrieb richard bown: > Hi Jack > > well a fair progress. > > I can send mail to myself routing it thru the mail redirectat > freeparking, to dyndns and thru postfix on this machine , with evolution > pulling the mail from /var/spool/mail. > > However there a small snag > > > I send a mail from evolution to [EMAIL PROTECTED] > thats sent to smtp.blueyonder.co.uk > which sends it to freeparking > which redirects it as [EMAIL PROTECTED] > which sorta flys past dyndns to postfix on this machine. > > My hostname here is gb7tf.org.uk > in /etc/postfix/aliases > > richard:[EMAIL PROTECTED] > > in /etc/posfix/virtual > > [EMAIL PROTECTED] richard > > in etc/postfix/main.cf > mydestination = $myhostname, localhost.$mydomain > rf-engineer.homelinux.com ##thats all 1 line the domain/host rf-engineer.homelinux.com is either virtual or it is in mydestination but never both. Think of it. mydestination defines the domain/hostpart which postfix consider as final destination to himself. > > virtual_alias_maps = hash:/etc/postfix/virtual > alias_database = hash:/etc/postfix/aliases > myhostname = gb7tf.org.uk > myorigin = $mydomain > masquerade_domains = $mydomain > virtual_maps = hash:/etc/postfix/virtual > canonical_maps = hash:/etc/postfix/canonical > relayhost = smtp.blueyonder.co.uk > > I did get some help with the mydestination line on the club site tnx > > so what happens is the mail arrives addressed to > "[EMAIL PROTECTED]" > > BUT it arrives in evolution as "[EMAIL PROTECTED]" and thats also the reply > address which is not so good. You have to rewrite the recipient address (use the canonical map) > > At least I can send mail to myself and it takes a few 10's of seconds > now , compared with up to 10 mins via my ISP's popserver, also their pop > sever can take up to 30 mins to authenticate the password > The marvels of microsoft :) > > > Any ideas where where that missing part of the address is going on my > system. > The last time I played with mail servers was on NOS which is a clone of > the NOS written by Phil Karn nearly 20 years ago. > And then rewrite files were called rewrite files. > > TIA > Richard > And, if you are in doublt what postfix is doing look in the logs. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] advice please postfix ect.
Am Sonntag, 27. Juli 2003 22:18 schrieb Richard Bown: > Hi Bill > > On Sun, 2003-07-27 at 20:08, Bill Mullen wrote: > > > > Ensure here that there is a comma after "localhost.$mydomain". > > No there was'nt , but there is now > There is no need for a comma. Postfix uses whitespaces or commas to seperate. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] ML 9.0 - postfix calls *all* connections "unknown"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Freitag, 11. Oktober 2002 01:22 schrieb Tommy Wareing: > > There's the question of security: this now allows a breached > postfix to rewrite resolv.conf for the rest of my machine, although > only that single file. So it's safer than not chroot-ing, but not as > good as fixing all the applications which write to resolv.conf > (linuxconf and dhcp being the two I can think of, but there may be > sufficient others to mean this isn't viable). > > Of course, if we ever have two different chroot'd applications, this > won't be viable, so in the long term, it's still a potential problem. with the resolv.conf there is a simple solution: setting up a local cachingonly nameserver and ignore the warning of postfix for different resolv.conf file. btw: only the masterdaemon of postfix runs as root. all the other are running als postfix and cannot change resolv.conf. Martin > > But at least I can continue to outfunction all our office Solaris > boxes ;-) - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9pmnzBG198cnayKQRAjb8AKCGqSAMXvyeiyDIiXMjnaDuHVJsAQCfdDvl bftPcu3HDtiuilaNBmkUp8k= =ww78 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: DNS problems on 9.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Dienstag, 22. Oktober 2002 21:22 schrieb Jim C: > Jim C wrote: > > For project reasons I've installed a DNS server on my gateway/router > > using techniques that worked on the previous version of Mandrake. > > Specifically I'ld been following the instructions in O'Reilly's book > > on > > ... > > > the clients. I'm thinking that the wizard is not properly setting up > > the *.db file. > > Now understand that I have a copy of O'Rielly's "DNS and BIND" and that > I have done this several times before. However if there is an error > here, then I am missing it. The only changes I've made from the wizards > settings are the last two lines. > > Here is the *.db file. Note that I do not own microverse.net, rather I > am using views to keep it from the outside world. As you may have > noticed, I am none to concerned about security. Before anyone asks > there are reasons for that but they will not be discussed. ;-) > > > $ORIGIN . > > $TTL 86400 ; 1 day > > microverse.net IN SOA microverse.net. root.microverse.net. ( > > 2002102200; Serial number > > 3600; 1 hour refresh > > 300 ; 5 minutes retry > > 172800 ; 2 days expiry > > 43200 ) ; 12 hours minimum > > > > ; List the name servers in use. Unresolved (entries in other zones) > > ; will go to our ISP's name server isp.domain.name.com > > IN NS enigma. > > > > > > IN MX 10enigma. > > > > $ORIGIN microverse.net. > > $TTL 86400 ; 1 day > > > > IN A192.168.1.254 > > > > localhost IN A 127.0.0.1 > > > > ; Alias (canonical) names > > ftp IN CNAMEenigma. > > www IN CNAMEenigma. > > mailIN CNAMEenigma. > > > > ; List of machine names & addresses > > spartack. IN A192.168.1.253 ; comment > > homeworld. IN A192.168.1.252 ; comment Hi, is there realy a dot (.) after the name enigma? so the host ftp resolves to "enigma." includes the dot and not to enigma.microverse.net. enigma. can not be resolved. The dot at the end of a hostname in the bind db says not to append the domainname to the name. Replace the dot at the end of the hostnames and retry. Martin - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9tkWNBG198cnayKQRAnt8AJ9pvSFZBdCiwb6kubsO24ZdWZsu5wCdHU5N h+aM0i8O+D3BmF43koCLtYM= =BIjE -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] arts not working in two displays at once
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Donnerstag, 24. Oktober 2002 03:09 schrieb bascule: > this devfs thing is really starting to hack me off, i see no reason why > the 'first' user to log on locally gets to be 'king of audio'. > if i try to avoid using devfs will this behaviour change? Hi, this is not a feature of devfs but of a little pam-module called pam_console (see man pam_console). > i thought groups were the way to handle this sort of thing, but my > ability to customise my machine is being removed by automation that > requires actual coding skills to get around limitations it's introducing > 'to make things easier' na, you can see it both sides. In about more than 80% the standard behavior is no miss. an a poweruser in any case changes the whole system. > i think mandrake should stop and consider the few folk for whom auto > mountpoint creation for usb/removable devices is a pita and permissions > getting set whether you like it or not, are not helpful, and allow us to > opt out easily > > thanks for the info, i won't of course be doing anything about this now, > i'll be too busy learning perl just to be able to understand what > happens when i plug in my camera - let alone change it! (i don't think) > > can you tell i'm annoyed? > > bascule > Martin - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9t5FCBG198cnayKQRAnu4AJ9OR0OYODVtOVyO0hgJShOhAoJk1QCdHdzb 2lNs/+e2MLWxlO5dUuEUW5s= =0xC9 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Using gcc 3.2: 'cc1' warning message
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Mittwoch, 23. Oktober 2002 21:30 schrieb Aleksey Naumov: > Dear experts, > > I am using gcc 3.2 (on ML 9.0) and I get a lot of warnings from cc1: > > cc1: warning: changing search order for system directory > "/usr/local/include" cc1: warning: as it has already been specified as > a non-system directory > > I understand this warning is caused by '-I/usr/local/include' in the > compilation line. So, '/usr/local/include' must be a system include > directory in gcc 3.2. > > Is there any way to suppress this message, or remove > '/usr/local/include' from the default include list? A lot of packages I > have to compile use '-I/usr/local/include' and it is a pain to deal with > the flood of identical cc1 warnings. > It's more than a pain; cyrus' imap-2.0.16 does not configure correctly because they interprete these warning as an error. So thats the big advantage of OpenSource, use the Source. search for /usr/local/include in the configure-scripts or Makefiles and remove it. Martin > Thank you, > Aleksey - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9t5IaBG198cnayKQRAvemAJ9gg8rw0Z+htfftueerVmCmIWF6HgCfUVqf PgFUogW7JO/JCs2jCbHVKJQ= =ln7+ -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] LM 9.0 - Install Fails - SCSI Disks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Mittwoch, 13. November 2002 22:18 schrieb Albert E. Whale: > Can someone PLEASE explain to me why on Earth I cannot install LM 9.0 on > a SCSI based system? It was running 8.2 fine, and my upgrade failed > (something about the RPM Database rebuild failed, which then lead to an > X Windows CRASH). > > After that I attempted Twice to Install LM 9.0. Each time fails at a > different Point in the installation. > > WHY MUST I Boot off of the Floppy with a cdrom.img in order to install > LM? > > Can someone PLEASE let me know why? What works differently from the > traditional boot from CD-ROM? > Hi, I had the same problem. The failed update attemp destroyed my rpm database. every Install attemp faild at a other state. It seems to me like a bug in supermount. Try to switch to a console (alt+F3 I think) and list the content of your cdrom. there are lot of files missing. I solved it by installing a ATAPI CD-ROM drive from my old machine and almost every thing went through (besides a problem I had since mdk7.x with the graphical installation). So supermount was a real Horror. I was so angry about it that I compiled the new kernel without these crap (in my special environment). Martin > -- > Albert E. Whale - CISSP > http://www.abs-comptech.com > -- > ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists > Sr. Security, Network, and Systems Consultant > Board of Directors - InfraGard - Pittsburgh, PA - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE900WqBG198cnayKQRAhBLAJ9upvEoDp1phwr1lGf7tzRYKgQ55ACfeto+ caE0CaW8Fi+EKH5g15pa4TE= =jlfl -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
[expert] traffic control
Hi there, I have played a little bit with the traffic control system (tc) and the hierachicak tocken buckets (htb) to limit the use of some services (those mules und donkeys). I have mdk9 and all the tools and kernelmodules are in there, but they have a version mismatch. the command tc qdisc add dev eth0 root handle 1: htb default 12 failes and logs in the syslog: kernel: HTB init, kernel part version 3.6 kernel: HTB: need tc/htb version 3 (minor is 6), you have 10 what to do? some comments? Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg61624/pgp0.pgp Description: signature
Re: [expert] traffic control
Am Montag, 25. November 2002 14:25 schrieb Martin Fahrendorf: > Hi there, > > I have played a little bit with the traffic control system (tc) and the > hierachicak tocken buckets (htb) to limit the use of some services > (those mules und donkeys). I have mdk9 and all the tools and > kernelmodules are in there, but they have a version mismatch. the > command > > tc qdisc add dev eth0 root handle 1: htb default 12 > > failes and logs in the syslog: > > kernel: HTB init, kernel part version 3.6 > kernel: HTB: need tc/htb version 3 (minor is 6), you have 10 > It is realy a version mismatch. I grabed the tc-patch from http://luxik.cdi.cz/~devik/qos/htb/ and replaced the patch in the src.rpm with it and after a rebuild it runs like a charme. So it seems to be a bug in the iproute2 package. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg61676/pgp0.pgp Description: signature
Re: [expert] traffic control
Am Mittwoch, 27. November 2002 13:44 schrieb Alex Bennee: > On Tue, 2002-11-26 at 08:06, Martin Fahrendorf wrote: > > It is realy a version mismatch. I grabed the tc-patch from > > http://luxik.cdi.cz/~devik/qos/htb/ and replaced the patch in the > > src.rpm with it and after a rebuild it runs like a charme. So it seems > > to be a bug in the iproute2 package. > > Do you have any pointers to replacing patches for rebuilding src rpms? > I've been meaning to try deviks connbytes patch but I wanted to do it in > the context of the MDK RPM's without manually extracting source and > patches and building from scratch. Install the iproute2 src rpm grab the tc-patch from the web-page above and replace the iproute2 patch 'iproute2-htb.patch.bz2' with this tc-patch (rename and bzip2 it of course). a rpm -bb /usr/src/RPM/SPEC/iproute2.spec and a little later there is a ready mdk rpm in /usr/src/RPM/ix86. Of course the mdk signature is missing, so rpmdrake is complainig about it. If you change the Release Name in the .spec file to 4.1mdk before you run rpm -bb you can simply run a rpm -Fvh to the resultin package. I hoped someone at madrake would fix this bug so we can get a new package official from mandrake. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg61774/pgp0.pgp Description: signature
Re: [expert] Geheimnis
Am Freitag, 6. Dezember 2002 10:13 schrieb Guy Van Sanden: > Hello > > Does anyone know where to get RPM's for geheimnis? > IMO, it's the best graphical tool for GnuPG. Alternative suggestions > are also welcome (I've tried gnomepgp, tkpgp, gpa). > > Thanks > > Guy try kgpg. It has a nicely konqueror plugin to encrypt files via rmb. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg62260/pgp0.pgp Description: signature
[expert] openPGP
Hm, there is something weired in this mailinglist. All mails from me and from vox gets a warning with invalid signature. someon is changeing the content on the way (and it is not my mailserver). there are changes from '=2D' to a '-'. The Mails on the secureity-discuss mailinglist works very well. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg62264/pgp0.pgp Description: signature
Re: [expert] openPGP
Am Freitag, 6. Dezember 2002 12:50 schrieb Wolfgang Bornath: > On Fri, Dec 06, 2002 at 12:03 +0100, Martin Fahrendorf wrote: > Content-Description: signed data > > > Hm, > > > > there is something weired in this mailinglist. All mails from me and > > from vox gets a warning with invalid signature. someon is changeing > > the content on the way (and it is not my mailserver). there are > > changes from '=2D' to a '-'. > > Hallo neighbour (living in the same town!), > > What I see in Mutt is: > > "gpg: Unterschrift vom Fre 06 Dez 2002 12:03:04 CET, DSA Schlüssel ID > C9DAC8A4 > gpg: Unterschrift kann nicht geprüft werden: Öffentlicher Schlüssel > nicht gefunden" > > For the non-German readers: > "gpg: Signature cannot be verified: No public key found" > > I checked the connection to the keyserver by letting a friend send a > signed mail and it worked all right. > Don't know whether this has anything to do with your question, though. no, not realy. you can download my public key form 'blackhole.pca.dfn.de' or I can send you my public key by mail. Then mutt should say that the signature does not match the mail (because the content was changed). > > wobo Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg62272/pgp0.pgp Description: signature
Re: [expert] openPGP
Am Freitag, 6. Dezember 2002 18:10 schrieb Vincent Danen:
> On Friday, December 6, 2002, at 07:01 AM, Martin Fahrendorf wrote:
> >>> there is something weired in this mailinglist. All mails from me and
> >>> from vox gets a warning with invalid signature. someon is changeing
> >>> the content on the way (and it is not my mailserver). there are
> >>> changes from '=2D' to a '-'.
>
> In some, not so rare, instances, sympa will rewrite messages and insert
> MIME data instead of regular text data which, of course, screws up gpg
> sigs.
>
> ezmlm-idx, which runs the MandrakeSecure lists, doesn't have this
> peculiar behaviour. Todd Lyons and I tracked down sympa as the culprit
> a few months ago, but I'm not sure what the reason for sympa doing it
> was (it was a particular characteristic of an email). Something like a
> space behind a triple dash or something.
Ah,
thanks. Nice to know.
Martin
>
> --
> MandrakeSoft Security; http://www.mandrakesecure.net/
> "lynx -source http://linsec.ca/vdanen.asc | gpg --import"
> {FE6F2AFD: 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
--
H E L I X Gesellschaft für Software & Engineering mbH
Hanauer Landstrasse 52 Telefon (069) 4789 35-30
60314 Frankfurt am Main Telefax (069) 4789 35-44
http://www.helix-gmbh.net[EMAIL PROTECTED]
msg62285/pgp0.pgp
Description: signature
Re: [expert] Postfix does not work after migrating to 9.0
Am Montag, 16. Dezember 2002 09:58 schrieb Stefano Pogliani:
> I migrated yesterday to 9.0.
>
> I saved my account and the etc structure so that (I thought) I could
> reconfigure easily.
>
> So, In 8.2 I had an IMAP service on my PC which was using the Postfix
> SMTP. My server is scarlet.poglianis.net (the domain does not exist in
> reality, it is just inside my firewall).
>
> I tried to configure all the postfix files as they were before, but NO
> LUCK. When I try to connect to any of my IMAP folders, I get the error
> saying "Could not connect to mail server scarlet.poglianis.net; the
> connection was refused".
>
> What did I do wrong?
> I saw that the config of postfix changed between 8.2 and 9.0. (at least
> the part under /var/spool/postifx seems to have changed quite a lot).
>
> Thanks a lot indeed. Best regards
> /stefano
postfix does not play IMAP! does your connect to IMAP fail or your connect
to SMTP? If IMAP failes check /etc/hosts.{allow|deny} and the open ports.
Martin
--
H E L I X Gesellschaft für Software & Engineering mbH
Hanauer Landstrasse 52 Telefon (069) 4789 35-30
60314 Frankfurt am Main Telefax (069) 4789 35-44
http://www.helix-gmbh.net[EMAIL PROTECTED]
msg62855/pgp0.pgp
Description: signature
[expert] rmmod used kernel-modules
Hi, how can i rmmod a user kernelmodule? The Problem: xsane craches during a scan. after a restart it can not find any valid scanner. So i tried to unload the scanner kernel module but it say 'resource busy' but there is no prozess hanging on /dev/usb/scanner0. So Only a restart enables my scanner (just like windows). Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg62871/pgp0.pgp Description: signature
Re: [expert] MySQL not starting at boot
Am Samstag, 19. Oktober 2002 21:51 schrieb David Guntner: > This question was asked by someone else earlier, but I never saw a > response. Sorry if one was given and I was just being blind... :-) > > I've done "chkconfig --add mysql" so I know it should be starting. When > checking the comments at the beginning of the /etc/rc.d/init.d/mysql > script, I see: > > # Comments to support chkconfig on RedHat Linux > # chkconfig: 2345 90 90 > # description: A very fast and reliable SQL database engine. > > Which says that it should be getting started in run levels 2 through 5. > And yet, upoon booting, there's no mysql daemon running. I have to > manually do a "/etc/init.d/mysql start" to bring it up. Checking the > startup configuration, I find: > > # chkconfig --list mysql > mysql 0:off 1:off 2:on3:off 4:on5:off 6:off > > Ok, so how come mysql is only set to come in in run levels 2 and 4, when > the comments at the beginning of the script say 2 through 5? > > I'm thinking that maybe it's related to running msec level 4. If that's > the case, how do you override and tell it to allow that service to run > at startup? > > Any help would be appreciated. > > --Dave Hey, a little late, but I found the sollution. The 'off' in runlevel 3 and 5 is caused by the lsb stuff. somewhere in the mysql file in /etc/init.d there are the lines # Default-Start: 3 5 # Default-Stop: 3 5 but they should be # Default-Start: 2 3 4 5 # Default-Stop: 1 6 I is obvious, now, why runlevel 3 and 5 does not start mysql. Its a Bug in the mysql init-script. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg63025/pgp0.pgp Description: signature
Re: [expert] pgp sigs
Am Freitag, 10. Januar 2003 19:26 schrieb Todd Lyons: > Charles A Edwards wrote on Fri, Jan 10, 2003 at 01:22:15PM -0500 : > > > Mark, your messages are not recognized by mutt as being signed > > > messages. I can tell this because I can see your pgp sig as quoted > > > above instead of being verified. Could we do some offlist email > > > exchanges to see what is the culprit in this? I can see possibly > > > filing a bug report to the mutt guys. > > > > Isn't he just using clear sign > > Yes, but so am I. Mine get verified. His don't (at least not on my > system). So I'm trying to figure out who's non-compliant, mutt or > mozilla or kmail or sylpheed or etc. > I get yours verified, but not Marks (using KMail 4.1rc6). Marks public key is missing and I can't get it from a public keyserver. Martin > Blue skies... Todd -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg64107/pgp0.pgp Description: signature
Re: [expert] MTA help (maybe)
Am Dienstag, 14. Januar 2003 03:28 schrieb Bill Witherspoon: > Hi all, > I'm trying to set up the following: > 1) fetchmail getting my POP mail from my ISP. > 2) Using procmail to filter, and deliver into my local mailbox. > 3) Using Mutt to read it > > but I'll be darned if I can send mail. I think the word I'm looking > for is 'relay' (please correct me). I need to authenticate to my ISP no, relay is to forward (relay) a mail from a host outside your network to another host outside your network. All hosts inside your network usualy does not need to relay. > (sasl?). I've tried looking at postfix & sendmail but all the docs are > setup for server type applications. I have no need to send mail either > locally or to remote machines. I *just* need to relay to my ISP ;-) > > Do I really need full blown sendmail just to give mail to my ISP? > Any help would be appreciated. (course both sylpheed & kmail can do it!) > No, you don't need a full mta. especialy not with smtp auth and all its trapdoors. KMail (for example) can do smtp auth by itself (I think mutt can do it, too). But, If your host runs longer than a couple of hours (lets say 24hours a day) It is far better to have a mta running (at least in the default configuration). Every failure in a cronjob is reported by mail. And some msec reports too. So you don't get this information if you don't have a mta running. Martin > > Bill -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg64171/pgp0.pgp Description: signature
Re: [expert] MTA help (maybe)
Am Mittwoch, 15. Januar 2003 04:51 schrieb Bill Witherspoon: > Thanks for the responses, > > Here's what I think I've learned (please correct me): > > 1) Mutt doesn't have any SMTP code (although oddly it appears that > the Windows very does??) > 2) sendmail/postfix/qmail/exim - full blown mail servers that for > my single workstation seems a bit overblown. They also appear to > like having a 'real' domain names to work with. > 3) gui apps that require XFree86 like Kmail/Sylpheed that do > pop/imap reading, and smtp/auth sending. Perfect if I run a Gui. > 4) some simple daemons that do smtp like nullmailer, but do > not do smtp/auth. (There's an open invitation to add that to > nullmailer (if you're good at C++) on their mailing list). > > Has anyone run into a similar roadblock trying to Mutt without > postfix/sendmail? Hm, try esmtp from cooker. This litte Program does SMTP-AUTH. > > TIA, > Bill Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg64271/pgp0.pgp Description: signature
Re: [expert] hostname and postfix
Am Montag, 20. Januar 2003 07:28 schrieb bascule: > > > so, what have i forgotten, it's clear that > #hostname -f gives the required result but i still get: > [root@mycroft bascule]# mail bascule > Subject: test > Cc: Null message body; hope that's ok > [root@mycroft bascule]# send-mail: warning: My hostname mycroft is not a > fully qualified name - set myhostname or mydomain in > /etc/postfix/main.cf postdrop: warning: My hostname mycroft is not a > fully qualified name - set myhostname or mydomain in > /etc/postfix/main.cf > [root@mycroft bascule]# > postfix calculates the domainname from your hostname. so a hostname like my.hostname.com results in a domainname hostname.com. if your hostname is simply my, there is no way to get the domain name. so either specify your hostname as bascule.excession or change the entries mydomain and myhostname in /etc/postfix/main.cf. btw: please disable the chroot settings of postfix. This stuff brings only confusion to the user. Why handle two resolv.conf etc. and even Wietse Venema says: only experienced users should use chroot. > note i haven't touched ../main.cf or ../main.cf.default and i don't see > why i should since i didn't touch them on a previous box i installed 9.0 > on, the only difference here is that this is a clean install and the > other install was an upgrade from 8.2 > > so if there any ideas beyond 'this is really simple man just issue > #hostname mycroft.excession' > and 'edit /etc/sysconfig/network' or 'edit /etc/hosts' or 'you can't be > doing it right', i would be grateful to hear them > > bascule Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg64704/pgp0.pgp Description: signature
Re: [expert] imap server and kmail features
Am Dienstag, 21. Januar 2003 02:58 schrieb bascule: > i've been doing some reading with the intention of setting up a box to > collect all my mail so that i can use imap to look at mail from any box > and any os but i just thought of what for me could be a showstopper, i > use the multiple identities feature of kmail a lot, mail is sorted into > folders and identities associated, now maybe i could set up all my linux > installs with kmailset up individualy but this seems to be missing the > point, plus on win what? i have been assuming that fetchmail would be > fetching mail from my isps, procmail would put it into mail folders on > the server and some imap server would server them out to the lan, > assuming i have this right is there a way to avoid find a client for > each machine that supports the features of kmail and having to configure > it seperately, > is the only way to run kmail locally in an x session on the server and > use vnc or something over the lan? > > bascule Hi bascule, kmail is currently not able to filter into imap folders. so you have to filter in the imap or something else (postfix, sieve... depends on your imap server). the other thing: you either can use nfs to share your home-account over the network, so you only need the settings once, or you have to configure it on every host you use. But you can simply copy the neccessary files to all hosts you want to use. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg64705/pgp0.pgp Description: signature
Re: [expert] imap server and kmail features
Am Dienstag, 21. Januar 2003 14:37 schrieb Ric Tibbetts: > On Tue, Jan 21, 2003 at 08:30:30AM +0100, Martin Fahrendorf wrote: > Content-Description: signed data > > > Am Dienstag, 21. Januar 2003 02:58 schrieb bascule: > > > i've been doing some reading with the intention of setting up a box > > > to collect all my mail so that i can use imap to look at mail from > > > any box and any os but i just thought of what for me could be a > > > showstopper, i use the multiple identities feature of kmail a lot, > > > mail is sorted into folders and identities associated, now maybe i > > > could set up all my linux installs with kmailset up individualy but > > > this seems to be missing the point, plus on win what? i have been > > > assuming that fetchmail would be fetching mail from my isps, > > > procmail would put it into mail folders on the server and some imap > > > server would server them out to the lan, assuming i have this right > > > is there a way to avoid find a client for each machine that supports > > > the features of kmail and having to configure it seperately, > > > is the only way to run kmail locally in an x session on the server > > > and use vnc or something over the lan? > > > > > > bascule > > Forget K-Mail. It won't filter into imap folders. Go with either Mozilla > Mail, or Evolution. Either one does an excelent job of filtering into > imapp folders. I use this set up myself, so that I can always get to my > mail, from any client, anywhere, and ALL my mail is there. I got tired > of the POP thing a long time ago, when all my mail was on myh home > desktop, and I was traveling with a laptop. IMAP is the way to go. > > Ric To state it clear, it is not the job of a E-Mail client to filter something on a imap-server. You can contact with a lot of different clients an it is not a funny job to configure it always to the same filter. so use the filter, the imap server offers to you and your mail will be filtert regardles of the ability of your mailclient. So you can use sylpheed or mutt on a remote connection and mozilla, kmail or evolution on your local Unix connection and (for those who realy want) Outlook on a Windows system. Thas what IMAP is for. Martin PS: If your IMAP server doe not support filter, drop it and use either courier or cyrus. -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg64720/pgp0.pgp Description: signature
Re: [expert] imap server and kmail features
Am Dienstag, 21. Januar 2003 17:08 schrieb Ric Tibbetts: > On Tue, Jan 21, 2003 at 09:44:52AM -0600, Chuck Burns wrote: > > On Tue, January 21 2003 9:26 am, Tibbetts, Ric wrote: > > *snip* > > > > > You can't possibly be suggesting to add filters directly into imap, > > > for every user... If you had a system with 1000 users, and they had > > > 20 filters each... That's hardly practical. That is why it *IS* the > > > job of the client to do it's filtering. If it cannot do it properly, > > > find a client that will, there are plenty out there. > > > > *snip* > > That's exactly what he is saying, and it is quite feasible. If your > > users want their mail filtered, they can set up their personal > > procmail settings in their own home directory, if they dont, then they > > dont have to. -- > > Chuck Burns, Jr <[EMAIL PROTECTED] > > Agreed. They can. "IF" they have 1) the access, and 2) the ability. Not > everyone does. > > If I were to use the e-Mail address from my ISP for example, I would not > be able to do that. I do not have access. I'd have to set up fetch mail > on my Linux box, and get the mail from them, and filter it locally. That > would only work for one box. > > What if I had 3 or 4 different laptops that I might carry around. Plus, > need to access my mail from nearly any i-net attached client. I'd need > to depend on the client to do the filtering. And indeed, many do it > right. Mozilla Mail, Netscape Mail, Evolution, etc. If they can't I > don't use them. It's that simple. If someone want's me to use their > e-Mail client, it needs to properly support IMAP filtering. > > All the rest is just techno-geek toys. I, and my users, just want to > read our mail. I'm not going to go to excessive measures on the servers > make that happen. IMAP does the job exceedingly well, and it serves to > any client, be it Linux, Mac, or Windows. I can check my mail from any > client, anywhere in the world. As long as it properly supports IMAP > filtering. > > People like to diss Netscape. But what other client is out there > that properly supports IMAP filtering and will run on ANY OS?!? > > > All that other "stuff" is just more stuff to go wrong, and more stuff to > maintain. A straight up, out of the box IMAP server will exactly what I > need it to do, with minimum fuss, and muss. Isn't that how this stuff is > supposed to work? > > Ric Hi Ric, think a little bit different. Naturally, you can and should be able to use the filter from your mozilla, netscape and others. But think of users who want to use their web-Mail frontend sometimes and don't want to have all the Mails for the mailinglists. Yes, of course, this is only usefull, if the user has acces to the filter (with procmail you have to get a real accout, with cyrus you can use sieve (build in) and with courier you can use the filter build in maildrop). The best is to get both. Martin > > > ---==--- > > Involvement with people is always a very delicate thing -- > > it requires real maturity to become involved and not get all messed > > up. -- Bernard Cooke > > > > > > > > Want to buy your Pack or Services from MandrakeSoft? > > Go to http://www.mandrakestore.com -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg64726/pgp0.pgp Description: signature
Re: [expert] IMAP clients very slow
Am Mittwoch, 22. Januar 2003 09:15 schrieb Stefano Pogliani: > Why IMAP clients on Linux (Mozilla, Evolution especially !!!) are much > slower than using IMAP clients on Windows (on the same Linux IMAP > folders) ? > > It seems strange, but it is much quicker to work from a remote Windows > machine than from a local Linux one! There is certainly something I am > missing. > > TIA > > /Stefano Stfano, it is realy hard to implement an imap client. and it is much complicated while using different imap server with different implementation of imap. some server dies not support this and others does not support that. So some client does not support this and others does not support that. And the next problem is, this is not neccessary the fact for all client-server combinations. mozilla works great with the cyrus imap server but possibily not so great with the uw imap server. So, eveolution seems to work not so great with the uw server. simply try out the courier server. Possibly evolution is much faster with this one. Btw. normaly courier is much faster than uw and more secure. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg64760/pgp0.pgp Description: signature
Re: [expert] Evolution VERY SLOW
Am Mittwoch, 22. Januar 2003 12:15 schrieb Stefano Pogliani: > Mark, > > which things should I look at in order to confirm your diagnosis ? > TIA > Does the command 'host my-imap.server.com' return the ip address very quick or does it not. do you have setup a dns server? > /Stefano > > On Wed, 2003-01-22 at 12:04, Mark wrote: > > Hello Stefano, > > > > Not sure what's is causing the problem that you having.. but my guess > > is that it could be DNS related forward and reverse problems and the > > way your workstation or the server is resolving... > > > > The IMAP folders that I use in the standard Evolution usually end up > > with quite a few thousand messages in them before I archive them.. > > The speed is very quick.. > > > > Cheers > > Mark > > Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg64764/pgp0.pgp Description: signature
Re: [expert] Postfix nonsense
Am Freitag, 24. Januar 2003 18:35 schrieb Praedor Atrebates: > I am running into ridiculous problems with postfix that I do not > understand. I have a valid fully qualified hostname > (stonekeep.ravenhome.net). I have DNS setup (right now by kppp with > entries for my proper DNS's in my resolv.conf file. > > If I ping yahoo.com, no problem, it pings as expected. If I send an > email to myself at yahoo.com via my local postfix, however, I get a > messages thus: > > Jan 24 17:29:20 stonekeep postfix/smtp[3701]: 95785402248: > to=<[EMAIL PROTECTED]>, relay=none, delay=1565, status=deferred (Name > service error for yahoo.com: Host not found, try again) > > What?! Is postfix retarded? Why is it not able to use the DNS like > every other net app on my system? Why can't it "find" yahoo.com? I > have also run into this with a few other email addresses that DO exist > yet postfix refuses to send because the hostname couldn't be found. > > What does it take for postfix to accept DNS reality? I am not sure that > this message will get out either but on the off-chance that it > does...Help please? > > I have a number of other problems I need to work out via other mailing > lists and this inability to mail extant domains is killing me. > > praedor Hi, this is no postfix nonsens, it is a nonsens in coniguration of postfix by mandrake. chroot is a very secure way to do something IF YOU KNOW WHAT YOU WANT. Please, Mandrake, disable the chroot stuff of postfix (at least the default settings). It is not worth the trubble. disable all the chroot stuff in /etc/postfix/master.cf and the configuration is much easier. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg65004/pgp0.pgp Description: signature
Re: [expert] Postfix nonsense
Am Montag, 27. Januar 2003 15:53 schrieb Kwan Lowe: > On Mon, 2003-01-27 at 02:25, Martin Fahrendorf wrote: > > this is no postfix nonsens, it is a nonsens in coniguration of postfix > > by mandrake. chroot is a very secure way to do something IF YOU KNOW > > WHAT YOU WANT. > > > > Please, Mandrake, disable the chroot stuff of postfix (at least the > > default settings). It is not worth the trubble. > > > > disable all the chroot stuff in /etc/postfix/master.cf and the > > configuration is much easier. > > This is probably one of those things that Mandrake is damned if they do > and damned if they don't. I think chroot'ed Postfix is a good idea and > well worth the hassle of configuring and hope that Mandrake continues to > do so. I can understand some of the frustrations that some of you are > seeing, but I'd rather they err on the side of caution than ship a less > secure product. I think there is a reason, why Wietse Venema always pointed out, that chroot is only for experienced users. it is not easy to set up. Even if you dont have static IP addresses. Everytime you get your internet connection, you have to sync some config files (and you have to know which ones). Its is not that easy, to sync it only on postfix startup. An what is the benefit? in the default configuration of mandrake, postfix listens only on localhost device, so only local users are able to harm your host. But there are easyer ways for local users than compromize postfix. Na, I think chroot of postfix is not woth the trouble. Especialy, as long as bind is running not chroot. The simpliest way is to combine the chroot flags from postfix with the msec settings. in the secure mode 'higher' and 'paranoid' they use chroot and in all the other settings they don't. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] msg65055/pgp0.pgp Description: signature
Re: [expert] tar.bz2 - how to ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Freitag, 16. August 2002 11:32 schrieb hans schneidhofer: Hi, use 'j' instead of the 'z' for bz2 tar archives Martin > hi, > was looking in "man tar" for that, but doesn't find anything about. how > can I do a tar xvfz a bz2 file ? > > thanks for helping > bye hans - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9XMmCBG198cnayKQRAofsAKCDbELnYcMUVYaOW9g0/ICNckjwnACdGxnw IUUcLmFNlysB8tNGifdKU4I= =3GUK -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Just installed KDE 3.03...still broken!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Mittwoch, 28. August 2002 22:07 schrieb Praedor Tempus: > What is up with this? I installed KDE 3.0.3 (stable) thinking that > surely by now the KDE people would have fixed the konsole-noxft problem. > Nope. Still there. You try to start konsole from the panel and the > panel freezes and become useless until you close konsole at which point > you get an error message about not being able to start konsole-noxft. > > This has been a ridiculous problem since kde 3 beta. Does anyone have a > _permanent_ fix for this? In the past, before I dumped kde 3.0.1 and > went back to 2.2.2, I was able to "fix" this problem for a session but > next time I logged in it would re-appear, rendering my changes > temporary. I am terribly annoyed so forgive my tone but...C'MON! Fix > it already. DUMP konsole-noxft forever! > Hi there, this is not a KDE issue. I installed some recent KDE versions and had no problems with the konsole started via kicker. Simply don't use konsole-noxft (its a wraper script and calls konsole --noxft and comes with kde from mandrake). konsole was broken in kde2 while using antialiasing. The problem is solved with kde3. > praedor Martin -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9bhkFBG198cnayKQRAhBLAJwIDr166+AOCH0ggHtv4k/h80R4tACfbXCk wVnUO2fY+k+U7Je9igZb1AA= =56a8 -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Need a script to rename a file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Sonntag, 1. September 2002 10:16 schrieb Phil: > Hello all, > > My shell script takes a jpeg file as the input like this: myscript > test.jpg. > > After some processing I then create an empty file in a subdirectory > named text like this: touch ../text/$1. > > The question is, how do I replace the suffix jpg with txt? In this case > I want to end up with a file called test.txt. > > My initial efforts have centred around sed s/jpg/txt/ and mv but without > success. either try filename=`echo "$1" | grep sed "s/jpg/txt/g"` or filename=`basename $1 .jpg` if $1 is your filename to handle. Martin - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9czsTBG198cnayKQRAuiVAJ0XoXOgcISv83T6Cn3F13e9d73omgCfTRoS 98tq0xNtkyBL/anvy1+oQ94= =Vw8T -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Strange => Portsentry Security Violations home.english-quest.com.br 09/05/02:04.02 system check (fwd)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Donnerstag, 5. September 2002 20:46 schrieb Ricardo Castanho de O. Freitas: > What could be happening in here? > I don't understand why "security violations"... > I use Postfix... > > Is it any misconfig (Postifix)? > > TIA > > Ricardo > > -- Forwarded message -- > Subject: home.english-quest.com.br 09/05/02:04.02 system check > Date: Thu, 05 Sep 2002 04:02:04 -0300 > > > Security Violations > =-=-=-=-=-=-=-=-=-= > Sep 5 03:18:04 home -- root[10079]: ROOT LOGIN ON tty1 > Sep 4 04:50:05 home postfix/qmgr[1643]: 01C5F8AEF3: > from=<[EMAIL PROTECTED]>, size=23291, nrcpt=1 > (queue active) Sep 4 07:03:10 home postfix/cleanup[17463]: 6855B8AEF5: > message-id=<038901c253f8$66fbad80$7a0aa8c0@HOC0105> Sep 4 08:40:36 home > postfix/qmgr[1643]: 4292C8AEF3: Hi, it's the litte word bad, which is contained in we-bad-min that the logcheker finds and realy, all bad is bad (at least to logcheck). Martin - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9eEQJBG198cnayKQRAhumAJ9yi/ASirrITa80tsH5f6Abt9CrvwCfTYvZ r35vJYaH1pl2c8WPrEHdSds= =yfKq -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Postfix help (relay + auth)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Montag, 16. September 2002 20:54 schrieb Ricardo Castanho de Oliveira Freitas: > Please, I need to implement auth on Postfix to be able to 'relay' to my > ISP! What module and how should I implement that? > > Ricardo type in your main.cf at /etc/postfix something like smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd and in sasl_passwd type something like hostname.to.authenticate.againstuser:passwd and do (of course) a postmap sasl_passwd. After a postfix reload command your postfix should use this authentication. Beware: the username and password will be transfered unencrypted if a) the other side does not support cram-md5 or digest-md5 or b) the transport is not encrypted via SSL/TLS. Martin - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9hsgGBG198cnayKQRAuTWAJ98VR7FvxiXSRDSIE156355BjRj9QCfdBRM dke/c3UILefZG3BJljywA9M= =D8bz -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to alias and forward in Postfix?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Donnerstag, 19. September 2002 06:18 schrieb David Guntner: > I wrote: > > Daniel Woods grabbed a keyboard and wrote: > > > Further example... > > > > > > myOwnSite.com virtual-mine > > > [EMAIL PROTECTED] postmaster > > > [EMAIL PROTECTED] [EMAIL PROTECTED] > > > [EMAIL PROTECTED] dwoods > > > [EMAIL PROTECTED] dwoods > > > @myOwnSite.com /dev/null > > > > That did it, sure enough! Thanks to you both! > > Then again, maybe not. If I have my /etc/postfix/virtual file set up > with: > > [EMAIL PROTECTED] [EMAIL PROTECTED] > > And I send a message from the local (home) network, it gets forwarded > just fine. However, incoming mail from the outside is getting rejected > with a message saying that relay access is denied for the > "[EMAIL PROTECTED]" address. What else do I need to set up to make it > work? > Hi Dave, you must set something like domain1.com my_domain in your virtual table one line above your '[EMAIL PROTECTED] [EMAIL PROTECTED]' line. This is recomended, so postfix knows that domain1.com is a virtual domain and it is allowed to relay to. (as Daniel pointed out in his mail). The right hand part (my_domain) is not used, but there must be some text. Martin >--Dave - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9iWvTBG198cnayKQRAikkAJ44bdlS9RPNWZ8lta2goSFwDcJZoQCdH7WW Q60VABsemndIyNOk4y7aee8= =O1/u -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] How to alias and forward in Postfix?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Donnerstag, 19. September 2002 11:05 schrieb David Guntner: > Martin Fahrendorf grabbed a keyboard and wrote: > > you must set something like > > > > domain1.com my_domain > > > > in your virtual table one line above your '[EMAIL PROTECTED] > > [EMAIL PROTECTED]' line. This is recomended, so postfix > > knows that domain1.com is a virtual domain and it is allowed to relay > > to. (as Daniel pointed out in his mail). The right hand part > > (my_domain) is not used, but there must be some text. > > Ok, I'll give that a try. Question, if you want to accept (and forward > either locally or to another location) mail from more than one domain, > would you put more than one line at the top of /etc/postfix/virtual? > I.E., put something like: > > domain1.com mydomain.com > domain2.com mydomain.com > [EMAIL PROTECTED] [EMAIL PROTECTED] > [EMAIL PROTECTED] [EMAIL PROTECTED] > [EMAIL PROTECTED] localuser > > and so on? > Jepp, that's right. also read virtual(5) manpage. Martin > --Dave - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9iaJIBG198cnayKQRAsFnAJ4wWcjmlp6/oOIxlbZePPfC1Yo9lwCdFh3C lZrnxdWCpYYjOenTYOBVAx0= =v82W -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] PHP not working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Mittwoch, 18. September 2002 18:22 schrieb Ken THompson: > PHP doesn't seem to work through my Apache web server. Looking at the > setup in WebMin, it seems to have mod_php, mod_php4 & etc installed. > But, a simple php page will not display. > EX: > > > PHP Test > > > "; ?> > > > results in a blank page with only the page title showing in the title > bar of the browser. > Any one have an idea as to what may be wrong? Hi, just a guess, are you shure you have called your php file something like filename.php instead of filename.html? Martin - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9irX/BG198cnayKQRAkq1AJwNgTYC7quUC+/qoW7n7qkmPKvlNwCeNu/E 4LFY3yYYwMd27PuQSOtMyNI= =D7Ge -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] missing libstdc++-libc6.1-2.so.3
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Freitag, 20. September 2002 15:19 schrieb hans schneidhofer: > hi folks, > doeas anyone know, where I can find that file : > libstdc++-libc6.1-2.so.3 > > with rpmfind.net I cannot discover it - maybe, it is hided in an other > file ? > > it is for mdk 8.2 > hope for helping to find it > bye hans Hi, its part of the egcs-c++-1.1.2 package. Martin - -- - H E L I X Gesellschaft für Software & Engineering mbH - Hanauer Landstrasse 52 Telefon (069) 4789 35-30 60314 Frankfurt am Main Telefax (069) 4789 35-44 - http://www.helix-gmbh.net[EMAIL PROTECTED] - -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9iyDDBG198cnayKQRAr63AKCY5bSF0r1eCtGq8sg6N+3Xuh88cgCeMvIp NZjCJgcCSgAKFQ/RWr7NVPQ= =AzOU -END PGP SIGNATURE- Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Postfix & TLS ? certificate creation ...
Am Donnerstag, 4. September 2003 10:38 schrieb Joerg Mertin:
> Hia folks,
>
> seems the odds are against me. Just trying to get TLS working - but it
> won't. Seems - the password is missing. I do remember that under apache -
> you can circumvent this by calling an external script - but how to do this
> under postfix ? Followed the following HOWTO:
> http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_suppor
>t.html
>
> Here's how I created my certs. Under /usr/lib/ssl/misc
> ./CA.pl -newca (No empty password possible)
> ./CA.pl -newreq (No empty password possible)
> ./CA.pl -sign
For host certificate generate a new entry in the CA.pl script. Add the
followings lines
} elsif (/^-newhostreq$/) {
# create a certificate request
system ("$REQ -new -nodes -keyout newreq.pem -out newreq.pem
$DAYS");
$RET=$?;
print "Host-Request (and private key) is in newreq.pem\n";
under the line with -newreq and run ./CA.pl -newhostreq.
and then use it as before.
...
>
> Thx
>
> Joerg
Martin
--
H E L I X Gesellschaft für Software & Engineering mbH
Hanauer Landstrasse 52 Telefon (069) 4789 35-30
D-60314 Frankfurt am Main Telefax (069) 4789 35-44
http://www.helix-gmbh.net[EMAIL PROTECTED]
pgp0.pgp
Description: signature
Re: [expert] Postfix & TLS ? certificate creation ...
Am Donnerstag, 4. September 2003 15:42 schrieb Joerg Mertin: > Hi Martin, > > thx for the hint. Done it the way you suggested and here is wat came out: > Sep 4 15:36:14 sun postfix/postfix-script: starting the Postfix mail > system Sep 4 15:36:14 sun postfix: succeeded > Sep 4 15:36:14 sun postfix/master[31278]: daemon started -- version 2.0.6 > Sep 4 15:36:18 sun postfix/smtpd[31285]: starting TLS engine > Sep 4 15:36:18 sun postfix/smtpd[31285]: unable to get certificate from > '/etc/postfix/newcert.pem' > Sep 4 15:36:18 sun postfix/smtpd[31285]: 31285:error:0906D06C:PEM > routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFIC > ATE: > Sep 4 15:36:18 sun postfix/smtpd[31285]: 31285:error:140DC009:SSL > routines:SSL_CTX_use_certificate_chain_file:PEM lib:ssl_rsa.c:765: > Sep 4 15:36:18 sun postfix/smtpd[31285]: TLS engine: cannot load RSA > cert/key data > > I did all the same steps - except replaced newreq with newhostreq. > No Difference... Failure again. > > Anyone got another idea ? Do your newcert file looks something like this? Certificate: Data: Version: 3 (0x2) Serial Number: 33 (0x21) Signature Algorithm: md5WithRSAEncryption Issuer: C=DE, ST=Hessen, ... Authority/[EMAIL PROTECTED] Validity Not Before: Jun 30 09:56:28 2003 GMT Not After : Jun 29 09:56:28 2005 GMT The error message says something like 'Certificate: Text missing in File' (PEM_read_bio:no start line:pem_lib.c:632:Expecting: CERTIFICATE:) BTW for testing reasons it is wise to disable the chroot stuff in postfix (in master.cf) smtpd reads the certificates before entering the chroot environment. > > Thx & Cheers > Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix & TLS ? certificate creation ...
Am Freitag, 5. September 2003 11:31 schrieb Joerg Mertin: > Hi Martin, > > you could be right for the missing stuff. After recreating the certificate > with the newhostreq method - the newreq.pem was a null-file, e.g. empty. Does the generation of the certificate print any error? > After recreating it with the normal newreq options - it's OK now. Here it's > content (start of the file): > Certificate: > Data: > Version: 3 (0x2) > Serial Number: 1 (0x1) > Signature Algorithm: md5WithRSAEncryption > Issuer: C=DE, ST=Neuchatel, L=Neuchatel, O=Solar System Servers, > OU=Sun > Server, CN=Joerg Mertin/[EMAIL PROTECTED] > Validity > Not Before: Sep 5 09:15:56 2003 GMT > Not After : Sep 4 09:15:56 2004 GMT > Subject: C=DE, ST=Neuchatel, L=Neuchatel, O=Solar System Servers, > OU=Sun > Server, CN=Joerg Mertin/[EMAIL PROTECTED] > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > RSA Public Key: (1024 bit) > Modulus (1024 bit): > . etc So you have the problem with the password. The only difference between newhostreq and newreq ist the -nodes parameter in the system call which disables the password. > > > However - with all the hints I got so far - I'm still n ot able to get it > to work - as you can see from the syslog output. > Sep 5 11:23:44 sun postfix/smtpd[29222]: starting TLS engine > Sep 5 11:23:44 sun postfix/smtpd[29222]: unable to get private key from > '/etc/newreq.pem' > Sep 5 11:23:44 sun postfix/smtpd[29222]: 29222:error:0906406D:PEM > routines:DEF_CALLBACK:problems getting password:pem_lib.c:105: > Sep 5 11:23:44 sun postfix/smtpd[29222]: 29222:error:0906A068:PEM > routines:PEM_do_header:bad password read:pem_lib.c:399: > Sep 5 11:23:44 sun postfix/smtpd[29222]: 29222:error:140B0009:SSL > routines:SSL_CTX_use_PrivateKey_file:PEM lib:ssl_rsa.c:707: > Sep 5 11:23:44 sun postfix/smtpd[29222]: TLS engine: cannot load RSA > cert/key data > Sep 5 11:23:44 sun postfix/smtpd[29222]: connect from > pandora.solsys.org[10.0.2.47] > > Could anyone having TLS working be so kind and check the openssl rpm's > installed on his system - look similar to mine ? > [EMAIL PROTECTED] etc]# rpm -qa | grep openssl > openssl-0.9.7a-1.1mdk > libopenssl0.9.7-devel-0.9.7a-1.1mdk > libopenssl0-0.9.6i-1.1mdk > libopenssl0.9.7-0.9.7a-1.1mdk I don't thing it is a problem with your openssl stuff. There is a little book about openssl at http://www.dfn-pca.de/certify/ssl/handbuch/ossl092/ (a little bit outdated, but still usefull - but it is in german). The problem is in creating the certificate. > > > Thx & Cheers > > Joerg > Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] linux multitask performance?
Am Mittwoch, 10. September 2003 18:40 schrieb diego: > I'd bet it's not using DMA > > With IDE drives: man hddparm > would tell you the command, but no idea about how to get it when at scsi > emulation :-(( It's the same. There are still the ide device names. So you can chenage de DMA via hdparm. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix help
Am Freitag, 12. September 2003 02:27 schrieb Bill Witherspoon: > Hi All, > > I have been using postfix for sometime now, but am definitely not an > *expert*. Anyhow, my problem is that I'm seeing more and more > 'undeliverable' messages from ISPs that won't accept direct connections > from a dynamic IP (I'm on a cable modem). I'm trying to setup postfix to > relay through my ISP, but they use SASL for authentication. > > I have the relayhost variable set in my main.cf, but I get > immediately rejected because I'm not authenticating (I assume). Can > anyone point me in the right direction? > > TIA, > Bill Read /usr/share/doc/postfix-xxx/README_FILES/SASL_README and there the section "Enabling SASL authentication in the Postfix SMTP client". Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
echAm Dienstag, 23. September 2003 13:58 schrieb Thomas Deutsch: > Hi > > Since three weeks, I tried to get SASL and Postfix working together. > Since the last evening it works, but not really how I will. > > The problem is, that SASL will use the /etc/sasldb to authenticate the > users, but I want to use pwcheck. But no of the Howtos I've found on the > net has helped me. > > I've tried it with a smtp.conf file in /var/lib/sasl2, or in > /usr/lib/sasl, or in /etc/sasl (in every howto is another path) but no > one will work. For the Mandrake 9.0 and 9.1 use /usr/lib/sasl. > > The smtp.conf file looks like: > > pwcheck_method:pwcheck > > but saslauthd / postfix will always use the sasldb. This one depens on your selected authentication method. Sasl supports plain, login, digest-md5 and cram-md5 (at least). with digest/cram-md5 sasl always uses the sasldb. This is independent of the setting in your smtp.conf file. Only for plain text passwords, sasl is able to use all the alternative pwcheck_methods. > > Can anybody help me? Try it with a plain password. Remove the user from the sasldb file. Use saslauthd instead of pwcheck. > > greetings > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Dienstag, 23. September 2003 14:32 schrieb Thomas Deutsch: [...] > > I've tested it with remove the hole sasldb file. But it don't work. How > can I remove the useres from the sasldb? saslpasswd -d > > > Use saslauthd instead of pwcheck. > > It don't work. Hm, try to unchroot your postfix. Postfix with Mandrake uses chroot environment and saslauthd uses sockets to talk with the smtp programm. And btw: If you want authenticated sending of EMail TO your postfix use smtpd.conf if you want to send authenticated Mails FROM your postfix use smtp.conf. > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Dienstag, 23. September 2003 15:31 schrieb Thomas Deutsch: > Martin Fahrendorf wrote: > > Am Dienstag, 23. September 2003 14:32 schrieb Thomas Deutsch: > > [...] > > > >>I've tested it with remove the hole sasldb file. But it don't work. How > >>can I remove the useres from the sasldb? > > > > saslpasswd -d > > Thx, my sasldb is now empty. > > >>>Use saslauthd instead of pwcheck. > >> > >>It don't work. > > > > Hm, try to unchroot your postfix. Postfix with Mandrake uses chroot > > environment and saslauthd uses sockets to talk with the smtp programm. > > In my master.cf, the line looks like: > smtpinetn n n - - smtpd > > > And btw: If you want authenticated sending of EMail TO your postfix use > > smtpd.conf if you want to send authenticated Mails FROM your postfix use > > smtp.conf. > > I will configure the second one. My /usr/lib/sasl/smtp.conf has the > following line: > > pwcheck_method: saslauthd so you have un-chrooted the wron line. search something like smtp unix - - n - - smtp (remeber the missing d at the end). > > But it don't work. > > thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Dienstag, 23. September 2003 15:49 schrieb Thomas Deutsch: > Martin Fahrendorf wrote: > > Am Dienstag, 23. September 2003 15:31 schrieb Thomas Deutsch: > > [...] > > > so you have un-chrooted the wron line. search something like > > > > smtp unix - - n - - smtp > > > > (remeber the missing d at the end). > > Yes. I've now changed the y to n. Is it necessary to change the smtpd > line back to y? Because it don't work The smtpd don't work? It don't work with chroot to y or n? Generaly it is not nessesary to use postfix chrooted. By default postfix on mandrake only listen on the loopback interface. And, if you want to configure something it is recomended to test it without the chroot and if it works as expected, enable chroot (if you realy need it). > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Mittwoch, 24. September 2003 07:51 schrieb Thomas Deutsch: > Martin Fahrendorf wrote: > > Am Dienstag, 23. September 2003 15:49 schrieb Thomas Deutsch: > >>>Martin Fahrendorf wrote: > >>> > >>>Am Dienstag, 23. September 2003 15:31 schrieb Thomas Deutsch: > >> > >>[...] > >> > >>>so you have un-chrooted the wron line. search something like > >>> > >>>smtp unix - - n - - smtp > >>> > >>>(remeber the missing d at the end). > >> > >>Yes. I've now changed the y to n. Is it necessary to change the smtpd > >>line back to y? Because it don't work > > > > The smtpd don't work? It don't work with chroot to y or n? > > With or without chroot of smtp, the authentification will always fail. > > > Generaly it is not nessesary to use postfix chrooted. By default postfix > > on mandrake only listen on the loopback interface. And, if you want to > > configure something it is recomended to test it without the chroot and if > > it works as expected, enable chroot (if you realy need it). > > I don't know what is wrong: > > master.cf: > > smtpinetn - y - - smtpd > #smtpsinet n - n - - smtpd > # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes > #submission inetn - n - - smtpd > # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes > [...] > smtpunix- - n - - smtp > relay unix- - y - - smtp > > main.cf: > > smtpd_sasl_local_domain = > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > broken_sasl_auth_clients = yes > smtpd_recipient_restrictions = permit_sasl_authenticated, > check_relay_domains > argh, can you see the obvious? you have enabled the SMTPD sasl stuff, but not the SMTP sasl. The difference is the d. so use smtp_sasl_local_domain = smtp_sasl_auth_enable = yes smtp_sasl_security_options = noanonymous > /usr/lib/sasl/smtp.conf: > > pwcheck_method: saslauthd > > Can you help me? > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Mittwoch, 24. September 2003 08:30 schrieb Martin Fahrendorf: [...] > > argh, can you see the obvious? you have enabled the SMTPD sasl stuff, but > not the SMTP sasl. The difference is the d. so use > > smtp_sasl_local_domain = > smtp_sasl_auth_enable = yes > smtp_sasl_security_options = noanonymous sorry, wrong. Use smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd and read the SASL_README in the postfix documentation. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Mittwoch, 24. September 2003 08:37 schrieb Martin Fahrendorf: > Am Mittwoch, 24. September 2003 08:30 schrieb Martin Fahrendorf: > [...] > > > argh, can you see the obvious? you have enabled the SMTPD sasl stuff, but > > not the SMTP sasl. The difference is the d. so use > > > > smtp_sasl_local_domain = > > smtp_sasl_auth_enable = yes > > smtp_sasl_security_options = noanonymous > > sorry, wrong. Use > smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd sorry again, missing one line. use smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd in your main.cf and in /etc/postfix/sasl_passwd use host.to-login.tomy-user-name:a-seecret-password and postmap it. > > and read the SASL_README in the postfix documentation. > > Martin Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Mittwoch, 24. September 2003 08:39 schrieb Thomas Deutsch: [...] > > The File looks now like: > > smtp_sasl_local_domain = > smtp_sasl_auth_enable = yes > smtp_sasl_security_options = noanonymous > #broken_sasl_auth_clients = yes > #smtpd_recipient_restrictions = permit_sasl_authenticated, > check_relay_domains > > But Postfix don't want an Autentication. Why? To clearify something: Should postfix want a authentication from a client (as a server)? then you have to configure the smtpd stuff. Should postfix use authentication as a client (against a other server)? Then you have to configure the smtp stuff. The sasldb is only use in the first case. so you hav to use the smtpd_* things in your main.cf (as you had before). the sasl configuration file ist smtpd.conf. So what do you want to do? [...] > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Mittwoch, 24. September 2003 09:25 schrieb Thomas Deutsch: > I don't have received your last mail, because my server was out of > function. But I've read it in my Colleague's mailbox. > > My problem is that I try to configure the Mailserver in such a way that > only authenticated mailclient can send emails trought my server. If I > unterstand it correctly, must I take the smtpd stuff, right? > > But the smtpd stuff does not work proper, because the authentication > always fails. > so use smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes in your main.cf. use pwcheck_method: saslauthd in your smtpd.conf and configure your saslauthd to use pam (or what else you want) in your /etc/sysconfig/saslauthd file (remeber the d in smtpd.conf). Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Mittwoch, 24. September 2003 09:54 schrieb Thomas Deutsch: > Martin Fahrendorf wrote: > > Am Mittwoch, 24. September 2003 09:25 schrieb Thomas Deutsch: > >>I don't have received your last mail, because my server was out of > >>function. But I've read it in my Colleague's mailbox. > >> > >>My problem is that I try to configure the Mailserver in such a way that > >>only authenticated mailclient can send emails trought my server. If I > >>unterstand it correctly, must I take the smtpd stuff, right? > >> > >>But the smtpd stuff does not work proper, because the authentication > >>always fails. > > > > so use > > > > smtpd_sasl_local_domain = > > smtpd_sasl_auth_enable = yes > > smtpd_sasl_security_options = noanonymous > > broken_sasl_auth_clients = yes > > > > in your main.cf. > > > > use > > pwcheck_method: saslauthd > > > > in your smtpd.conf and configure your saslauthd to use pam (or what else > > you want) in your /etc/sysconfig/saslauthd file (remeber the d in > > smtpd.conf). > > Now I have it exactly how you write it above, but: > > [EMAIL PROTECTED] docs]# telnet homer.skydesign.org 25 > Trying 80.218.8.41... > Connected to homer.skydesign.org (80.218.8.41). > Escape character is '^]'. > 220 homer.skydesign.org ESMTP Postfix (2.0.6) (Mandrake Linux) > ehlo bart.skydesign.org > 250-homer.skydesign.org > 250-PIPELINING > 250-SIZE 1024 > 250-VRFY > 250-ETRN > 250-AUTH CRAM-MD5 LOGIN PLAIN > 250-AUTH=CRAM-MD5 LOGIN PLAIN > 250-XVERP > 250 8BITMIME > AUTH PLAIN dGhvb***Z4OGc= > 535 Error: authentication failed Ok, now it is time for debuging. add your testinghost to the debug_peer_list and set debug_peer_level to 4. reload postfix and retry your login. See the data in the log. Your password shuld be listed there (and many other stuff) See, if it is the correct password and username. > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Mittwoch, 24. September 2003 10:54 schrieb Thomas Deutsch: > > With debug_peer_level = 4, the syslog shows: > > Sep 24 10:49:58 homer postfix/smtpd[29656]: warning: > adsl-212-101-20-210.solnet.ch[212.101.20.210]: SASL PLAIN authentication > failed > Sep 24 10:49:59 homer postfix/smtpd[29656]: warning: SASL authentication > problem: unrecognized plaintext verifier saslauthd > Sep 24 10:49:59 homer postfix/smtpd[29656]: warning: > adsl-212-101-20-210.solnet.ch[212.101.20.210]: SASL LOGIN authentication > failed So, I fear, saslauthd is not suported by your version of sasl. Which mdk are you using? and which sasl version? > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Mittwoch, 24. September 2003 12:47 schrieb Thomas Deutsch: > Martin Fahrendorf wrote: > > Mandrake 9.1 with > cyrus-sasl-2.1.12-1mdk.i586 > postfix-2.0.6-1mdk.i586 > libsasl2-2.1.12-1mdk.i586 > libsasl2-plug-plain-2.1.12-1mdk.i586 ok, no wonder. postfix in mdk9.1 needs cyrus sasl 1.5.28. So, please check your sasl packages. > > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Mittwoch, 24. September 2003 13:04 schrieb Thomas Deutsch: > Martin Fahrendorf wrote: > > Am Mittwoch, 24. September 2003 12:47 schrieb Thomas Deutsch: > >>Martin Fahrendorf wrote: > >> > >>Mandrake 9.1 with > >>cyrus-sasl-2.1.12-1mdk.i586 > >>postfix-2.0.6-1mdk.i586 > >>libsasl2-2.1.12-1mdk.i586 > >>libsasl2-plug-plain-2.1.12-1mdk.i586 > > > > ok, no wonder. postfix in mdk9.1 needs cyrus sasl 1.5.28. So, please > > check your sasl packages. > > Hmmm I don't like downgrades. Is it enought when I upgrade my postfix to > postfix-2.0.13-3mdk? postfix 2.0.13 needs a other openssl lib afaik. but you can try it. Btw: why do you want to use saslauthd? > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Mittwoch, 24. September 2003 13:18 schrieb Thomas Deutsch: > Martin Fahrendorf wrote: > > Am Mittwoch, 24. September 2003 13:04 schrieb Thomas Deutsch: > >>Martin Fahrendorf wrote: > >>>Am Mittwoch, 24. September 2003 12:47 schrieb Thomas Deutsch: > >>>>Martin Fahrendorf wrote: > >>>> > >>>>Mandrake 9.1 with > >>>>cyrus-sasl-2.1.12-1mdk.i586 > >>>>postfix-2.0.6-1mdk.i586 > >>>>libsasl2-2.1.12-1mdk.i586 > >>>>libsasl2-plug-plain-2.1.12-1mdk.i586 > >>> > >>>ok, no wonder. postfix in mdk9.1 needs cyrus sasl 1.5.28. So, please > >>>check your sasl packages. > >> > >>Hmmm I don't like downgrades. Is it enought when I upgrade my postfix to > >>postfix-2.0.13-3mdk? > > > > postfix 2.0.13 needs a other openssl lib afaik. but you can try it. > > > > Btw: why do you want to use saslauthd? > > I don't know if I must use this. The only thing I want is that the > system does not use the sasldb. I want use the nurmal users on the system. So use ldap as your user base and authenticate sasl against ldap. This is highly portable. You can use samba with ldap, sasl, maildrop and courier mail and some other stuff more. even postfix can use aliasing and all other map stuff with ldap. To the sasl stuff. It is very dangerous to mix up sasl2 and sasl1. mdk9.1 is a sasl1 base Distro. And it is not that easy to change everything to sasl2. If you don't use cyrus 2.1 it is better to keep the whole system to sasl1. There is no reason not to do, except of beeing state of the art. > > mfg > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix with SASL
Am Mittwoch, 24. September 2003 13:41 schrieb Thomas Deutsch: > Martin Fahrendorf wrote: > > First, I have no idea how to configure ldap. Hey, it is woth a try. If you have more than 20 users, it is recommended imho. There is a realy great article about installing ldap at mandrakesecure.org from vincent. > > Second, when I install the Postfix-2.0.6 which comes with mdk 9.1 it > does require to install cyrus-sasl-2.1.12. There is no option to install > an older one. When I noe does urpme cyrus-sasl to install an older > version of cyrus-sasl, postfix needs also be uninstalled. No, that is a misunderstanding. postfix requires a cyrus-sasl package. A version is not given in the requirements. I use sasl 1.5.28 (a patched one, to get ldap-auth working) on all my servers. and i deinstall the sasl2 stuff because no package in the whole mandrake distribution (besides cyrus imap 2.1 from contrib) need sasl2. I don't know why they even install sasl2. > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] re-installed mdk 9.1 now unable to use cdrw?
Am Mittwoch, 24. September 2003 22:30 schrieb Rolf Pedersen: > Anne Wilson wrote: > > On Wednesday 24 Sep 2003 3:33 pm, Rolf Pedersen wrote: [...] > > Yes, Anne, I saw that. What I am thinking of is that both the reader, > if you have one, and the writer must be scsi-emulated for some apps to > work. Here is a post where such advice to make the reader also > scsi-emulated for k3b to work is mentioned: > http://lists.suse.com/archive/suse-linux-e/2003-Jul/2997.html I had some similar problem with my ide-writer. The problem is partialy in the ide-cd module wich is loaded before the ide-scsi module. As root I had to unload the ide-cd and the ide-scsi module and after loading ide-scsi again k3b works again (at least on my system). > > Rolf Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] re-installed mdk 9.1 now unable to use cdrw?
Am Freitag, 26. September 2003 12:54 schrieb Fajar Priyanto: > On Thursday 25 September 2003 12:12 pm, Martin Fahrendorf wrote: > > I had some similar problem with my ide-writer. The problem is partialy in > > the ide-cd module wich is loaded before the ide-scsi module. As root I > > had to unload the ide-cd and the ide-scsi module and after loading > > ide-scsi again k3b works again (at least on my system). > > Martin > > When I want to burn some cds using k3b, it just shows my cdrw on both > "reader" and "writer" dialog box, whereas I have a cdrom drive for the > reader. However, in the k3b's device list, it shows both the cdrom and > cdrw. > > Do you think I have the same problem with k3b? Possibly, but try it out. run the following as root: rmmod ide-cd rmmod ide-scsi modprobe ide-scsi and start k3b. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Single login server for Linux clients
Am Mittwoch, 1. Oktober 2003 20:18 schrieb James D. Parra: > Hello, > > What is the best method to have one central Linux server handling login > authentication for Linux and windows machines? > > What I would like to achieve is; > > 1) Provide only network server logins for Linux boxes and have no local > accounts on any Linux machine. LDAP is the way to go. use pam_ldap if only linx accounts are used. If you want to use the sam password for windows and linux use pam_smb. > > 2) Have /home/$USER reside on the centralized Linux login server and not on > local machines. NFS (but it is insecure if you don't trust your network). > > 3) Ditto for windows machines (I know I can achieve this with Samba for > windows clients, unless there is a better way) See above. you need samba to authenticate windows. samba handles the user acounts via ldap too. > > If anyone has this type of environment set up, I would greatly appreciate > your help and advice. Yes, we have configured it that way. But wee use different passwords for windowsd and unix accounts. Everything is in ldap. We have three ldap server (one master, two slaves) postfix is configured via ldap (aliases canonicals et al). Only cyrus (imap server) has its own user database. Addressbook is stored in LDAP (KMail, Mozilla and Outlook grabs the e-mail addresses from the ldap store -- autocompletion). Every authentication is done against ldap (wherever possible) like proxy mail and others more. > > Many thanks in advance, > > > James Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Single login server for Linux clients
Am Donnerstag, 2. Oktober 2003 08:55 schrieb James Sparenberg: [...] > > A lot more secure (and robust) is to use shfs. I've not built it on 9.2 > but I've used it on 8.2 - 9.1 without a hitch. URL is > http://shfs.sourceforge.net/ One thing it doesn't do is hang my box if > I loose connectivity. I use to make my home box a "file server" for my > laptop... dang handy. Since it operates over ssh I don't have to have > extra ports open etc. What's about the performance in relation to NFS? > > James > Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix - How to block a domain
Am Donnerstag, 2. Oktober 2003 14:58 schrieb Thomas Deutsch: > Hi > > How can I block a domain in my postfix. > > Exaple: > > I don't like to recieve mails from default.com. > > So where can I block default.com? > > greetings > > Thomas Add to your smtpd_recipient_restrictions in main.cf the following line check_sender_access regexp:/etc/postfix/unwanted_sender andd add to toe file unwanted_sender something like /[EMAIL PROTECTED]/ 550 Not accepted sender address reload postfix and off you are. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix - How to block a domain
Am Donnerstag, 2. Oktober 2003 15:09 schrieb Thomas Deutsch: > Thomas Deutsch wrote: > > Hi > > > > How can I block a domain in my postfix. > > > > Exaple: > > > > I don't like to recieve mails from default.com. > > > > So where can I block default.com? > > Is this right? > > main.cf: > header_checks=regexp:/etc/postfix/bad_headers Na, the header does not specify the sender butv something you can freely compose. Look at this mailing list. This mail is from me (obvious) but it is send to you from [EMAIL PROTECTED] so the header_checks only checks my sending mail entry in the FROM Header. The real sender is only in the envelope. > > bad_headers: > /^From: default.com REJECT Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Postfix - How to block a domain
Am Donnerstag, 2. Oktober 2003 15:30 schrieb Thomas Deutsch: > Martin Fahrendorf wrote: > > Am Donnerstag, 2. Oktober 2003 14:58 schrieb Thomas Deutsch: > >>Hi > >> > >>How can I block a domain in my postfix. > >> > >>Exaple: > >> > >>I don't like to recieve mails from default.com. > >> > >>So where can I block default.com? > > > > Add to your smtpd_recipient_restrictions in main.cf the following line > > > > check_sender_access regexp:/etc/postfix/unwanted_sender > > > > andd add to toe file unwanted_sender something like > > > > /[EMAIL PROTECTED]/ 550 Not accepted sender address > > I've put this in the main.cf (On one line): > > smtpd_recipient_restrictions = check_sender_access > regexp:/etc/postfix/unwanted_sender > > But postfix says in the syslog: > > Oct 2 15:25:26 homer postfix/smtpd[20850]: fatal: parameter > "smtpd_recipient_restrictions": specify at least one working instance > of: check_relay_domains, reject_unauth_destination, reject, defer or > defer_if_permit > > Do you know where the problem is? yes, you should add it to you current configuration. If you don't have a "smtpd_recipient_restrictions parameter set, see "postconf smtpd_recipient_restrictions" for the default (comment out your current entry) The default is smtpd_recipient_restrictions = permit_mynetworks,check_relay_domains or that (depends on version of postfix I think) smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination so add it to this and everything shout work. Your settings should look like smtpd_recipient_restrictions = permit_mynetworks check_sender_access regexp:/etc/postfix/unwanted_sender reject_unauth_destination > > greetings > > Thomas Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Re: Cyrus-imapd
Am Donnerstag, 6. November 2003 01:05 schrieb Norman Zhang: > > The second issue is aliases. Of course you can have a mailbox > > nzhang with an alias (in postfix) norman.zhang. Or you can create a > > mailbox norman.zhang (actually you cannot in the default > > configuration, since the dot is the hierarchy separator in cyrus, > > but you can change it with altnamespace in /etc/imapd.conf). > > If I have a mailbox "nzhang" but with alias "norman.zhang". Does that > mean mail for both nzhang @ abc.com and norman.zhang @ abc.com will > get to mailbox nzhang? If I want to only accept mail for norman.zhang > @ abc.com, I need to create a mailbox norman.zhang? No, Your MTA (usualy postfix) does not know anything of the data stored in cyrus. By default postfix only knows addresses from users stored in the local user base (unix users) and the aliased addresses. If nzhang is not a local user and not listed as an alias, postfix rejects the mail. > > Regards, > Norman Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [expert] Re: Cyrus-imapd
Am Freitag, 7. November 2003 01:49 schrieb Norman Zhang: > Hi, > > >> Does that mean mail for both nzhang @ abc.com and norman.zhang > >> @ abc.com will get to mailbox nzhang? If I want to only accept > >> mail for norman.zhang @ abc.com, I need to create a mailbox > >> norman.zhang? > > > > No, Your MTA (usualy postfix) does not know anything of the data > > stored in cyrus. By default postfix only knows addresses from users > > stored in the local user base (unix users) and the aliased > > addresses. > > > > If nzhang is not a local user and not listed as an alias, postfix > > rejects the mail. > > I have created user nzhang and mailbox nzhang in cyrus. I also added > > nzhang: norman.zhang It is the wrong order, type (the left hand side is expanded to the right hand side) norman.zhang: nzhang > > to /etc/postfix/aliases. I still can't receive mail in cyrus' inbox. > BTW, I'm using lmtp TCP sockets as per suggestion given in > README.RPM. I changed > > mailbox_transport = lmtp:$myhostname I don't use the tcp socket but it seems correct so far. BTW, the tcp socket needs authentication by default. Possibly you have to add the port number of the lmtp server. > > Is this correct? > > Regards, > Norman Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [expert] Re: Cyrus-imapd
Am Donnerstag, 6. November 2003 22:27 schrieb Luca Olivetti: > Luca Olivetti wrote: > > In fact, I don't even know how to configure postfix to check for > > local users (using mailbox_transport = lmtp:). > > Duh, it's on by default in recent postfix, "local_recipient_maps", > configured by mandrake as "proxy:unix:passwd.byname $alias_maps". I > didn't know it. So it should be modified to blank if you want mail > for users with no local account. afaik no. postfix only accepts mails for addresses listed in local_recipient_maps for local delivery. if you have mailusers only in your cyrus store, you have to add either a seperate database for cyrus users to postfix or you have to add an alias for every user in cyrus to your postfix alias database. > > > Bye Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
