how to go about ralaying for POP3 users?
I have a dilema : I'm doing web hosting, including POP3 accounts. POP3 users need to be able to receive mail from anywhere, and send mail through the SMTP server *to* anywhere, so I think that I'm going to have to allow relaying to anywhere. First question : is there another way? the POP3 users aren't tied to any specific ISP or anything, so there's no way to selectively allow domains/IPs to queue outgoing mail to other domains. Second question : How do I turn the relaying on, for qmail? I know this is a bad move, but there's not much I can do, unless somebody can answer the first question to my liking. Thanks much for responses, -Josh Murrah
Re: how to go about ralaying for POP3 users?
Either do POP-before-SMTP, or run your SMTP relay on a port other than the standard one. --Adam - Original Message - From: Josh Murrah <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 06, 1999 1:11 AM Subject: how to go about ralaying for POP3 users? : :I have a dilema : I'm doing web hosting, including POP3 accounts. POP3 :users need to be able to receive mail from anywhere, and send mail through :the SMTP server *to* anywhere, so I think that I'm going to have to allow :relaying to anywhere. : : First question : is there another way? the POP3 users aren't tied to :any specific ISP or anything, so there's no way to selectively allow :domains/IPs to queue outgoing mail to other domains. : : Second question : How do I turn the relaying on, for qmail? I know :this is a bad move, but there's not much I can do, unless somebody can :answer the first question to my liking. : :Thanks much for responses, : :-Josh Murrah : :
another question
I'm using Paul Gregg's setup for POP3 accounts for virtual domains, with one UID perdomain, and it works like a charm. Here's the question : I just found out that with the checkpoppaswd that Paul G. suggests using, it still relies on a single passwd-style file, which means that if you're hosting 50 domains, you can only have one POP3 account named "webmaster". Do you guys know of any other solution? I know that web servers deal out virtual domains by reading which domain name was asked to deliver material. For example, I have a site, foo.org, that hosts bar.com and blah.com. If I telnet to blah.com, port 80, and do a GET? I'll get blah's html, and if I do the same for foo.com, I'll get foo's html. Does POP3 have something like such, so that there can be a seperate passwd-style file for each domain? Thanks for listing to my drool, -Josh Murrah, who's getting fed up with virtuals hehe :)
Re: another question
On Wed, Jan 06, 1999 at 12:52:15AM -0600, Josh Murrah wrote: > > I'm using Paul Gregg's setup for POP3 accounts for virtual domains, with > one UID perdomain, and it works like a charm. Here's the question : I > just found out that with the checkpoppaswd that Paul G. suggests using, it > still relies on a single passwd-style file, which means that if you're > hosting 50 domains, you can only have one POP3 account named "webmaster". > Do you guys know of any other solution? I know that web servers deal out > virtual domains by reading which domain name was asked to deliver > material. For example, I have a site, foo.org, that hosts bar.com and > blah.com. If I telnet to blah.com, port 80, and do a GET? I'll get blah's > html, and if I do the same for foo.com, I'll get foo's html. Does POP3 > have something like such, so that there can be a seperate passwd-style > file for each domain? If you have the following in control/virtualdomains: foo.org:foo bar.com:bar you can have entries like the following in your poppasswd file: foo-joeblow:$1$M14AAVdd$L9PxbFmKINwEtIabcdefg.:popuser:/var/qmail/popboxes/foo-org/joeblow/ bar-joeblow:$1$M14AAVdd$L9PxbFmKINwEtIhijklmn.:popuser:/var/qmail/popboxes/bar-com/joeblow/ User [EMAIL PROTECTED] would use foo-joeblow for his POP user name, and user [EMAIL PROTECTED] would use bar-joeblow for his POP user name. This allows you to have any number of accounts with the same name, so long as they're in different domains. Chris
Re: The qmail security guarantee
Jaye Mathisen writes: > whenyou start > getting into serious numbers of users, or tracking down the flow of > messages, it's non-trivial with qmail's logging... Exactly what tracking problems have you had trouble solving? Are you aware that qmailanalog will match up the delivery lines for you? ---Dan
Re: anyone done this: one mail domain, but users are split over two internal qmail-servers
Russell Nelson writes: > We've got a kick-ass machine here (PII-300, 256K RAM), Wow, that's big. My Apple II has only 48K RAM. Nice to hear that qmail takes advantage of the server's whopping quarter-megabyte of memory. :-) ---Dan
Re: .qmail and looping and bouncing
David J. Dooling writes: > Once mail arrived at the desired machine, sendmail would > recognize that the .forward file contained the same address that just > received the mail and not re-forward to the same address multiple > times, but simply terminate the delivery at the address in .forward. qmail's dot-forward compatibility tool will handle that too. The equivalent construction in .qmail is | condredirect "[EMAIL PROTECTED]" [ "@$HOST" != "@the.nfs.server" ] ./Mailbox ---Dan
Re: Mailbox locking on IRIX (Was: deleted mail files)
- Mate Wierdl <[EMAIL PROTECTED]>: |- Mate Wierdl <[EMAIL PROTECTED]>: | || Now, I ran some tests indicating that at least one mail ||client (mailx) on an IRIX 6.2 box I have available, and it appears to ||use dotlocking and to ignore flock-style locks. || || Is not it a problem too that he is delivering to symlinks? | |No, he doesn't. He delivers to real files, but the path of the files |happen to contain symlinks: Delivery to /var/mail/USER where |/var/mail is a symlink to /usr/mail. But /usr/mail/USER is a proper |file. There should be no problem with this. | | Exept with procmail: it deletes a symlink and it tries to create a | file named BOGUS. | | This is described in its man page---and mentioned in INSTALL.mbox. Read what I wrote once more. Then read that man page once more. Nowhere does it say that it will delete a symlink in the path leading to the mailbox, only the name at the end of the path gets that treatment. || How can then mail be lost? | |[...] |all the read messages to ~/mbox and truncates the incoming mbox. |Just before the latter activity qmail adds a new message. Poof. | | I see. Is there a solution? Cannot setlock from serialmail be used | in a mailx wrapper? Maybe. I have run out of time for this week, so I can't offer suggestions. | We have an Irix box here (I do not know the version). How could one | test something like this? I append a small program I wrote a while back. It will lock a single file given on its command line until you hit return. Use it to lock a mailbox, then experiment with various mail clients to see how they deal with it. The program is quite verbose because I wrote it to figure out how file locking works (I think I was confused at the time). Use the program twice on the same file (in different windows) to verify that it actually does lock the file: The second copy should not succeed. - Harald
the IBM Secure Mailer license
Edward S. Marshall writes: > because the license sits better with me Have you actually read the IBM Secure Mailer license? The license demands that you stop using the IBM Secure Mailer upon IBM's request. You are explicitly required to destroy every copy you possess of the IBM Secure Mailer. The license also gives IBM special rights over all enhancements to the IBM Secure Mailer. If you distribute an IBM Secure Mailer add-on, for example, then IBM can turn your add-on into an IBM commercial product without your permission. The license also prohibits all use of ``the name "IBM" or any other IBM trademark without the prior written consent of IBM.'' Apparently you aren't even allowed to criticize the IBM Secure Mailer without IBM's permission. And that's supposed to be free software? ---Dan
Re: Fastforward address matching order
David Harris writes: > It appears > that records in the form "user@" match after the wildcard "@domain" records, Right. If someone puts support: root @nowhere.org: bob into /etc/aliases, then he almost certainly wants [EMAIL PROTECTED] delivered to bob, not root. If you want it the other way then you can do [EMAIL PROTECTED]: root to override the @nowhere.org wildcard. ---Dan
Re: Fw: Anonymous Qmail Denial of Service
I've sent a response to bugtraq explaining how to identify the uid that filled up the queue. My message also explains a much more powerful series of four attacks against all MTAs, including the IBM Secure Mailer. These attacks can be carried out from anywhere on the Internet, not just the local machine. They keep the mail queue flooded for several days. ---Dan
rblsmtpd error codes
Sam writes: > Is it only my opinion that rblsmtpd returns a temporary error code, > for no good reason, so that the blacklisted relay keeps banging at > your server for two weeks, until the mail bounces? It's not an opinion. It's a statement of fact. And it's wrong. rblsmtpd gives you the choice between code 553, telling legitimate clients to bounce the message immediately, and code 451, giving innocent relay operators a chance to fix the problem. Read the fucking manual. ---Dan
Re: one email with cc creates multiple messages - oh dear.
On 05-Jan-99 [EMAIL PROTECTED] wrote: >The envelope recipient addresses are listed as recip argu- >ments to qmail-remote. Hmm... Yes, but that's not the problem. Apparently qmail-send deliberately only sends one recipient to qmail-remote at a time. I understand the logic for a site with direct internet access, but for those of us who use a smarthost, it's a big drawback. So basically, I'd have to change qmail-send, or write my own replacement for it. I really wish it would be possible to have the option to tell qmail-send to use multiple rcpts to qmail-remote by some configuration parameter. Nobody seems to think it's important, or correct, but it's the one thing that's holding me back from replacing sendmail with qmail en-mass at our (small) site. Anyway, thanks again for the pointers. I may well delve into the qmail-send code yet. Cheers! Brian
Re: Frivolous forking
Peter C. Norton writes: > If dan is on sabbatical in Malaysia in the middle of > the 2 month Malaysian internet blackout of 1999, and he's hiking in > the mountains anyway, and a "REAL" qmail security hole is found, where > does that leave the hypothetical* vendor or OEM that's shipping qmail? > Everyone would distribute binary patches. What's the big deal? No, it's not something you'd want to do every day, but it's hardly the end of the world. ---Dan
Re: Size limit on relayed message?
Steen Suder writes: > Can I restrict relaying based on size of relayed mail? Yes. For example, 1.2.3.4:allow,RELAYCLIENT="",DATABYTES="10485760" in a tcpserver rules file will allow users at 1.2.3.4 to relay messages up to 10MB. ---Dan
Re: Fw: Anonymous Qmail Denial of Service
At 09:01 AM 1/6/99 -, D. J. Bernstein wrote: >I've sent a response to bugtraq explaining how to identify the uid that >filled up the queue. > >My message also explains a much more powerful series of four attacks >against all MTAs, including the IBM Secure Mailer. These attacks can be >carried out from anywhere on the Internet, not just the local machine. >They keep the mail queue flooded for several days. I'm assuming at this stage (as the bugtraq post has not shown up here yet) that the response also discusses possible solutions and alternative strategies. Of course we all know that DOS attacks are plentiful. What few people know are reliable strategies for reducing them. Regards.
.qmail- question
Hi all, I have a mailing list set up using the .qmail- feature. I have email addresses listed one per line like I'm supposed to and it works fine. My question is, can the lines of email addresses take any normal SMTP form or does it have to be just the email address? i.e., could I instead have lines of the form: "Person's Name" instead of just: email@address ?? Mark -- -- Mark E Drummond Royal Military College of Canada Unix System Administrator Computing Services Linux Uber Alles perl || die
Tcpserver quiz
I installed tcpserver for use with qmail 1.03 yesterday so I could allow and restrict relaying. (According to the instrucions in FAQ 5.4) After setting up the tcp.smtp file and rebuilding the cdb, mail relaying worked ... for everyone :) I tried to just make a test tcp.smtp with the following content 123.12.:allow,RELAYCLIENT="" :allow After rebuilding I was still able to relay mail trough our server from whatever host I wanted (I tried from several different shell accounts). Guess I have to put in deny entries too to keep other ppl away but will they be able to deliver mail to local addresses then ? (I have several virtual domains on the server), and if this is the case then the FAQ is wrong and should be corrected ... cause it does not say anything about adding 'deny' entries. Anyway ... I moved pop3 from inetd to tcpserver and it looked like it worked just perfectly until one customer called and complained about he could not authenticate on one of their accounts. This customer has 8 accounts belonging to the same virtual domain and he got 7 of them to work. I tried to access that account from my workstation and it worked just fine but no matter what he did he could not access that particular account. Then .. just out of the blue sky .. I tried to put his ip into the tcp.smtp and voila .. he could open that account too ... how is this possible??, that a customer from one computer can open [EMAIL PROTECTED] but not [EMAIL PROTECTED] .. though if tcpserver had worked correctly he should not have been able to log in at all. To answer some questions before you ask them: No .. I do not run tcpserver from inetd :) .. it's started trough rc.local And (again) .. yes I did build the cdb .. over and over again Any suggestions ? Roger O. Svenning
Postfix license
> The license also gives IBM special rights over all enhancements to the > IBM Secure Mailer. If you distribute an IBM Secure Mailer add-on, for > example, then IBM can turn your add-on into an IBM commercial product > without your permission. Excuse me for breaking into a conversation in order to provide information. 1: ANYONE can grab Postfix source code from the net and turn it into a commercial product. 2: NO ONE is required to give IBM any rights to their Postfix enhancements. 3: IBM assumes special rights only for software and enhancements that is given to IBM. There is no requirement to give IBM anything. And now I'm out of here again. Wietse
Re: the IBM Secure Mailer license
"D. J. Bernstein" <[EMAIL PROTECTED]> wrote: > >The license demands that you stop using the IBM Secure Mailer upon IBM's >request. You are explicitly required to destroy every copy you possess >of the IBM Secure Mailer. Jeeze! I must have been half asleep when I read the license. I completely missed this paragraph: In the event an intellectual property claim is made or appears likely to be made with respect to the Software, you agree to permit IBM to enable you to continue to use the Software, or to modify it, or replace it with software that is at least functionally equivalent. If IBM determines that none of these alternatives is reasonably available, you agree, at IBM's request, upon notice to you, to discontinue further distribution of the Software and to delete or destroy all copies of the Software you possess. This is IBM's entire obligation to you regarding any claim of infringement. So I guess there's roughly no chance any Linux or BSD distribution will ever switch to Postfix. IBM could, essentially at a whim, recall Postfix. That makes qmail's redistribution requirements look a whole lot more reasonable. >The license also gives IBM special rights over all enhancements to the >IBM Secure Mailer. If you distribute an IBM Secure Mailer add-on, for >example, then IBM can turn your add-on into an IBM commercial product >without your permission. This appears to apply only to stuff you hand to IBM. >The license also prohibits all use of ``the name "IBM" or any other IBM >trademark without the prior written consent of IBM.'' Apparently you >aren't even allowed to criticize the IBM Secure Mailer without IBM's >permission. Guess that's why they call it Postfix. >And that's supposed to be free software? -Dave
Re: anyone done this: one mail domain, but users are split over two internal qmail-servers
You still needed a whopping *64K* to run a complete office productivity suite though (AppleWorks under ProDOS). Those where the days... -- Jos Backus _/ _/_/_/"Reliability means never _/ _/ _/ having to say you're sorry." _/ _/_/_/ -- D. J. Bernstein _/ _/ _/_/ [EMAIL PROTECTED] _/_/ _/_/_/use Std::Disclaimer;
Re: .qmail- question
Mark E Drummond <[EMAIL PROTECTED]> wrote: >Hi all, Hi. >I have a mailing list set up using the .qmail- feature. I have >email addresses listed one per line like I'm supposed to and it works >fine. My question is, can the lines of email addresses take any normal >SMTP form or does it have to be just the email address? i.e., could I >instead have lines of the form: > > "Person's Name" > >instead of just: > > email@address No. You could keep lists with commented addresses in separate files, and use various utilities to copy them, stripping the comments, to the .qmail files, though, if you want to. -Dave
Qmail 2.0 request - Was Re: Tcpserver quiz
Please make relaying disabled if there is no rcpthosts file :) --Adam -Original Message- From: Timothy L. Mayo <[EMAIL PROTECTED]> To: Roger O. Svenning <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Wednesday, January 06, 1999 9:54 AM Subject: Re: Tcpserver quiz :What is in your rcpthosts file? That is the FIRST point that needs to be :in place to prevent relaying. RELAYCLIENT overrides the rcpthosts file, :it does not replace it. : :On Wed, 6 Jan 1999, Roger O. Svenning wrote: : :> I installed tcpserver for use with qmail 1.03 yesterday so :> I could allow and restrict relaying. (According to the instrucions in FAQ 5.4) :> After setting up the tcp.smtp file and rebuilding the cdb, mail relaying worked :> ... for everyone :) :> :> I tried to just make a test tcp.smtp with the following content :> :> 123.12.:allow,RELAYCLIENT="" :> :allow :> :> After rebuilding I was still able to relay mail trough our server from whatever host :> I wanted (I tried from several different shell accounts). :> Guess I have to put in deny entries too to keep other ppl away but will they be able to :> deliver mail to local addresses then ? (I have several virtual domains on the server), :> and if this is the case then the FAQ is wrong and should be corrected ... cause it does :> not say anything about adding 'deny' entries. :> :> Anyway ... I moved pop3 from inetd to tcpserver and it looked like it worked just perfectly :> until one customer called and complained about he could not authenticate on one of their :> accounts. This customer has 8 accounts belonging to the same virtual domain and he got :> 7 of them to work. I tried to access that account from my workstation and it worked just fine :> but no matter what he did he could not access that particular account. :> Then .. just out of the blue sky .. I tried to put his ip into the tcp.smtp and voila .. he could open :> that account too ... how is this possible??, that a customer from one computer can open :> [EMAIL PROTECTED] but not [EMAIL PROTECTED] .. though if tcpserver had worked correctly he should not :> have been able to log in at all. :> :> To answer some questions before you ask them: :> No .. I do not run tcpserver from inetd :) .. it's started trough rc.local :> And (again) .. yes I did build the cdb .. over and over again :> :> Any suggestions ? :> :> Roger O. Svenning :> :> : :- :Timothy L. Mayo mailto:[EMAIL PROTECTED] :Senior Systems Manager http://www.mayod.nb.net/ :The National Business Network Inc. :localconnect(sm) http://www.nb.net/ : :
Re: .qmail- question
Mark E Drummond writes: > My question is, can the lines of email addresses take any normal > SMTP form or does it have to be just the email address? For the sake of accuracy, the normal SMTP form *is* just the email address. SMTP is RFC821. Addresses according to RFC822 can have a fairly baroque form of comments. > i.e., could I instead have lines of the form: > > "Person's Name" > > instead of just: > > email@address No, but you can use this: #Person's Name email@address -- -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Re: anyone done this: one mail domain, but users are split over two internal qmail-servers
On Wed, Jan 06, 1999 at 01:32:03PM -, Russell Nelson wrote: > D. J. Bernstein writes: > > Russell Nelson writes: > > > We've got a kick-ass machine here (PII-300, 256K RAM), > > > > Wow, that's big. My Apple II has only 48K RAM. Nice to hear that qmail > > takes advantage of the server's whopping quarter-megabyte of memory. :-) > > I must be showing my age. I remember when 48K of RAM *was* a big > machine, and how excited I was to upgrade my development machine to > 32K -- "Now I'll have enough memory to write anything!" That's not really an age thing. I'm 17, and I remember how happy my 16KB memory extension made me. _anything_ fit in there, and I do mean _anything_. This was on a Sinclair ZX-81, btw :) [You can't program a decent Pacman clone in Basic with only 1KB.. at least... I couldn't when I was 7 years old. Quickly ran out of memory :(] Greetz, Peter. -- AND I AM GONNA KILL MIKE| Peter van Dijk hardbeat, als je nog nuchter bent: | [EMAIL PROTECTED] @date = localtime(time); | realtime security d00d $date[5] += 2000 if ($date[5] < 37); | $date[5] += 1900 if ($date[5] < 99); |-x- available -x-
Re: Tcpserver quiz
On Wed, Jan 06, 1999 at 03:34:19PM +0100, Roger O. Svenning wrote: > I installed tcpserver for use with qmail 1.03 yesterday so > I could allow and restrict relaying. (According to the instrucions in FAQ 5.4) > After setting up the tcp.smtp file and rebuilding the cdb, mail relaying worked > ... for everyone :) > > I tried to just make a test tcp.smtp with the following content > > 123.12.:allow,RELAYCLIENT="" > :allow > > After rebuilding I was still able to relay mail trough our server from whatever host > I wanted (I tried from several different shell accounts). > Guess I have to put in deny entries too to keep other ppl away but will they be able >to > deliver mail to local addresses then ? (I have several virtual domains on the >server), > and if this is the case then the FAQ is wrong and should be corrected ... cause it >does > not say anything about adding 'deny' entries. You don't need (or want) any deny entries. You're not trying to deny anyone a connection to your SMTP server; you're just trying to set RELAYCLIENT for certain clients. If you have a control/rcpthosts file with the hosts you'd like to receive mail for and you're running tcpserver with the correct arguments, then it will work with the entries in tcp.smtp you've provided above. How are you starting tcpserver for qmail-smtpd? > Anyway ... I moved pop3 from inetd to tcpserver and it looked like it worked just >perfectly > until one customer called and complained about he could not authenticate on one of >their > accounts. This customer has 8 accounts belonging to the same virtual domain and he >got > 7 of them to work. I tried to access that account from my workstation and it worked >just fine > but no matter what he did he could not access that particular account. > Then .. just out of the blue sky .. I tried to put his ip into the tcp.smtp and >voila .. he could open > that account too ... how is this possible??, It's not possible, unless you've got things seriously ass-backwards. Your tcp.smtp.cdb should never be looked at for a POP3 connection. If yours is, you've got things wired up wrong. How are you starting tcpserver for POP3? > that a customer from one computer can open [EMAIL PROTECTED] but not [EMAIL PROTECTED] > .. though if tcpserver had worked correctly he should not have been able to > log in at all. tcpserver does work correctly. Most likely, you're not using it correctly. > To answer some questions before you ask them: No .. I do not run tcpserver > from inetd :) .. it's started trough rc.local And (again) .. yes I did build > the cdb .. over and over again > > Any suggestions ? Send the contents of control/rcpthosts and your tcpserver invocations. If you've got anything non-standard about your setup, send details. Chris
Re: Need qmail to reload smtproutes
On Wed, Jan 06, 1999 at 04:10:32PM +, Stuart Ballard wrote: > Eric Smith wrote: > > > > Stuart Ballard <[EMAIL PROTECTED]> asks several questions, including: > > > I'm also unsure how > > > to tell qmail to "always hold mail for this domain in the queue" > > > > You'll probably be told that serialmail is the officially 'correct' > > solution to this problem. I personally happen to have a conceptual > > dislike for introducing yet another different queuing method, > > I'm glad that someone else does too :) I was beginning to be afraid I > *was* barking up the wrong tree... > > > so I use > > Alan Curry's ETRN patch: > > > > http://www.cqc.com/~pacman/projects/qmail-etrn/ > > > > [I think this used to be listed on www.qmail.org, but I can't find it > > there now.] > > This is going to be really helpful! Thanks! > > > This won't solve the dynamic IP problem, though. It allows the domain > > to request delivery of its email, but it still uses the smtproutes to > > determine how to get it there. > > I have a script now that will auto-create an smtproutes file every time > someone dials in or out. This should solve that problem. > > > Note that since you don't know the IP address, you'll have to accept an > > ETRN from *anyone*, which is suboptimal. > > Ah, but I *can* restrict ETRNs to only people within the netblocks that > are assigned to our dialins. So it's not that big a problem. > > I'll report back to the list on my progress, because mail dequeueing > without a static IP sounds like something that might be of use to other > people too. At an ISP I work for, we've been doing a test with SMTP delivery to dynamic IPs. We used a small script that was put on port 79 (finger) thru inetd. You would then finger username:[EMAIL PROTECTED] (no, that's not a real hostname :) and it would trigger serialsmtp. Ofcourse easily adjusted for qmtp too. A friend of mine is using something similar right now, although for some reason he decided to develop a separate protocol on a separate port, which means you need a special client too. I think my solution was better. The code to do such a thing is quite trivial, if anybody is interested let me know. I don't know how long the script was, if it's short I might post it here. Greetz, Peter. -- AND I AM GONNA KILL MIKE| Peter van Dijk hardbeat, als je nog nuchter bent: | [EMAIL PROTECTED] @date = localtime(time); | realtime security d00d $date[5] += 2000 if ($date[5] < 37); | $date[5] += 1900 if ($date[5] < 99); |-x- available -x-
RE: Tcpserver quiz
> -- > From: Chris Johnson[SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, January 06, 1999 11:04 AM > To: Roger O. Svenning; [EMAIL PROTECTED] > Subject: Re: Tcpserver quiz > > On Wed, Jan 06, 1999 at 03:34:19PM +0100, Roger O. Svenning wrote: > > I installed tcpserver for use with qmail 1.03 yesterday so > > I could allow and restrict relaying. (According to the instrucions > in FAQ 5.4) > > After setting up the tcp.smtp file and rebuilding the cdb, mail > relaying worked > > ... for everyone :) > > > > I tried to just make a test tcp.smtp with the following content > > > > 123.12.:allow,RELAYCLIENT="" > > :allow > > > > After rebuilding I was still able to relay mail trough our server > from whatever host > > I wanted (I tried from several different shell accounts). > > Guess I have to put in deny entries too to keep other ppl away but > will they be able to > > deliver mail to local addresses then ? (I have several virtual > domains on the server), > > and if this is the case then the FAQ is wrong and should be > corrected ... cause it does > > not say anything about adding 'deny' entries. > > You don't need (or want) any deny entries. You're not trying to deny > anyone a > connection to your SMTP server; you're just trying to set RELAYCLIENT > for > certain clients. > Actually, there may be a reason to deny access. On my machines I have blocked access to specific .jp domains. All that I had ever received from these domains was spam.Now I get less spam and the mailer has to deal with it. ( BTW: I DID try to contact the hosts but never got any resoponse). > Matt Soffen > Webmaster - http://www.iso-ne.com/ > == > Boss- "My boss says we need some eunuch programmers." > Dilbert - "I think he means UNIX and I already know UNIX." > Boss- "Well, if the company nurse comes by, tell her I said > never mind." >- Dilbert - > == > >
Re: anyone done this: one mail domain, but users are split over two internal qmail-servers
D. J. Bernstein writes: > Russell Nelson writes: > > We've got a kick-ass machine here (PII-300, 256K RAM), > > Wow, that's big. My Apple II has only 48K RAM. Nice to hear that qmail > takes advantage of the server's whopping quarter-megabyte of memory. :-) I must be showing my age. I remember when 48K of RAM *was* a big machine, and how excited I was to upgrade my development machine to 32K -- "Now I'll have enough memory to write anything!" -- -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Re: Tcpserver quiz
What is in your rcpthosts file? That is the FIRST point that needs to be in place to prevent relaying. RELAYCLIENT overrides the rcpthosts file, it does not replace it. On Wed, 6 Jan 1999, Roger O. Svenning wrote: > I installed tcpserver for use with qmail 1.03 yesterday so > I could allow and restrict relaying. (According to the instrucions in FAQ 5.4) > After setting up the tcp.smtp file and rebuilding the cdb, mail relaying worked > ... for everyone :) > > I tried to just make a test tcp.smtp with the following content > > 123.12.:allow,RELAYCLIENT="" > :allow > > After rebuilding I was still able to relay mail trough our server from whatever host > I wanted (I tried from several different shell accounts). > Guess I have to put in deny entries too to keep other ppl away but will they be able >to > deliver mail to local addresses then ? (I have several virtual domains on the >server), > and if this is the case then the FAQ is wrong and should be corrected ... cause it >does > not say anything about adding 'deny' entries. > > Anyway ... I moved pop3 from inetd to tcpserver and it looked like it worked just >perfectly > until one customer called and complained about he could not authenticate on one of >their > accounts. This customer has 8 accounts belonging to the same virtual domain and he >got > 7 of them to work. I tried to access that account from my workstation and it worked >just fine > but no matter what he did he could not access that particular account. > Then .. just out of the blue sky .. I tried to put his ip into the tcp.smtp and >voila .. he could open > that account too ... how is this possible??, that a customer from one computer can >open > [EMAIL PROTECTED] but not [EMAIL PROTECTED] .. though if tcpserver had worked correctly he >should not > have been able to log in at all. > > To answer some questions before you ask them: > No .. I do not run tcpserver from inetd :) .. it's started trough rc.local > And (again) .. yes I did build the cdb .. over and over again > > Any suggestions ? > > Roger O. Svenning > > - Timothy L. Mayo mailto:[EMAIL PROTECTED] Senior Systems Manager http://www.mayod.nb.net/ The National Business Network Inc. localconnect(sm)http://www.nb.net/
SV: Tcpserver quiz
>What is in your rcpthosts file? That is the FIRST point that needs to be >in place to prevent relaying. RELAYCLIENT overrides the rcpthosts file, >it does not replace it. > localhost fab.foobar.com fib.foofub.no In other words .. Localhost, the local domain and all virtual domains RELAYCLIENT is supposed to give a client that's not in the rcpthosts file relay acces .. right? But why did he get partial (7 of 8 accounts belonging to the same domain) access to pop3 login and why did it help to include him in tcp.smtp -Roger >On Wed, 6 Jan 1999, Roger O. Svenning wrote: > >> I installed tcpserver for use with qmail 1.03 yesterday so >> I could allow and restrict relaying. (According to the instrucions in FAQ 5.4) >> After setting up the tcp.smtp file and rebuilding the cdb, mail relaying worked >> ... for everyone :) >> >> I tried to just make a test tcp.smtp with the following content >> >> 123.12.:allow,RELAYCLIENT="" >> :allow >> >> After rebuilding I was still able to relay mail trough our server from whatever host >> I wanted (I tried from several different shell accounts). >> Guess I have to put in deny entries too to keep other ppl away but will they be >able to >> deliver mail to local addresses then ? (I have several virtual domains on the >server), >> and if this is the case then the FAQ is wrong and should be corrected ... cause it >does >> not say anything about adding 'deny' entries. >> >> Anyway ... I moved pop3 from inetd to tcpserver and it looked like it worked just >perfectly >> until one customer called and complained about he could not authenticate on one of >their >> accounts. This customer has 8 accounts belonging to the same virtual domain and he >got >> 7 of them to work. I tried to access that account from my workstation and it worked >just fine >> but no matter what he did he could not access that particular account. >> Then .. just out of the blue sky .. I tried to put his ip into the tcp.smtp and >voila .. he could open >> that account too ... how is this possible??, that a customer from one computer can >open >> [EMAIL PROTECTED] but not [EMAIL PROTECTED] .. though if tcpserver had worked correctly he >should not >> have been able to log in at all. >> >> To answer some questions before you ask them: >> No .. I do not run tcpserver from inetd :) .. it's started trough rc.local >> And (again) .. yes I did build the cdb .. over and over again >> >> Any suggestions ? >> >> Roger O. Svenning >> >> > >- >Timothy L. Mayo mailto:[EMAIL PROTECTED] >Senior Systems Manager http://www.mayod.nb.net/ >The National Business Network Inc. >localconnect(sm) http://www.nb.net/ > >
Re: Postfix license
Wietse Venema writes: > > The license also gives IBM special rights over all enhancements to the > > IBM Secure Mailer. If you distribute an IBM Secure Mailer add-on, for > > example, then IBM can turn your add-on into an IBM commercial product > > without your permission. > > Excuse me for breaking into a conversation in order to provide > information. No refutation of the "IBM recalls PostFix" clause? Didn't you forsee that this would be problematic? IBM has a similar clause in their Java VM license. If it remains, then IBM will be denied use of the Open Source trademark. I suspect that a similar limitation exists for PostFix. -- -russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson Crynwr supports Open Source(tm) Software| PGPok | There is good evidence 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Re: SV: Tcpserver quiz
My guess is a DNS problem since there are no DNS records for fab.foobar.com or fib.foofub.no that I can find and only an MX record for foobar.com. On Wed, 6 Jan 1999, Roger O. Svenning wrote: > >What is in your rcpthosts file? That is the FIRST point that needs to be > >in place to prevent relaying. RELAYCLIENT overrides the rcpthosts file, > >it does not replace it. > > > > > localhost > fab.foobar.com > fib.foofub.no > > In other words .. Localhost, the local domain and all virtual domains > RELAYCLIENT is supposed to give a client that's not in the rcpthosts file relay > acces .. right? > But why did he get partial (7 of 8 accounts belonging to the same domain) access > to pop3 login and why did it help to include him in tcp.smtp > > > -Roger > > > >On Wed, 6 Jan 1999, Roger O. Svenning wrote: > > > >> I installed tcpserver for use with qmail 1.03 yesterday so > >> I could allow and restrict relaying. (According to the instrucions in FAQ 5.4) > >> After setting up the tcp.smtp file and rebuilding the cdb, mail relaying worked > >> ... for everyone :) > >> > >> I tried to just make a test tcp.smtp with the following content > >> > >> 123.12.:allow,RELAYCLIENT="" > >> :allow > >> > >> After rebuilding I was still able to relay mail trough our server from whatever >host > >> I wanted (I tried from several different shell accounts). > >> Guess I have to put in deny entries too to keep other ppl away but will they be >able to > >> deliver mail to local addresses then ? (I have several virtual domains on the >server), > >> and if this is the case then the FAQ is wrong and should be corrected ... cause >it does > >> not say anything about adding 'deny' entries. > >> > >> Anyway ... I moved pop3 from inetd to tcpserver and it looked like it worked just >perfectly > >> until one customer called and complained about he could not authenticate on one >of their > >> accounts. This customer has 8 accounts belonging to the same virtual domain and >he got > >> 7 of them to work. I tried to access that account from my workstation and it >worked just fine > >> but no matter what he did he could not access that particular account. > >> Then .. just out of the blue sky .. I tried to put his ip into the tcp.smtp and >voila .. he could open > >> that account too ... how is this possible??, that a customer from one computer >can open > >> [EMAIL PROTECTED] but not [EMAIL PROTECTED] .. though if tcpserver had worked correctly he >should not > >> have been able to log in at all. > >> > >> To answer some questions before you ask them: > >> No .. I do not run tcpserver from inetd :) .. it's started trough rc.local > >> And (again) .. yes I did build the cdb .. over and over again > >> > >> Any suggestions ? > >> > >> Roger O. Svenning > >> > >> > > > >- > >Timothy L. Mayo mailto:[EMAIL PROTECTED] > >Senior Systems Manager http://www.mayod.nb.net/ > >The National Business Network Inc. > >localconnect(sm) http://www.nb.net/ > > > > > > - Timothy L. Mayo mailto:[EMAIL PROTECTED] Senior Systems Manager http://www.mayod.nb.net/ The National Business Network Inc. localconnect(sm)http://www.nb.net/
SV: Tcpserver quiz
>My guess is a DNS problem since there are no DNS records for >fab.foobar.com or fib.foofub.no that I can find and only an MX record for >foobar.com. > Sorry .. those two entries was just examples cause I don't want to give away hosted domains to the whole world. -Roger
Re: SV: Tcpserver quiz
Then we can't help you. Sorry. On Wed, 6 Jan 1999, Roger O. Svenning wrote: > >My guess is a DNS problem since there are no DNS records for > >fab.foobar.com or fib.foofub.no that I can find and only an MX record for > >foobar.com. > > > > > Sorry .. those two entries was just examples cause I don't want to give away > hosted domains to the whole world. > > -Roger > > - Timothy L. Mayo mailto:[EMAIL PROTECTED] Senior Systems Manager http://www.mayod.nb.net/ The National Business Network Inc. localconnect(sm)http://www.nb.net/
Re: Need qmail to reload smtproutes
Eric Smith wrote: > > Stuart Ballard <[EMAIL PROTECTED]> asks several questions, including: > > I'm also unsure how > > to tell qmail to "always hold mail for this domain in the queue" > > You'll probably be told that serialmail is the officially 'correct' > solution to this problem. I personally happen to have a conceptual > dislike for introducing yet another different queuing method, I'm glad that someone else does too :) I was beginning to be afraid I *was* barking up the wrong tree... > so I use > Alan Curry's ETRN patch: > > http://www.cqc.com/~pacman/projects/qmail-etrn/ > > [I think this used to be listed on www.qmail.org, but I can't find it > there now.] This is going to be really helpful! Thanks! > This won't solve the dynamic IP problem, though. It allows the domain > to request delivery of its email, but it still uses the smtproutes to > determine how to get it there. I have a script now that will auto-create an smtproutes file every time someone dials in or out. This should solve that problem. > Note that since you don't know the IP address, you'll have to accept an > ETRN from *anyone*, which is suboptimal. Ah, but I *can* restrict ETRNs to only people within the netblocks that are assigned to our dialins. So it's not that big a problem. I'll report back to the list on my progress, because mail dequeueing without a static IP sounds like something that might be of use to other people too. Thanks to everyone on the list for their tips. Stuart.
SV: Tcpserver quiz
>You don't need (or want) any deny entries. You're not trying to deny anyone a >connection to your SMTP server; you're just trying to set RELAYCLIENT for >certain clients. Ok .. lets see if I've got this right, .. so if a client makes a smtp connection trough tcpserver and it's host (ip) does not exist in the tcp.smtp.cdb it will be passed to qmail-smtpd without the RELAYCLIENT which compares the recipient to rcpthosts and denies it if it doesn't exist. ? What happens if this variable is set by a bootscript and exported ? .. will the qmail-smtpd read it for every connection and allow relaying for everyone ? (Just a hypotetic question!) >If you have a control/rcpthosts file with the hosts you'd like to receive mail >for and you're running tcpserver with the correct arguments, then it will work >with the entries in tcp.smtp you've provided above. How are you starting >tcpserver for qmail-smtpd? Our control/rcpthosts and control/virtualdomains contains every domain we host, and the virtualdomains setup works perfectly .. it recieves mail for all hosted domains and the qmail-pop3d delivers it trough vchkpw without any problems. Or at least .. that was before tcpserver :) Here are the startup scripts from rc.local /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -v -u 82 -g 81 0 smtp /var/qmail/bin/qmail-smtpd \ 2>&1 | /var/qmail/bin/splogger smtpd 3 & /usr/local/bin/tcpserver 0 pop3 /var/qmail/bin/qmail-popup pop.intrafish.no /home/popusers/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir & And here's the tcp.smtp 195.204.144.:allow,RELAYCLIENT="" 193.71.71.:allow,RELAYCLIENT="" :allow Now .. I've just tried to remove the two entries in tcp.smtp leaving only the :allow and rebuild the cdb ... then I relayed a remote message trough the server without any problems at all. (DOH?) >tcpserver does work correctly. Most likely, you're not using it correctly. I don't doubt that one for a second .. that's why I'm seeking help :) -Roger
Re: Tcpserver quiz
From: Roger O. Svenning <[EMAIL PROTECTED]> :One down, one to go ... :What about that strange pop3 error? .. how is it possible that he couldn't open that account until :I altered the tcp.smtp ? .. He actually tested it on two different computers with no luck. :I had no problems accessing that account from my computer (That also existed in tcp.smtp) Usually when having POP3 errors the best thing to do is to telnet into the pop3 port and issue the commands manually. Are you sure he was using the right password? Perhaps when you were changing your cdb, he realized that he was using the wrong password, and fixed it, and was then too embarassed to tell you. --Adam
Re: Postfix license
"I. Dwayne Koonce" <[EMAIL PROTECTED]> writes:
> This is untrue. IBM's download page for Postfix (which appears to be the
> only place it's available) insists that it is covered by IBM's rather ugly
> "Alphaworks" license, which allows only "personal, non-commercial, and
> lawful end use", and no redistribution of any kind. Additionally, you are
> required to destroy all copies after 90 days.
No such requirement if you download from http://www.postfix.org.
> I've heard lots of people claim Postfix has been "released under a free
> license", but I don't find this to be the case. If Postfix has been
> released, then its license is non-free. If the Alphaworks license is
> temporary, then Postfix hasn't made it to the "release" stage.
Hmm, this is from the Postfix license:
Permission to reproduce and create derivative works from the
Software ("Software Derivative Works") is hereby granted to you
under the copyrights of International Business Machines
Corporation ("IBM"). IBM also grants you the right to
distribute the Software and Software Derivative Works.
[...]
You agree to distribute the Software and any Software
Derivatives under a license agreement that: 1) is sufficient to
notify all licensees of the Software and Software Derivatives
that IBM assumes no liability for any claim that may arise
regarding the Software or Software Derivatives, and 2) that
disclaims all warranties, both express and implied, from IBM
regarding the Software and Software Derivatives. (If you
include this Agreement with any distribution of the Software or
Software Derivatives you will have met this requirement.) You
agree that you will not delete any copyright notices in the
Software.
So what's stopping me from distributing LarsFix with an Artistic License
with the addendum that IBM assumes no etc?
In the event an intellectual property claim is made or appears
likely to be made with respect to the Software, you agree to
permit IBM to enable you to continue to use the Software, or to
modify it, or replace it with software that is at least functionally
equivalent. If IBM determines that none of these alternatives
is reasonably available, you agree, at IBM's request, upon
notice to you, to discontinue further distribution of the
Software and to delete or destroy all copies of the Software you
possess. This is IBM's entire obligation to you regarding any
claim of infringement.
This refers only to the Software, not Software Derivatives as above.
So, while PostFix may have some unpleasant legal strings attached, I
can't really see how this stops anyone from repackaging the entire thing
with a different license.
--
Lars Balker Rasmussen, Software Engineer, Mjolner Informatics ApS
[EMAIL PROTECTED]
/etc/aliases - fastforward question
briefly: -qmail-1.0.3 + fastforward + dotforward running smoothly -3 userids: mingfs, mingca, mingdg -an inherited /etc/aliases big file with these 2 entries: mingfs-garcia: mingdg mingfs-calc: mingca when sending mail to an alias [EMAIL PROTECTED] (mingca's alias) <[EMAIL PROTECTED]>: Sorry, no mailbox here by that name. (#5.1.1) qmail try to send to an unexistent "mail list" belonging to a mingfs user overriding the alias entry in /etc/aliases my dirty solution(?) at this moment is put a .qmail-garcia file in ~mingfs for a while with an &mingdg line (horror!); I'm searching a real solution meantime. Could anybody point me something? Thanks in advance! Abel Lucano [EMAIL PROTECTED]
Re: Postfix license
On 6 Jan 1999, Lars Balker Rasmussen wrote: > "I. Dwayne Koonce" <[EMAIL PROTECTED]> writes: > > This is untrue. IBM's download page for Postfix (which appears to be the > > only place it's available) insists that it is covered by IBM's rather ugly > > "Alphaworks" license, which allows only "personal, non-commercial, and > > lawful end use", and no redistribution of any kind. Additionally, you are > > required to destroy all copies after 90 days. > > No such requirement if you download from http://www.postfix.org. You couldn't, on the first day it was released, which was when I checked. This requirement is also no apparently longer on IBM's graphical download page, but lingers mistakenly on their text-only download page, which is where I checked to confirm it before I posted. (Wietse Venema corrected me on this off-list. We can probably stop CC'ing him.) > Hmm, this is from the Postfix license: > [excerpts deleted] Yes, I stand corrected. I haven't read through the whole license yet, but no doubt it's not as objectionable as the AlphaWorks license to which IBM's web page initially (mis)directed people. I. Dwayne Koonce E-mail: [EMAIL PROTECTED] Network AdministratorPhone: (409) 268-6800 Cybercom Corporation Fax: (409) 260-2652
Re: SV: Tcpserver quiz
On Wed, 6 Jan 1999, Roger O. Svenning wrote: > >You don't need (or want) any deny entries. You're not trying to deny anyone a > >connection to your SMTP server; you're just trying to set RELAYCLIENT for > >certain clients. > > > Ok .. lets see if I've got this right, .. so if a client makes a smtp connection >trough > tcpserver and it's host (ip) does not exist in the tcp.smtp.cdb it will be passed to > qmail-smtpd without the RELAYCLIENT which compares the recipient to rcpthosts > and denies it if it doesn't exist. ? What happens if this variable is set by a >bootscript > and exported ? .. will the qmail-smtpd read it for every connection and allow >relaying > for everyone ? (Just a hypotetic question!) If startup script is in place for the shell runnin qmail-smtpd or tcpserver, yes. > > -Roger > > - Timothy L. Mayo mailto:[EMAIL PROTECTED] Senior Systems Manager http://www.mayod.nb.net/ The National Business Network Inc. localconnect(sm)http://www.nb.net/
Re: Postfix license
On Wed, 6 Jan 1999, Wietse Venema wrote: > > The license also gives IBM special rights over all enhancements to the > > IBM Secure Mailer. If you distribute an IBM Secure Mailer add-on, for > > example, then IBM can turn your add-on into an IBM commercial product > > without your permission. > > Excuse me for breaking into a conversation in order to provide > information. > > 1: ANYONE can grab Postfix source code from the net and turn it > into a commercial product. This is untrue. IBM's download page for Postfix (which appears to be the only place it's available) insists that it is covered by IBM's rather ugly "Alphaworks" license, which allows only "personal, non-commercial, and lawful end use", and no redistribution of any kind. Additionally, you are required to destroy all copies after 90 days. I've heard lots of people claim Postfix has been "released under a free license", but I don't find this to be the case. If Postfix has been released, then its license is non-free. If the Alphaworks license is temporary, then Postfix hasn't made it to the "release" stage. I. Dwayne Koonce E-mail: [EMAIL PROTECTED] Network AdministratorPhone: (409) 268-6800 Cybercom Corporation Fax: (409) 260-2652
SV: Tcpserver quiz
>> Ok .. lets see if I've got this right, .. so if a client makes a smtp connection >trough >> tcpserver and it's host (ip) does not exist in the tcp.smtp.cdb it will be passed to >> qmail-smtpd without the RELAYCLIENT which compares the recipient to rcpthosts >> and denies it if it doesn't exist. ? What happens if this variable is set by a >bootscript >> and exported ? .. will the qmail-smtpd read it for every connection and allow >relaying >> for everyone ? (Just a hypotetic question!) > >If startup script is in place for the shell runnin qmail-smtpd or >tcpserver, yes. Then my friend I found the solution, cause I had set it manually in the shell and has not rebooted the box since I did that, .. why not you stupid . ? .. you might ask .. cause I looked for it in the enviroment and could not find it .. and then assumed it did not exist anymore .. a simple reboot cleaned up the problem. One down, one to go ... What about that strange pop3 error? .. how is it possible that he couldn't open that account until I altered the tcp.smtp ? .. He actually tested it on two different computers with no luck. I had no problems accessing that account from my computer (That also existed in tcp.smtp)
SV: Tcpserver quiz
>Usually when having POP3 errors the best thing to do is to telnet into the >pop3 port and issue the commands manually. > >Are you sure he was using the right password? Perhaps when you were >changing your cdb, he realized that he was using the wrong password, and >fixed it, and was then too embarassed to tell you. Yes I asked him over and over again and even changed the password. He testet both Eudora pro and Netscape on two different computers while I was talking with him on the phone .. I even tailed the maillog to see what was going on. I saw the login failure and it was no passwd error .. it seemed like tcpserver removed the domain from the recipient before passing it over to smtpd. Heres a paste: Jan 6 09:57:43 pop vchkpw[2398]: Failed login attempt with unknown 'tordis@' Jan 6 09:57:43 pop vchkpw[2398]: pop: Failed to find user in vpasswd Then I give it a try: Jan 6 10:19:02 pop vchkpw[310]: (virtual, USER/PASS) Login from [EMAIL PROTECTED] I know he hadn't set it up wrong because he has several other accounts on another domain hosted on the same server and those worked allright for him, and I also went trough the setup with him several times. And then, while I had him on the phone I put his ip into the tcp.smtp and took a rebuild, and voila ... Jan 6 10:38:01 pop vchkpw[774]: (virtual, USER/PASS) Login from [EMAIL PROTECTED] So what went on here ?
Re: Tcpserver quiz
the problem is with netscape and eudora. You can see from the logs that the domain was being stripped, because those email clients assume you are stupid and strip off the @domain. lucky for you that vchkpw supports user%domain and user_domain as well. Tell your client to switch to one of those. --Adam -Original Message- From: Roger O. Svenning <[EMAIL PROTECTED]> To: Adam D. McKenna <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Wednesday, January 06, 1999 12:40 PM Subject: SV: Tcpserver quiz >Usually when having POP3 errors the best thing to do is to telnet into the >pop3 port and issue the commands manually. > >Are you sure he was using the right password? Perhaps when you were >changing your cdb, he realized that he was using the wrong password, and >fixed it, and was then too embarassed to tell you. Yes I asked him over and over again and even changed the password. He testet both Eudora pro and Netscape on two different computers while I was talking with him on the phone .. I even tailed the maillog to see what was going on. I saw the login failure and it was no passwd error .. it seemed like tcpserver removed the domain from the recipient before passing it over to smtpd. Heres a paste: Jan 6 09:57:43 pop vchkpw[2398]: Failed login attempt with unknown 'tordis@' Jan 6 09:57:43 pop vchkpw[2398]: pop: Failed to find user in vpasswd Then I give it a try: Jan 6 10:19:02 pop vchkpw[310]: (virtual, USER/PASS) Login from [EMAIL PROTECTED] I know he hadn't set it up wrong because he has several other accounts on another domain hosted on the same server and those worked allright for him, and I also went trough the setup with him several times. And then, while I had him on the phone I put his ip into the tcp.smtp and took a rebuild, and voila ... Jan 6 10:38:01 pop vchkpw[774]: (virtual, USER/PASS) Login from [EMAIL PROTECTED] So what went on here ?
SV: Tcpserver quiz
>the problem is with netscape and eudora. > >You can see from the logs that the domain was being stripped, because those >email clients assume you are stupid and strip off the @domain. > >lucky for you that vchkpw supports user%domain and user_domain as well. >Tell your client to switch to one of those. :) He were using user%domain@host in Eudora .. I asked him over and over again about that. He had managed to get his other accounts right in Eudora and he's no computer newbie although he is a mac addict ;) (Guess I'll get my butt flamed for that one:)
Re: anyone done this: one mail domain, but users are split over two internal qmail-servers
Peter van Dijk informed us: > On Wed, Jan 06, 1999 at 01:32:03PM -, Russell Nelson wrote: > > I must be showing my age. I remember when 48K of RAM *was* a big > > machine, and how excited I was to upgrade my development machine to > > 32K -- "Now I'll have enough memory to write anything!" > > That's not really an age thing. I'm 17, and I remember how happy my 16KB > memory extension made me. _anything_ fit in there, and I do mean > _anything_. > > This was on a Sinclair ZX-81, btw :) Hmmm... I remember writing a game which did fit into my 16KB ZX-81... until I tried to run it. It was a really crap game, too. I'm sure I could fit a runnable version into 16KB nowadays if I still had a ZX-81. -- Peter Haworth [EMAIL PROTECTED] "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench."-- Gene Spafford
Re: Size limit on relayed message?
"D. J. Bernstein" wrote: > > Steen Suder writes: > > Can I restrict relaying based on size of relayed mail? > > Yes. For example, > >1.2.3.4:allow,RELAYCLIENT="",DATABYTES="10485760" Tnx. I appreciate your work. Now my curious mind keeps bugging me: can I do it separately for each user or a group of users? Example: the Great Admin (that would be me... and perhaps some VIPs ;-) will never have a limit, but the Ordinary Users would face a 1MB limit. None have static IP's or hostnames (as a default, that is) -- Best regards, Steen Suder sysadm kollegie6400.dk "Don't fear Microsoft; fear the ignorance!" .
alias and automated mail->news
Hello,
I now use this alias-definition to post every mail to a list to a
newsgroup as well. Any ideas to do this more efficient?
Thanx
Mirko
** /var/qmail/alias/.qmail-all **
| { echo "Newsgroups: local.announce"; cat - } | sed '/^Received:/d' |
sed '/^\ \ by\ unknown\ with\ SMTP/d' | rpost localhost -M
&member1
&member2
&member3
*
--
mailto:[EMAIL PROTECTED]
surfto:http://sites.inka.de/picard
Re: newbie needs some pointers...
[ I am forwarding this to the qmail list; perhaps somebody has a better idea what to do ] So I think I understand your problem completely: the problem is that upon postmaster receiving the message from the isp, you want to forward the message to only the local addresses that appear in To, Cc, Bcc, Apparently-To, Resent-To, Resent-Cc, Resent-Bcc. (I'd like to remark that it is not a great idea for the isp to send the messages to postmaster, it would be better to send it to some generic user [like isp, or sg]. How would you then deliver messages that were directly addressed to postmaster?) In any case, at this point I can suggest only the following solution. Namely, I will give an idea how to construct a program that would filter out the local recipient addresses. First, qmail's author has the package 822mess. (I have an rpm for it if you are running Linux). This package has tools to parse, and rewrite messages. We will need two programs: new-inject and 822field. In the future, new-inject is going to be the replacement of qmail-inject. This new-inject collects all recipient addresses (addresses from the fields listed above) in an easily parsed form; they are put in the header Envelope-Recipients. To illustrate, I do $ echo 'To: Mate , mo, [EMAIL PROTECTED]'|new-inject -n and I get Envelope-Sender: [EMAIL PROTECTED] Envelope-Recipients: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], Date: 6 Jan 1999 19:15:59 - Message-ID: <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] To: "Mate" <[EMAIL PROTECTED]>, [EMAIL PROTECTED], [EMAIL PROTECTED] (the -n option just gives the message to stout instead of sending it). Now 822field prints a specified field. In our case, I do $ echo 'To: Mate , mo, [EMAIL PROTECTED]' | new-inject -n | 822field envelope-recipients and get [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], which it seems easy to parse with awk, for example, to pick up local addresses. Let us call the whole program that prints out the local addresses localaddrs. (localaddrs looks like new-inject -n | 822field envelope-recipients | awk '...' ) Then put the following in ~alias/.qmail-postmaster: | if [ "`localaddrs`" != "" ]; then new-inject -a `localaddrs`; else exit 99; fi (or exit 0 if you want the rest of the .qmail-postmaster file processeed). Mate --- Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Re: SV: Tcpserver quiz
Relay control works fine for you: $ telnet pop.intrafish.no 25 Trying 195.204.144.43... Connected to pop.intrafish.no. Escape character is '^]'. 220 pop.intrafish.no ESMTP mail from: [EMAIL PROTECTED] 250 ok rcpt to: [EMAIL PROTECTED] 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) quit 221 pop.intrafish.no Connection closed by foreign host. How do *you* check relaying? Mate--- Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Re: alias and automated mail->news
Mirko Zeibig writes:
> Hello,
> I now use this alias-definition to post every mail to a list to a
> newsgroup as well. Any ideas to do this more efficient?
> Thanx
> Mirko
> ** /var/qmail/alias/.qmail-all **
> | { echo "Newsgroups: local.announce"; cat - } | sed '/^Received:/d' |
> sed '/^\ \ by\ unknown\ with\ SMTP/d' | rpost localhost -M
You've already implemented this fairly programmer-efficiently. It
works, doesn't it? So all the investment has already been made and
now it's starting to pay that off. I'm sure it's run infrequently
enough so that machine-efficiency is of no concern.
--
-russ nelson <[EMAIL PROTECTED]> http://crynwr.com/~nelson
Crynwr supports Open Source(tm) Software| PGPok | There is good evidence
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that freedom is the
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | cause of world peace.
Re: alias and automated mail->news
Mirko Zeibig writes:
> Hello,
> I now use this alias-definition to post every mail to a list to a
> newsgroup as well. Any ideas to do this more efficient?
> Thanx
> Mirko
> ** /var/qmail/alias/.qmail-all **
> | { echo "Newsgroups: local.announce"; cat - } | sed '/^Received:/d' |
> sed '/^\ \ by\ unknown\ with\ SMTP/d' | rpost localhost -M
Yuck. Use formail which comes with procmail, or reformail which comes with
maildrop, to properly twiddle your headers. This is not the right way to
do it, and it will break sooner or later.
Re: /etc/aliases - fastforward question
Abel Lucano writes: > > briefly: > -qmail-1.0.3 + fastforward + dotforward running smoothly > > -3 userids: mingfs, mingca, mingdg > > -an inherited /etc/aliases big file with these 2 entries: > mingfs-garcia: mingdg > mingfs-calc: mingca > > when sending mail to an alias [EMAIL PROTECTED] (mingca's alias) > > <[EMAIL PROTECTED]>: > Sorry, no mailbox here by that name. (#5.1.1) > > qmail try to send to an unexistent "mail list" belonging to a mingfs user > overriding the alias entry in /etc/aliases > > my dirty solution(?) at this moment is put a .qmail-garcia file in ~mingfs > for a while with an &mingdg line (horror!); > I'm searching a real solution meantime. -- Qmail Local Delivery Qmail will only ever deliver mail to a non-root user. Every alias match, every file delivery, every program delivery, is done under the ageis of a known non-root user. Qmail (actually qmail-lspawn) has two ways to determine which Unix user gets which mail. User location via qmail-getpw By default, qmail-lspawn will run an external program which searches /etc/passwd for a matching username. This program will be run as the qmailp user, must be named qmail-getpw, and located in the qmail bin directory. It can be replaced by a program of your own choosing, although at some risk of being overwritten should someone run make setup in the qmail source directory (ordinarily a safe enough thing to do). Not that *I* have ever done that--ever again. Qmail-getpw is handed the entire local part of the address. It's responsible for determining the UID, GID, and home directory of the user, and for locating the user/extension split. The first three are easy once the user has been determined. Qmail-getpw uses the following search algorithm: 1) Set the user to the entire local string and the extension to null. 2) search /etc/passwd for a non-root user who owns their home directory. 3) If it's found, exit with the current user and extension. 4) Search from the end of the user for the break character (usually '-'). 5) If one was found, move the tail of the user to the head of the extension, and go to step 2. 5) If none can be found, set the user to "alias", and the extension to the entire local part. This algorithm differs from the one originally used. At first, no searching was done. The username was split from the extension by searching from the left of the username for the break character. If it was found, then the username and extension would be split right there. If not, then the extension was empty. Clearly this causes a problem if you have one user named "miller", and another named "miller-ross". Miller would get all of the mail, and miller-ross, none. Users control their own mail, and miller is the user under this algorithm. One work-around is to create another user named "miller_ross" with the same UID/GID/homedir, and to create a ~miller/.qmail-ross which forwards mail to miller_ross. Not a great solution from a security standpoing, since miller controls miller-ross's mail. You might have hoped to create a ~alias/.qmail-miller-ross, but that wouldn't have worked. The user under this algorithm was miller, and miller controls his own mail, not alias. Fortunately, qmail now searches for the longest matching name, which has solved that problem. So now, qmail-getpw finds miller-ross, but only if she has an account listed in /etc/passwd. What if her address is an alias? Several possibilities come to mind: o You could simply trust miller to leave the .qmail-ross file alone. This is not completely out of the question--what if you are doing this on a machine which has no user logins? o You could create an account named miller-ross, and deal with the mail from inside that account. o You could direct the entire domain into a virtualdomain. The user who controls the virtualdomains's delivery is presumably a trusted postmaster. He can deal with miller-ross's mail by creating a .qmail-miller-ross file. And he can deal with the rest of the mail with a .qmail-default file containing: |forward "$LOCAL"@localhost Presumably localhost is in control/locals. If it isn't, you can use any name that is. o Or, you can use users/assign. User location via users/assign The other method for mapping a local address into a UID, GID, and home directory of the user, and for locating the user/extension split, is to use a database. /etc/passwd is a database with line-oriented records, one record per line with colon-separated fields. So is users/assign. The fields are different, and the file must end in a single line with a period in it, but the files are generally similar. To make the job of creating users/assign easier, qmail comes with a program called qmail-pw2u. It reads /etc/passwd and writes users/assign, according to certain rules. The base rules which are always observed are the
Re: alias and automated mail->news
On Wed, Jan 06, 1999 at 09:18:42PM +0100, Mirko Zeibig wrote:
> I now use this alias-definition to post every mail to a list to a
> newsgroup as well. Any ideas to do this more efficient?
> ** /var/qmail/alias/.qmail-all **
> | { echo "Newsgroups: local.announce"; cat - } | sed '/^Received:/d' |
> sed '/^\ \ by\ unknown\ with\ SMTP/d' | rpost localhost -M
> &member1
> &member2
> &member3
Efficient how? Don't you want it to be correct and stable?
I wrote the following bit of code yesterday using Russ' News::Gateway
perl module for channelling a mailing list into a newsgroup (reverse is
done using some INN magic and a cunning use of approved headers).
I'd much rather make sure the contents of various RFC822 headers are
compliant to RFC1036 (and compatible with the more widespread broken
newsservers...) than whether it's "more efficient". How many messages
do you post to the newsgroup anyway? I'm sure the efficiency of this
script won't even be a problem at a couple of new messages a minute...
--
#!/usr/local/bin/perl -w
use strict;
use News::Gateway;
my $server = 'news.server';
my $postto = $ARGV[0] || "local.test";
my $gateway = new News::Gateway->new(0, '[EMAIL PROTECTED]');
$gateway->modules('headers', mailtonews => [$postto]);
$gateway->config_file(\*DATA);
$gateway->read(\*STDIN);
my $error = $gateway->apply();
unless ($error) {
$error = $gateway->post($server);
print $error if $error;
}
__END__
header approved reject
header approved add [EMAIL PROTECTED]
header newsgroups drop
header cc drop
header to drop
header path replace mjolner.dk!mail-to-news
header message-id rename
--
--
Lars Balker Rasmussen, Software Engineer, Mjolner Informatics ApS
[EMAIL PROTECTED]
Re: alias and automated mail->news
Sam wrote:
> Yuck. Use formail which comes with procmail, or reformail which comes with
> maildrop, to properly twiddle your headers. This is not the right way to
> do it, and it will break sooner or later.
***
| { echo "Newsgroups: local.announce" ; cat - | formail -c -k -X From:
-X To: -X References: -X Message-ID: -X Mime-Version: -X Content-Type:
-X Reply-To: -X Subject: -X CC: -X BCC: } | rpost localhost -M
***
Now this seems to be better ;-). Thanks a lot
Mirko
--
mailto:[EMAIL PROTECTED]
surfto:http://sites.inka.de/picard
fetchmail and missing delivery-information
Hello, my provider does collect all mail for [EMAIL PROTECTED] in one single POP-account. I retrieve mail by the help of fetchmail in multidrop-mode, which does work when mail is sent to different [EMAIL PROTECTED] Mail from this list is not delivered to [EMAIL PROTECTED] (aehm, well not directly as postmaster->mailer-daemon->root->mirko-root qmail will send it to me at the end). I think this is due to the to:-header containing [EMAIL PROTECTED] Any hints? Thanks! Mirko PS: I know my provider does use exim as mta. -- mailto:[EMAIL PROTECTED] surfto:http://sites.inka.de/picard
Re: anyone done this: one mail domain, but users are split over two internal qmail-servers
On Wed, Jan 06, 1999 at 07:31:10PM +, Peter Haworth wrote: > Peter van Dijk informed us: > > On Wed, Jan 06, 1999 at 01:32:03PM -, Russell Nelson wrote: > > > I must be showing my age. I remember when 48K of RAM *was* a big > > > machine, and how excited I was to upgrade my development machine to > > > 32K -- "Now I'll have enough memory to write anything!" > > > > That's not really an age thing. I'm 17, and I remember how happy my 16KB > > memory extension made me. _anything_ fit in there, and I do mean > > _anything_. > > > > This was on a Sinclair ZX-81, btw :) > > Hmmm... I remember writing a game which did fit into my 16KB ZX-81... until I > tried to run it. It was a really crap game, too. I'm sure I could fit a > runnable version into 16KB nowadays if I still had a ZX-81. Seems to me I was much more intelligent back then than I am now. Must be all that beer and caffeine :) Anyway.. I remember patching up a 2kb game to run in 1kb :) It was a nibbles like game, written in assembly with one very long REM line which had all the code in it. There was another REM line with the name of the game and stuff like that. Removing that second REM line freed enough memory to run the thing :) But let's not get too off-topic :) Greetz, Peter. -- AND I AM GONNA KILL MIKE| Peter van Dijk hardbeat, als je nog nuchter bent: | [EMAIL PROTECTED] @date = localtime(time); | realtime security d00d $date[5] += 2000 if ($date[5] < 37); | $date[5] += 1900 if ($date[5] < 99); |-x- available -x-
Re: fetchmail and missing delivery-information
Mirko Zeibig writes: > Hello, > my provider does collect all mail for [EMAIL PROTECTED] in one single > POP-account. I retrieve mail by the help of fetchmail in multidrop-mode, > which does work when mail is sent to different [EMAIL PROTECTED] > Mail from this list is not delivered to [EMAIL PROTECTED] > (aehm, well not directly as postmaster->mailer-daemon->root->mirko-root > qmail will send it to me at the end). > I think this is due to the to:-header containing [EMAIL PROTECTED] > Any hints? Thanks! Yes. POP3 is not a replacement for SMTP. Multidrop mode is broken. What you need to do is to either have your provider add an extra header which indicates the real envelope recipient, or receive mail via SMTP. When mail goes into your mailbox, it loses the envelope recipient information. Fetchmail can try to guess what the envelope recipient is, in multidrop mode, but, as you found out, that would only be a guess, and it some situations it would be wrong.
Re: SV: Tcpserver quiz
Roger O. Svenning writes: > Ok .. lets see if I've got this right, .. so if a client makes a smtp connection >trough > tcpserver and it's host (ip) does not exist in the tcp.smtp.cdb it will be passed to > qmail-smtpd without the RELAYCLIENT which compares the recipient to rcpthosts > and denies it if it doesn't exist. ? What happens if this variable is set by a >bootscript > and exported ? .. will the qmail-smtpd read it for every connection and allow >relaying > for everyone ? (Just a hypotetic question!) Yes. That's exactly what it will do. That's why you should run env to wash your environment, prior to running qmail-start, and tcpserver.
Re: fetchmail and missing delivery-information
[EMAIL PROTECTED] writes: > Mirko Zeibig writes: > > > Hello, > > my provider does collect all mail for [EMAIL PROTECTED] in one single > > POP-account. I retrieve mail by the help of fetchmail in multidrop-mode, > > which does work when mail is sent to different [EMAIL PROTECTED] > > Mail from this list is not delivered to [EMAIL PROTECTED] > > (aehm, well not directly as postmaster->mailer-daemon->root->mirko-root > > qmail will send it to me at the end). > > I think this is due to the to:-header containing [EMAIL PROTECTED] > > Any hints? Thanks! > > Yes. POP3 is not a replacement for SMTP. Multidrop mode is broken. What > you need to do is to either have your provider add an extra header which > indicates the real envelope recipient, or receive mail via SMTP. When mail > goes into your mailbox, it loses the envelope recipient information. > Fetchmail can try to guess what the envelope recipient is, in multidrop > mode, but, as you found out, that would only be a guess, and it some > situations it would be wrong. > However, if his provider uses Qmail, then, when Qmail delivers the mail to /usr/spool/mail/whoever, each individual mail has a "Delivered-To:" record that does specify the envelope recipient, (So, if a message has a To:, Bcc:, Cc:, or has a To:/From: that does not specify the envelope recipient, the "Delivered-To:" record does so correctly-even if the email has multiple recipients, which could be a Bcc:, also.) See man fetchmail, for the "qvirtual" option on how to get fetchmail to exploit this. John -- John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA. VOX 408.370.2688, FAX 408.379.9602 [EMAIL PROTECTED], http://www2.inow.com/~conover/john.html
Re: alias and automated mail->news
Russell Nelson writes:
> Mirko Zeibig writes:
> > Hello,
> > I now use this alias-definition to post every mail to a list to a
> > newsgroup as well. Any ideas to do this more efficient?
> > Thanx
> > Mirko
> > ** /var/qmail/alias/.qmail-all **
> > | { echo "Newsgroups: local.announce"; cat - } | sed '/^Received:/d' |
> > sed '/^\ \ by\ unknown\ with\ SMTP/d' | rpost localhost -M
>
> You've already implemented this fairly programmer-efficiently. It
> works, doesn't it? So all the investment has already been made and
> now it's starting to pay that off. I'm sure it's run infrequently
> enough so that machine-efficiency is of no concern.
This approach will break if something is tweaked in the systems, headers
will look slightly differently, or someone happens to quote a message with
full headers in the body of the post. The sed will happily remove those.
Re: /etc/aliases - fastforward question
On Wed, Jan 06, 1999 at 10:08:14PM -, Russell Nelson wrote: [snip - what are you doing, writing a qmail book? ;-)] > Caution: Once you create a users/assign file, and build the users/cdb > database using qmail-newu, it stops deliveries based on /etc/passwd. > When you add a user, you MUST add them to users/assign, or re-run > qmail-pw2u. Say what? I've got a users/assign file and a users/cdb file, full of entries. This hasn't stopped deliveries based on /etc/passwd. qmail-lspawn will look in users/cdb first, but if it doesn't find what it's looking for there it'll press on and look for a system account in /etc/passwd. Or do I misunderstand what you're saying here? Chris
Re: alias and automated mail->news
On Wed, Jan 06, 1999 at 11:15:29PM +0100, Mirko Zeibig wrote:
> Sam wrote:
> > Yuck. Use formail which comes with procmail, or reformail which comes with
> > maildrop, to properly twiddle your headers. This is not the right way to
> > do it, and it will break sooner or later.
> ***
> | { echo "Newsgroups: local.announce" ; cat - | formail -c -k -X From:
> -X To: -X References: -X Message-ID: -X Mime-Version: -X Content-Type:
> -X Reply-To: -X Subject: -X CC: -X BCC: } | rpost localhost -M
> ***
You can also use
| formail -I"Newsgroups: local.announce" | formail -c -k -Xnewsgroups -Xto
-Xrefernces -Xmessage-id -Xmime-version -Xcontent-type -Xreply-to -Xsubject
-Xcc -Xbcc | rpost localhost -M
This is, IMO, indeed better because it is foolproof, and requires no pattern
matching---or thinking at all.
BTWY, it would be nice if one could do the same thing with reformail.
---
Mate Wierdl | Dept. of Math. Sciences | University of Memphis
Re: the IBM Secure Mailer license
On 6 Jan 1999, D. J. Bernstein wrote: > Edward S. Marshall writes: > > because the license sits better with me > > Have you actually read the IBM Secure Mailer license? > > The license demands that you stop using the IBM Secure Mailer upon IBM's > request. You are explicitly required to destroy every copy you possess > of the IBM Secure Mailer. > > The license also gives IBM special rights over all enhancements to the > IBM Secure Mailer. If you distribute an IBM Secure Mailer add-on, for > example, then IBM can turn your add-on into an IBM commercial product > without your permission. Have another re-read. My interpretation is that they'll only control your mods if you send them to IBM. The following paragraph is the important one here (my capitalisation below). "You grant IBM a world-wide, royalty-free right to use, copy, distribute, sublicense and prepare derivative works BASED UPON ANY FEEDBACK, including materials, error corrections, Software Derivatives, enhancements, suggestions and the like THAT YOU PROVIDE TO IBM relating to the Software." So, if I make a mod, but don't give then any direct feedback, its mine and not theirs. I'm not a lawyer of course :) Regards Peter -- Peter Samuel[EMAIL PROTECTED] Technical Consultantor at present: Uniq Professional Services, [EMAIL PROTECTED] a division of X-Direct Pty Ltd Phone: +61 2 9206 3410 Fax: +61 2 9281 1301 "If you kill all your unhappy customers, you'll only have happy ones left"
